popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 51fe6774a791f468_dFJAaey.tmp
Submit file
Filepath C:\Users\test22\AppData\Roaming\dFJAaey.tmp
Size 175.8KB
Type UTF-8 Unicode text, with very long lines, with no line terminators
MD5 5690637b34da89f603a4bf6ab79d0883
SHA1 92f4a17671150e5f81f2e9e51c71889ab857530a
SHA256 51fe6774a791f46888bd840c3799f8f9baef435a0c2275065d76d111bc91dd94
CRC32 63783764
ssdeep 3072:uz80WJ8UKJ7FYDGwheau0JRSIEs2HHXXZ49kXmQR47rYLdkl:uzrWNKJ7FYS5v0JR7HQ9iT
Yara
  • NPKI_Zero - File included NPKI
VirusTotal Search for analysis
Name 798af20db39280f9_sqlmap.dll
Submit file
Filepath C:\Program Files\Microsoft DN1\sqlmap.dll
Size 114.0KB
Processes 2320 (warzx.exe)
Type PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5 461ade40b800ae80a40985594e1ac236
SHA1 b3892eef846c044a2b0785d54a432b3e93a968c8
SHA256 798af20db39280f90a1d35f2ac2c1d62124d1f5218a2a0fa29d87a13340bd3e4
CRC32 CF004A91
ssdeep 3072:m3zxbyHM+TstVfFyov7je9LBMMmMJDOvYYVs:oMjTiVw2ve9LBMMpJsT
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
  • IsDLL - (no description)
  • Malicious_Library_Zero - Malicious_Library
VirusTotal Search for analysis
Name 824fae3331b95e2f_BJFhzlG.tmp
Submit file
Filepath C:\Users\test22\AppData\Roaming\BJFhzlG.tmp
Size 40.0KB
Type SQLite 3.x database, last written using SQLite version 3033000
MD5 41c19a9e8541fcb934c13c075bf47721
SHA1 648a7622d533d79b9a0bb31dc370134ec3a75ed7
SHA256 824fae3331b95e2f88ca60c87a6c9569086906ec76fc1db8d6dee9adddc4e80c
CRC32 560F7642
ssdeep 48:+35TqYzDGF/8LKBwUf9KfWfkMUEilGc7xBM6vu3f+fmyJqhU:Ulce7mlcwilGc7Ha3f+u
Yara None matched
VirusTotal Search for analysis
Name 23390dfcda60f292_rdpwrap.ini
Submit file
Filepath C:\Program Files\Microsoft DN1\rdpwrap.ini
Size 177.6KB
Processes 2320 (warzx.exe)
Type ASCII text, with CRLF line terminators
MD5 6bc395161b04aa555d5a4e8eb8320020
SHA1 f18544faa4bd067f6773a373d580e111b0c8c300
SHA256 23390dfcda60f292ba1e52abb5ba2f829335351f4f9b1d33a9a6ad7a9bf5e2be
CRC32 51F1DEC9
ssdeep 768:WEUfQYczxEQBLWf9PUupBdfbQnxJcRZsMFdKlax8Rr/d6gl/+f8jZ0fyL+8F7f6/:57f6GqZm0c11IvimstYUWtN/7
Yara None matched
VirusTotal Search for analysis
Name 32ff81be7818fa71_rfxvmt.dll
Submit file
Filepath C:\Windows\System32\rfxvmt.dll
Size 36.5KB
Processes 2320 (warzx.exe)
Type PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5 e3e4492e2c871f65b5cea8f1a14164e2
SHA1 81d4ad81a92177c2116c5589609a9a08a5ccd0f2
SHA256 32ff81be7818fa7140817fa0bc856975ae9fcb324a081d0e0560d7b5b87efb30
CRC32 40B5B78C
ssdeep 768:2aS6Ir6sXJaE5I2IaK3knhQ0NknriB0dX5mkOpw:aDjDtKA0G0j5Opw
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • IsDLL - (no description)
  • Malicious_Packer_Zero - Malicious Packer
VirusTotal Search for analysis