popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name ac1bc7766373dd9c_sihost64.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Libs\sihost64.exe
Size 7.5KB
Processes 2260 (Runtlme.exe)
Type PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5 70052a597158c8bcbfa832a2b7228d71
SHA1 054575183c0d76cda34d0885c2b225d4f5221307
SHA256 ac1bc7766373dd9cf2a82d1504be4276e79d6aedb56e2dc4e49b6d103c069321
CRC32 9743B3BE
ssdeep 96:9ezPLdRAVkM5vktM3fwv0joz4bjDN792+ji83ae3IobcTIoDV30WwOgzNt:9OovstM3fwsVnF92+ji83GT0Wu
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
VirusTotal Search for analysis
Name be4f907622efa27e_xmr.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\xmr.exe
Size 2.1MB
Processes 1908 (ZXCXZCsssssssssssASDFasdfEWSDFew.exe)
Type PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5 363ffd801bd112c81ed57a96cb75d9c8
SHA1 720d66a72efaacee471adca31dd59efc5b9b44ee
SHA256 be4f907622efa27e4b6f89bef59f02ef671b507ea72b43d36332cc045c7dabb3
CRC32 56E097C1
ssdeep 49152:csMx5jlN8T8AEPiKaNpr6tfepn8bh4S4YFuLM9:/Mb8T8AAaNYt2hAfL
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 11bd2c9f9e2397c9_wr64.sys
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Libs\WR64.sys
Size 14.2KB
Processes 2260 (Runtlme.exe)
Type PE32+ executable (native) x86-64, for MS Windows
MD5 0c0195c48b6b8582fa6f6373032118da
SHA1 d25340ae8e92a6d29f599fef426a2bc1b5217299
SHA256 11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5
CRC32 6B0323EB
ssdeep 192:nqjKhp+GQvzj3i+5T9oGYJh1wAoxhSF6OOoe068jSJUbueq1H2PIP0:qjKL+v/y+5TWGYOf2OJ06dUb+pQ
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
VirusTotal Search for analysis