popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 2fdb72005fce8228_iisexpress.exe
Submit file
Filepath C:\Users\test22\AppData\Local\IIS Express ver2.30\IISExpress.exe
Size 128.0MB
Processes 1016 (buildcpils.exe)
Type PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5 be8d5870d8124777921f48a3b9b82898
SHA1 97056ad1dd124a5e0709cf7ba8ec01a8870f33e7
SHA256 c186da4f4399d3e8d0d883ceb89ef0eb88ea9db5550add540beea73c3fa63c18
CRC32 FBB3393B
ssdeep 3145728:CuKH8FHFRsn+uJymE0mmUN3CLjYIMJa6Zuzzf2CvIeyI1hy1:CuKH8R8+uJ7Eu63CLjh6AyCQe1hA
Yara
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
VirusTotal Search for analysis
Name 0f54044aaad016ba_fa2c2c07f4d56a862adf
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\FA2C2C07F4D56A862ADF
Size 200.0B
Processes 1016 (buildcpils.exe)
Type ASCII text, with CRLF line terminators
MD5 8f1f9bef541ef0e086440ee5941ad949
SHA1 60a3ada610f11d5540c07be228658362298da375
SHA256 0f54044aaad016bad719eb24d0a9fd3a662684bbbc731196a5db15bd9846f7fc
CRC32 05F9B6DE
ssdeep 3:XttktgkC6wwRRpo2tNd3BQ2JgB8KOCPEkk1+ZttktgkC6wwRRpo2tNd3PqpWPou8:dhwrpoENbVWPxthwrpoENwWQunjqNv
Yara None matched
VirusTotal Search for analysis
Name 921657d1032b9f6c_tmpF96C.tmp.png
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\tmpF96C.tmp.png
Size 47.9KB
Processes 1976 (IISExpress.exe)
Type PNG image data, 1024 x 768, 8-bit/color RGBA, non-interlaced
MD5 631eb8699926cf503c5976cb7de12e90
SHA1 05510df84833a148035eadb6ae181983750d6265
SHA256 921657d1032b9f6c9df25ee86178272aa233721fbc5e09c695668840ffda1aa3
CRC32 6947A179
ssdeep 768:wRs9G65xueNAKgFINkzOJK5zJJ/iDR5Sb7418PdfntXNKT50xcA:wK9G0uygFGCJ5zT/lUyWTCcA
Yara
  • PNG_Format_Zero - PNG Format
VirusTotal Search for analysis