popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 5d7a35afdae4aa87_s9868492.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\s9868492.exe
Size 961.8KB
Processes 2552 (lega.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 776adfc7ed3705fd0930ba7f773cb8fe
SHA1 79731d62afb9e8dba31e070a6e191fb54dc217ba
SHA256 5d7a35afdae4aa87d17028f2ab121b368fc056e9c6e225372c44fe0ed8c51960
CRC32 B9F22624
ssdeep 12288:WfhPulf0GzmYqmhk/2FXvcY8+Kevy13ynSQZBMXJfgLsu0Il4MOoWrvBA5HcQ9b8:WfhPxGzmYqmh62lcVZ0SQZ8HNZ
Yara
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • Is_DotNET_EXE - (no description)
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • ConfuserEx_Zero - Confuser .NET
  • RedLine_Stealer_Zero - RedLine stealer
VirusTotal Search for analysis
Name da7b0beef0c648f8_z2427314.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\z2427314.exe
Size 702.5KB
Processes 2552 (lega.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 ea7e03b063b764d4a33aa050255eb572
SHA1 6e72363f75dc7313e239fe0d9ab4dafca909bae2
SHA256 da7b0beef0c648f81f511ac269b4281c981346eca1f213fb143f52c1145530bb
CRC32 FD28F8BF
ssdeep 12288:uMrcmPy90c/N5BdEU6P8oq3h2naDTkr6MCV+ov2PM/ApD5Xyswq:DyX/YU48oQ0CTk+MC12WApD8sX
Yara
  • UPX_Zero - UPX packed file
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • Malicious_Library_Zero - Malicious_Library
  • CAB_file_format - CAB archive file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
VirusTotal Search for analysis