popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 4ab1ccdf70fc8af0_err_1b7ce9defeb04df0a5b7ca29bd8e43e6.dat
Submit file
Filepath C:\Users\test22\AppData\Roaming\Orcus\err_1b7ce9defeb04df0a5b7ca29bd8e43e6.dat
Size 1.6KB
Processes 1856 (huh.exe) 2532 (Orcus.exe)
Type ASCII text, with very long lines, with CRLF line terminators
MD5 3c6e99f63dc702c1efe90d6aeda0a4b4
SHA1 020ee7cea3bb712fa2f8e0d3ff6f7be372f1ac9c
SHA256 4ab1ccdf70fc8af09931a11e049af39cc412423d7e47a1b206208cfbeaf1acf6
CRC32 42AD81D5
ssdeep 24:wXOuLepK5sNghq5mfq/QVdr2K+Q/bu1AaLzJgTGoc8ZcHqFQ+DcHbAgJM5NqXn:wJLwpNwTDVdiK+6CAaG9koQNbLJM5MXn
Yara None matched
VirusTotal Search for analysis
Name 8dbe814359391ed6_windowsinput.exe
Submit file
Filepath C:\Windows\SysWOW64\WindowsInput.exe
Size 21.0KB
Processes 1856 (huh.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 e6fcf516d8ed8d0d4427f86e08d0d435
SHA1 c7691731583ab7890086635cb7f3e4c22ca5e409
SHA256 8dbe814359391ed6b0b5b182039008cf1d00964da9fbc4747f46242a95c24337
CRC32 5BC81F8C
ssdeep 384:v4I7s3DhDXbdCEiWByrv0/5OPovw+BdkDGIMA10qKpWn:gggDhDXxeWwDgOD7
Yara
  • Generic_Malware_Zero - Generic Malware
  • Is_DotNET_EXE - (no description)
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
VirusTotal Search for analysis
Name f99ef5bf79a7c437_orcuswatchdog.exe.config
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\OrcusWatchdog.exe.config
Size 357.0B
Processes 2532 (Orcus.exe)
Type XML 1.0 document, ASCII text, with CRLF line terminators
MD5 a2b76cea3a59fa9af5ea21ff68139c98
SHA1 35d76475e6a54c168f536e30206578babff58274
SHA256 f99ef5bf79a7c43701877f0bb0b890591885bb0a3d605762647cc8ffbf10c839
CRC32 412A4F16
ssdeep 6:TMVBd1IffVKNC7VJdfEyFRdSC7VrfC7VNQfC7VOVx/OfEyFRfyruUuAW4QIT:TMHdG3VOcrdS+QmafyV93xT
Yara None matched
VirusTotal Search for analysis
Name 1f78f1056761c6eb_windowsinput.installstate
Submit file
Filepath C:\Windows\SysWOW64\WindowsInput.InstallState
Size 7.3KB
Processes 2144 (WindowsInput.exe)
Type XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5 362ce475f5d1e84641bad999c16727a0
SHA1 6b613c73acb58d259c6379bd820cca6f785cc812
SHA256 1f78f1056761c6ebd8965ed2c06295bafa704b253aff56c492b93151ab642899
CRC32 EEE5D758
ssdeep 96:R3DrP/zatgCnNjn1x62muDr9aHmzcv/65m7JDcm0BefnanGEkn56vT4ZvR++JDr+:NexdYX7OSRjXsaA0Ndhi
Yara None matched
VirusTotal Search for analysis
Name 8d88075854922015_orcuswatchdog.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\OrcusWatchdog.exe
Size 9.0KB
Processes 2532 (Orcus.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 913967b216326e36a08010fb70f9dba3
SHA1 7b6f8c2eb5b443e03c212b85c2f0edb9c76ad2bf
SHA256 8d880758549220154d2ff4ee578f2b49527c5fb76a07d55237b61e30bcc09e3a
CRC32 56AFFD12
ssdeep 96:jmqLxbUsEIoD6sO4IcAh3VnRk3ieU6fsPC8+hKkBLiWTSFThPATlHNUpjbGxdRzj:jmST5dnhTgKXPCPhvBLiW+FFAoSp
Yara
  • Generic_Malware_Zero - Generic Malware
  • Is_DotNET_EXE - (no description)
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
VirusTotal Search for analysis