popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 38919046a50d0100_piccola.midi
Submit file
Filepath C:\Users\test22\AppData\Roaming\Piccola.midi
Size 555.0B
Processes 1684 (123.exe)
Type ASCII text, with CRLF line terminators
MD5 4385df4f8fdc3e6232d7c291498ced40
SHA1 db9d8e9e322be2a6306097e8215b0abe124e1adb
SHA256 38919046a50d010024b2a2493dd5cf15e2f6b5387b91dfbc382f7713503e35f8
CRC32 C96AAC98
ssdeep 6:jonesyFKIjqsHPYejne6gMlN1bKHq7KMlNt1S4Gw+Twx6VBTsnZW0r4BLSHh1j8n:ZsOjXPWwKEGwmwOlsnM0GKuHaYye8+n
Yara None matched
VirusTotal Search for analysis
Name f2ad9dc8789c1318_xcpyuadvaz.url
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XcpyUaDvAz.url
Size 170.0B
Processes 1240 (Giudichera.exe.com)
Type MS Windows 95 Internet shortcut text (URL=<"C:\Users\test22\AppData\Roaming\CfwsVStDRa\yjrZRYDkDUTY.js>), Little-endian UTF-16 Unicode text, with CRLF line terminators
MD5 9e98d8a7c81d28c65de995f2413e98e1
SHA1 dfa0ba9fa64e2ebbdf45b02b9318b58a1f0310dd
SHA256 f2ad9dc8789c1318179715a6439c93c8fb0cf59e2a89e81d49296b1b03ba744b
CRC32 98F9F57D
ssdeep 3:Q+2lRQuRkiglZlo14tEIduhOEjl3QlMIolCl7QWiJ2L4YVl1llq0LlPlWn:Q+2lJglZyKm/UEZglJPZQUcYPs2dWn
Yara None matched
VirusTotal Search for analysis
Name abdcf33a9078d7f2_vostra.midi
Submit file
Filepath C:\Users\test22\AppData\Roaming\Vostra.midi
Size 9.0KB
Processes 1684 (123.exe)
Type data
MD5 a55c49472f67f3c6aa2c7012c63dc475
SHA1 e7d25117a26b103dca2146aae715a1770adaea78
SHA256 abdcf33a9078d7f25610d021fc1ad70b19520082b0f0adf0c13bd3b64180ed4c
CRC32 988805C6
ssdeep 192:ugJzJmXwgSjuGlAuDkrDPuOHDDPfj3oUMCZjOr2F:jJmLbcmDTDDXjYmNOqF
Yara None matched
VirusTotal Search for analysis
Name e3b0c44298fc1c14_nsd6615.tmp
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\nsd6615.tmp
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name ce2fb05b7d6e31db_xcpyuadvaz.exe.com
Submit file
Filepath C:\Users\test22\AppData\Roaming\CfwsVStDRa\XcpyUaDvAz.exe.com
Size 1.0MB
Processes 1240 (Giudichera.exe.com)
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 f83ab141e29899ceb5308dabde894a0e
SHA1 6ea46bb7102125fa5d39b77547dab28ec346e9f9
SHA256 ce2fb05b7d6e31db76127521aac02d9b3d595058ba13687c4ad6c68088eb8d99
CRC32 880C7923
ssdeep 24576:GT1FG7ZpD11BUW3e5grbH62tCZwAxMk6s/jnoMMyID6EZr+zaMTJxBH:GPoZ31BX3e+H62tCZwEMRcsMMyID6EZK
Yara
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
VirusTotal Search for analysis
Name 02c9466c9ade95c4_yjrzrydkduty.js
Submit file
Filepath C:\Users\test22\AppData\Roaming\CfwsVStDRa\yjrZRYDkDUTY.js
Size 273.0B
Processes 1240 (Giudichera.exe.com)
Type ASCII text, with no line terminators
MD5 0ac935f2aa343241744249145a742837
SHA1 b948f8a1947231fcdd4aae4baf0b9416ea010a1a
SHA256 02c9466c9ade95c42395aab448a6b9056dcf6f2e7cd5d0a68cd9da5c395aae58
CRC32 C4C81490
ssdeep 6:5AThIH8CYM2h2sUS4tRZDbRXp+NI5K2H3ukBNbRXp+NI5K2H3KYWDbRXp+NI5K27:5GS6R4t7vVK2XukB9VK2XwvVK27
Yara None matched
VirusTotal Search for analysis
Name 114c6941a8b48941_nsExec.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\nsy6693.tmp\nsExec.dll
Size 6.5KB
Processes 1684 (123.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 09c2e27c626d6f33018b8a34d3d98cb6
SHA1 8d6bf50218c8f201f06ecf98ca73b74752a2e453
SHA256 114c6941a8b489416c84563e94fd266ea5cad2b518db45cd977f1f9761e00cb1
CRC32 C99AD355
ssdeep 96:pBNUBGfVwhcAlhPRJAixx+3eDEsgcBbcB/NFyVOHd0+uisX4:qBGfV5AlJJfFgcBbcB/N8Ved0P
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name ddb6437e9cbb6321_Allora.midi
Submit file
Filepath C:\Users\test22\AppData\Roaming\Allora.midi
Size 441.5KB
Processes 1684 (123.exe) 1240 (Giudichera.exe.com)
Type data
MD5 fe51f83d1f7f7f3b605214ecc10dfcf3
SHA1 933866b82168ddb8bf9cab6540c059bc426b11f3
SHA256 ddb6437e9cbb6321ec7f85a819bc78694201b2c11185d783f676697a065a1671
CRC32 50F3715C
ssdeep 12288:efgPHot8DS5/3HrjkwWg1oHmSlj3HTRVXh:9Pw8cP381mIHh
Yara None matched
VirusTotal Search for analysis
Name 991b8c861bce7563_M
Submit file
Filepath C:\Users\test22\AppData\Roaming\M
Size 1.1MB
Type ASCII text, with very long lines, with CRLF, CR, LF line terminators
MD5 0dc6bc8183bf89f84162bd9ade16c0f2
SHA1 e3a89b683afd09a2b96371fb310df32713dd47ef
SHA256 991b8c861bce756354b5c8de300731405f849683bdf76288b1c399884593359f
CRC32 C15852D6
ssdeep 12288:vcB2tUAXcKI9CzqfMsPNX4W62qdKh6KdKUKFZzWAP2l/ly2o:ksUHekHPDa3Gl/O
Yara None matched
VirusTotal Search for analysis
Name 054be314d01b19ed_declinante.midi
Submit file
Filepath C:\Users\test22\AppData\Roaming\Declinante.midi
Size 1.0MB
Processes 1684 (123.exe)
Type data
MD5 aa47b8651155001b63cc848d84005a32
SHA1 d900bb2734bddd8ab0028f3a051094f46b6cabb3
SHA256 054be314d01b19ed6c4ea4f666bd7a7e099fa7528535a457d3142518144a852e
CRC32 56F48253
ssdeep 24576:/T1FG7ZpD11BUW3e5grbH62tCZwAxMk6s/jnoMMyID6EZr+zaMTJxBH:/PoZ31BX3e+H62tCZwEMRcsMMyID6EZK
Yara
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
VirusTotal Search for analysis