popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 91884331ef1bbf5f_{C3159FFD-5E90-42DD-BE76-91E615C7A2D6}.session
Submit file
Filepath C:\Users\test22\AppData\Local\AdvinstAnalytics\6073fee5118372253d99d22b\1.0.0\{C3159FFD-5E90-42DD-BE76-91E615C7A2D6}.session
Size 332.0B
Processes 2332 (installer.exe)
Type ASCII text, with CRLF line terminators
MD5 1c26b17c0da507c7bb3f0e01b3bd8928
SHA1 a133d66bea381e2126292dfb73e4513c86e16296
SHA256 91884331ef1bbf5f875cc92b5d8bc18e66e99e4a9149693df6bbbbc3b3f915a0
CRC32 28BBE9DC
ssdeep 6:Ut7RO34rFsVnFCDjfpvgGDzFGSbN7/FObwlcb7XjuegU92omNLuagS1sv:8rWVFAjKG9GSbJglfXjpgp/p1gS1O
Yara None matched
VirusTotal Search for analysis
Name b3395b660eb1edb0_tracking.ini
Submit file
Filepath C:\Users\test22\AppData\Local\AdvinstAnalytics\6073fee5118372253d99d22b\1.0.0\tracking.ini
Size 26.0B
Processes 2332 (installer.exe)
Type ASCII text, with CRLF line terminators
MD5 6bc190dd42a169dfa14515484427fc8e
SHA1 b53bd614a834416e4a20292aa291a6d2fc221a5e
SHA256 b3395b660eb1edb00ff91ece4596e3abe99fa558b149200f50aabf2cb77f5087
CRC32 261DAA5B
ssdeep 3:1EyEMyvn:1BEN
Yara None matched
VirusTotal Search for analysis
Name b3f5e10fb1b7352a_MSI8E18.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\MSI8E18.tmp
Size 378.9KB
Processes 2332 (installer.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 0981d5c068a9c33f4e8110f81ffbb92e
SHA1 badb871adf6f24aba6923b9b21b211cea2aeca77
SHA256 b3f5e10fb1b7352a6dbbcbb10ed605a8fda24f3f9c31f954835bd5a41eb6ea68
CRC32 AEAECF9F
ssdeep 6144:E7C5QB3/CNG2HBOqf2BLuoZSKYfuAOkDmE09VKYHyZw:6B3WBOG2BPD6if9VNyZ
Yara
  • Malicious_Packer_Zero - Malicious Packer
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE32 - (no description)
  • Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen
  • IsDLL - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name e7c895f795d616cd_embeddeduiproxy.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\MSI30394\embeddeduiproxy.dll
Size 14.4KB
Processes 2656 (msiexec.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 9e3b0e1c478249a5ea7a623b422c4ee7
SHA1 ea9a48fd57fe97a8563d6acc1746a20e50d24a3a
SHA256 e7c895f795d616cd1f0d0d5a8009ddd710193de8c42b859b23c1894889226131
CRC32 A780016F
ssdeep 192:mdAbhAnGKRTnIz06VpPVDhSuDaZU7qFnM/CKCha3cDBZHkeR:mdMhAGgTnITVpPefZUee/PCc3c1hZ
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • IsDLL - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 85dc7518ad5aa46e_MSI8E86.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\MSI8E86.tmp
Size 860.4KB
Processes 2332 (installer.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 43d68e8389e7df33189d1c1a05a19ac8
SHA1 caf9cc610985e5cfdbae0c057233a6194ecbfed4
SHA256 85dc7518ad5aa46ef572f17050e3b004693784d1855cca9390da1143a64fceae
CRC32 B4EE6D47
ssdeep 24576://NO9Ibn5dhulTll7VFv1/dSYKOC8fE/coYOI++qHfV5xJd9zlY9:gKtulJl7VFv1lxKOC8fE/coYOj+qHfVE
Yara
  • Malicious_Packer_Zero - Malicious Packer
  • Antivirus - Contains references to security software
  • PE_Header_Zero - PE File Signature
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE32 - (no description)
  • Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen
  • IsDLL - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 39412aacdcddc4b2_decoder.dll
Submit file
Filepath C:\Users\test22\AppData\Roaming\AW Manager\Windows Manager 1.0.0\install\decoder.dll
Size 202.0KB
Processes 2332 (installer.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 2ca6d4ed5dd15fb7934c87e857f5ebfc
SHA1 383a55cc0ab890f41b71ca67e070ac7c903adeb6
SHA256 39412aacdcddc4b2b3cfeb126456edb125ce8cadb131ca5c23c031db4431c5fc
CRC32 2ED293FA
ssdeep 3072:KAks1YEbj/RY1chmT86lO2XkzjCN4d0N1crZ9RAZQH5lsuabXXikM9:nj2rAGKvdkcrZ3xsuabn5M9
Yara
  • PE_Header_Zero - PE File Signature
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE32 - (no description)
  • Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen
  • IsDLL - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 73af1e816ec70be2_MSI9C81.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\MSI9C81.tmp
Size 765.4KB
Processes 2656 (msiexec.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 7468eca4e3b4dbea0711a81ae9e6e3f2
SHA1 4a0c34c342ee7c9df2a0d58d0b5e8bfe94d1251d
SHA256 73af1e816ec70be2a3e087af6ed7abc783c50c06b9df224f101e13a792df9837
CRC32 CA214E5D
ssdeep 12288:O0aQYpzr8qjh/Kf+UA0i6mjqBUBavHqNajAJLVxAKNYFgnfqrr3m/Xz/b/cEV:O0ax050IUBeqkeVJYFQqrLm/Xz/b/cEV
Yara
  • Antivirus - Contains references to security software
  • PE_Header_Zero - PE File Signature
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE32 - (no description)
  • Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen
  • IsDLL - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 6f515aac05311f41_Windows Manager - Postback Y.msi
Submit file
Filepath C:\Users\test22\AppData\Roaming\AW Manager\Windows Manager 1.0.0\install\97FDF62\Windows Manager - Postback Y.msi
Size 3.3MB
Processes 2332 (installer.exe)
Type Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 14:06:51 2020, Security: 0, Code page: 1252, Revision Number: {F2B4FBB6-4254-452B-871C-B7BFEE52957F}, Number of Words: 0, Subject: Windows Manager, Author: AW Manager, Name of Creating Application: Advanced Installer 18.2 build de2bf547, Template: ;1033, Comments: This installer database contains the logic and data required to install Windows Manager., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
MD5 98e537669f4ce0062f230a14bcfcaf35
SHA1 a19344f6a5e59c71f51e86119f5fa52030a92810
SHA256 6f515aac05311f411968ee6e48d287a1eb452e404ffeff75ee0530dcf3243735
CRC32 0CC170E7
ssdeep 98304:VYYAexGtulbxKO1fT6sjDT9YnkPOYyGUB9keVJK4jz:TLxfT6sjDpYnkgGUBN
Yara
  • Malicious_Packer_Zero - Malicious Packer
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen
  • Malicious_Library_Zero - Malicious_Library
  • Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal Search for analysis
Name c7f02fb52ace0291_msieff7b.log
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\MSIeff7b.LOG
Size 250.0B
Processes 2656 (msiexec.exe)
Type Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
MD5 8583d0b4a241bcc254c12397dacc205e
SHA1 069c8446d450de2e1bb9de815df4ef2732bacc54
SHA256 c7f02fb52ace02913dcdf49243863782a322eea7c046d025c4fef7537af8de18
CRC32 0F8B950B
ssdeep 6:Qyk+SkAe/BtOYrsfc/okW1Ncil1k4IlEd8blv2K8klIOlS1kCle:Qy5MOBLsc/s1yMIlEd8kKwOlS18
Yara None matched
VirusTotal Search for analysis
Name a61b95536bf30ef2_holder0.aiph
Submit file
Filepath C:\Users\test22\AppData\Roaming\AW Manager\Windows Manager 1.0.0\install\holder0.aiph
Size 1.4MB
Type data
MD5 ef992fa6c6fb92a49c92f0ba3771d058
SHA1 a840ff59e65a069ae0dbb1724f373d1dd304f90d
SHA256 a61b95536bf30ef2d377edd7d1e63900c1d769032302bf7b80fc7d931313430b
CRC32 CC42A867
ssdeep 3::
Yara None matched
VirusTotal Search for analysis