popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 0565271409a99759_2xs.txt
Submit file
Filepath C:\Windows (x86)\2xs.txt
Size 45.0B
Processes 2076 (cmd.exe)
Type ASCII text, with CRLF line terminators
MD5 df5e0f997c3f711793b8384a5d36180b
SHA1 a6618bd968541fd9fa69c0174eefcb874a06cc0a
SHA256 0565271409a99759c771cc6509a67f702bde15e238023c7ac3876fab7a86e8f8
CRC32 1C01D6AA
ssdeep 3:N/vEW69BWPrWar+:eJ98+
Yara None matched
VirusTotal Search for analysis
Name 9d7f647f12b0828c_xcls.bat
Submit file
Filepath C:\Windows (x86)\xcls.bat
Size 165.0B
Processes 2772 (64a1.com) 2444 (cmd.exe)
Type ASCII text, with CRLF line terminators
MD5 137834a649a59c9be9a2923fdc9dba02
SHA1 bbecfca24f86f07a528e397a7a2fed5433d8972d
SHA256 9d7f647f12b0828c036b688522d2999664c777e0af95b4f3d4043223ea6dc80a
CRC32 4540FE93
ssdeep 3:eGAjSJFLh9CbAC7goZeKcHAWYFAHovBkXKcHAWbUYn9pwvbWYcufJFH8VMQyn:ZuSJF7CLUyvKvU8XybWOTHEMvn
Yara None matched
VirusTotal Search for analysis
Name 31c3600b5eb214af_E475.bat
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\E474.tmp\E475.bat
Size 906.0B
Processes 2976 (xagal.exe)
Type ASCII text, with CRLF line terminators
MD5 29b960e2d035dda068fd337f59ba3e5b
SHA1 71c13383e7d38cdc06fe5d5c7957130984622795
SHA256 31c3600b5eb214af14f1994b0e9640dcd1c7fe1a531ac39d0f732fe67e96e095
CRC32 DF733F5A
ssdeep 12:N2vWLL/WgyjJlyj+4u4uNkCgorTOKXfSAHPFVckGSz+XUrVyY0dHK0Wi0JHTyaWf:oqyF8DCZrTBzL5Edq0WZ2OU
Yara None matched
VirusTotal Search for analysis
Name 0cb8999b0ac329d2_3xs.txt
Submit file
Filepath C:\Windows (x86)\3xs.txt
Size 938.0B
Processes 2772 (64a1.com) 2076 (cmd.exe)
Type ASCII text, with CRLF line terminators
MD5 d80386f87dd89d45b52e57309bb3d967
SHA1 4b5df6a75c30a66d153b021518383d9e78d85c96
SHA256 0cb8999b0ac329d2f18a50a25344c8075f7e2eb472292f04bc099afef90166aa
CRC32 A4709699
ssdeep 12:Jdp5Y73lISVddpb2m6Kp3dettWTLeuY5+Ft23NhJ8VShIx0T4pJ:J67VvV/7e4Lke29hJphIaT4r
Yara None matched
VirusTotal Search for analysis
Name 319a5dd034881840_run.vbs
Submit file
Filepath C:\Windows (x86)\run.vbs
Size 144.0B
Processes 2772 (64a1.com) 3060 (cmd.exe)
Type ASCII text, with CRLF line terminators
MD5 88ceebf5da7ffc0b3757412e6daa92ad
SHA1 91541c6f4f8a7b8bc1604d1c46387d0199d00090
SHA256 319a5dd0348818402aebb41e61e27c1930b014e444fa8f0c970a965eee85988c
CRC32 3B89649F
ssdeep 3:jaPFEm8nh3QANX4EpnxoBs/dq5dGmYlDcNUqJajaPOUC:j6NqhvXJas/I54lYNUqOUC
Yara None matched
VirusTotal Search for analysis
Name 58ccb9911fd4a260_explorer.exe
Submit file
Filepath C:\Windows (x86)\explorer.exe
Size 7.8MB
Processes 2772 (64a1.com)
Type PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5 274a889bce907d9841996539787c5066
SHA1 736a08e2a727479a43b432e96c72d145d45bc0ad
SHA256 58ccb9911fd4a26034820193a9e0ff7c52b5cd83d919f43f64ddef64adb7d2c9
CRC32 6C2A8960
ssdeep 98304:e5f1WUtEz4zKITsmQgWsAykeEtOtz1c8sFhaXGKPnzl6utH0FvM23pqfcW+BIcX7:eVoL3uzXZygLCesncHZA
Yara
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
  • Malicious_Packer_Zero - Malicious Packer
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
VirusTotal Search for analysis
Name 2dfaf256f78dcdda_cert.pem
Submit file
Filepath C:\Windows (x86)\cert.pem
Size 964.0B
Processes 2184 (explorer.exe)
Type PEM certificate
MD5 808da4ae93cd5b5a92f6aa8de40e2d9e
SHA1 f30e785964879256c895049407f547dc66a86d0b
SHA256 2dfaf256f78dcdda94a2e19c691eacd8e245e6a1f80f3bcab6dbbd827ecfc650
CRC32 4C1D4A03
ssdeep 24:LrcFXDuOqbM1usT8/bAiUgVJuMNlfn4geyEjcE3LWgpZsB6J:LrcVATB18MP4gsQE7WgpB
Yara None matched
VirusTotal Search for analysis
Name d2ee4880fe76363c_0b9a35e8900dc8d3fd6bfecf308e2d5b
Submit file
Filepath C:\Users\test22\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0B9A35E8900DC8D3FD6BFECF308E2D5B
Size 184.0B
Processes 2152 (certutil.exe)
Type data
MD5 a35ba07550a0046b812b6d34e2285eb4
SHA1 f54e95faf2615f8666574ae293a13455a6fa5900
SHA256 d2ee4880fe76363c1cc8300c79acb8b2cf2a0f2b59304de57d0be2a8d5d21ba5
CRC32 5E3511AE
ssdeep 3:kkFklRlNkfllXlE/6cKC/2lmYTyIGlyKljhhFu4:kK+KCbYQyK5hK4
Yara None matched
VirusTotal Search for analysis
Name 730eb71d41fda477_1xs.txt
Submit file
Filepath C:\Windows (x86)\1xs.txt
Size 1.7KB
Processes 2772 (64a1.com) 2076 (cmd.exe)
Type ASCII text, with CRLF line terminators
MD5 be20c78dcca082f44dda8b078150b1db
SHA1 374ed652bcfbdc4c65ab1e9d23662f3c821c39a0
SHA256 730eb71d41fda477d2b4b756a9e038d3e3dff34240be8efa9f3a8bd3531aa6f1
CRC32 E84BB144
ssdeep 24:1pMDhY2W5TtT6di9cwKIHFUygntNOOeMOu+4gjqCuGt3YUmY+at3CR1at30GN13e:EePpTAych5vt6y8EGtltZtEGKx3
Yara None matched
VirusTotal Search for analysis
Name 698ec8db7450dc6c_cert_key.pem
Submit file
Filepath C:\Windows (x86)\cert_key.pem
Size 1.7KB
Processes 2184 (explorer.exe)
Type ASCII text
MD5 ee67d9921d35f7be46daf9bad7c9ac94
SHA1 d572c623e42d1b826b2c4362e7942c77e07552b7
SHA256 698ec8db7450dc6c0c8b74b4a44bbbe23e2c2a3d8f9a34d9e512fd079b166818
CRC32 732FD493
ssdeep 24:Lrjm46u/VLYJvbSFkZq4OB/qDW+aE3IXRPpfVt1A1sHkheVQhmOUmzons4rwvHN3:Lrjv6ugTYW1HK/RfH1WjonsPN3
Yara None matched
VirusTotal Search for analysis
Name 0df789846c9b3a48_config.json
Submit file
Filepath C:\Windows (x86)\config.json
Size 2.6KB
Processes 2076 (cmd.exe)
Type ASCII text, with CRLF line terminators
MD5 1d8ce1bc765655c4f96d62578490e475
SHA1 de887c51b3a7c475c8386e77bd5825ba37e4310c
SHA256 0df789846c9b3a482ae23bf8876023cde44f780ff019f106ee46f95c9290ceb7
CRC32 A54EC8D3
ssdeep 48:EePpTAych5vt6y8EGtltZtEGKx29O9apeR:EePpTAycXGtltZt4oIAIR
Yara None matched
VirusTotal Search for analysis
Name 11bd2c9f9e2397c9_winring0x64.sys
Submit file
Filepath C:\Windows (x86)\WinRing0x64.sys
Size 14.2KB
Processes 2772 (64a1.com)
Type PE32+ executable (native) x86-64, for MS Windows
MD5 0c0195c48b6b8582fa6f6373032118da
SHA1 d25340ae8e92a6d29f599fef426a2bc1b5217299
SHA256 11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5
CRC32 6B0323EB
ssdeep 192:nqjKhp+GQvzj3i+5T9oGYJh1wAoxhSF6OOoe068jSJUbueq1H2PIP0:qjKL+v/y+5TWGYOf2OJ06dUb+pQ
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
VirusTotal Search for analysis
Name 2bd1b09e6e52addc_xagal.exe
Submit file
Filepath C:\Windows (x86)\xagal.exe
Size 103.0KB
Processes 2772 (64a1.com) 3060 (cmd.exe)
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 c9f3e12c879a76f29b47cd9a57f23411
SHA1 deb2da0aafe9e94903cb0fafa786ccee83422995
SHA256 2bd1b09e6e52addc9355162d75c741087e7f5335faf2250c0485e4953d6d7aaa
CRC32 8E818D67
ssdeep 1536:piq05otV8SIoWZZnUwAUsPvds4hvHvVIeI0j0ph7iLTuUCJDJrzcR:cq05eW51sPFs4hvHvVING0GLTuUo0
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
VirusTotal Search for analysis
Name e3b0c44298fc1c14___tmp_rar_sfx_access_check_7257890
Empty file or file not found
Filepath C:\Windows (x86)\__tmp_rar_sfx_access_check_7257890
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name f346564cbf56b3eb_version.bat
Submit file
Filepath C:\Windows (x86)\version.bat
Size 63.0B
Processes 2152 (certutil.exe) 2284 (cmd.exe)
Type ASCII text, with CRLF line terminators
MD5 2b0dd6c4b6aa3bc93e0710348522ebff
SHA1 025edb856d77ac30e21638eb232c391a2420b170
SHA256 f346564cbf56b3eb681419f3cb7867483d03dad5224e973ea08f461ab768b19b
CRC32 2F7C66EF
ssdeep 3:JEWRAGSkgkLh30jcufJFH8VMQyn:J/RjSXCh30HTHEMvn
Yara None matched
VirusTotal Search for analysis