popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name e6c9d7712cbb3e74_wcyagwpa.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\WcYagWpa.exe
Size 842.5KB
Processes 180 (.winlogon.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 5d388a0651d6bb853ebcd267f3571c6a
SHA1 b32c0f07804238a7c588f1a8e74b56fdb08b8dfc
SHA256 e6c9d7712cbb3e74662f656d5b0891c79bf175c3955fab5a791ca92e64bba8da
CRC32 51C2E994
ssdeep 12288:VfpeJ9s1f27yLKJrXCkPm3+fVp1V0ait+v6nnjqKoe:Vmql27hrXRUMdOe6nnjqKoe
Yara
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware
  • IsPE32 - (no description)
  • Is_DotNET_EXE - (no description)
VirusTotal Search for analysis
Name 285ba87049b1f1cc_tmpEE22.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\tmpEE22.tmp
Size 1.6KB
Processes 180 (.winlogon.exe)
Type XML 1.0 document, ASCII text, with CRLF line terminators
MD5 9305cd9cc2cc0b7a932c78be1a7cc139
SHA1 9bd58929d8073fe377127b176c34011abd3adae1
SHA256 285ba87049b1f1cca96eee783c0e425b7fe3e6fc9a309a7309f2d0fef6207b61
CRC32 EA043182
ssdeep 24:2dH4+SEqCH/7IlNMFQ/rlMhEMjnGpwjpIgUYODOLD9RJh7h8gKB9Ntn:cbhf7IlNQQ/rydbz9I3YODOLNdq3X
Yara None matched
VirusTotal Search for analysis