Dropped Files | ZeroBOX
Name 6d9ac758d08de793_fb_1a1a.tmp.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\FB_1A1A.tmp.exe
Size 45.0KB
Processes 2948 (shrrico.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 2066dfe86018a4de5deb3b4275573ab7
SHA1 1038efdac1742ef67ca8a269e3b894576b3ee06a
SHA256 6d9ac758d08de79391140b2c62175e544e82a3e656a4e97dcfc293abe3656cb8
CRC32 CE64D8FD
ssdeep 768:zu/6ZTgoiziWUUM9rmo2qr7isHMJYKPINIjbFgX3iivasUfGQ1KBDZvx:zu/6ZTgle2PsbzNgbCXSfsjQWdvx
Yara
  • Malicious_Packer_Zero - Malicious Packer
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE32 - (no description)
  • Is_DotNET_EXE - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
VirusTotal Search for analysis
Name e934f7b9c7077a88_fb_1a5a.tmp.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\FB_1A5A.tmp.exe
Size 125.0KB
Processes 2948 (shrrico.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 703915fd7c4f9a016f1f6da86469f582
SHA1 0a0b5ff03e4bcabcbbc23b7ff7447fb1fa2b3399
SHA256 e934f7b9c7077a88d1aa4398daaed2411d77e4d16c8ff4e3d6be145adcd3a962
CRC32 E3C72BA7
ssdeep 3072:OmbzstCv2Nncbq2YKnXqybbxRhwB29nbY:CAu+nBbbx5b
Yara
  • Malicious_Packer_Zero - Malicious Packer
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware
  • IsPE32 - (no description)
  • Is_DotNET_EXE - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
VirusTotal Search for analysis