popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 643092d25a1a271f_sihost32.exe
Submit file
Filepath C:\Windows\System32\Microsoft\Telemetry\sihost32.exe
Size 26.5KB
Processes 1744 (svchost32.exe)
Type PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5 1c0fa7cb39cb9a118209760e1322afb5
SHA1 1bc31088a77282eff66139b5a82a8f14017f7db7
SHA256 643092d25a1a271fb62871e9a5c07b2bdcd92c53d8887faafa451d8669f9fc8b
CRC32 1078CA79
ssdeep 384:gzqA0vBFpxtTb/rv/1+bN1XAzbjdyywgG4OndACAeFoIUWDaY:wyvHFb1ijibj/w34OVAWV
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
VirusTotal Search for analysis
Name 9a87c2439508af96_590aee7bdd69b59b.customDestinations-ms~RF9be0d8.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF9be0d8.TMP
Size 7.8KB
Processes 2948 (powershell.exe) 2892 (powershell.exe)
Type data
MD5 3799ed0ea618acfffdc0f7210e14860b
SHA1 8bc3c67113e5418c226dd7fb3abe7d070809ae50
SHA256 9a87c2439508af96d7e7f6e57ab83b8102f728e7ce7ff798c8d6ac1a42935370
CRC32 4BCE30B8
ssdeep 96:EtuCojGCPDXBqvsqvJCwoJtuCojGCPDXBqvsEHyqvJCworntDHXyGlUVul:Etu6XoJtu6bHnortTyY
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name f96d730c7e95bc15_svchost32.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\svchost32.exe
Size 81.0KB
Processes 2548 (Launcher.exe) 192 (cmd.exe)
Type PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5 21f4a8ea0c82fd99241f5299388dfa3a
SHA1 5a39655b9dc2c396e6ce1e5948c92a669208563c
SHA256 f96d730c7e95bc15477e2a3bc9e041fe6a0b216b293d2b8eed35bbcfdce5cd5d
CRC32 5B8DD0A3
ssdeep 1536:J7jqgSOD6aXoXOjXEWpgp1Nlpu6Pbk0O:Jire6UoX6XRgpXTuGbk0O
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • Malicious_Packer_Zero - Malicious Packer
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
VirusTotal Search for analysis
Name f4d28cf0f12006f9_590aee7bdd69b59b.customDestinations-ms~RF9b92f7.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF9b92f7.TMP
Size 7.8KB
Processes 584 (powershell.exe) 2948 (powershell.exe)
Type data
MD5 b770148dd160455bac8fe186a882733d
SHA1 f41e6e10cf42b4aa831f43abfb27c031bf0f3d4a
SHA256 f4d28cf0f12006f93de9b6181d36369c8d85b6021f830ea407d76585cbda8b1e
CRC32 94B533F7
ssdeep 96:EtuCojGCPDXBqvsqvJCwoJtuCojGCPDXBqvsEHyqvJCwor3tDHXyGlUVul:Etu6XoJtu6bHnordTyY
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis