popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name f14215cd543383c1_credentials.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Templates\credentials.exe
Size 31.0KB
Processes 2968 (csc.exe) 2868 (ConsoleApp1.exe)
Type PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 87b19dfa1eed6d0ea8a8acbc12c4b1f0
SHA1 930aaf4b2e345a7d4610e3376c656efd08315012
SHA256 f14215cd543383c166e03e10254dddcb9d5f9be4dc79a5b7f091cfbe3669367c
CRC32 D327C9AD
ssdeep 384:8TTmu4hpSAeO4UB0v67VV0KOjlJAn7f78HYmlMzupKb1Zg3BvSNZ0AL2QjpZyBHE:8a4AeO4U2v6KhvwTL2YpIBH6KoPR
Yara
  • IsPE32 - (no description)
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
  • Is_DotNET_EXE - (no description)
  • PE_Header_Zero - PE File Signature
VirusTotal Search for analysis
Name e0e9f421e74278d9_credentials.pdb
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Templates\credentials.pdb
Size 47.5KB
Processes 2968 (csc.exe) 2868 (ConsoleApp1.exe)
Type MSVC program database ver 7.00, 512*95 bytes
MD5 fd7f214b64a062c365e7699796f72d91
SHA1 52e217687e5f10ccd3e34d995c5347694d576b06
SHA256 e0e9f421e74278d9cb9c3b5856162b9cc06c83aab04c07e54813f1d739340e8c
CRC32 F37BCAFC
ssdeep 768:KlzjLIMql44iRSDwjwzvkxxcKbaQ3HEPCw:lE4werkxaKHH
Yara None matched
VirusTotal Search for analysis
Name 9a8ea0e2df7554c5_LogvangVfuSkfsNcHkxYKVGcfUjjBLLTgabama
Submit file
Filepath C:\Users\test22\AppData\Roaming\A2EC33314DD2F30555DE\LogvangVfuSkfsNcHkxYKVGcfUjjBLLTgabama
Size 72.0KB
Type SQLite 3.x database, last written using SQLite version 3021000
MD5 0539a773e44d21a84fd97fee0dffd4a3
SHA1 5904058c20aad54c552edc57826babd36ab61149
SHA256 9a8ea0e2df7554c57fb4ee6a8a12782f5a2474a3e4c23dc61e4768631dc4eb9f
CRC32 964BC0B2
ssdeep 96:P0CWo3dOOctAYyY9MsH738Hsa/NTIdE8uKIaPdUDFBlrrVY/qBOnx4yWTJereWbY:PXt769TYndTJMb3j0
Yara None matched
VirusTotal Search for analysis
Name e3b0c44298fc1c14_ftbc3iys.tmp
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\ftbc3iys.tmp
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name e342802bd5319155_83O23CU4.zip
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Templates\83O23CU4.zip
Size 15.3KB
Processes 2672 (RegSvcs.exe)
Type Zip archive data, at least v2.0 to extract
MD5 a24e3845547d5180afc9e8574a3b411c
SHA1 71b14ebb06e3e2a9418fd83d9d9724596432212b
SHA256 e342802bd53191559af2a23b2d11412a8fe60dc3a50e5efa1fade7067c305f55
CRC32 288C8426
ssdeep 384:vmwI8874cDHDDJxXjI4OibLMJSIQSKbbp:vmE3mfJZ0abKSBb9
Yara None matched
VirusTotal Search for analysis
Name 2923faa1437ecda4_ftbc3iys.out
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\ftbc3iys.out
Size 576.0B
Processes 2868 (ConsoleApp1.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators
MD5 0e33f9a2f454b7641a6bb6c8827f760f
SHA1 bdb4f5cbdf3c065dac9d45f6c473b55c978f63cf
SHA256 2923faa1437ecda451beb05e857017df8420dd4d66ffa4f1608fa1e5b87fd4c2
CRC32 9E92B009
ssdeep 12:K4OLM9qTkWZ91xL/nUqMiOLAHSuVzAiwJVnP3/lKa8GIKO5SBFN+y:K+9qTkWZFjnUqMduVRwJVnf9Ka2KoSDN
Yara None matched
VirusTotal Search for analysis
Name 47e65078f3650cd1_ftbc3iys.cmdline
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\ftbc3iys.cmdline
Size 320.0B
Processes 2868 (ConsoleApp1.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5 590a296aeb6897cf4f8666caccfe0db4
SHA1 595b590273ad47fb72029ea19d24fbec5bc8a2d7
SHA256 47e65078f3650cd122a1fd853a37af50535c505b1674f6bccb382df54d2b1e83
CRC32 3096191F
ssdeep 6:hpHk+HoMZ91xL/n0DjqA8AMPmQpcLJaZ5SuH1mQbTYiwJVmGsS3+Yw:7kWZ91xL/nUqMiOLAHSuVzAiwJVnP3/w
Yara None matched
VirusTotal Search for analysis
Name 3571657e95fe9b82_RES2788.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\RES2788.tmp
Size 1.9KB
Processes 3052 (cvtres.exe) 2968 (csc.exe)
Type Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x6f0, 10 symbols
MD5 41516468e027aaf6fadda0ad2b2cdeb0
SHA1 8860b10f405066d3b18b27bbe423f0bef58587f8
SHA256 3571657e95fe9b828b77352f185e0c979bedadc5a4e12d01939f6d3f5b4d1f8b
CRC32 B21EA164
ssdeep 24:Hl3rW9QGuV4H7WwrUeKnxfslWxjkuZhNV99APNnqpdt4+lEbNFjMyi08OK8:auybdfKnxUlWuuln9YqXSfbNtmXM
Yara None matched
VirusTotal Search for analysis
Name a74ac62c89282fdf_CSC235216DD3E9146C19A641E7AC7744AC.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Templates\CSC235216DD3E9146C19A641E7AC7744AC.TMP
Size 1.2KB
Processes 2968 (csc.exe)
Type MSVC .res
MD5 0373b9d11bb24d0a0bbccb1874f85f23
SHA1 012fd21f0cfdfabdda6c77acee6d2e48c0d07436
SHA256 a74ac62c89282fdf46276afca79d8c3f32578505d589f8932a89474106c0bbb9
CRC32 E3FD07A1
ssdeep 24:WpxjkuZhNV99APNnqNdt4+lEbNFjMyi07:yuuln9YqTSfbNtme
Yara None matched
VirusTotal Search for analysis
Name dcfcd16fbf0511d3_vbsqlite3.dll
Submit file
Filepath C:\Users\Public\vbsqlite3.dll
Size 161.5KB
Processes 2672 (RegSvcs.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 073a17b6cfb1112c6c838b2fba06a657
SHA1 a54bb22489eaa8c52eb3e512aee522320530b0be
SHA256 dcfcd16fbf0511d3f2b3792e5493fa22d7291e4bb2efbfa5ade5002a04fc2cab
CRC32 9619DAD7
ssdeep 3072:eNFwdmspaPg9g9oOavAQBNrPkVdc88GjU+vF6nuxRocX5GOOUleo+c:e8d1/w5KA81IJ8GpF6nuTmOOU
Yara
  • IsPE32 - (no description)
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 0b8607fdf72f3e65_cookies.db
Submit file
Filepath C:\Users\test22\AppData\Roaming\A2EC33314DD2F30555DE\cookies.db
Size 96.0KB
Type SQLite 3.x database, user version 12, last written using SQLite version 3038003
MD5 d367ddfda80fdcf578726bc3b0bc3e3c
SHA1 23fcd5e4e0e5e296bee7e5224a8404ecd92cf671
SHA256 0b8607fdf72f3e651a2a8b0ac7be171b4cb44909d76bb8d6c47393b8ea3d84a0
CRC32 842B3569
ssdeep 12:DQAwfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAwff32mNVpP965Ra8KN0MG/lO
Yara None matched
VirusTotal Search for analysis
Name 51247a58f41ba112_ConsoleApp1.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Templates\ConsoleApp1.exe
Size 88.5KB
Processes 2672 (RegSvcs.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 d3344243a5c6929fc3cf6402ca054eea
SHA1 bb96f66544cdd513ee96ae03cd4eae1f7b51218a
SHA256 51247a58f41ba112ce31ed44b0a68bc4db8f39763250071fe35957d1e3eaf9cb
CRC32 CFDB4F8E
ssdeep 1536:psbJO6kyhioBVsevhW0Bj1j9gMpgRxZxJXzXb0+PMpgRxZxJXzXb0+PgX:2bJO9yhioB6ep9XSRxZxJXzXb0+PMSRu
Yara
  • IsPE32 - (no description)
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • Is_DotNET_EXE - (no description)
  • PE_Header_Zero - PE File Signature
  • Win32_PWS_Loki_Zero - Win32 PWS Loki
VirusTotal Search for analysis
Name 433f97d2d3b3ff9d_갏갣갭갉갛개갛갬갡감갏갩강갯.갠객갛갧갢갅갣
Submit file
Size 2.1KB
Type ASCII text, with CRLF line terminators
MD5 09a0d1fa216e383733900b1d0ad808a8
SHA1 11ae70e27cd78e860a8ab4e0b4a10ab480cc6869
SHA256 433f97d2d3b3ff9d2ecd09a14a8f33d938c7df164369cd79ae8e054dbc17711c
CRC32 B47467E7
ssdeep 48:qORXGrdvTps4MQY+XZzNKylu5DE49T8Hp141E1SHKApVi:Uda4MQbNRlu5DEs6+QSHFi
Yara None matched
VirusTotal Search for analysis
Name 0b9a89956a9af8b5_ftbc3iys.0.cs
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\ftbc3iys.0.cs
Size 52.6KB
Processes 2868 (ConsoleApp1.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5 e187c935e54aad97b7fad3532546cc9b
SHA1 07283057567d160618050b15f20da63e3a3117cc
SHA256 0b9a89956a9af8b5a307fd7e0b08972409055022722a1213d246f8bd0a0f4e76
CRC32 7C6B9C32
ssdeep 1536:6yhioBVsevhW0Bj1j9gMpgRxZxJXzXb0+PJ:6yhioB6ep9XSRxZxJXzXb0+PJ
Yara
  • Win32_PWS_Loki_Zero - Win32 PWS Loki
VirusTotal Search for analysis