popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 84e0e15fcb095478_user.config
Submit file
Filepath c:\users\test22\appdata\local\get_cliboard_address\fb_dcbd.tmp.exe_url_4fxt1barqz0imbgxwtvdfltvp0ikqnqp\1.0.0.0\user.config
Size 938.0B
Processes 1556 (FB_DCBD.tmp.exe)
Type XML 1.0 document, ASCII text, with CRLF line terminators
MD5 a5d68a6043ec223a6722b3d3657d1521
SHA1 321acd5ce735afeff5a21d65f7a3961607e6da0f
SHA256 84e0e15fcb095478613c23e0f9afd924140f2336276d0437a553f5e6fa209e02
CRC32 52E0BF87
ssdeep 12:TMHdGGqt1s26K9BQve4MWiO69+Nps26K9YG6e4MWivBRVcXHhuGnOkNpOL6EN+77:2dqIK0m449IEK14Ev+XrU6NYvX6Zvpr
Yara None matched
VirusTotal Search for analysis
Name 228ccf82c16a1729_fb_dc8e.tmp.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\FB_DC8E.tmp.exe
Size 126.5KB
Processes 1768 (B86b0mDlYqpH2306105pdf.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 cf0d19b76362fb0a3ebc26ec081b9143
SHA1 cb235f08ce4ea41dfc80cc6081465263071e2c59
SHA256 228ccf82c16a1729f157e739c5151e3f9838d1e7558e32e75456c51ec922b5c3
CRC32 EF892A2B
ssdeep 3072:ahYlmmeYJ+p0q2rrHr0WUhbCSvwBzrnbY:fx218rYhbdOLb
Yara
  • Malicious_Packer_Zero - Malicious Packer
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware
  • IsPE32 - (no description)
  • Is_DotNET_EXE - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
VirusTotal Search for analysis
Name e3b0c44298fc1c14_oge6tza5.tmp
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Get_Cliboard_Address\FB_DCBD.tmp.exe_Url_4fxt1barqz0imbgxwtvdfltvp0ikqnqp\1.0.0.0\oge6tza5.tmp
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name eef635d1c6f58320_fb_dcbd.tmp.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\FB_DCBD.tmp.exe
Size 69.0KB
Processes 1768 (B86b0mDlYqpH2306105pdf.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 0052d6c22b3c528c011b2e093155f8e0
SHA1 e176827903acb3f96b4114b036a0cda8646331d9
SHA256 eef635d1c6f58320072d6b4b762bee15d559978f2d150726a0fef3f83627871f
CRC32 CAEDACA3
ssdeep 1536:QVS8BlTD+sD2+zJfT9JJbWTvR6N/kmQxyRFFiWhr:z8OsDJFfT9bKvRuLRFBr
Yara
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware
  • IsPE32 - (no description)
  • Is_DotNET_EXE - (no description)
VirusTotal Search for analysis
Name 87e60ccea932a876_windowsupdater.lnk
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WindowsUpdater.lnk
Size 1.8KB
Processes 1556 (FB_DCBD.tmp.exe)
Type MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Icon number=0, Hidden, System, ctime=Fri Oct 29 00:25:05 2021, mtime=Fri Oct 29 00:25:05 2021, atime=Fri Oct 29 00:25:05 2021, length=70656, window=hide
MD5 d6ef940756ace0d8cce58336d558c921
SHA1 b51d5806d8888be1c6384818b38589694925ccfe
SHA256 87e60ccea932a8769a72c517e786046d816fe3aa54f8e4300cbf0be4596850b1
CRC32 B7858D72
ssdeep 24:88VesERdjORumwk36zNRNPCYPIO4ZXqPa6Pyd:8ls1Rumx6pRNPCYPIZXqPByd
Yara
  • Lnk_Format_Zero - LNK Format
VirusTotal Search for analysis