popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name cf11d6b3c18d4c02_d93f411851d7c929.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size 7.8KB
Processes 2988 (powershell.exe)
Type data
MD5 f2f5505600e2895c007b3ff3cfe3d4aa
SHA1 f0235a3c8056872d55eeef803d1bc33bac37a753
SHA256 cf11d6b3c18d4c02466b670bcb0394ac49382e6a87ad58d2561f2660922b586c
CRC32 9AF5ED3C
ssdeep 96:EtuCojGCPDXBqvsqvJCwoJtuCojGCPDXBqvsEHyqvJCworc7HwxGlUVul:Etu6XoJtu6bHnorXxY
Yara
  • Generic_Malware_Zero - Generic Malware
  • Antivirus - Contains references to security software
VirusTotal Search for analysis
Name 65209a1c9e0c0c1d_Dzodhr-FREE-3.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\Dzodhr-FREE-3.exe
Size 631.0KB
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 145186629cf226ca987625b55ed9e9c7
SHA1 8203cfc6a8dc0ffae22167e0735a6e9169fe279d
SHA256 65209a1c9e0c0c1d5cfa80df4ff1ba6d1742e1b5ac8a4e32b38e49749c312cdd
CRC32 B00F2DE7
ssdeep 12288:6Lo/Jm2IhImMeg+gk4GEcMRwAciycSHKW3:6LwmZMz3GuRwAcK
Yara
  • IsPE32 - (no description)
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
  • Is_DotNET_EXE - (no description)
  • PE_Header_Zero - PE File Signature
VirusTotal Search for analysis