popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name fa9cb4ad19085beb_ineaw.js
Submit file
Filepath C:\Users\test22\AppData\Roaming\gGdCpVKQLp\INEAw.js
Size 273.0B
Processes 2156 (Rivedro.exe.com)
Type ASCII text, with no line terminators
MD5 652701d01f6c598c6163abc4b587d01d
SHA1 3e71c4abd28987eba3e840703eb2806a2b41b926
SHA256 fa9cb4ad19085bebb073af81acb8bf54c973655005aa88248e8e83c4228270a9
CRC32 54087045
ssdeep 6:5AThIH8CYM2h2sUS4tRZDbRXp+NI56nF5J6NbRXp+NI56nuz9FWDbRXp+NI56pWp:5GS6R4t7vV6Ff69V6uqvV6pWp
Yara
  • Antivirus - Contains references to security software
VirusTotal Search for analysis
Name 237d1bca6e056df5_Rivedro.exe.com
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\Rivedro.exe.com
Size 872.7KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 c56b5f0201a3b3de53e561fe76912bfd
SHA1 2a4062e10a5de813f5688221dbeb3f3ff33eb417
SHA256 237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d
CRC32 76090EE7
ssdeep 12288:6pVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawV2M01:6T3E53Myyzl0hMf1tr7Caw8M01
Yara
  • PE_Header_Zero - PE File Signature
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE32 - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name e3b0c44298fc1c14_ora.adts
Empty file or file not found
Filepath C:\Users\test22\AppData\Roaming\gGdCpVKQLp\Ora.adts
Size 0.0B
Processes 2156 (Rivedro.exe.com)
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name 740c13e2954a5647_W
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\W
Size 1.8MB
Type ASCII text, with very long lines, with CRLF, CR, LF line terminators
MD5 e691fd6c05248e4efa4af37bde4744c0
SHA1 b22c86fdddd79fa3ea25729bb0b402cff543716d
SHA256 740c13e2954a564725702eabbe768515bd6acad1e53468c82dcbbd95cc3b418d
CRC32 B483CC9B
ssdeep 24576:uTnrFeZXb5CMVNdcC7WvxohXmpBUvAObqPUE:ubrRf
Yara
  • anti_vm_detect - Possibly employs anti-virtualization techniques
  • NPKI_Zero - File included NPKI
VirusTotal Search for analysis
Name 70277040dda5c5a9_Sete.adts
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\Sete.adts
Size 872.8KB
Processes 2788 (OSJBPRX.exe)
Type data
MD5 f5627fe3cda77399f79c0b1a036caa78
SHA1 a9b6fcb6037ab5935b22bd52c317584eeccdddf5
SHA256 70277040dda5c5a9d0c149de4434fc122e5e507847a2a4bc3c03c1e9ae856b7e
CRC32 9E40DA88
ssdeep 12288:xpVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawV2M01:xT3E53Myyzl0hMf1tr7Caw8M01
Yara
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
VirusTotal Search for analysis
Name 4330c99daebbe2df_tkmwrsbsau.url
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tkMWRSbsau.url
Size 156.0B
Processes 2156 (Rivedro.exe.com)
Type MS Windows 95 Internet shortcut text (URL=<"C:\Users\test22\AppData\Roaming\gGdCpVKQLp\INEAw.js>), Little-endian UTF-16 Unicode text, with CRLF line terminators
MD5 20291a01bf2b02409cb9f02ed06775a5
SHA1 53d4d67f5ac718c15a95f3e19c60915353ef5e35
SHA256 4330c99daebbe2dfa9fc81db4a1f2fd5ef319cacd9358d97340cb062391fe6a7
CRC32 8CDEC74A
ssdeep 3:Q+2lRQuRkiglZlo14tEIduhOEjl3QlMIolCl7PB0LmgJLs:Q+2lJglZyKm/UEZglJPZ7aLs
Yara None matched
VirusTotal Search for analysis
Name 490e92799dee34d6_Col.adts
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\Col.adts
Size 375.0B
Processes 2788 (OSJBPRX.exe)
Type ASCII text, with CRLF line terminators
MD5 73ce945f7c3b3727eb2bdb2686e9f3c8
SHA1 e1662d322db6e65941e86781cbb4e103c8bd1801
SHA256 490e92799dee34d672f028e0384dcbce0faa88b0eb44b16e2839b81462001c0f
CRC32 7A93D46F
ssdeep 6:jCI6YSL9f3g8Ro/jH4Th3g8Jz8w+I+5JxF8kHkPJoHnmJoO9T67RHShR1w48VrWA:2RYSF3gB/jYTBgPwL+/+6HcKyhRuVWA
Yara None matched
VirusTotal Search for analysis