popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 757e49a611fc9332_move_95.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\Software\Move_95.exe
Size 168.0KB
Processes 1108 (SC_hack.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 46acc00758e7ba670b467e328bfeb212
SHA1 9cee15e2693948200d8adfa41e1316fe4cd1a7de
SHA256 757e49a611fc9332d5a234a08e65b066b317e6167ef020bf452eeb448b878dd0
CRC32 507A0E36
ssdeep 3072:ocWshbCRJa0hOKhxPH6yRdnFfICBl9otjl3IZICBl9otjl3IooNNAK:jDV0oKfCy5fhlityZhlityvNV
Yara
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • Is_DotNET_EXE - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
VirusTotal Search for analysis
Name 1599e6593cd56ed9_pencil_6.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\bimetalismo\Pencil_6.exe
Size 4.7MB
Processes 1108 (SC_hack.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 f1ce5b50935c231007f55095ef4a9dd3
SHA1 47dec0be9884a9e84f642501f1d97802978ad963
SHA256 1599e6593cd56ed906b049c46a6b0f982baf0fd458f7ce050ab22472d0f2fbe2
CRC32 6F33E3D3
ssdeep 98304:2e6v+cxTObmiv1M9zce2+fPuB0nzr4nn9F:kxTzcM9zcN+OB0nv4n9F
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 37a52a8cacc9ff83_cargo_57.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\Software\Cargo_57.exe
Size 6.1MB
Processes 1108 (SC_hack.exe)
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 087b7161f6fc0bb051bc62057b884bd0
SHA1 3701743e49e4f3232248426351eca3bbd467a641
SHA256 37a52a8cacc9ff830a1032a306755de67a7b5b4c68bb445366045f5e7e42052d
CRC32 50B4C916
ssdeep 196608:LjOlBl/8P33HgS+CxENfWw2Cdi1WMYaymKi5JHcf:LjO7/mz+CxENJ295Vv+
Yara
  • IsPE64 - (no description)
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • PE_Header_Zero - PE File Signature
  • themida_packer - themida packer
VirusTotal Search for analysis
Name e3b0c44298fc1c14_nsp6579.tmp
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\nsp6579.tmp
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name f371563bbb845b88_soft.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\Software\soft.exe
Size 1.3MB
Processes 1108 (SC_hack.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 df4ffb694a819fa1588e087d5ee03c70
SHA1 1cabd2af339d8fbb2cde39a7ed39c465cfd097d9
SHA256 f371563bbb845b880a8989991d197e1176cff056e07dfcbbd4dc4e37d5c3b98e
CRC32 895267B7
ssdeep 24576:JAHnh+eWsN3skA4RV1Hom2KXMmHaDcQVO5Bs0ZbghJMuJHoFi/sxo+Wgy5:Qh+ZkldoPK8YaDcVxEhJjyFi+i
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Device_Check_Zero - Device Check Zero
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
  • FindFirstVolume_Zero - FindFirstVolume Zero
  • CryptGenKey_Zero - CryptGenKey Zero
  • Process_Snapshot_Kill_Zero - Process Kill Zero
VirusTotal Search for analysis
Name 9e705576a0bff4be_msg1.exe
Submit file
Filepath C:\ProgramData\msg1.exe
Size 848.0KB
Processes 2696 (soft.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 e550128dd89a40e62582a4e54229ecca
SHA1 3a67b5d4663d67734d163542ff424523b91a4d92
SHA256 9e705576a0bff4be3a34209fbbeb0a08ae5d9c0209d131f599263227cc45fa43
CRC32 8B6FCA4F
ssdeep 24576:bAHnh+eWsN3skA4RV1Hom2KXMmHaKHh5:2h+ZkldoPK8YaKL
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Device_Check_Zero - Device Check Zero
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
  • FindFirstVolume_Zero - FindFirstVolume Zero
  • CryptGenKey_Zero - CryptGenKey Zero
  • Process_Snapshot_Kill_Zero - Process Kill Zero
VirusTotal Search for analysis
Name 6fcea34c8666b063_System.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\nsk65A9.tmp\System.dll
Size 11.5KB
Processes 1108 (SC_hack.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 fccff8cb7a1067e23fd2e2b63971a8e1
SHA1 30e2a9e137c1223a78a0f7b0bf96a1c361976d91
SHA256 6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e
CRC32 7D939E74
ssdeep 192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • IsDLL - (no description)
VirusTotal Search for analysis
Name 704a2f7a802706da_windefence.lnk
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WinDefence.lnk
Size 999.0B
Processes 2852 (Pencil_6.exe)
Type MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Archive, ctime=Sun Jul 11 16:05:16 2021, mtime=Sun Jul 11 16:05:16 2021, atime=Sat Jul 3 16:05:54 2021, length=4878872, window=hide
MD5 6a6f63d7783777cfdaa2bdfc2428926a
SHA1 8f358da371c18dc8fb20c830aa23b8347b329e8d
SHA256 704a2f7a802706da92941d21fea4be228dc71468e1bf58983d6a893b00367d5a
CRC32 16C2FA42
ssdeep 24:8WsERdIl6jF0rmLhKOzNVCmV+mhQQh5m508:8Wskh0yQOpVFbhQMo508
Yara
  • Lnk_Format_Zero - LNK Format
VirusTotal Search for analysis
Name 5a167bc9d6b28737_aut6B17.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\aut6B17.tmp
Size 471.7KB
Processes 2696 (soft.exe)
Type data
MD5 d52bcfa5bc7e022d6b51cbb466671cb5
SHA1 46e3363413f7abe2259096a560cc7bf3665355d5
SHA256 5a167bc9d6b28737fe3624cefda177acb75eb126dd886cdad05f1c0833b35e8c
CRC32 1D8E9714
ssdeep 12288:S9K+/vmsur2oRjOptw072/d/fxqVKVfJOfJBHIc2OpDy7LXffp:S9KXsuaohO7wFXxuKhJOjHIay/5
Yara None matched
VirusTotal Search for analysis