popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 9d3d13c55b2614c0_590aee7bdd69b59b.customDestinations-ms~RF21c370b.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF21c370b.TMP
Size 7.8KB
Processes 2156 (powershell.exe) 784 (powershell.exe)
Type data
MD5 3eb6fb80f9dbbc1201de9e762252141b
SHA1 c6d1e6ea5f2fef6f4458695b8ed7586aed429f1c
SHA256 9d3d13c55b2614c0615acea119139123b2a29f2a0daded7edd5146e4614a78e6
CRC32 23B7285A
ssdeep 96:YtuCaGCPDXBqvsqvJCwo9tuCaGCPDXBqvsEHyqvJCwor/tDHXyWlUVul:YtzXo9tzbHnorlTyo
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 1504763b84e950b6_vbc.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\vbc.exe
Size 706.0KB
Processes 2156 (powershell.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 fdb84298836a2682cf6ed805bc8852de
SHA1 c0024979815687a93ff689f7df62a0bcbb06aa4a
SHA256 1504763b84e950b66d6cad0d999137471b87f4a1cbedb28b9e0107ffd247d4dd
CRC32 B42AE086
ssdeep 12288:a8t5vy4E/psIgdXAl6stPWF236ISuNeGJifJiQgK5nmhc8Vi:a8t5q4E/pDgdm6stPWSp3NSBiQ6nVi
Yara
  • PE_Header_Zero - PE File Signature
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • Generic_Malware_Zero - Generic Malware
  • Is_DotNET_EXE - (no description)
  • IsPE32 - (no description)
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
VirusTotal Search for analysis
Name 10970e2ab0fcbbe3_sys4h57g.lnk
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sys4h57g.lnk
Size 998.0B
Processes 2024 (vbc.exe)
Type MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 15:32:08 1600, mtime=Sun Dec 31 15:32:08 1600, atime=Sun Dec 31 15:32:08 1600, length=0, window=hide
MD5 64be2a73d03b9826f0014e8c12895287
SHA1 edb2dd784bf1d76ed94f8064ee93fbf5d832f6f6
SHA256 10970e2ab0fcbbe35afa9fa8cdae7f5942ccf01faef0a232525377f15b3af877
CRC32 87D5C187
ssdeep 12:8wl0EY3HV7GyuREXusYpEml1/f5XmY/Q1/f5Xmeg/omNJkKA54t2YLEPKzlX8:8XZqRE+nzdIdP4oCHADPy
Yara
  • Lnk_Format_Zero - LNK Format
VirusTotal Search for analysis