popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name fd6691e8929d88f0_windows.lnk
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Templates\Windows.lnk
Size 1.0KB
Processes 5888 (tasksmgr.exe) 7608 (update.exe)
Type MS Windows shortcut, Item id list present, Has Relative path, ctime=Sun Dec 31 15:32:08 1600, mtime=Sun Dec 31 15:32:08 1600, atime=Sun Dec 31 15:32:08 1600, length=0, window=hide
MD5 78437cb9044fdd241f81e87d77bb2799
SHA1 75bba425987b03fcd704fee18cb7d6d60152f7f0
SHA256 fd6691e8929d88f028e0286f1b64686ea3a82e5178142682aedb4441e61038ec
CRC32 0555F2AB
ssdeep 12:8gl0oRY3HV7GovHSLcrOk3pQVcz3ilpBJrQE+1g3CNfBP/v4t2YLEPKzlX8:8fZ9MsOApQtBJrQE+1U2ddPy
Yara
  • Lnk_Format_Zero - LNK Format
VirusTotal Search for analysis
Name 2328e7f81d21eb20_windows.lnk
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.lnk
Size 1.2KB
Processes 5888 (tasksmgr.exe) 7608 (update.exe)
Type MS Windows shortcut, Item id list present, Has Relative path, ctime=Sun Dec 31 15:32:08 1600, mtime=Sun Dec 31 15:32:08 1600, atime=Sun Dec 31 15:32:08 1600, length=0, window=hide
MD5 5e656ccc346e76f47b5de93338e25ee1
SHA1 d83228731f84bc26afddb87edb5add078be38618
SHA256 2328e7f81d21eb20a1c1f9048b8bf46b94f8918d3f86eccce594732386d4f3e3
CRC32 28D48484
ssdeep 24:8YZ9MsOApQDgCu+VBctMDBJrQE+1ud0qPy:8XsOAMgCdVqMdJrqYy
Yara
  • Lnk_Format_Zero - LNK Format
VirusTotal Search for analysis
Name 2a54e733d2e4ac0c_tmp7CA6.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\tmp7CA6.tmp
Size 1.6KB
Processes 8024 (tasksmgr.exe)
Type XML 1.0 document, ASCII text, with CRLF line terminators
MD5 cafc05240008cd204af5e5c8a017444f
SHA1 d19208bf434a3e5f7c7cf6dfd01cb108a04f4779
SHA256 2a54e733d2e4ac0c874000e742adf4fca7fc25ccdeaaed97a4e05e1553df5f5d
CRC32 0DBAE7E8
ssdeep 24:2dH4+SEqCH/7IlNMFQ/rlMhEMjnGpwjpIgUYODOLD9RJh7h8gKBJtn:cbhf7IlNQQ/rydbz9I3YODOLNdq3N
Yara None matched
VirusTotal Search for analysis
Name 59c0a91faf884e24_update.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\update.exe
Size 1.4MB
Processes 5888 (tasksmgr.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 fe72d7132c74d81c98dbd31543a00529
SHA1 b416424a60995d814a7c7a1e4d92f90dfe338c81
SHA256 59c0a91faf884e242be0d2384d94eba2536a8f155ae568355eed225f2543176e
CRC32 5F31DB0E
ssdeep 12288:yZt6QhCWK5JFyVRxWFFxz6oz28hZECIHXGc4YHeqho3yJp8/j6q31J9rWqDBbGFb:yJcJAf0FFA7n3b4Y+qwKn7r
Yara
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • Malicious_Packer_Zero - Malicious Packer
  • Is_DotNET_EXE - (no description)
  • Generic_Malware_Zero - Generic Malware
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
VirusTotal Search for analysis