popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 482e6d74f78b5618_server2.txt
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\Server2.txt
Size 1.1MB
Processes 1608 (server5.EXE)
Type PEM certificate
MD5 a01bbc9f5e5c0b797cf6c0b045cc59da
SHA1 23f0450a092a5f5cea41002464082377a7d1eea2
SHA256 482e6d74f78b5618aa2a4a885018a6cd8ef082d09c5355ab144ef5ffeab64d3a
CRC32 9E0EA278
ssdeep 12288:imFLtjJaIWsAWZa8qt0YQ9BU+1mj1dtxhySHDa0sodd/9baFjkU6uRA3otubmD4c:ZsIW2qU9yC8tSolhUz5wMcY8MppQgwg
Yara
  • Suspicious_Certificate_payload - Suspicious Certificate file
  • NPKI_Zero - File included NPKI
  • hide_executable_file - Hide executable file
VirusTotal Search for analysis
Name 48922bb6498c432d_certutil.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\certutil.exe
Size 1.6MB
Processes 1608 (server5.EXE)
Type PE32+ executable (console) x86-64, for MS Windows
MD5 e376b07aa887a6085ceae9be62ac9c37
SHA1 0545039e26171b2cdbe6039723b41676e2d3f796
SHA256 48922bb6498c432dd248cd337f4dcee0bfe77ee3ecbb1f8020d6db1f135e8e00
CRC32 394EA3E1
ssdeep 24576:zZBkamtqOq4o+2KTmJUJIgQlVE5PEsK+syXTkZSG0RK9IH3LeLH1gOn/H2:zjkaeqna2OkFVEPsyukR8IXLeLV32
Yara
  • Generic_Malware_Zero - Generic Malware
  • Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • Malicious_Packer_Zero - Malicious Packer
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis