popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name cfcdab0151b2a50a_stuffit14.exe
Submit file
Filepath C:\Users\test22\Stuffit14.exe
Size 841.3KB
Processes 3064 (Notafiscal-gtfbp-10144-PLFNV.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 e0f1ad9a2903c4201753181a08adda66
SHA1 eb27cb69f608170258c4833a7417bd545b63866f
SHA256 cfcdab0151b2a50a4a355c6618ff3a51993b18b4f9acafaf98453f3f6e91204f
CRC32 7C958304
ssdeep 12288:hGsNdIH2R+EyyYMlKjF+6t056XZXUPI/S5LQw9nnnWo0U:hFNd3qyhlKPXZXUZ5LQw9nnnWo0U
Yara
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Malicious_Library_Zero - Malicious_Library
VirusTotal Search for analysis
Name 81d01f2f11499586_g2m
Submit file
Filepath C:\Users\test22\g2m
Size 8.7MB
Processes 3064 (Notafiscal-gtfbp-10144-PLFNV.exe)
Type data
MD5 bad3570284a591415eb23fb22d4ceed1
SHA1 2e5fa5a11372abc8dc8cff2d48cd970bad46a1a2
SHA256 81d01f2f1149958636dda6c9f6a80a9aab54223add0a3dcc9c60cff466dd8cc9
CRC32 2311A629
ssdeep 196608:Tim0ngj/3xb5cWdYOXLFcHCCw3V9Q+PmH7DHFQkG1rS:OYn/dpcHCN3V9Q+PyjFQzw
Yara None matched
VirusTotal Search for analysis
Name b344e4633da4e317_pagesgt.zip
Submit file
Filepath C:\Users\test22\pagesgt.zip
Size 10.9MB
Processes 3064 (Notafiscal-gtfbp-10144-PLFNV.exe)
Type Zip archive data, at least v2.0 to extract
MD5 6d7bf4f05ae21b0b5bc258b6057d041b
SHA1 ad9c0d0a90cbecea722a0d996d5ff3419098b328
SHA256 b344e4633da4e31721c0e06aa414d66ef56765934c59fe9b455bbcf5e226a36c
CRC32 9D7816A9
ssdeep 196608:t7xlbaMt74iSb4jnxdf1YSdsIB15cJC0snfLKatYvZR/5SmC3JL:XJ/Mk5NdzcJCfnfLKatO55SvB
Yara None matched
VirusTotal Search for analysis
Name 0d757ca61be427e6_common.dll
Submit file
Filepath C:\Users\test22\Common.dll
Size 897.3KB
Processes 3064 (Notafiscal-gtfbp-10144-PLFNV.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 40fd316520f0573077aacb60aff0fbc6
SHA1 4b1e23ba91a049fdc4c97caebc57cac15cb3e9b0
SHA256 0d757ca61be427e699d570364fdd5ec6f5fbeb7654dc67b34bb4b46c69466de5
CRC32 2B82B33F
ssdeep 12288:E6CK1dk6NxNlea9vVBpKZZhYQ6hH6YcSoaZbVAIaJNO:J1d3NlxvVBkOQ6huSoaZbiS
Yara
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • IsPE32 - (no description)
  • IsDLL - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • Antivirus - Contains references to security software
VirusTotal Search for analysis
Name 1beb42edf12f007c_cmdline.exe
Submit file
Filepath C:\Users\test22\CmdLine.exe
Size 440.3KB
Processes 3064 (Notafiscal-gtfbp-10144-PLFNV.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 0bfe3087ca4ef73b868518af6caa4e6d
SHA1 af3fa5233a6dd4eb1bbd727175f7a5845323076c
SHA256 1beb42edf12f007c47b403049d10afbbf4db637d7053244c1b6972ea53847b76
CRC32 D2F456E4
ssdeep 6144:dvGW7g487Zp/O22OHe3vqt7+ScIk8taZuuzI9ujmOO6JFcJiWgd+4xN:dv3gJZ2OQvqt7+ScJ8tGuf9fv6JGJxq
Yara
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 0e9d354a08cb7b7d_wizard.exe
Submit file
Filepath C:\Users\test22\Wizard.exe
Size 457.3KB
Processes 3064 (Notafiscal-gtfbp-10144-PLFNV.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 77ba7da6d06745f2c54ce5b026fac34e
SHA1 c82ed310c2d0dcc8a088f98179ab25130f8f6466
SHA256 0e9d354a08cb7b7d47e2479cf12873d09863ab1f55a98a2b26f846c48d6cd018
CRC32 D0744D42
ssdeep 6144:7jMtnknTQgO3NzcEq/ZN7zqF0k0eW4sm4vUnWxH:7/QRzcPPqvW4sun
Yara
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 9ac1158f5b34a287_sxshellextx64.dll
Submit file
Filepath C:\Users\test22\SxShellExtX64.dll
Size 1.9MB
Processes 3064 (Notafiscal-gtfbp-10144-PLFNV.exe)
Type PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5 a9fda95ed2189cd589779f5870c49791
SHA1 1293b9f66545e4d55c66a22d08adf427a379b27e
SHA256 9ac1158f5b34a287ab0625de36942606444c091d3e3c43fa8bb4c8cbd049aceb
CRC32 7B369953
ssdeep 49152:hs69gSQw9nnn301Qw9nnn301Qw9nnn301Qw9nnn301Qw9nnn301:fV0/V0/V0/V0/V01
Yara
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • IsPE64 - (no description)
VirusTotal Search for analysis
Name 8dc530a6e6b6e9a3_stuffitconnect
Submit file
Filepath C:\Users\test22\StuffItConnect
Size 50.0B
Processes 3064 (Notafiscal-gtfbp-10144-PLFNV.exe)
Type ASCII text, with CRLF line terminators
MD5 8280e46ca38555dd5e662639d8ba038a
SHA1 1c5586f96ac137fe9cc4d5d88a628e91ab4567a3
SHA256 8dc530a6e6b6e9a3428eb9d4c1bbb80c1a6b884a5b2ac6872aa3555b4cfe1c5e
CRC32 DDF0E0E2
ssdeep 3:3ugfKvpkPxBKS9QCFtoL:+giveJr9JtK
Yara None matched
VirusTotal Search for analysis
Name a059228a9c6e6568_stuffitconnect.dll
Submit file
Filepath C:\Users\test22\StuffItConnect.dll
Size 81.3KB
Processes 3064 (Notafiscal-gtfbp-10144-PLFNV.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 9f499cb83be4c828383e70b8b94a6479
SHA1 915a055b761e713d144edc7b7b94d8783f28d485
SHA256 a059228a9c6e656877adbb8d764523a02634ec8c95a8057c059b414e2a4c14e1
CRC32 B3A76748
ssdeep 1536:EGmRhB/Qrnkz929g/QIZjvjfVJouxULhcLFV5IKebW9sG0OKU20Wz8MJH:pmRSAlBohcLFV5IKea9s1OKqWz8
Yara
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • IsDLL - (no description)
VirusTotal Search for analysis
Name 34d51ea931e6b9de_starburn.dll
Submit file
Filepath C:\Users\test22\StarBurn.dll
Size 573.8KB
Processes 3064 (Notafiscal-gtfbp-10144-PLFNV.exe)
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 e86403ff6f01f2b50b9f95d8e536fbf1
SHA1 0546658f5e4ac1c0b8035dc9da5f0e389e79e38f
SHA256 34d51ea931e6b9de88b55f3d9f6921fbddaa40acb888e692f66f7e77c2b6f676
CRC32 1AAFE696
ssdeep 6144:pO/y/giMzI+IOyLwjiwjD2S+HGN6TWjSp8Kl9xjp4cfSuHwQBGp88MRUssCR9CDR:Z/gzbn+GgTWjg8S4cfSn8GpsCD0FTQ
Yara
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • IsDLL - (no description)
  • Malicious_Library_Zero - Malicious_Library
VirusTotal Search for analysis
Name 14fc89f8514346e2_license.txt
Submit file
Filepath C:\Users\test22\license.txt
Size 3.8KB
Processes 3064 (Notafiscal-gtfbp-10144-PLFNV.exe)
Type ASCII text, with very long lines, with CRLF line terminators
MD5 09ec1802e0c6b5cee3dae3f695bac97d
SHA1 daf77b10f9fb208b74d7a390b00d3db9ab1811cc
SHA256 14fc89f8514346e2eead282203c7c5daf728df3e5edea808b93f6a2bfb9e61e5
CRC32 FCA6F08D
ssdeep 96:/wEfS/bS1ZnF90croUHYG5LkiUHpoGLtzxAPbuL2:oEfQaZF9xkUHFLkHp9zsP
Yara None matched
VirusTotal Search for analysis
Name ea5f6725e5d61387_stuffit14.url
Submit file
Filepath C:\Users\test22\StuffIt14.url
Size 48.0B
Processes 3064 (Notafiscal-gtfbp-10144-PLFNV.exe)
Type MS Windows 95 Internet shortcut text (URL=<http://www.stuffit.com>), ASCII text, with CRLF line terminators
MD5 61892cf7d9596385f03af436a015b567
SHA1 5698a18a62a5178e0f34923d850f44644a28448c
SHA256 ea5f6725e5d61387e8da61e063a9b7baaf83b4e1d9d311ac0ea845e31c93756a
CRC32 0E46402D
ssdeep 3:HRAbABGQYm/0S4PMzFn:HRYFVm/r405
Yara None matched
VirusTotal Search for analysis
Name 0b871e3bcd32d356_stuffitengine.dll
Submit file
Filepath C:\Users\test22\StuffItEngine.dll
Size 128.0MB
Processes 3064 (Notafiscal-gtfbp-10144-PLFNV.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 8c1d833e8e22ddc93b173f6d1e00aa9c
SHA1 856e01c472b31c7db21e554132754d7d8456f544
SHA256 14ca47779aa464c86a475260b951926c1e20125025675ab98759f5c6d5d293a7
CRC32 E89BF852
ssdeep 3072:XAwITQ3xqIWnzcu2R/pU3NBazlSQ2xZWs+FRV0sIZCVUKDo+k3pWkBIk:XAwFCIu2hsNBagXw0VKUKzkIkz
Yara
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • IsDLL - (no description)
  • Malicious_Library_Zero - Malicious_Library
VirusTotal Search for analysis