popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 725e476d1d0194ad_0866.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\vlc\0866.exe
Size 388.0KB
Processes 3332 (eldera.txt)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 53001c5112da0cb57eec1b029ff01759
SHA1 839eee20a72b4d48b83366788af8bc6e9b9e8bcc
SHA256 725e476d1d0194ad4b55aef56539c888c7be4d4224cef2438ec5744e230723f7
CRC32 4B73C9F0
ssdeep 6144:v57+zH1LRCvlivznmgRUgG4I8XrToTNDGPz12J1hfoYEECKWL1FzYafs5QWjlDEX:B7IrNP9o5CSoYEEC11FRWQWjlDE
Yara
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware
  • Is_DotNET_EXE - (no description)
  • IsPE32 - (no description)
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
VirusTotal Search for analysis
Name f825dd89181e7435_d93f411851d7c929.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size 7.8KB
Processes 5916 (powershell.exe)
Type data
MD5 61d3b003e73f968491bb9de05318fcbd
SHA1 abb40732bf72a072c5b176449fdb8f1c56383e03
SHA256 f825dd89181e743525684aff8d99cc6d78046e461147c33b6f7a182b98c58ea9
CRC32 76116DE9
ssdeep 96:wtuCiGCPDXBqvsqvJCwoNtuCiGCPDXBqvsEHyqvJCworc7HwxGlUVul:wt7XoNt7bHnorXxY
Yara
  • Antivirus - Contains references to security software
VirusTotal Search for analysis