popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 9884e9d1b4f8a873__shfoldr.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\is-CLI02.tmp\_isetup\_shfoldr.dll
Size 22.8KB
Processes 2100 (FL2.tmp)
Type PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5 92dc6ef532fbb4a5c3201469a5b5eb63
SHA1 3e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA256 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
CRC32 AE2C3EC2
ssdeep 384:+Vm08QoKkiWZ76UJuP71W55iWHHoSHigH2euwsHTGHVb+VHHmnH+aHjHqLHxmoq1:2m08QotiCjJuPGw4
Yara
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
VirusTotal Search for analysis
Name 203d7b61eac96de8_idp.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\is-CLI02.tmp\idp.dll
Size 216.0KB
Processes 2100 (FL2.tmp)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 8f995688085bced38ba7795f60a5e1d3
SHA1 5b1ad67a149c05c50d6e388527af5c8a0af4343a
SHA256 203d7b61eac96de865ab3b586160e72c78d93ab5532b13d50ef27174126fd006
CRC32 90D9CA64
ssdeep 3072:6XHWOJd5D0ocxYF0+CT4zNHNpwZNjlhBKL/kg/0r4YLuztNJaFlCx:6G6tae7wZNOpiWP
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • OS_Processor_Check_Zero - OS Processor Check
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
VirusTotal Search for analysis
Name 803b4fc6bc93a0bb_mosaLAh.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\is-CLI02.tmp\mosaLAh.exe
Size 573.5KB
Processes 2100 (FL2.tmp)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 4de7538747bf36f826099aceed872175
SHA1 a5bc0deeff3e816b896c06961fa03c646122a11f
SHA256 803b4fc6bc93a0bb84716cdf5ef8649f7ec9da9821d60bb093a08609d480943d
CRC32 E2D5DC85
ssdeep 12288:eEEeN+fYIEhuHEkRPUWH21ghzsSI3hic7LMhuTW4Nc:e0WB
Yara
  • UPX_Zero - UPX packed file
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • Is_DotNET_EXE - (no description)
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
VirusTotal Search for analysis
Name 1d07cfb7104b85fc_FL2.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\is-1I5D8.tmp\FL2.tmp
Size 694.5KB
Processes 508 (FL2.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 ffcf263a020aa7794015af0edee5df0b
SHA1 bce1eb5f0efb2c83f416b1782ea07c776666fdab
SHA256 1d07cfb7104b85fc0dffd761f6848ad176117e146bbb4079fe993efa06b94c64
CRC32 59A45BB2
ssdeep 12288:bQhCh1/aLmSKrPD37zzH2A6QGgx/bsQYq9KgERkVfzrrNVyblD4cNaf/yxyR:bQYh1yLmSKrPD37zzH2A6QD/IpqggE29
Yara
  • mzp_file_format - MZP(Delphi) file format
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • OS_Processor_Check_Zero - OS Processor Check
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
VirusTotal Search for analysis
Name 388a796580234efc__setup64.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\is-CLI02.tmp\_isetup\_setup64.tmp
Size 6.0KB
Processes 2100 (FL2.tmp)
Type PE32+ executable (console) x86-64, for MS Windows
MD5 e4211d6d009757c078a9fac7ff4f03d4
SHA1 019cd56ba687d39d12d4b13991c9a42ea6ba03da
SHA256 388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95
CRC32 2CDCC338
ssdeep 96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
Yara
  • UPX_Zero - UPX packed file
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
VirusTotal Search for analysis