popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 798af20db39280f9_sqlmap.dll
Submit file
Filepath C:\Program Files\Microsoft DN1\sqlmap.dll
Size 114.0KB
Processes 2376 (InstallUtil.exe)
Type PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5 461ade40b800ae80a40985594e1ac236
SHA1 b3892eef846c044a2b0785d54a432b3e93a968c8
SHA256 798af20db39280f90a1d35f2ac2c1d62124d1f5218a2a0fa29d87a13340bd3e4
CRC32 CF004A91
ssdeep 3072:m3zxbyHM+TstVfFyov7je9LBMMmMJDOvYYVs:oMjTiVw2ve9LBMMpJsT
Yara
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 32ff81be7818fa71_rfxvmt.dll
Submit file
Filepath C:\Windows\System32\rfxvmt.dll
Size 36.5KB
Processes 2376 (InstallUtil.exe)
Type PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5 e3e4492e2c871f65b5cea8f1a14164e2
SHA1 81d4ad81a92177c2116c5589609a9a08a5ccd0f2
SHA256 32ff81be7818fa7140817fa0bc856975ae9fcb324a081d0e0560d7b5b87efb30
CRC32 40B5B78C
ssdeep 768:2aS6Ir6sXJaE5I2IaK3knhQ0NknriB0dX5mkOpw:aDjDtKA0G0j5Opw
Yara
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • Malicious_Packer_Zero - Malicious Packer
VirusTotal Search for analysis
Name 0df3d05900e7b530_13.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\13.exe
Size 70.5KB
Processes 2376 (InstallUtil.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 ca96229390a0e6a53e8f2125f2c01114
SHA1 a54b1081cf58724f8cb292b4d165dfee2fb1c9f6
SHA256 0df3d05900e7b530f6c2a281d43c47839f2cf2a5d386553c8dc46e463a635a2c
CRC32 386C60A5
ssdeep 1536:tjL6b1xoQ66K+jLMqPHULq87qdGN2B30GfDQ+1FIRXWHH0:t0BVbjQaNpd82xpLQ+126H0
Yara
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
VirusTotal Search for analysis
Name f00109618610375e_rdpwrap.ini
Submit file
Filepath C:\Program Files\Microsoft DN1\rdpwrap.ini
Size 292.0KB
Processes 2376 (InstallUtil.exe)
Type ASCII text, with CRLF line terminators
MD5 914d30cdc026d77366e6ac105cd5eefc
SHA1 95e0c8463f4995bf126fa0cffab4a8a947963a1a
SHA256 f00109618610375ea494b1406fa7e5548d75a52669b1bf1761a80394301b42f8
CRC32 55123F09
ssdeep 768:3UiQVQpXQq4WDi9SUnpB8fbQnxJcy8RMFdKKb5x8Rr/d6gl/+f8jZ0ftlFi4Q7Q6:xrI33L+MAIiG4IvREWddadl/FZ5
Yara None matched
VirusTotal Search for analysis
Name fb9646cb956945bd_agiledotnetrt.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1dfe5de3-9d8a-4b12-90f5-e19dc322c094\AgileDotNetRT.dll
Size 94.4KB
Processes 3044 (powershell.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 14ff402962ad21b78ae0b4c43cd1f194
SHA1 f8a510eb26666e875a5bdd1cadad40602763ad72
SHA256 fb9646cb956945bdc503e69645f6b5316d3826b780d3c36738d6b944e884d15b
CRC32 BED2FE2C
ssdeep 1536:JKQ7ZLTFq31bfnHSukoY1IPtan1sBrGxEm5g:JKc/FM1bfnyNNdkrGxJg
Yara
  • IsPE32 - (no description)
  • Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen
  • Malicious_Library_Zero - Malicious_Library
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
VirusTotal Search for analysis
Name a9b1dc8eaa5fcd00_d93f411851d7c929.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size 7.8KB
Processes 3044 (powershell.exe)
Type data
MD5 c1d8708bab1e838a2deda26d58bb8d42
SHA1 95d39e75a804752961c139bb6c0b67f84f685035
SHA256 a9b1dc8eaa5fcd0034694cf9742ae915a5932142a1477c3ab6fada45d98750b2
CRC32 E71AF2A2
ssdeep 96:QtuC6GCPDXBqvsqvJCwoFtuC6GCPDXBqvsEHyqvJCworFS7HwxWlUVul:QtbXoFtbbHnor/xo
Yara
  • Generic_Malware_Zero - Generic Malware
  • Antivirus - Contains references to security software
VirusTotal Search for analysis