popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name cf11d6b3c18d4c02_d93f411851d7c929.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size 7.8KB
Processes 2200 (powershell.exe)
Type data
MD5 f2f5505600e2895c007b3ff3cfe3d4aa
SHA1 f0235a3c8056872d55eeef803d1bc33bac37a753
SHA256 cf11d6b3c18d4c02466b670bcb0394ac49382e6a87ad58d2561f2660922b586c
CRC32 9AF5ED3C
ssdeep 96:EtuCojGCPDXBqvsqvJCwoJtuCojGCPDXBqvsEHyqvJCworc7HwxGlUVul:Etu6XoJtu6bHnorXxY
Yara
  • Antivirus - Contains references to security software
VirusTotal Search for analysis
Name 24e8c25504e61ad9_S-1.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\S-1.exe
Size 233.0KB
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 5d7c5fb038aec296d80604e0d45eab22
SHA1 c83434e101111b54fa6a0f773381831e323e5a1d
SHA256 24e8c25504e61ad986aed1ccd6f63b461332b56390ee7696be67755f4ec88235
CRC32 967EF9E0
ssdeep 3072:FYIVcT+BiU8K0QdseKpvK3vxwnyzsn8uH/vC0fbNi2ChG6PbKii5SfJi10x:FVcT+BiU0S0K3viyI8WCWNyP/
Yara
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
  • PE_Header_Zero - PE File Signature
  • Is_DotNET_EXE - (no description)
  • IsPE32 - (no description)
VirusTotal Search for analysis