popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 3ad2dc318056d0a2_modern-wizard.bmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\nsxFC9B.tmp\modern-wizard.bmp
Size 25.9KB
Processes 7132 (GirafficInstall1.0.0.17NoSign.exe)
Type PC bitmap, Windows 3.x format, 164 x 314 x 4
MD5 cbe40fd2b1ec96daedc65da172d90022
SHA1 366c216220aa4329dff6c485fd0e9b0f4f0a7944
SHA256 3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2
CRC32 04BB5FC8
ssdeep 24:Qwika6aSaaDaVYoG6abuJsnZs5GhI11BayNXPcDrSsUWcSphsWwlEWqCl6aHAX2x:Qoi47a5G8SddzKFIcsOz3Xz
Yara None matched
VirusTotal Search for analysis
Name 25a903dd2b7b9ace_giraffic.exe
Submit file
Filepath C:\Program Files (x86)\Giraffic\Giraffic.exe
Size 4.4MB
Processes 7400 (AgentInstall.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 06831b8038602eee16e6c29347189ba8
SHA1 8148108a9c6e663bc0612fb610ea87c9cd82724d
SHA256 25a903dd2b7b9ace6f41b08806ee3e22410adac1ec977e0957d0d933a87a02ff
CRC32 C633D35D
ssdeep 98304:HNpJcCgAKfxTT5EsFYbwleAiGhi5G7NYK73:HrTKf1FlcAi7K73
Yara
  • PE_Header_Zero - PE File Signature
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 1024a762df6446ab_d93f411851d7c929.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size 7.8KB
Processes 8752 (powershell.exe)
Type data
MD5 f0c51ead2913856914e5e5adaba20a90
SHA1 79de6e89f17e49f3f7531bee910210fc928b474c
SHA256 1024a762df6446ab27ab6827d7f85c71d7a376c584f62be8dd73c97f98249367
CRC32 ABA51BD8
ssdeep 96:wtuCiGCPDXBqvsqvJCwottuCiGCPDXBqvsEHyqvJCworc7HwxGlUVul:wt7Xott7bHnorXxY
Yara
  • Antivirus - Contains references to security software
VirusTotal Search for analysis
Name c733d43bf289104a_giraffictray.exe
Submit file
Filepath C:\Program Files (x86)\Giraffic\GirafficTray.exe
Size 5.9MB
Processes 7132 (GirafficInstall1.0.0.17NoSign.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 2a627e45fa8f9e611ebea663c9859480
SHA1 32ea106268e512fa5be1344feb8263cb0f44a840
SHA256 c733d43bf289104a3b672a1c0291a3dc5384b92920635941dba1dea8bb3356b1
CRC32 ABC6F689
ssdeep 49152:k8HoCp3BVlgFznUpb0Nr2F9jaNq7p6aVFSr0fo5QoWg0MtFOsoUyb1BNSTKkp/Gq:k8/3BVlGLGQr0VK0dMtqUyTGTWR6DLZ
Yara
  • PE_Header_Zero - PE File Signature
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 1f7af0e760f2f52a_giraffic_watchdog_install_2021-06-06_(1-39-44).log
Submit file
Filepath C:\Program Files (x86)\Giraffic\Giraffic_Watchdog_Install_2021-06-06_(1-39-44).log
Size 1.6KB
Processes 7132 (GirafficInstall1.0.0.17NoSign.exe)
Type ASCII text, with CRLF line terminators
MD5 a012c6fcfd69f9ac0b1e9802ff6fb589
SHA1 7a52653cd6bc392aad34fb1edd9491aedbb1a7e9
SHA256 1f7af0e760f2f52ad5716e48231ee4e55badbef0896abed2b3b0a692e1969b3a
CRC32 0A6CA406
ssdeep 48:xkdmkBVkQwEk2wC6wEkewEk6kzukVIksv+uCiFG8/4T2/n81+uPVDBvlCF6VujFN:ylBeQA2mAeAfPLsTFJwyf8vY6cRB
Yara None matched
VirusTotal Search for analysis
Name e0c580bbe48a4830_simplesc.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\nsxFC9B.tmp\SimpleSC.dll
Size 61.5KB
Processes 7132 (GirafficInstall1.0.0.17NoSign.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 d63975ce28f801f236c4aca5af726961
SHA1 3d93ad9816d3b3dba1e63dfcbfa3bd05f787a8c9
SHA256 e0c580bbe48a483075c21277c6e0f23f3cbd6ce3eb2ccd3bf48cf68f05628f43
CRC32 9B71E213
ssdeep 1536:i/qXv1si+Xsp9MNptZ8KMT6+nMA4fx+kmA:Bv1EXZnLMT5M3x+km
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 745b660eb2b622bb_giraffictrayutil.exe
Submit file
Filepath C:\Program Files (x86)\Giraffic\GirafficTrayUtil.exe
Size 190.1KB
Processes 7132 (GirafficInstall1.0.0.17NoSign.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 5e5458e3ac30c006f55ec42957e31903
SHA1 8047141d354156ee248fbca9addc8a3cb60720f5
SHA256 745b660eb2b622bbc2e401debdbb19c5b68234620b0990966ea9f837b3efa287
CRC32 6C83183F
ssdeep 3072:IGqvw2oWlzrpUmMTG333pPTK0EvXcfaEfK7HTPt:IGqI2owP/3FqEfaEfK7HTV
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name b2c36bd6b8b7528d_tempfile.ps1
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\nsxFC9B.tmp\tempfile.ps1
Size 22.0B
Processes 7132 (GirafficInstall1.0.0.17NoSign.exe)
Type ASCII text, with no line terminators
MD5 564d21dadfcd94d56fe51e9aa1ccbb80
SHA1 982173a7ee08a85253e556572eed2f615ddbacbc
SHA256 b2c36bd6b8b7528d5876119954a99ecca6fe6aabac0e6fadaa9d118520061596
CRC32 D58FC2AE
ssdeep 3:jJAHMUDQGn:jejkG
Yara None matched
VirusTotal Search for analysis
Name 9cd4c2e1c532b3c7_giraffic_agent_install_2021-06-06_(1-39-44).log
Submit file
Filepath C:\Program Files (x86)\Giraffic\Giraffic_Agent_Install_2021-06-06_(1-39-44).log
Size 506.0B
Processes 7400 (AgentInstall.exe)
Type ASCII text, with CRLF line terminators
MD5 076dd810f70f82e5542dc787d1d41614
SHA1 5768b5ff123b74601040ee29253c6922a8e2c9cb
SHA256 9cd4c2e1c532b3c7f01d889485564a6a885ef158cdce062e3822496016451d9a
CRC32 19F5538B
ssdeep 12:d3By8u+3By+ENT9W3BykDz3BynLGKxkD/3BNDz3BGv8mO3Bq5DRaZ3B6uN7y:xk8u+3kzW3kk/3knLGNr3H/3e8mO3adj
Yara None matched
VirusTotal Search for analysis
Name a032c01d7cae7e0a_nsisdl.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\nsf29D5.tmp\nsisdl.dll
Size 14.5KB
Processes 7400 (AgentInstall.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 637d8e3d27cb165a8def03c12b1fe32a
SHA1 518e76814efe5c3deeaa5c3e89256a23c50262f3
SHA256 a032c01d7cae7e0a297ca964f5edd026377e6288704c83697d506433269cee45
CRC32 665D545A
ssdeep 384:RIkb60+1CA1awGUXDq043fF1F8x4H2RNeE:RIkb60+3GUXDnu1svRNeE
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 1677d0383de9f2d3_girafficuninstallagent.ref
Submit file
Filepath C:\Program Files (x86)\Giraffic\GirafficUninstallAgent.ref
Size 299.9KB
Processes 7400 (AgentInstall.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5 3a6f36d7a59e89601a25e099e5eb4b0d
SHA1 e2243cbe3c1ca467caaec0222ed7a2a4cc70d377
SHA256 1677d0383de9f2d3351b87c9933b1a59d6e881859f6c030514c30161822b9567
CRC32 7B08C9A8
ssdeep 6144:gPXQfaEfKfFqpqI2owf7HTGRmH/G0lHeyrsL28h:MogoSEmf9eyKF
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 8780095aa2f49725_nsdialogs.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\nsxFC9B.tmp\nsDialogs.dll
Size 9.5KB
Processes 7132 (GirafficInstall1.0.0.17NoSign.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 1c8b2b40c642e8b5a5b3ff102796fb37
SHA1 3245f55afac50f775eb53fd6d14abb7fe523393d
SHA256 8780095aa2f49725388cddf00d79a74e85c9c4863b366f55c39c606a5fb8440c
CRC32 8A77E0C3
ssdeep 96:o2DlD3cd51V1zL7xqEscxM2DjDf3GEst+Nt+jvcx4T8qndYv0PLE:o2p34z/x3sREskpx4dO0PLE
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 125840d019e007f4_ji
Submit file
Filepath C:\Program Files (x86)\Giraffic\ji
Size 228.0B
Processes 7132 (GirafficInstall1.0.0.17NoSign.exe)
Type ASCII text
MD5 5786b477c5cfcabe8ecb5efac57ea579
SHA1 7402329980c9e2a03dfe77424bd27e49e8516be8
SHA256 125840d019e007f41420a1ddcfdca40c947a541469f4f5abd753bfd02fead15f
CRC32 69BE5EFF
ssdeep 3:afFLy+z18hldNFPgUteK/AGRwDE7tOQzK7Y7tcDlgNjv/F/IeCvh/F/ZK4pKCvho:aQ+18hldX0ejsE7k9k72BFed4p5oq9a
Yara None matched
VirusTotal Search for analysis
Name 3fc6badb14df34db_girafficwatchdog.exe
Submit file
Filepath C:\Program Files (x86)\Giraffic\GirafficWatchdog.exe
Size 2.6MB
Processes 7132 (GirafficInstall1.0.0.17NoSign.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 2355ff80c0d8481fb8ac384b6ffb226d
SHA1 27b82ade1655344f1a1022dc7eb4fc09b8d81089
SHA256 3fc6badb14df34db78822611be18b194169806cd80d196c36a75a7e8daddcd96
CRC32 527D9235
ssdeep 49152:9ZBnyGQ9uOTmOtJ1naaQ82t2mygBFfzpTK0hp/C44EemOAeS/ymh:TdgtJ1at9r3FfzlPJL3
Yara
  • PE_Header_Zero - PE File Signature
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 9d60fd9a4dd18319_giraffic_test22-pc_2021-06-05_16-41-12.dmp
Submit file
Filepath C:\Program Files (x86)\Giraffic\Giraffic_TEST22-PC_2021-06-05_16-41-12.dmp
Size 71.5KB
Processes 7532 (GirafficTray.exe)
Type Mini DuMP crash report, 10 streams, Sat Jun 5 16:41:13 2021, 0x4 type
MD5 956e409e671dc59c9d7536eb5d56ee86
SHA1 6701bfe65519d2e73feb2fc68148912db4576613
SHA256 9d60fd9a4dd18319e9c8e97e7d6ef2998062cc937622d4e5fcb054d2e7b447c7
CRC32 A446F30D
ssdeep 384:6sbsdoqrwaidD5aGezk03Y4VoiIH4wSaTCWJxC2U+UD64vaFs7u:6siZwBdYGz031VoiUXTFx1U3O4voGu
Yara None matched
VirusTotal Search for analysis
Name 7274fe736fe36cdc_SimpleFC.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\nsf29D5.tmp\SimpleFC.dll
Size 175.5KB
Processes 7400 (AgentInstall.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 941a7b4dc105c3487d2b2961dc6ccb01
SHA1 ac71c5b759cabd78213748329909eaee60810d12
SHA256 7274fe736fe36cdc8343b04fea6ff598ce384ead99ea94e4b47d4d329037331d
CRC32 AEDBB3EF
ssdeep 3072:l2sd6EP05etg+rKTTmYjcnPMdsRrdU+/mbM/AuaNoNglzppVn5OtcieI0Yr61u:Us4zIg+rKTTmnhfAoSxZ5O10a
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 42496cb6d41dbbc6_girafficuninstall.exe
Submit file
Filepath C:\Program Files (x86)\Giraffic\GirafficUninstall.exe
Size 351.0KB
Processes 7132 (GirafficInstall1.0.0.17NoSign.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5 3f922c079a9e1d021849942c8570a5a2
SHA1 2e2131defccd7976f24c88989d7b906cbab7bf50
SHA256 42496cb6d41dbbc6a826a4b94ca050df39d413b786069e2510a98a2eaa622ad4
CRC32 1B7C5969
ssdeep 6144:GPXFfaEfKfFqpqI2owf7HTGpKwjsDTrNgYPhyKB6QsmbftvSTX:BogoSgKwjsDVBNbft6T
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name ce7427a355c4e984_AgentInstall.exe
Submit file
Filepath C:\Program Files (x86)\Giraffic\AgentInstall.exe
Size 2.0MB
Processes 7132 (GirafficInstall1.0.0.17NoSign.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5 816b3c46e3a4125d102481266a3ef338
SHA1 f54f39ed7dcee2e7733aaefc1d8cf8a2bc562405
SHA256 ce7427a355c4e984bfcc5ba2bcf2f0558e61623f73d205bfbc9ddb9619d3499c
CRC32 121266D7
ssdeep 49152:R+nknaOdCwCX0nAHoNNDLhU933EkMUe09MSzK:YKEwhDNDVUl3M18K
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 0a1df1f9be246a3e_GirafficTrayUpdate.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\GirafficTrayUpdate\GirafficTrayUpdate.exe
Size 5.9MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 2cb8e3146f69b15eca045d750eced08b
SHA1 19e40b394d86af1e0632ba95e00dbce5b791fe91
SHA256 0a1df1f9be246a3ecb4c6ff1be9893f962ada853e5276edbe568e3962fed9791
CRC32 983C184F
ssdeep 98304:nFkkUxNsaTHnID4S0Lckf1X1pN33WbHLjDhJ:nikV9yzfZ1nGbLv
Yara
  • PE_Header_Zero - PE File Signature
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 6fcea34c8666b063_System.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\nsf29D5.tmp\System.dll
Size 11.5KB
Processes 7400 (AgentInstall.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 fccff8cb7a1067e23fd2e2b63971a8e1
SHA1 30e2a9e137c1223a78a0f7b0bf96a1c361976d91
SHA256 6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e
CRC32 7D939E74
ssdeep 192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name e3b0c44298fc1c14_nscFC6A.tmp
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\nscFC6A.tmp
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name 5e7232ebc2e25833_Processes.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\nsf29D5.tmp\Processes.dll
Size 56.5KB
Processes 7400 (AgentInstall.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 a080c0e8b84cbc79fd33b8e5c9a68a2d
SHA1 5a33c9cd40e1bc096ea2585291f9685e794e4979
SHA256 5e7232ebc2e258339c8954b961788c0918348a02429e368f354e02c96abbe296
CRC32 41DB1DF2
ssdeep 768:r3FFpq8bpnI9blU8DpbPEZpXOFIUQfHh2XG8mwwmSko1u1Yimj5T3fRFp0F:zRqenI9bSSJKVB2XGyw6o6Yd5T37p0F
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 943b33829f9013e4_UserInfo.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\nsf29D5.tmp\UserInfo.dll
Size 4.0KB
Processes 7400 (AgentInstall.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 acbda33dd5700c122e2fe48e3d4351fd
SHA1 2c154baf7c64052ee712b7cdf9c36b7697dd3fc8
SHA256 943b33829f9013e4d361482a5c8981ba20a7155c78691dbe02a8f8cd2a02efa0
CRC32 13ADB5A0
ssdeep 48:qKiRbhg7V46Br1wHsl9rECxZShMmj3tPRYBA:52OVZruHs1xH6t+i
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 114c6941a8b48941_nsexec.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\nsxFC9B.tmp\nsExec.dll
Size 6.5KB
Processes 7132 (GirafficInstall1.0.0.17NoSign.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 09c2e27c626d6f33018b8a34d3d98cb6
SHA1 8d6bf50218c8f201f06ecf98ca73b74752a2e453
SHA256 114c6941a8b489416c84563e94fd266ea5cad2b518db45cd977f1f9761e00cb1
CRC32 C99AD355
ssdeep 96:pBNUBGfVwhcAlhPRJAixx+3eDEsgcBbcB/NFyVOHd0+uisX4:qBGfV5AlJJfFgcBbcB/N8Ved0P
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
VirusTotal Search for analysis