popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 62d5b300b911a022_cred64.dll
Submit file
Filepath C:\Users\test22\AppData\Roaming\a091ec0a6e2227\cred64.dll
Size 126.0KB
Processes 2136 (gntuud.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 98cc0f811ad5ff43fedc262961002498
SHA1 37e48635fcef35c0b3db3c1f0c35833899eb53d8
SHA256 62d5b300b911a022c5c146ea010769cd0c2fdcc86aba7e5be25aff1f799220be
CRC32 F056D589
ssdeep 3072:ox7pOYzBekgmWDWCMq6As523HeS9FAiZ87vO2rlL3Rni9:ox7ZNhg/dMq6AO0a7vVlT
Yara
  • IsPE32 - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • Win32_PWS_Loki_Zero - Win32 PWS Loki
VirusTotal Search for analysis
Name 4743bad8f6939aa7_wish.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1000041001\wish.exe
Size 175.0KB
Processes 2136 (gntuud.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 3b6246132b7fb972ed877b79d700e32e
SHA1 af68ac119ccce9c7be5aeefa1e86102ee4019ebb
SHA256 4743bad8f6939aa7645a043208010c2a9e75fbbcbbc8ca597a0c2a74ce7b6cc0
CRC32 198AD44A
ssdeep 3072:hxqZWBJaHEDgX1Ifef5FchQTxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOuw+cj:TqZV1Iech
Yara
  • IsPE32 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • Is_DotNET_EXE - (no description)
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 7e35de071bdb9651_anon.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1000043001\anon.exe
Size 175.0KB
Processes 2136 (gntuud.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 1bd8bdf9b43e506fd12e79de2fb2dc6f
SHA1 7d1af5f2fb51cfe460615a0a37b8d6b187db0e19
SHA256 7e35de071bdb96517e6aa5eeb50e037f0f44ffb2dd3fc3971ac68bd2f211a7d2
CRC32 5E45DA54
ssdeep 3072:1xqZW3Daa5U5sg9tbyOUPGeP59Sh13xNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw04:/qZRyOK1Sh
Yara
  • IsPE32 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • Is_DotNET_EXE - (no description)
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name a404da44d4961944_5jk29l2fg.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1000033001\5jk29l2fg.exe
Size 787.5KB
Processes 2136 (gntuud.exe)
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 abacca218986209482f20ed9772c4cf4
SHA1 2398f39d3a0007ed0fbb5af7a26e4ccce249af9f
SHA256 a404da44d49619445b10db9dad87e04456aa18ec88e9fc9ee328e40d8bbf479d
CRC32 21A61864
ssdeep 12288:aRyl9Dlkb72176sw/umQ6mGiBEswKK31OtUb0tx4H2cdI54XuHTnY6A0Zre:ayl9xkb72176s+o431Oab0tx4Wj4Z
Yara
  • IsPE32 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name ed9ef547b26d9501_pb1109.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1000050001\pb1109.exe
Size 3.5MB
Processes 2136 (gntuud.exe)
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 d925de50dd98dbed8ec6b93c98e6900c
SHA1 adb694cde0bb42562f73144e9465323b30e60f75
SHA256 ed9ef547b26d9501c67479d225d44a8fe29ab122c22426b3d9620b6eef8b6dbd
CRC32 F5BD6BA3
ssdeep 49152:RX0G4RfTILqEiFGOb97BEDKrOeZ3PhwyzzwKYRsmIVBYGfzJgqKqS8mNHkGV69nk:RX0PfbFfb4DcO0YBIVBbJg99RSMo
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • VMProtect_Zero - VMProtect packed file
VirusTotal Search for analysis
Name 207e71173168d972_xpsie.42
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\xPsIe.42
Size 2.6MB
Processes 2132 (linda5.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 c958a6049f5fd5bb6709e8315a87d5f1
SHA1 7d13f4d9ee8f89cae9f0f64f11f7f8ffb8529f16
SHA256 207e71173168d972c68697baa8d0633be3ab040c49bb8f63b9be6f385c94471d
CRC32 129316CB
ssdeep 24576:gH9jQ9LoyBLhuK89oC5zppxb0WB1+L6HlfhblwTPANm+OFNemI8l:w5y7uK89V1ppxb0DLSlZbSPANmdB
Yara
  • IsPE32 - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
VirusTotal Search for analysis
Name 29f90923bee011c4_832866432405
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\832866432405
Size 85.0KB
Processes 2136 (gntuud.exe)
Type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1024x768, frames 3
MD5 4c4d8e5bba168ffc1e1e4efc834a57ac
SHA1 4fa8308459e169f29c2e5d3c962339d3971beda6
SHA256 29f90923bee011c4e6e8b9ed8174e0335a2e2887e1ccb0fcfe780b0eab30635b
CRC32 0C81A43D
ssdeep 1536:08qQRlKOtginlqeQf4gq7W9r8Wa8+3vMqHILIIsw/jUrBtX:NRlk8lqjQg/N8WA0qoLhd/jUFtX
Yara
  • JPEG_Format_Zero - JPEG Format
VirusTotal Search for analysis
Name e3b0c44298fc1c14_file.exe
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\1000038001\file.exe
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name bd8de49754cab202_linda5.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1000042001\linda5.exe
Size 1.6MB
Processes 2136 (gntuud.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 4d521267cf0a118ee52a5af70e421373
SHA1 aef6cbe39f25d75232ef024549378ab6abd4ebec
SHA256 bd8de49754cab2029c5f8e79d4f785c0956e5a60b0ad8feef9c1e263952e3ee1
CRC32 BBACBC97
ssdeep 24576:YOfNkuu6oLs/5kYXjWwyh9iIMD1u6+7YxWG85IAC6/9KUcyTcQoa8IB2ySsqgbbt:H6oPXzs9ibD1u6LWbV1cyTXonIBHqtO
Yara
  • IsPE32 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis