popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 5bd83968d16086ca_832866432405
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\832866432405
Size 87.2KB
Processes 2288 (gntuud.exe)
Type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1024x768, frames 3
MD5 ddff4657b910afba3de572b115135422
SHA1 d0e74bace0fd74099d169fb19ba8f8b1f47528e0
SHA256 5bd83968d16086ca5614a9feb80151ae35019a5462686ecf1b2e217bdb1c5aeb
CRC32 BA218347
ssdeep 1536:08qQRlKOtginlqeQf4gq7W9r8Wa8+3vMqHILWGBNojNM1IymNgp+a:NRlk8lqjQg/N8WA0qoLTNojNM1PmNG7
Yara
  • JPEG_Format_Zero - JPEG Format
VirusTotal Search for analysis
Name 294f231d98716586_teamviewer_desktop.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\1000030000\TeamViewer_Desktop.exe
Size 376.5KB
Processes 2288 (gntuud.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 0c9df67f152a727b0832aa4e7f079a71
SHA1 fe61d19bed03f3cd35c06027b98d1a059ba06cd6
SHA256 294f231d98716586a83665cb179bf1228d11cca7c753d902df1c19d60d53ba2e
CRC32 BB35FDFA
ssdeep 3072:hsgZAzdUCmqlw4kp/LZ1aHS5GfqPuV8hS:hsgZFCmXDp/l1+SdPAYS
Yara
  • IsPE32 - (no description)
  • ASPack_Zero - ASPack packed file
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 37695123f713faf3_d93f411851d7c929.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size 7.8KB
Processes 2912 (powershell.exe)
Type data
MD5 e005599017454a64950a77f9ab76a9d8
SHA1 e91511cf9d16fd9367c82481ac613a5476863f1b
SHA256 37695123f713faf3d1f88d4a8c0bfb5e5f44ccb2ec1a702ac74f9d09b09a31b1
CRC32 5C9DB516
ssdeep 96:ctuCeGCPDXBqvsqvJCwo5tuCeGCPDXBqvsEHyqvJCworw7HwxGlUVul:ctvXo5tvbHnorbxY
Yara
  • Generic_Malware_Zero - Generic Malware
  • Antivirus - Contains references to security software
VirusTotal Search for analysis
Name 55bb9a076d815eea_explorer.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\1000028000\explorer.exe
Size 1.2MB
Processes 2288 (gntuud.exe) 2248 (cmd.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 e79b48eefa43aa34f360f68618992236
SHA1 2df3f4d483e8fe0126cd1f84c46f3d29859d90e7
SHA256 55bb9a076d815eeae19471e6a1e81339eef87e6dc17c95a7b3615f52b6677ecd
CRC32 29C4FB68
ssdeep 12288:WCtS8G87R1WbCPLQhXW9XUvNHBAG/5YhnUAQyjTeYEJvRsA5X3JKC8:WCP7vLIW5uXzA7jTeYEdRsAe
Yara
  • Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 2d9794896b8108e7_languagetool.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1000043001\LanguageTool.exe
Size 2.2MB
Processes 2288 (gntuud.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 9a9bac4aa21b418c54be4bfa04d979b7
SHA1 f0b8b2c3ccd74d2ee8871655fd21192760af88ba
SHA256 2d9794896b8108e7d20fa3f9cf766eb0220d3d358a06668d45b9064eb4ad2eba
CRC32 29AA28E2
ssdeep 24576:XHkWMazqcBa4ul8hTIbqUBYUHm9DzKGefi2ucnjv0rbZyKWyqO1J9t6ihzN:0JMIYyKZefbnjv0rT8EJn6A
Yara
  • IsPE32 - (no description)
  • NPKI_Zero - File included NPKI
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
  • Is_DotNET_EXE - (no description)
  • PE_Header_Zero - PE File Signature
VirusTotal Search for analysis
Name fc63bd7f4da2050f_teamviewersetupx64.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1000025001\TeamViewerSetupx64.exe
Size 1.2MB
Processes 2288 (gntuud.exe)
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 852011cf885e76c0441dd52fdd280db7
SHA1 1d4a0c35c67beb25a722e3b6ea5ca48e98efd5d4
SHA256 fc63bd7f4da2050fcad7913c2dc9ca8bd9c263a47f65dad973891c4a000a444e
CRC32 2BAC4D7D
ssdeep 12288:Rp6xvNQQteTpwobuR00rCSE8czRRD2KXSW5tYMM87hGR9/3TG6LnjDqa2+rr3Aro:RpMaIeuKuR0ICSE8y7DV5lM8CuEkm
Yara
  • OS_Processor_Check_Zero - OS Processor Check
  • Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • Malicious_Packer_Zero - Malicious Packer
  • UPX_Zero - UPX packed file
  • Antivirus - Contains references to security software
VirusTotal Search for analysis
Name c3b8925370a662af_cred64.dll
Submit file
Filepath C:\Users\test22\AppData\Roaming\96facdca63b65f\cred64.dll
Size 126.0KB
Processes 2288 (gntuud.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 3966ebb55d701a2b42f9a755aa925010
SHA1 c310512064746ce392504d3e4e6f9bc14a6d31df
SHA256 c3b8925370a662af01f3040d1a417a227eca5e1d7bdfaac3716b3a5e384dc698
CRC32 3DE0FA4D
ssdeep 3072:Ix7pOYzBeku2i4uLzw2Y6ScG13uHh6c+LjzbL1Xpy9:Ix7ZNhu2WLzuah6c6p
Yara
  • IsPE32 - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • Win32_PWS_Loki_Zero - Win32 PWS Loki
VirusTotal Search for analysis
Name a9220271c0eb79e5_d93f411851d7c929.customDestinations-ms~RF102b3a9.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF102b3a9.TMP
Size 7.8KB
Type data
MD5 b0c9ff441742f3847ea27da9dee7f2cd
SHA1 c42a1eb32ba953a0ce5d8635caabf71b5b281495
SHA256 a9220271c0eb79e5750e0d0e62058ecac560e09cdf9e82ef61aeeabada5d48a4
CRC32 0BBCAB1A
ssdeep 96:RutuCOGCPDXBqvsqvJCwo+utuCOGCPDXBqvsEHyqvJCworSP7Hwxf2lUVul:UtvXoxtvbHnorrxQ
Yara
  • Generic_Malware_Zero - Generic Malware
  • Antivirus - Contains references to security software
VirusTotal Search for analysis