popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name f4d28cf0f12006f9_590aee7bdd69b59b.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\590aee7bdd69b59b.customdestinations-ms
Size 7.8KB
Processes 145652 (powershell.exe)
Type data
MD5 b770148dd160455bac8fe186a882733d
SHA1 f41e6e10cf42b4aa831f43abfb27c031bf0f3d4a
SHA256 f4d28cf0f12006f93de9b6181d36369c8d85b6021f830ea407d76585cbda8b1e
CRC32 94B533F7
ssdeep 96:EtuCojGCPDXBqvsqvJCwoJtuCojGCPDXBqvsEHyqvJCwor3tDHXyGlUVul:Etu6XoJtu6bHnordTyY
Yara
  • Generic_Malware_Zero - Generic Malware
  • Antivirus - Contains references to security software
VirusTotal Search for analysis
Name 8d4c2c303a155e37_SIJPFdhsui3sdfSF.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\39428011-F743-4BBF\SIJPFdhsui3sdfSF.exe
Size 4.3MB
Processes 2796 (setup.exe) 3320 (cmd.exe)
Type PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5 af3d0470ee39bbfd53265cae64598f6a
SHA1 6ac0b6e5d4b5c272dd612551a5f41c576517a51f
SHA256 8d4c2c303a155e37160656988860d14759914bdfd6d51a22f19342013cb3cb42
CRC32 0BC45C2B
ssdeep 98304:j+UI5jTns8v4sNyXnboE9KD/N4k3cEhZsQcFR8FKQGoM+0I9M4g:izLv4WyX04KZeEhmQcFDoNjK4g
Yara
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
VirusTotal Search for analysis
Name 0bcddcf79858de32_76587423657325823.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\39428011-F743-4BBF\76587423657325823.exe
Size 2.9MB
Processes 2796 (setup.exe)
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 4be669297a212456679f0a9528d55db8
SHA1 1cb626217a769b29925f96e335a53b5234abd71c
SHA256 0bcddcf79858de320107ff7ad93f2a27fe9dec69d8e9eb447ac1c99283d4f3d0
CRC32 67CC6140
ssdeep 24576:L2QYSGYsYpA5dbQCM19loEAl+PCOTlPn4kPpAx2Sd0M9FzaLpygYlcf9vX7Ohc5K:7Y70PCOTbPUFaLMDSfzl5/LjMZVB2l3y
Yara
  • IsPE32 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
  • PE_Header_Zero - PE File Signature
VirusTotal Search for analysis
Name e3b0c44298fc1c14___tmp_rar_sfx_access_check_34858171
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\39428011-F743-4BBF\__tmp_rar_sfx_access_check_34858171
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name 03553aa9bb349e18_f.medtk
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\F.MEDTK
Size 36.0KB
Processes 145512 (AppLaunch.exe)
Type SQLite 3.x database, last written using SQLite version 3024000
MD5 d87be661bf9a37552b56538583028e00
SHA1 ae07864a2619d124b47a112b5724dfd545fddbbc
SHA256 03553aa9bb349e18b6a69212ed26c4f455e03bb4125f24165a1d0f4f04676e45
CRC32 51A2FF8E
ssdeep 24:TLMEa5UcJOyTGVZTPaFpEvg3obNmCFk6Uwcc85fBvlllYu:TdaecVTgPOpEveoJZFrU1cQBvlllY
Yara None matched
VirusTotal Search for analysis