popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 49c4a85bce2fb8cb_d93f411851d7c929.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size 7.8KB
Processes 1792 (powershell.exe)
Type data
MD5 4eba3b6a4f05a26106a2d772c79da044
SHA1 45ae375ea2f305e4409aabc22803cd1471f0983e
SHA256 49c4a85bce2fb8cb6db4279591d0966cbd2fb84bc43f252ee5ad14d3d615b2b5
CRC32 2DF7F691
ssdeep 96:YtuCaGCPDXBqvsqvJCwo9tuCaGCPDXBqvsEHyqvJCworM7HwxWlUVul:YtzXo9tzbHnornxo
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 64edc2494a61e5b6_Sonytec.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\Sonytec.exe
Size 603.4KB
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 9f131b2c9238dec27437d330d4b2b872
SHA1 0827b4cb6ffd24850ca8a8ba3ef75b8c6b569560
SHA256 64edc2494a61e5b657886e07f21822ec6106819b4eec3e5eb441e5419ca7b316
CRC32 D0EA07FE
ssdeep 6144:6LwjnBbJLowAaANJhJnB9bhYaIRYafI9EaiqZOSOojO4aeJhUphfyvjCxycr:6UbBNowMZgYFaamSRjSez880ym
Yara
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware
  • Is_DotNET_EXE - (no description)
  • IsPE32 - (no description)
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
VirusTotal Search for analysis
Name caf6f141e7889d7e_nqlkczemlz11720120210713093002.pdf
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\Nqlkczemlz11720120210713093002.pdf
Size 9.2KB
Processes 304 (Sonytec.exe)
Type HTML document, ASCII text, with very long lines
MD5 0b429190e6b8c6e81914cfc61d78ec19
SHA1 b3cf0fd91d393af6a2dbac050ad2fba8e7a24aef
SHA256 caf6f141e7889d7e370856601a7685cf3a54e3509c7512d950976ac9a1fa2748
CRC32 7BC4B493
ssdeep 192:XQb2Jhd9U6KJo18b+eegCwN23xKyD84tAf6WVQ+FR4FRmFRz8TWq:Ab2Jhd9bEo186fgCwYRtAfDVVR+RYRIr
Yara None matched
VirusTotal Search for analysis
Name 33e8568cf4e1fdcc_yfgimyclsfw.vbs
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\Yfgimyclsfw.vbs
Size 119.0B
Processes 304 (Sonytec.exe)
Type ASCII text, with no line terminators
MD5 8dfc29db166768309b9fe8e2d176754a
SHA1 1c99dc473cdecd566cd2f12bad6c2aa263950219
SHA256 33e8568cf4e1fdcc8424d50a33132c1a56caf96bec2bf14a99c43b366854e785
CRC32 421DB088
ssdeep 3:FER/n0eFHHomWxpcL4E2J5xAIbyEoVcWVZMFjM:FER/lFHImQpcLJ23fbyEIIZM
Yara None matched
VirusTotal Search for analysis