popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 508da356bcf3e83c_microsoftwebtools.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Microsoft Web Tools ver4.49\MicrosoftWebTools.exe
Size 128.0MB
Processes 2180 (Bzboosttt.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 f3b49d3be63f9a914ffb0853d9231d73
SHA1 b74e1b4ff5dec74e249b64de9972757f6f0a58e7
SHA256 82ff4b6170147acd138fff10490e3b75b982ae0e88baa5dc516e311dc8265e6c
CRC32 D89F8199
ssdeep 3145728:dSzaqrElK11EYbbwt7DP/CL0t0mm/xoX/pEvFd+dX2e5Q:dSzayf11e7DP/CL20Z/xoX/pE6NHQ
Yara
  • PE_Header_Zero - PE File Signature
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • Generic_Malware_Zero - Generic Malware
  • Is_DotNET_EXE - (no description)
  • UPX_Zero - UPX packed file
  • IsPE32 - (no description)
  • NPKI_Zero - File included NPKI
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
VirusTotal Search for analysis
Name e7a2148e9c14a2d0_nmobou.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\NMobOU.exe
Size 5.7MB
Processes 1036 (MicrosoftWebTools.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 d1520aa915892e5b60883929c88dcc4f
SHA1 13edf351dad5baf3c15359652a978585457a0811
SHA256 e7a2148e9c14a2d05c80b2b71c84b3560116f7d1c55f9e85b3bcc680507115dd
CRC32 C9945931
ssdeep 98304:Dd47V8J2iKYWoF6QFBUK340/mPIRU9PitRnlCRUys24g7ezHsMB+EzqGP07XzMxF:pWJ2F6qdIxKUN6Q6gi27
Yara
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware
  • Is_DotNET_EXE - (no description)
  • UPX_Zero - UPX packed file
  • IsPE32 - (no description)
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
VirusTotal Search for analysis
Name 94d113e46e601c18_d6a4079ed6c5c8a41c8e
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\D6A4079ED6C5C8A41C8E
Size 212.0B
Processes 2180 (Bzboosttt.exe)
Type ASCII text, with CRLF line terminators
MD5 c6e4f6d517f3ac80075f68f6b1b6006f
SHA1 ce3a16cc8d036820fd24d5e92b8ad697709384e1
SHA256 94d113e46e601c18dbb2a7f25e87835367c371f2d5de5090fec03bb41c9f6d31
CRC32 D42FFB56
ssdeep 6:dhwrpoENTARmGIdEpYSthwrpoENWtd2Tv5:fw9ovmG6Svw9obtdkv5
Yara None matched
VirusTotal Search for analysis