Dropped Files | ZeroBOX

Name	8981ce5a3cd4f91a_20949468.txt Submit file
Filepath	C:\Windows\SysWOW64\20949468.txt
Size	52.0KB
Processes	2648 (tfhm2.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`48e99fce73f754ea9e282e4832cd2124`
SHA1	`448446d185d1005ce34d5bc25fa0be840cba154a`
SHA256	`8981ce5a3cd4f91a8df7b8015dc3e884ee64ad4b3de4b71e3ba4534938ce5696`
CRC32	`EFF86AFA`
ssdeep	`768:h2ga0xd9Hpk0e8MnmRe7ZZa3R1fb961vNPrl7YJnCJ0u:dxd9+0e8ZGZZo1fbs1RVYZCJ0`
Yara	Malicious_Packer_Zero - Malicious Packer UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	511fcc4fbed04605_ini.ini Submit file
Filepath	C:\Windows\SysWOW64\ini.ini
Size	41.0B
Processes	2648 (tfhm2.exe)
Type	ASCII text, with CRLF line terminators
MD5	`968b9abeaca8e54529e40adc58e7980f`
SHA1	`33f3d6f79f72fd236cfcb7ad2970f9870c218c4d`
SHA256	`511fcc4fbed0460503e7e4a95c87983d43464ca78b30cee565afcd9d5a8b300d`
CRC32	`C27A4D54`
ssdeep	`3:oVXUMnEzbAaqFv:o9UZsaUv`
Yara	None matched
VirusTotal	Search for analysis