popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name f9da63b9de58bcd9_088424020bedd6
Submit file
Filepath C:\Python27\click\click\click_image\088424020bedd6
Size 747.0B
Processes 2868 (SurrogateDll.exe)
Type ASCII text, with very long lines, with no line terminators
MD5 08e44bb943b5485c02114874265e714d
SHA1 b71ebb0affafc859fa813688249d6c9047a7b7ca
SHA256 f9da63b9de58bcd9d937a3d5e1cb5b127db5121e36847133c39f09ca947e370a
CRC32 77C81564
ssdeep 12:ybu+b4Fnyi+7TgcN8CKjlB6NTTraLH0+sM91YuaFcMJNndpNYiVI6TsBZvBlJrS:yvkFyikslCKjlB6NTQXYbTHdpKCtIBtc
Yara None matched
VirusTotal Search for analysis
Name 3185c369451bdae7_uc6xwkvnimsiiphu7zpwhq8u.vbe
Submit file
Filepath C:\agentBrowsersavesRefBroker\uC6xwKvnImSiiPHU7zpWHQ8u.vbe
Size 223.0B
Processes 2584 (limalt.exe)
Type data
MD5 9403175bdfbadf333200b08d0f9a97e4
SHA1 c3383de367a292b0b2d12659468b7aa53985171d
SHA256 3185c369451bdae7ed017894d541c6957d5b583b4a31a8efd288cfe4ff457f87
CRC32 70ADC359
ssdeep 6:GXkgwqK+NkLzWbHa/818nZNDd3RL1wQJRUkMYZ4hGVQOM5JJNy7:GXkBMCzWLaG4d3XBJekLWcree
Yara None matched
VirusTotal Search for analysis
Name b0018d656d54df95_088424020bedd6
Submit file
Filepath C:\Python27\Lib\bsddb\test\088424020bedd6
Size 794.0B
Processes 2868 (SurrogateDll.exe)
Type ASCII text, with very long lines, with no line terminators
MD5 89c0973e49fa218bcfab6402969155f4
SHA1 d42fe9cf9fcb4ddf63572050075894cd76c2e8f0
SHA256 b0018d656d54df95c6bb871bac47a1caba027d479bc322220b1629fb1ed1ba3a
CRC32 4D472C0F
ssdeep 12:Sn8GmxenCHsEH4ucLh1cjGy16c/WmzqBOEpICFkIqV5jKd:79eLSJVjG26koRIFHS
Yara None matched
VirusTotal Search for analysis
Name f4adc7f379298f24_surrogatedll.exe
Submit file
Filepath C:\agentBrowsersavesRefBroker\SurrogateDll.exe
Size 1.7MB
Processes 2584 (limalt.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 fa982bede3552e226a6950a59fa9862b
SHA1 f0c2ca51c5c5a82028fff8757690594bde320ab7
SHA256 f4adc7f379298f2480544b0baae139e98fd93da4b0a8e12b47d35ef101671b72
CRC32 8F7915A2
ssdeep 49152:D+gYXZTD1VXUqzX7VwjvMoh1IFyuyigWnMzm6sDBKv:uTHUxUoh1IF9gl2
Yara
  • IsPE32 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
  • Is_DotNET_EXE - (no description)
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name e3b0c44298fc1c14___tmp_rar_sfx_access_check_36061171
Empty file or file not found
Filepath C:\agentBrowsersavesRefBroker\__tmp_rar_sfx_access_check_36061171
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name 30921e7d9a89121e_r205pw8antr7taq13alm.bat
Submit file
Filepath C:\agentBrowsersavesRefBroker\r205Pw8aNtR7tAq13alM.bat
Size 48.0B
Processes 2584 (limalt.exe)
Type ASCII text, with no line terminators
MD5 5bb1a4946c35c47dd502dfbcd6d3a3d7
SHA1 1e1e42c5996031e92e8314c45201ccbf1fa23607
SHA256 30921e7d9a89121e8d56de5182e7e487f8e02293e82e82c2c04a6a537150ef06
CRC32 9EC6322D
ssdeep 3:I5+uWyVy52TxAhHL4i:IMuWwq2KEi
Yara None matched
VirusTotal Search for analysis
Name debab1efc0ca1bee_hosts
Submit file
Filepath C:\Windows\System32\drivers\etc\hosts
Size 897.0B
Processes 2868 (SurrogateDll.exe)
Type ASCII text, with CRLF, LF line terminators
MD5 258a695a447e14752bc1908929877be8
SHA1 9a3f8f4b25986817e9b46f402e68138a9b299da3
SHA256 debab1efc0ca1bee86312783c7f653026295cb0202110b6db11c5de27550ad94
CRC32 FE3B06A4
ssdeep 24:QWDZh+ragzMZfuMMs1L/JU5fFCkK8T1rTtD:vDZhyoZWM9rU5fFcw
Yara None matched
VirusTotal Search for analysis