Dropped Files | ZeroBOX
Name cf11d6b3c18d4c02_d93f411851d7c929.customDestinations-ms~RF1769f32.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF1769f32.TMP
Size 7.8KB
Processes 1452 (powershell.exe) 2888 (powershell.exe)
Type data
MD5 f2f5505600e2895c007b3ff3cfe3d4aa
SHA1 f0235a3c8056872d55eeef803d1bc33bac37a753
SHA256 cf11d6b3c18d4c02466b670bcb0394ac49382e6a87ad58d2561f2660922b586c
CRC32 9AF5ED3C
ssdeep 96:EtuCojGCPDXBqvsqvJCwoJtuCojGCPDXBqvsEHyqvJCworc7HwxGlUVul:Etu6XoJtu6bHnorXxY
Yara
  • Antivirus - Contains references to security software
VirusTotal Search for analysis
Name 98c6934a01632457_windowshost.exe
Submit file
Filepath C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WindowsHost.exe
Size 24.0KB
Processes 2416 (winfuck.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 b1ea05b916354342698ec505b090e981
SHA1 ad12ef2c7f704a5a95e89e9ea731377ebc80a623
SHA256 98c6934a016324572bf5e8fbb4cfdbd7ea9d76b1ee248efae4651f473574cb39
CRC32 3487CAF2
ssdeep 384:4fkCoEuzHbHKwsAkA/xSl7023ILk24jXPlba3XEWTOyJU1QwfXP7ACzYcHe+m:1C76Iz6dO82XPJyJA/TFzYcHe+m
Yara
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • Is_DotNET_EXE - (no description)
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 6ce16cc49ea4605b_hosts
Submit file
Filepath C:\Windows\System32\drivers\etc\hosts
Size 3.9KB
Processes 2416 (winfuck.exe)
Type ASCII text, with CRLF, LF line terminators
MD5 911de2be0f3208da089270f41a0e936b
SHA1 3f5eb0107ca8223983a3fa0174b4ecc0c6a62a43
SHA256 6ce16cc49ea4605bfb71635c2be4475bd15132645b5fa4d5d81730af5b1ad8db
CRC32 61D0F1C8
ssdeep 48:vDZhyoZWM9rU5fFcK2jIPMPZb9O2jIPMPZb9RMv:vDZEurK9FPMPZb9EPMPZb9RMv
Yara None matched
VirusTotal Search for analysis