popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 60ee8dbf1ed96982_install.dat
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\install.dat
Size 546.9KB
Processes 5096 (lij.exe) 4836 (rundll32.exe)
Type data
MD5 e2f2838e65bd2777ba0e61ce60b1cb54
SHA1 17d525f74820f9605d3867806d252f9bae4b4415
SHA256 60ee8dbf1ed96982dd234f593547d50d79c402e27d28d08715f5c4c209bee8e6
CRC32 05038001
ssdeep 12288:hmTeZHykHZQbjaItpcHuLI/KfPvBlNXXrGoCBQF40jkWkGLDfCOA:rHy2sjv7myfXrNXbjFveqqd
Yara None matched
VirusTotal Search for analysis
Name 70d1bfb908eab666_file4.exe
Submit file
Filepath C:\Program Files (x86)\Company\NewProduct\file4.exe
Size 160.0KB
Processes 8212 (Setup2.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 02580709c0e95aba9fdd1fbdf7c348e9
SHA1 c39c2f4039262345121ecee1ea62cc4a124a0347
SHA256 70d1bfb908eab66681a858d85bb910b822cc76377010abd6a77fd5a78904ea15
CRC32 B6A5F871
ssdeep 3072:CaY0LwJiwqkCPyIrxC55W4NfrZL5P1yxRrh485qC96QnoSe:C7Ylvx83L5aRl4Isp3
Yara
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen
  • IsPE32 - (no description)
  • Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet
VirusTotal Search for analysis
Name a3404646fe5ccfe1_uninstall.ini
Submit file
Filepath C:\Program Files (x86)\Company\NewProduct\Uninstall.ini
Size 2.5KB
Processes 8212 (Setup2.exe)
Type ISO-8859 text, with CRLF line terminators
MD5 8d3a2444f9f7ddb4251934012a75c302
SHA1 465d8f4254bcd8c29717a944a57315bdefb91598
SHA256 a3404646fe5ccfe144bec956d7313be3a179da40df16d484e31b1044878dc2c9
CRC32 D0495FC1
ssdeep 48:RNawNj9z39zH9394989zC9r9x9399L9f9/9u9G9G17eHdGVydsJWM0qK1PY6Eh:7PxBNW6AxzN9RFloBxNVJJWqwPm
Yara None matched
VirusTotal Search for analysis
Name a32e0a83001d2c5d_2.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\$inst\2.tmp
Size 36.0B
Processes 8212 (Setup2.exe)
Type Microsoft Cabinet archive data, 36 bytes
MD5 8708699d2c73bed30a0a08d80f96d6d7
SHA1 684cb9d317146553e8c5269c8afb1539565f4f78
SHA256 a32e0a83001d2c5d41649063217923dac167809cab50ec5784078e41c9ec0f0f
CRC32 EAB67334
ssdeep 3:wDl:wDl
Yara None matched
VirusTotal Search for analysis
Name 030cba5d93403c75_lij.exe
Submit file
Filepath C:\Program Files (x86)\Company\NewProduct\lij.exe
Size 611.0KB
Processes 8212 (Setup2.exe)
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 d09dd010a7c2b7b9cf555bb4f5785ed3
SHA1 724067ff7c8eb7982ddeca530b47253b622bd6bc
SHA256 030cba5d93403c75ed1c9156aad112c27045a9bf9b80588329479e6d2cd4e78f
CRC32 717F2159
ssdeep 12288:/WmTeZHykHZQbjaItpcHuLI/KfPvBlNXXrGoCBQF40jkWkGLDfCOU:/aHy2sjv7myfXrNXbjFveqq5
Yara
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name b58187d5057b20b8_install.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\install.dll
Size 24.0KB
Processes 5096 (lij.exe) 4836 (rundll32.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 dad2b18979ccfd88046305e76614a57b
SHA1 51d95c4947937bc35b99a372ba680a9fc0c563ef
SHA256 b58187d5057b20b86919a26d39a8c164f34b2aae9f180bbc3232820671eb7629
CRC32 D73C1286
ssdeep 48:qyxwXGaOEizcJo2Oy2BvGW6tZMhIfmcFvW6gngQDublNMgY8uO1L:3xqMEizcJ7OJ+ZMhIfmqgRubEcu
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • Generic_Malware_Zero - Generic Malware
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 288376e11301c8ca_md8_8eus.exe
Submit file
Filepath C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe
Size 715.0KB
Processes 8212 (Setup2.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 7a151db96e506bd887e3ffa5ab81b1a5
SHA1 1133065fce3b06bd483b05cca09e519b53f71447
SHA256 288376e11301c8ca3eb52871d09133f0199b911a33b9658579929ef6bac8ea6c
CRC32 C3B4B421
ssdeep 12288:Q2VU2WB3OzCPZuv6YBsKYwLqVApHgdrGIV/LqBW9G9DCSK1n+jF9nMrcf94IilAS:rG2qezCPZa6HfwiAoiTBWsRCSWnS5f9U
Yara
  • PE_Header_Zero - PE File Signature
  • VMProtect_Zero - VMProtect packed file
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 8f79bd4704c94d00_temp_0.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\$inst\temp_0.tmp
Size 1.4MB
Processes 8212 (Setup2.exe)
Type Microsoft Cabinet archive data, 1434188 bytes, 4 files
MD5 49170e9e4017ee35fad5229a38682edc
SHA1 c697ace0653725410ef0a14593ad2af27f6c88a4
SHA256 8f79bd4704c94d000ea7eddaa44e30e4d90ea019755092db0a7a5fff4554367b
CRC32 6FB0A99F
ssdeep 24576:DvCXNM9hl1jCay/v74zz1H8LVs/obwyutdkSg7X6lzxdPXEuyJ0tRqpI8FC7gie:D6dMrH1evkpus/CuTyXAz/PUudE1Ce
Yara None matched
VirusTotal Search for analysis
Name 6f53252710795181_install.dll.lnk
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\install.dll.lnk
Size 794.0B
Processes 5096 (lij.exe)
Type MS Windows shortcut, Item id list present, Has Relative path, Has command line arguments, ctime=Sun Dec 31 15:32:08 1600, mtime=Sun Dec 31 15:32:08 1600, atime=Sun Dec 31 15:32:08 1600, length=0, window=hide
MD5 07ac24f5948e483c3b0eacfe0b08a38c
SHA1 57a75213bfb825ae7ca8efd51aa6c110b23ce4a6
SHA256 6f53252710795181e5c06d97d2ca25481c94ef699e0b580a8eef18e309a5d109
CRC32 1A4A1475
ssdeep 12:8AlXEbC3pQVe/4V3lrW+filH/Q1cnDmNz4t2YLEPKzlX8:8A7pQQClK+filoLBPy
Yara
  • Lnk_Format_Zero - LNK Format
VirusTotal Search for analysis
Name b3a3c03a2b140d4f_uninstall.exe
Submit file
Filepath C:\Program Files (x86)\Company\NewProduct\Uninstall.exe
Size 97.6KB
Processes 8212 (Setup2.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 56b3225c7b1d6f05b4ba4ba7b4ce2202
SHA1 27c0ed1a6d25a68a48950a7ede29d87e1f2b1461
SHA256 b3a3c03a2b140d4fbe9bac4416866210d014da4c64355b395715f2d4c2506c46
CRC32 6DE3DA1A
ssdeep 1536:zO/z6hPABUjO/Zd1716EoLiL4l1HdIaqQPDm0xK8i6f0Zn9PRVW8sW45o75M:kzgjO/Zd1RePDmZ8tf05iW4u1M
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet
VirusTotal Search for analysis