popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name b98d70b95f0de166_checksum.txt
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\checksum.txt
Size 2.5KB
Processes 1016 (AutoUpdate.exe)
Type ASCII text, with CRLF line terminators
MD5 6dfdd802b6cee825416e18f74f646236
SHA1 77bf1967372b563a08209b5a759528e813d5c6d1
SHA256 b98d70b95f0de1667e520e91f52cf54a8f1226613ff75c95a3bbbb95d3a5acff
CRC32 5FDD2CCC
ssdeep 48:4ooLxMsTzn3FStTSrHsRA/mnkvhhdNsNne3MLsFSDRnFbA2sGObDVw6qsDrYVbMq:4op8j3kt+AWunkvhyNncdSDxFTOvVpn6
Yara None matched
VirusTotal Search for analysis
Name 5bebae6fdc2a850b_auto9yinupdate.lnk
Submit file
Filepath C:\Users\test22\Desktop\Auto9YinUpdate.lnk
Size 1020.0B
Processes 1016 (AutoUpdate.exe)
Type MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, ctime=Sun Dec 31 15:32:08 1600, mtime=Sun Dec 31 15:32:08 1600, atime=Sun Dec 31 15:32:08 1600, length=0, window=hide
MD5 70d4bdbdb942bf9c55f5576a14dfdd56
SHA1 1484f8e4e570cab5aa2f79007cf7a7763d68c0b5
SHA256 5bebae6fdc2a850b1fa2671e822b00ea55eaf94b3f277463471efb43d407cacc
CRC32 0C778229
ssdeep 12:80lXEARY3HV7GyuR+/fG3JkoXC22ogexQ1BXCPmm/Q18/omNJkKA54t2YLEPKzlM:80lOZqRQKdF2DiYSoCHADPy
Yara
  • Lnk_Format_Zero - LNK Format
VirusTotal Search for analysis
Name bfb04efc4b4b73fd_vl2 2008.lnk
Submit file
Filepath C:\Users\test22\Desktop\VL2 2008.lnk
Size 1.1KB
Processes 1016 (AutoUpdate.exe)
Type MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Archive, ctime=Thu Aug 6 20:04:04 2020, mtime=Thu Aug 6 20:04:04 2020, atime=Thu Aug 6 20:04:04 2020, length=1466368, window=hide
MD5 ac76da6fd612776741c65cf583adcc47
SHA1 8c9e7770e604b26527c2054c1fd577b47e8585e7
SHA256 bfb04efc4b4b73fd786d34ad2d6de26be380596c7e175cefa8d1fe3e01799f5e
CRC32 A9DA840D
ssdeep 12:8Bq46Ki4cZCrR8EvSWcg6R+/usDSZoOjM8I4izCCOLMlFogeFQ1BLmm/Q186Nwu7:8BN6QsERdw7Rc+czrzNRloa/YD6Py/08
Yara
  • Antivirus - Contains references to security software
  • Lnk_Format_Zero - LNK Format
VirusTotal Search for analysis
Name e745021b56adf4dd_AutoUpdate.exe.bak
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\AutoUpdate.exe.bak
Size 1.4MB
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 e1d039fffde52305c0b315b3bd34beec
SHA1 ef0d8423979e8f5ba55e6c3f473b4a216b87936f
SHA256 e745021b56adf4dd38d2f004009b5d2774c3775eae19ac2187be0de6c4529a4e
CRC32 B9FE1C8B
ssdeep 24576:L3nB01SJwjNIgiGqcAgXQtNvZZij5LZc+cFMUhso9H/SY8rB8M6iVNSXeKn:L3nm1SJwjNRqcRQxZC1ZAH3E8MH
Yara
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • Antivirus - Contains references to security software
  • Is_DotNET_EXE - (no description)
  • Generic_Malware_Zero - Generic Malware
  • IsPE32 - (no description)
VirusTotal Search for analysis