popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 11bd2c9f9e2397c9_wr64.sys
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Libs\WR64.sys
Size 14.2KB
Processes 2840 (services64.exe)
Type PE32+ executable (native) x86-64, for MS Windows
MD5 0c0195c48b6b8582fa6f6373032118da
SHA1 d25340ae8e92a6d29f599fef426a2bc1b5217299
SHA256 11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5
CRC32 6B0323EB
ssdeep 192:nqjKhp+GQvzj3i+5T9oGYJh1wAoxhSF6OOoe068jSJUbueq1H2PIP0:qjKL+v/y+5TWGYOf2OJ06dUb+pQ
Yara
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
VirusTotal Search for analysis
Name 161b300341b13286_sihost64.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Libs\sihost64.exe
Size 7.5KB
Processes 2840 (services64.exe)
Type PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5 166213777294803cd18b1904e7daf42b
SHA1 b6e4e3127183925cde7a82dc0b14aeffee4c7dfc
SHA256 161b300341b1328638f2323513fe4d98461d24883d1cbeae74f6498e1b757860
CRC32 8A91717A
ssdeep 96:NzPLdRA/NqTbB6Rwp/ZGbjDN792+jD6NvnFHdjgBwdzbhSTIoDwufQWwOgzNt:do/dwp/qnF92+jednF98BwdGPfQWu
Yara
  • IsPE64 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • PE_Header_Zero - PE File Signature
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
VirusTotal Search for analysis
Name ee012fc206cf8893_sihost64.log
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Libs\sihost64.log
Size 2.0MB
Processes 2840 (services64.exe)
Type data
MD5 f0a1d1e43c23a249ca3fc2b291f5aa9e
SHA1 acf203c995a95e83d3443ec873e86198d2f813eb
SHA256 ee012fc206cf88933e3450a3423a6ba494a621308c57f6957af4addb2208a271
CRC32 D6A879B3
ssdeep 49152:3T5UPuX5XbrQhfFvpTuOYRWdooOs9BNLTmKg72z+RBkwQKTX72:Yuahf7vdoo1BNXpo2CzkwhX72
Yara None matched
VirusTotal Search for analysis