popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 9f2cd4acf23d565b_gpt.ini
Submit file
Filepath C:\Windows\System32\GroupPolicy\gpt.ini
Size 268.0B
Processes 7636 (SimplInst.exe)
Type ASCII text
MD5 a62ce44a33f1c05fc2d340ea0ca118a4
SHA1 1f03eb4716015528f3de7f7674532c1345b2717d
SHA256 9f2cd4acf23d565bc8498c989fccccf59fd207ef8925111dc63e78649735404a
CRC32 25DA65CC
ssdeep 6:1QnMzYHxbnPonn3dXsMzYHxbnn/JIAuNhUHdhJg+5Rnn3dzC:1QM0HxbnIV0Hxbn/JnumuuzC
Yara None matched
VirusTotal Search for analysis
Name e4210262fea7091b_simplinst.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\7zS23.tmp\SimplInst.exe
Size 6.2MB
Processes 2352 (install.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 46df9dcd0ad008a87f7622bfbcec411b
SHA1 0a4c7dd60e6d7a1b5fd06ad3480a26eed4163bba
SHA256 e4210262fea7091bbff2663ab44015417e4ff6b96f5003864a2e5096b203ea3a
CRC32 4F72FE13
ssdeep 98304:91Or+3w83WeQ7TnJCCPDt7XwWF/Rq5xjAz0IE8uPNLiNJhwB0Dr:91Orcw8ZGNb9T2kzZMF2NJh3H
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 7ad23b9b58a700e2_simplinst.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\7zS13C.tmp\SimplInst.exe
Size 6.6MB
Processes 4936 (SimplInst.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 9b1d487f7f02200756742ce3a004c844
SHA1 254a42b26ba3f48c9a5a703ab231e93de2603289
SHA256 7ad23b9b58a700e2e989325b3196c4f753fae6cdd53b013aaae407d4fc82a27f
CRC32 9EF7D36F
ssdeep 196608:sk0d01EYi/0KJvaVlmhG16E1nzJf9OhurD0phvlfuuCotG:sei/Wky6WN9OhurI3vlWu/G
Yara
  • PE_Header_Zero - PE File Signature
  • anti_vm_detect - Possibly employs anti-virtualization techniques
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 1d871302daedb82b_bqzkkdgiyjbivwzyfn.job
Submit file
Filepath C:\Windows\Tasks\bqZkKdgiyjBiVwZYfn.job
Size 494.0B
Processes 4072 (schtasks.exe)
Type VAX-order 68k Blit mpx/mux executable
MD5 8feec7ce441811c970fb3bfeee03a3aa
SHA1 5f216db57f075b2a618e5d08c31786a1397bd1a7
SHA256 1d871302daedb82bd954c75c8c23e0ff63acec26428e2b7a1f3b6807c5e43674
CRC32 9FC11419
ssdeep 12:OPwEXc/Q1PZ48wlFVPXkSd/Q1PZ48wlFb4Vx6:OPDLNZ4BbyNZ4Bb
Yara None matched
VirusTotal Search for analysis
Name f825dd89181e7435_d93f411851d7c929.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size 7.8KB
Processes 7932 (powershell.exe)
Type data
MD5 61d3b003e73f968491bb9de05318fcbd
SHA1 abb40732bf72a072c5b176449fdb8f1c56383e03
SHA256 f825dd89181e743525684aff8d99cc6d78046e461147c33b6f7a182b98c58ea9
CRC32 76116DE9
ssdeep 96:wtuCiGCPDXBqvsqvJCwoNtuCiGCPDXBqvsEHyqvJCworc7HwxGlUVul:wt7XoNt7bHnorXxY
Yara
  • Antivirus - Contains references to security software
VirusTotal Search for analysis