popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name e3b0c44298fc1c14_ssd.dll
Empty file or file not found
Filepath C:\Users\Public\Documents\ssd.dll
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name cf11d6b3c18d4c02_d93f411851d7c929.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size 7.8KB
Processes 788 (powershell.exe)
Type data
MD5 f2f5505600e2895c007b3ff3cfe3d4aa
SHA1 f0235a3c8056872d55eeef803d1bc33bac37a753
SHA256 cf11d6b3c18d4c02466b670bcb0394ac49382e6a87ad58d2561f2660922b586c
CRC32 9AF5ED3C
ssdeep 96:EtuCojGCPDXBqvsqvJCwoJtuCojGCPDXBqvsEHyqvJCworc7HwxGlUVul:Etu6XoJtu6bHnorXxY
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 62b928ebb76b12f0_fer[1].htm
Submit file
Filepath C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\fer[1].htm
Size 10.8KB
Processes 3004 (mshta.exe)
Type data
MD5 a845bed85c4a791c39615f5c00b636de
SHA1 bc68b95f2a2e456cf470c80841550e7d9b03b66e
SHA256 62b928ebb76b12f07ac9532742f41b8076dc3d37e594df7f185d9650d8884365
CRC32 A83FF9C0
ssdeep 192:aYLCkQR1Y25Mc8aB1iDPFgealJ4bkw+8SfpS2ZxNZzEJf8DfKsRklQ:aYGka1YqVDB1ePFg546fpS2OkkC
Yara None matched
VirusTotal Search for analysis
Name 7676e145db131128_59515.od
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\59515.od
Size 134.0B
Processes 2776 (EXCEL.EXE)
Type ASCII text, with CRLF line terminators
MD5 4bac14773d3d4b4db362e756ba9f4ad7
SHA1 4ebcf19cff33a180ba6c48404eccc1fd652689a2
SHA256 7676e145db13112898d78590c18301d74f67718bec54969b4a7dbe77ab082e22
CRC32 5FE87673
ssdeep 3:OFrpRCMKLovyafNREalYEC9WoIk5zAajEY5RcdBjjSUvv:OKMKcaaYal9oIkkY5KZSQv
Yara None matched
VirusTotal Search for analysis
Name 42ba6d59eaae168c_wnhaupvwvpxy.oqa
Submit file
Filepath c:\windows\syswow64\mwjkcfdoxralry\wnhaupvwvpxy.oqa
Size 592.0KB
Processes 788 (powershell.exe) 2396 (rundll32.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 f246a7233a3ae6d6cb56aeaecc76aa84
SHA1 d763a42600ba8151a013ff2be55a2a022106b47a
SHA256 42ba6d59eaae168c1043da3e35f8352f4809ee129b0a2aea6fd06e31be32a823
CRC32 1EE10694
ssdeep 6144:LW/LM7l7777WVzQa1Cl0U1DDeialPTSjT0q//nXdzYYcIkptHMCLb2FNuVa8SAGp:lrHa5TS8gNMYcdptQfxV24k3Ayg
Yara
  • Malicious_Packer_Zero - Malicious Packer
  • PE_Header_Zero - PE File Signature
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE32 - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • IsDLL - (no description)
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis