popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name e4a7129e0e410aa8_r
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\r
Size 1.0MB
Type ASCII text, with very long lines, with CRLF, CR, LF line terminators
MD5 680990b8f68cb4a4b024275d19a41653
SHA1 ab778487125e504cb8b62526bc0af9353e227562
SHA256 e4a7129e0e410aa82c1321869199859813018d3840b0374218880e8afac1f073
CRC32 073E5485
ssdeep 12288:+jUlFamMx4Grb1q9me1ZhBEW5eLj6Q1QROkiWSbmlt8muuImH:QUltTD/pfSsn7
Yara
  • NPKI_Zero - File included NPKI
VirusTotal Search for analysis
Name 182eae309c9d9df1_perfette.sldx
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\Perfette.sldx
Size 338.0B
Processes 872 (paypall.exe)
Type ASCII text, with CRLF line terminators
MD5 7718edd8eee08a600127e35082057f70
SHA1 dba757e68cdaf0e9faaed3a7654e7593ba4d91bd
SHA256 182eae309c9d9df178ed43c98f08ce0848247e1de8a1a9db1b22a3d1ab7ae65a
CRC32 62D288BA
ssdeep 6:CS5IX/jHilYkiBw+crJJVqZkv6Y5mqejkxlywqghbfkWxb7OKkiD6V6Mki6oUDXf:zWXrdZBwvrDAZk75mIlbZ/W6e1Z6TS90
Yara None matched
VirusTotal Search for analysis
Name 237d1bca6e056df5_cphpjiczse.exe.com
Submit file
Filepath C:\Users\test22\AppData\Roaming\oDvZoAUvOB\CPhPJIczSe.exe.com
Size 872.7KB
Processes 2448 (Primavera.exe.com)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 c56b5f0201a3b3de53e561fe76912bfd
SHA1 2a4062e10a5de813f5688221dbeb3f3ff33eb417
SHA256 237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d
CRC32 76090EE7
ssdeep 12288:6pVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawV2M01:6T3E53Myyzl0hMf1tr7Caw8M01
Yara
  • PE_Header_Zero - PE File Signature
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 60248d6f010e04a2_gwksvy.js
Submit file
Filepath C:\Users\test22\AppData\Roaming\oDvZoAUvOB\gwksVy.js
Size 278.0B
Processes 2448 (Primavera.exe.com)
Type ASCII text, with no line terminators
MD5 fc0817ab7f564736012262c49118729b
SHA1 87b60eac270bd7dc10b7f170a135334c4bf3fdee
SHA256 60248d6f010e04a2a0e4020d812a5f799f82a3ae4e2cc30560a57bbd6c5f35e7
CRC32 1A613848
ssdeep 6:5AKIH8CYM2h2sUS4tRZDbRXp+NI5ccpFPNbRXp+NI5cVWDbRXp+NI5cdYp:5zS6R4t7vVfFP9V7vVvp
Yara None matched
VirusTotal Search for analysis
Name e302a00236132cee_cphpjiczse.url
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CPhPJIczSe.url
Size 158.0B
Processes 2448 (Primavera.exe.com)
Type MS Windows 95 Internet shortcut text (URL=<"C:\Users\test22\AppData\Roaming\oDvZoAUvOB\gwksVy.js>), Little-endian UTF-16 Unicode text, with CRLF line terminators
MD5 53ab182c7b1fc5267b6200e33385d789
SHA1 10b2e3c802c1e6818c2fab81f1585441213134d5
SHA256 e302a00236132cee0b002c23dc8713057bef62aeefb6837466897b9bea007fd4
CRC32 B5B47732
ssdeep 3:Q+2lRQuRkiglZlo14tEIduhOEjl3QlMIolCl7o/l+DTlqbmWOMLcDi:Q+2lJglZyKm/UEZglJPZooDEbmJMoDi
Yara None matched
VirusTotal Search for analysis
Name 5b880484260bbb85_oscurato.sldx
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\Oscurato.sldx
Size 872.8KB
Processes 872 (paypall.exe)
Type data
MD5 8972adb1fc07ff6f4c98559800fa0864
SHA1 5418adb13e742da45fcc40bddba69c5bfee2ac2e
SHA256 5b880484260bbb851272fc80eb5212d6b27c30ce721ea09f76284ede0d4dd998
CRC32 5BC46F24
ssdeep 12288:bpVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawV2M01:bT3E53Myyzl0hMf1tr7Caw8M01
Yara
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name f034f7b12fa5803c_Ama.sldx
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\Ama.sldx
Size 63.5KB
Processes 872 (paypall.exe) 2448 (Primavera.exe.com)
Type data
MD5 a1d362ef4a46fdd9911cac994a3cb69d
SHA1 4a48a29199bdf289545e0525df663bfc6d058d19
SHA256 f034f7b12fa5803cfc59680a062fb01f4954bcbaece8b060c5db34a0bbf65bf8
CRC32 12F834B8
ssdeep 1536:RpYAooDgy74cLquZsyFci1RvwSC/UT1mDcZbJHon:f+oJkcAcV1ZwSC/UIAZ8
Yara None matched
VirusTotal Search for analysis