Dropped Files | ZeroBOX
Name c9f66b18443cd4fd_rynmd.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\RynMd\RynMd.exe
Size 86.5KB
Processes 2620 (RynMd_protected.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 d953ad5e538ade271c362c18b153a210
SHA1 d2c44253bd9ee29a4368ee594eb17a66e3777fef
SHA256 c9f66b18443cd4fd5343d53905a7b96506e19543fc0521727e58d80c604baee2
CRC32 B6470258
ssdeep 1536:Lv7gYULiNbHXIeLLfGvXQVW6calXzvAkSZf0bgcz2W2n:LDgWMeLLfGQc61lskcMbgcza
Yara
  • Is_DotNET_EXE - (no description)
  • Malicious_Packer_Zero - Malicious Packer
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
VirusTotal Search for analysis
Name b7c225ef3cc3e875_d93f411851d7c929.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size 7.8KB
Processes 2712 (powershell.exe)
Type data
MD5 81ca4510272caf505e8091e9a28cb716
SHA1 71414aeec9f1e4a6f5a461b01700cc9cc992cd9e
SHA256 b7c225ef3cc3e87506150eb140e7b9cc127a3469c50a808854acac71a53d98bf
CRC32 FC31E90F
ssdeep 96:EtuCcBGCPDXBqvsqvJCwoRtuCcBGCPDXBqvsEHyqvJCwor/47HwxGlUVul:EtCgXoRtCgbHnorLxY
Yara
  • Generic_Malware_Zero - Generic Malware
  • Antivirus - Contains references to security software
VirusTotal Search for analysis
Name 783758f5b90c894c_winder.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\Winder.exe
Size 62.9KB
Processes 2864 (None)
Type PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 53690d6dbf8e3f7bd54529131f1be127
SHA1 b28ab7d6a4f0fba872310d0dd60bf9bb233b5cff
SHA256 783758f5b90c894c7d57d6dd257683194b4f4d3bc470e0fd51b1b8c6171494d8
CRC32 C59F6165
ssdeep 768:Z+R1Viwqkh+tGi6HYDKnJzQOgFQ04mzGnvclLz3oWK6Iq8rAOzWipD6BXl:ELiwrh+tL64DKnJJAzGvchUCQFa6D6B1
Yara
  • Is_DotNET_EXE - (no description)
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
VirusTotal Search for analysis
Name 1a2b7f8d06629a23_tmpA0FE.tmp.bat
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\tmpA0FE.tmp.bat
Size 152.0B
Processes 2864 (None) 2412 (cmd.exe)
Type DOS batch file, ASCII text, with CRLF line terminators
MD5 b5a0eaeb5e7dab62407f2b01e51ff1a7
SHA1 c96619ed91f7bc1319761897f54c99838e5193c2
SHA256 1a2b7f8d06629a23070773b53d28a70a127150ba89725575962cd862989a0f1d
CRC32 A79724B4
ssdeep 3:mKDDCMNqTtvL5omWxpcL4EaKC59AX0dbmqRDmWxpcL4E2J5xAInTRIOVjhVZPy:hWKqTtT6mQpcLJaZ5Rbmq1mQpcLJ23fO
Yara None matched
VirusTotal Search for analysis