Dropped Files | ZeroBOX

Name	d35b5dd18d91dbfe_cred64.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\bf045808586a24\cred64.dll
Size	126.0KB
Processes	2076 (gntuud.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`9995abf2f401e4945a7d2930a3727619`
SHA1	`7715e14ad6e4adf609c62c5812419800343fbd4f`
SHA256	`d35b5dd18d91dbfe3dc89cb75b6a26757777b5c52a33cd8fcf6e5ed45a946f1a`
CRC32	`87AC2BBB`
ssdeep	`3072:ox7pOYzBekcmWDWCMq6As523HeS9FAiZ87vO2rlL3Rne9:ox7ZNhc/dMq6AO0a7vVlT`
Yara	IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library IsDLL - (no description) PE_Header_Zero - PE File Signature Win32_PWS_Loki_Zero - Win32 PWS Loki
VirusTotal	Search for analysis

Name	d0806c84518055d0_832866432405 Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\832866432405
Size	85.0KB
Processes	2076 (gntuud.exe)
Type	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1024x768, frames 3
MD5	`aa34e3d79c0c670b2db7ff84122d0a24`
SHA1	`cbee84b1ef092eae6aeac0db205c9b69aec7d7bc`
SHA256	`d0806c84518055d01cbb6acd38217211b47f3640cbe0ca5acf4ecf837b907af0`
CRC32	`907563C6`
ssdeep	`1536:08qQRlKOtginlqeQf4gq7W9r8Wa8+3vMqHILIIsw/jUrBt5q:NRlk8lqjQg/N8WA0qoLhd/jUFt5q`
Yara	JPEG_Format_Zero - JPEG Format
VirusTotal	Search for analysis