popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 61d1808428e2c82d_tem.vbs
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\tem.vbs
Size 221.0B
Processes 1072 (iexplore.exe) 3124 (wscript.exe)
Type ASCII text, with CRLF line terminators
MD5 4b198339662eab7bd5152386dc0e0321
SHA1 42d377b5bf8d0fc906e2586ee6b5e0dd1104a6af
SHA256 61d1808428e2c82d823004b3adb3e5b59af4f0b33961ae6b89bf00bd6604a35e
CRC32 09F6157A
ssdeep 6:aBjw+7y8UpAM1mQpcLJ23flZ+AHMy/xAM1mQpcLJ23f/THp:+dnUpAYOLMtTJAYOLMjJ
Yara None matched
VirusTotal Search for analysis
Name fcf3e0486e76ea95_csonhost.bat
Submit file
Filepath C:\Windows\Temp\csonhost.bat
Size 6.0KB
Processes 1072 (iexplore.exe) 2548 (cmd.exe)
Type ASCII text, with CRLF line terminators
MD5 9da29265b1391c18f00c959c64b3fb65
SHA1 dee2f9ded1706933f452ebcd2d5ccd8818af713e
SHA256 fcf3e0486e76ea956d81dedfc64eaeb597ed0459d4356221f8f1e7f18d996824
CRC32 A9D930D5
ssdeep 96:6t8gBXm+C5etnhKtnBMYtvBMYtMBMYt9BMYtzBMYtnBMYtQBMbZ76l1J0ngj5jb7:JsejQBf7kIZ76l1J0ngNjv
Yara
  • Antivirus - Contains references to security software
VirusTotal Search for analysis
Name 6dedb94f143de721_svchost.exe
Submit file
Filepath C:\Windows\Fonts\svchost.exe
Size 87.0KB
Processes 1072 (iexplore.exe)
Type PE32+ executable (console) x86-64, for MS Windows
MD5 c945fa7d5ecb219c248ea09ea3bbe8e4
SHA1 8a8596b7e08dc0fa756e6977c64d57ab07e7ab23
SHA256 6dedb94f143de721acb86543be5e796a36495f47e3faf650e5da69b9f2ccf54b
CRC32 AEB06E10
ssdeep 1536:yoYh74DJEup8S69OLvbBiq5B6r9par9bXQ/WOd2QDgTVpBWsKu9ZW:yoYC1Eup4sAqH63ar5XyIQDgTVpUGu
Yara
  • UPX_Zero - UPX packed file
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
VirusTotal Search for analysis
Name fc82ae233202ce00_iexplore.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\iexplore.exe
Size 3.9MB
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 a3d8b7059f0a4108d38144586fd63ee0
SHA1 991e26c64815750e03f6c3515e8beebf7b1075b3
SHA256 fc82ae233202ce00335a22ad605fa184687db2023b8bdb8afbb4fd7cd61a8e52
CRC32 2914A370
ssdeep 98304:kVT8nSXdIs4DzUQeArdcHL9NlTxoUx2ZXOR6wwYIvtQZZuvIsGr:keSXdY/aAm9NRx28cfhvtPY
Yara
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name a26487eb2d2e4992_conhost.exe
Submit file
Filepath C:\Windows\Fonts\conhost.exe
Size 12.5MB
Processes 1072 (iexplore.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 bbfb132c351b577f1b62466594e6286e
SHA1 6554c61b5e67324871b70074a9c22f58298c686c
SHA256 a26487eb2d2e4992e9fc6429380eedf6d16ce2ad44451a5fa8551dda99cd9c23
CRC32 4DA47319
ssdeep 196608:PsMiVjgid90x08gAFsonxy4dqseVBTTT/Y7Te1LWZH7lDskNk1ws:UrAFe4BGLWZH7lfG1l
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • Malicious_Packer_Zero - Malicious Packer
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 11bd2c9f9e2397c9_winring0x64.sys
Submit file
Filepath C:\Windows\Fonts\WinRing0x64.sys
Size 14.2KB
Processes 1072 (iexplore.exe)
Type PE32+ executable (native) x86-64, for MS Windows
MD5 0c0195c48b6b8582fa6f6373032118da
SHA1 d25340ae8e92a6d29f599fef426a2bc1b5217299
SHA256 11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5
CRC32 6B0323EB
ssdeep 192:nqjKhp+GQvzj3i+5T9oGYJh1wAoxhSF6OOoe068jSJUbueq1H2PIP0:qjKL+v/y+5TWGYOf2OJ06dUb+pQ
Yara
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
VirusTotal Search for analysis