popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 617c26fdcee79a9c_h2.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\H2.exe
Size 590.6KB
Processes 2556 (hkcmd.exe)
Type PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5 200f70cceffbcc69815d125f1ca40fd8
SHA1 137dc1cd3b2b5662e93595a348115cef942ff394
SHA256 617c26fdcee79a9c0bf97456acaa65c691e7269866ad88aabf655330d2fc50bd
CRC32 C0669276
ssdeep 12288:P5S5QdJaSO35Y8y67puHSmNjYFnXgZDLfGxPRpCcPe+7We4:nJm5YgCNj4wlfGP4yJ7X4
Yara
  • IsPE64 - (no description)
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
  • PE_Header_Zero - PE File Signature
  • ConfuserEx_Zero - Confuser .NET
VirusTotal Search for analysis
Name 497181638d283074_hkcmd.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\hkcmd.exe
Size 114.6KB
Type PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5 53d4ab9c429de02b7efc94d7be3e6059
SHA1 2dba6ac014c7115407fbd56e6367c3f57679404f
SHA256 497181638d2830749115aff8751dfaddc201d4a9de50e731c7e999381575f714
CRC32 96C48B9C
ssdeep 3072:1toI3eJY6z2cQEjbCTb6TbEVDR2fxvPXj5:1aJJ9zpblEVDsvj5
Yara
  • IsPE64 - (no description)
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
  • PE_Header_Zero - PE File Signature
VirusTotal Search for analysis