popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name c6988e36b1e1d6ff_decoder.dll
Submit file
Filepath C:\Users\test22\AppData\Roaming\AW Manager\Windows Manager 1.0.0\install\decoder.dll
Size 206.5KB
Processes 1372 (installer.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 8a3f1a0da39530dcb8962dd0fadb187f
SHA1 d5294f6be549ec1f779da78d903683bab2835d1a
SHA256 c6988e36b1e1d6ffc89d9fa77ad35f132f5aa89e680d0155e0b6aee1c524c99f
CRC32 79B7104A
ssdeep 3072:WltFwoJxZQ4fK70l5DqKtRnBBjGd4uM4h0lntiEnc2xMl4fTVERt:WaU87+3nHy6n0NGJERt
Yara
  • UPX_Zero - UPX packed file
  • Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen
  • OS_Processor_Check_Zero - OS Processor Check
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • Malicious_Library_Zero - Malicious_Library
VirusTotal Search for analysis
Name 47666a532b96a826_msi443ee.log
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\MSI443ee.LOG
Size 250.0B
Processes 2280 (msiexec.exe)
Type Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
MD5 2ef19978c1ffc72107e75ca4ff32bdeb
SHA1 2249b30ec09545e842e4aee9363890cd307a1660
SHA256 47666a532b96a826c67b8d903e767a31b2d87ca6984520a4ee9efac08c0086e6
CRC32 5226C60A
ssdeep 6:Qyk+SkAe/BtOYrsfc/okW1Ncil1k4IlEd8blv2K8mlB3DEc+le:Qy5MOBLsc/s1yMIlEd8kKXlB3DL
Yara None matched
VirusTotal Search for analysis
Name b3395b660eb1edb0_tracking.ini
Submit file
Filepath C:\Users\test22\AppData\Local\AdvinstAnalytics\57bec79515c1ec525f8858bf\1.0.0\tracking.ini
Size 26.0B
Processes 1372 (installer.exe)
Type ASCII text, with CRLF line terminators
MD5 6bc190dd42a169dfa14515484427fc8e
SHA1 b53bd614a834416e4a20292aa291a6d2fc221a5e
SHA256 b3395b660eb1edb00ff91ece4596e3abe99fa558b149200f50aabf2cb77f5087
CRC32 261DAA5B
ssdeep 3:1EyEMyvn:1BEN
Yara None matched
VirusTotal Search for analysis
Name a787e7a1ad12783f_MSIC3D9.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\MSIC3D9.tmp
Size 914.0KB
Processes 1372 (installer.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 91d4a8c2c296ef53dd8c01b9af69b735
SHA1 ad2e5311a0f2dbba988fbdb6fcf70034fda3920d
SHA256 a787e7a1ad12783fcbf3f853940590329e0ff0dddf17282324f2d95ed6408f23
CRC32 06B11ECD
ssdeep 24576:w327CUJc4RQ8Btk8Y5EiwB4aNXVW+hv+AhiC:cAc4RQ8BtDAoB4aNXVW+hv+AhiC
Yara
  • UPX_Zero - UPX packed file
  • Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen
  • OS_Processor_Check_Zero - OS Processor Check
  • IsDLL - (no description)
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • Antivirus - Contains references to security software
  • Malicious_Library_Zero - Malicious_Library
VirusTotal Search for analysis
Name f55b853958f07b15_MSIC774.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\MSIC774.tmp
Size 789.5KB
Processes 2280 (msiexec.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 dd1f93eb81e6c99ba9be55b0c12e8bb4
SHA1 1d767983aaa4eb5c9e19409cf529969142033850
SHA256 f55b853958f07b15f0dae7a871c1ebe2ec117ef54ba3811d31cec4c8ae471d9b
CRC32 D9EC6645
ssdeep 12288:LPO8KYTJAJ5NqLaphV6mzFf3zLha2xqe4k+pqm8esHxYs265R3PPn70+8xM9:LG/pPhPzLM28e4UtHh5R3PPn70+8xM9
Yara
  • UPX_Zero - UPX packed file
  • Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen
  • OS_Processor_Check_Zero - OS Processor Check
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • Antivirus - Contains references to security software
  • Malicious_Library_Zero - Malicious_Library
VirusTotal Search for analysis
Name 31ad6648f8104138_6b2043001d270792dffd725518eafe2c
Submit file
Filepath C:\Users\test22\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C
Size 579.0B
Processes 1372 (installer.exe)
Type data
MD5 f55da450a5fb287e1e0f0dcc965756ca
SHA1 7e04de896a3e666d00e687d33ffad93be83d349e
SHA256 31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0
CRC32 BB0B5F80
ssdeep 12:AJZQLgRLaIQnGnjUxRLaIQnGn7ygvc26iYXAQEOJkSlT4VlfXaD+:AJZC8GlGuGlGugEPXdl8VRXaD+
Yara None matched
VirusTotal Search for analysis
Name 69dd844af2616af0_embeddeduiproxy.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\MSI9228\embeddeduiproxy.dll
Size 15.5KB
Processes 2280 (msiexec.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 ab4a5a03ad1e8b84102988b8dac01752
SHA1 5d522d6e14ef34a06013f43bccf021e6caf6f148
SHA256 69dd844af2616af02039a0660c096d3c5691c79dead02ec35c10cc6a82a2b51d
CRC32 FEFDF8F9
ssdeep 384:vYhUGgTnITV92f2nee/P93Ao4i/8E9VFCg9P:gh+Tnkb2eee/PJAoeEjP
Yara
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • Malicious_Library_Zero - Malicious_Library
VirusTotal Search for analysis
Name 3a92508614c1299a_6b2043001d270792dffd725518eafe2c
Submit file
Filepath C:\Users\test22\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C
Size 252.0B
Processes 1372 (installer.exe)
Type data
MD5 2b8a4658866dedabe8611565146b450c
SHA1 5e5a2645201d54627e87a696f8e40a74f8cce3e7
SHA256 3a92508614c1299aa5165ff5787d5c5f41c4a7feba66354db1c87a47a1c4088b
CRC32 7C565669
ssdeep 6:kKORVljGJScalgRAOAUSW0zeEpV1Ex3kljiF/:2RVlOtWOxSW0zeYAseN
Yara None matched
VirusTotal Search for analysis
Name 4177989f2bc8c359_holder0.aiph
Submit file
Filepath C:\Users\test22\AppData\Roaming\AW Manager\Windows Manager 1.0.0\install\holder0.aiph
Size 1002.9KB
Type data
MD5 59f47c235e8563adfdf887f2278f4180
SHA1 31986fb97ffcacef24485fdb37b115f543a670b1
SHA256 4177989f2bc8c359b1f7774f2cab70cb65db9e569e975869a53f76fb109d75aa
CRC32 87642957
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name 9db31b26c534d829_f2e248beddbb2d85122423c41028bfd4
Submit file
Filepath C:\Users\test22\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4
Size 254.0B
Processes 1372 (installer.exe)
Type data
MD5 064198e78a0f84949f200e58ca9657c7
SHA1 adb60ee5a1cf979f65b6ed161e8a4371f57df8de
SHA256 9db31b26c534d82929ced289e0439220cd621ec28861c93efb724053313cccbe
CRC32 D0666910
ssdeep 6:kKOlhLDcJgjcalgRAOAUSW0PTKDXMOXISKlUp:mlhLYS4tWOxSW0PAMsZp
Yara None matched
VirusTotal Search for analysis
Name cb4cad56ea5391e4_Windows Manager - Postback Johan.msi
Submit file
Filepath C:\Users\test22\AppData\Roaming\AW Manager\Windows Manager 1.0.0\install\97FDF62\Windows Manager - Postback Johan.msi
Size 3.8MB
Processes 1372 (installer.exe)
Type Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 14:06:51 2020, Security: 0, Code page: 1252, Revision Number: {C5EBDD8B-C384-4CB5-9A33-9A4EF2189D51}, Number of Words: 0, Subject: Windows Manager, Author: AW Manager, Name of Creating Application: Windows Manager, Template: ;1033, Comments: This installer database contains the logic and data required to install Windows Manager., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
MD5 6024d8c2207fc4610416beaf8d360527
SHA1 793ab731b07bf86ecc3ba78e1b76dc2aa0b48f8a
SHA256 cb4cad56ea5391e44dc661513c4f021c5272db710cc1733251152d1cb0eb5829
CRC32 57A8EFAD
ssdeep 49152:7BAYNADU8HZ3nqmAc4RQ8BtDAoB4aNXVW+hv+Ahi8RhZ2i/NToL5ZHd9ZP9Z9Lzq:WYNAD0tDrPhhoL/+e4UpzjM
Yara
  • Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen
  • OS_Processor_Check_Zero - OS Processor Check
  • Microsoft_Office_File_Zero - Microsoft Office File
  • Antivirus - Contains references to security software
  • Malicious_Library_Zero - Malicious_Library
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 552f7bdcf1a7af9e_f2e248beddbb2d85122423c41028bfd4
Submit file
Filepath C:\Users\test22\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4
Size 1.4KB
Processes 1372 (installer.exe)
Type data
MD5 78f2fcaa601f2fb4ebc937ba532e7549
SHA1 ddfb16cd4931c973a2037d3fc83a4d7d775d05e4
SHA256 552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988
CRC32 479FFA89
ssdeep 24:nIGWnSIGWnSGc9VIyy0KuiUQ+7n0TCDZJCCAyuIqwmCFUZnPQ1LSdT:nIL7LJSRQ+QgAyuxwfynPQmR
Yara None matched
VirusTotal Search for analysis
Name 122b10c707f09cfa_{9A6DDFF0-7DF6-469C-BC37-E60B08309A20}.session
Submit file
Filepath C:\Users\test22\AppData\Local\AdvinstAnalytics\57bec79515c1ec525f8858bf\1.0.0\{9A6DDFF0-7DF6-469C-BC37-E60B08309A20}.session
Size 332.0B
Processes 1372 (installer.exe)
Type ASCII text, with CRLF line terminators
MD5 7e93cbec7f51da5c2a3d0c6838c09f6f
SHA1 edde64b7c4305ec9116bd40832366eb97282f831
SHA256 122b10c707f09cfaca04f8de8971128aed7fc7d6ec3766e855729370e2c5ffd1
CRC32 159FF0DC
ssdeep 6:Wf4XlkFsVnFCDjfpvgGDzFGSbN7/F6Ss5dcb7Xj9YnX9cX60snP00Db:TlkWVFAjKG9GSbJkSsEfXjGnX46kGb
Yara None matched
VirusTotal Search for analysis
Name dae76cce74d63e79_MSIC39A.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\MSIC39A.tmp
Size 524.0KB
Processes 1372 (installer.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 6ea65025106536eb75f026e46643b099
SHA1 d6f5801e370c92d8e5c2336b4022cc6cb6ec1f99
SHA256 dae76cce74d63e7935fde4383020659d75b68632f8a01f2053ec895e69bb4efb
CRC32 842C1082
ssdeep 6144:s32hV/GguOWuGAtLppJZZ5QNIwqKljoMA3KzAOXalOHZRrQinqR/S:m2hV/BGgpV3QWyjwmklOHZ3nq5S
Yara
  • UPX_Zero - UPX packed file
  • Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen
  • OS_Processor_Check_Zero - OS Processor Check
  • IsDLL - (no description)
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • Malicious_Library_Zero - Malicious_Library
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis