popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name dfb1ea29a03a9c3a_safman_setup.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\is-JQCE0.tmp\safman_setup.tmp
Size 711.5KB
Processes 2444 (safman_setup.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 a7abbbeecba21df6839d2798ef0083f9
SHA1 3e00cf3eb36e77b29a4594e8f117fe98300fcb85
SHA256 dfb1ea29a03a9c3abeb9f87e9817b60d43cab8e3f33b8471bb10dfaaa853b84e
CRC32 4084FBB2
ssdeep 12288:gqIRz+f+ui8TrPO37fzH4A63RRwDFtuXUZERmhrNh4dT9TaC+IGNbDtQPu+yx9Ct:FIZg+uiirPO37fzH4A6haDbcUZEbdT9p
Yara
  • PE_Header_Zero - PE File Signature
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
VirusTotal Search for analysis
Name 388a796580234efc__setup64.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\is-TTKOI.tmp\_isetup\_setup64.tmp
Size 6.0KB
Processes 2384 (safman_setup.tmp)
Type PE32+ executable (console) x86-64, for MS Windows
MD5 e4211d6d009757c078a9fac7ff4f03d4
SHA1 019cd56ba687d39d12d4b13991c9a42ea6ba03da
SHA256 388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95
CRC32 2CDCC338
ssdeep 96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
VirusTotal Search for analysis