popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 17586170ca6c6c87_parameters.ini
Submit file
Filepath C:\Windows\parameters.ini
Size 263.0B
Processes 1108 (jkfe.exe)
Type ASCII text, with CRLF line terminators
MD5 e744d370c7cb63628e1b3ca149df37b0
SHA1 d15b7e68c4611a6a2a5eb83910cb47a00e61f19f
SHA256 17586170ca6c6c873f66a9e2613bd85cc73f43ef9d4a3b44c31d0e1c4852f035
CRC32 61EBA5B7
ssdeep 6:GUThtewyIIXjmCGgXMA9aBv+F4yseRNh2yW3DddN9n:5ThtetIIXjmFgX34w139tWzddN9n
Yara None matched
VirusTotal Search for analysis
Name 288100583f65a2b7_nsExec.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\nss63A5.tmp\nsExec.dll
Size 6.5KB
Processes 1108 (jkfe.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 b5a1f9dc73e2944a388a61411bdd8c70
SHA1 dc9b20df3f3810c2e81a0c54dea385704ba8bef7
SHA256 288100583f65a2b7acfc0c7e231c0e268c58d3067675543f627c01e82f6fd884
CRC32 E835AD1F
ssdeep 96:p7GUxNkO6GR0t9GKKr1Zd8NHYVVHp4dEeY3kRnHdMqqyVgNQ3e:lXhHR0aTQN4gRHdMqJVgNH
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 54d0043a83f89da8_svchost.exe
Submit file
Filepath C:\Windows\svchost.exe
Size 6.4MB
Processes 1108 (jkfe.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 4f3407ba0de406c6c846db831b731fb2
SHA1 0478b8298de3312bb215d9b9c30116e36da6a1ec
SHA256 54d0043a83f89da8f3d9089be83d2981e63bb3158dd46b1fbcf5bcbbd631f230
CRC32 49C0500E
ssdeep 98304:jFpjqt0F93tI6IU1vinyHd6/jACR4z/+v0svvIKYyitL9qIQg:JpWtynIBnWd6Laz2ss4/NxjF
Yara
  • PE_Header_Zero - PE File Signature
  • VMProtect_Zero - VMProtect packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name e3b0c44298fc1c14_nsn6385.tmp
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\nsn6385.tmp
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name 95fe9d92512ff231_nsProcess.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\nss63A5.tmp\nsProcess.dll
Size 4.0KB
Processes 1108 (jkfe.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 05450face243b3a7472407b999b03a72
SHA1 ffd88af2e338ae606c444390f7eaaf5f4aef2cd9
SHA256 95fe9d92512ff2318cc2520311ef9145b2cee01209ab0e1b6e45c7ce1d4d0e89
CRC32 7F5B79E7
ssdeep 48:SKgfJzwtr95f5wiXnfkm4ZixVWmWDYWWDYvt6ENGAa4GW6ENcuHdtjq6vo:hZ9Htnfd/xVJ3W3V6aQ4GW6azdtj
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
VirusTotal Search for analysis