popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 288100583f65a2b7_nsExec.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\nsq6471.tmp\nsExec.dll
Size 6.5KB
Processes 2648 (b.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 b5a1f9dc73e2944a388a61411bdd8c70
SHA1 dc9b20df3f3810c2e81a0c54dea385704ba8bef7
SHA256 288100583f65a2b7acfc0c7e231c0e268c58d3067675543f627c01e82f6fd884
CRC32 E835AD1F
ssdeep 96:p7GUxNkO6GR0t9GKKr1Zd8NHYVVHp4dEeY3kRnHdMqqyVgNQ3e:lXhHR0aTQN4gRHdMqJVgNH
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name b91a8d72b35a2f44_parameters.ini
Submit file
Filepath C:\Windows\parameters.ini
Size 326.0B
Processes 2648 (b.exe)
Type ASCII text, with CRLF line terminators
MD5 ecb52bc73d5aeed6613572fa4db302bd
SHA1 21269bf6db846c9e7a0ab2d4997e3ede1920e772
SHA256 b91a8d72b35a2f442d33b7a7238f41eafdc923ab4b9180c4f5236c077941b217
CRC32 A49DBD21
ssdeep 6:Gx3hR1JyIW8VZ7jmmgXMAIt/hfDyrBBu1EWKGLGoPHh2yW3Dd5grA:yH2ItZ7jmZXSyiEW1jhtWzd5gs
Yara None matched
VirusTotal Search for analysis
Name 948a93862d75f77f_winspl.exe
Submit file
Filepath C:\Windows\winspl.exe
Size 5.2MB
Processes 2648 (b.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 f299ad95edb44942f8cc7b527b7c8746
SHA1 62a8bc6bfe242ee266c54dc6e0bbcdca10e28f9e
SHA256 948a93862d75f77f84149a35d8ea8bd8550f8d620e36847414d4897b3a9ce55b
CRC32 32162B77
ssdeep 49152:mTmT62I34XcZ+SjIQc93mwgbJLfpQO8EGNt8ceQ/uQ14kCTKe3VMaFh:mamB34XRUwqpQOst8c/94koMa
Yara
  • Malicious_Packer_Zero - Malicious Packer
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name e3b0c44298fc1c14_nsa6460.tmp
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\nsa6460.tmp
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name 95fe9d92512ff231_nsProcess.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\nsq6471.tmp\nsProcess.dll
Size 4.0KB
Processes 2648 (b.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 05450face243b3a7472407b999b03a72
SHA1 ffd88af2e338ae606c444390f7eaaf5f4aef2cd9
SHA256 95fe9d92512ff2318cc2520311ef9145b2cee01209ab0e1b6e45c7ce1d4d0e89
CRC32 7F5B79E7
ssdeep 48:SKgfJzwtr95f5wiXnfkm4ZixVWmWDYWWDYvt6ENGAa4GW6ENcuHdtjq6vo:hZ9Htnfd/xVJ3W3V6aQ4GW6azdtj
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
VirusTotal Search for analysis