popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 248a3e9213fb8bdb_vintertid.lnk
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Vintertid.lnk
Size 938.0B
Processes 296 (cleanmgrs.exe)
Type MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 15:32:08 1600, mtime=Sun Dec 31 15:32:08 1600, atime=Sun Dec 31 15:32:08 1600, length=0, window=hide
MD5 154279d01ebfa838c5f51ae9570fbd68
SHA1 9d0105993f3724e837590127a9b58b328950034e
SHA256 248a3e9213fb8bdba694e75b30427f38638be3f96a2a3366f7983643d0a12851
CRC32 4E9D87E3
ssdeep 24:8oeqdO5M4lKNTCodVlYTj0yjCaLN67ByUG2Py:8oHdO3mOodPY3ZCs67BzJy
Yara
  • Lnk_Format_Zero - LNK Format
VirusTotal Search for analysis
Name 4dda03c7f9a6cb06_templatevtab.c
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Karyoschisis\Dragering\Perlingual\templatevtab.c
Size 7.7KB
Processes 296 (cleanmgrs.exe)
Type C source, ASCII text
MD5 7803024cb2349ba09bc981796d9a5beb
SHA1 fde95facc784fa8c0f79cc336ec7335e8f9f8640
SHA256 4dda03c7f9a6cb068573a0f93ca4865fe3378e4aca0ccad5774a314f26c916a5
CRC32 5C35DDE5
ssdeep 192:ZVI0U3JUd9ds3wyjTg9KNzXKpc//qTVyQeSArZNeKIx:ZVI0gJUr23wczXKU/YpeSArZNeKIx
Yara None matched
VirusTotal Search for analysis
Name 97d3dc7ca64978a3_view-fullscreen-symbolic.symbolic.png
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Karyoschisis\Dragering\Perlingual\view-fullscreen-symbolic.symbolic.png
Size 202.0B
Processes 296 (cleanmgrs.exe)
Type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
MD5 a3952de6fc63355e0f8b85c6dc6a92f1
SHA1 56232993aacb28a48272dace5cd008dabaa94fce
SHA256 97d3dc7ca64978a3f92e1e153e8d2b09c3b23089b9122c452b051a4f68f7985e
CRC32 CB4A3ABA
ssdeep 6:6v/lhPysnQaicJpfO84ZFmEfK8+ImoZaZrp:6v/71pqT+ImHD
Yara
  • PNG_Format_Zero - PNG Format
VirusTotal Search for analysis
Name 5ac3d55a31d1a387_cli_wrapper_scenarioprofile.dll
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Karyoschisis\Dragering\Perlingual\CLI_Wrapper_ScenarioProfile.dll
Size 454.2KB
Processes 296 (cleanmgrs.exe)
Type PE32+ executable (DLL) (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5 6292d34c2b9dc0d20bafa5690fe38a84
SHA1 d6dcb756b6d7a254104d139945920250e913899e
SHA256 5ac3d55a31d1a3872c59acef7613007a0aa1d9f1b623790d6fdadeaa55be35e1
CRC32 C81B9EA4
ssdeep 12288:3BZrvrDuJd1dYu5NK8EXzlj/omdeVPYOimAsW/67lh6kxDLI:HvrDgOu5NK8Ejlj/omdeVPYOimAsW/6K
Yara
  • UPX_Zero - UPX packed file
  • Is_DotNET_DLL - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
  • IsDLL - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
VirusTotal Search for analysis
Name f004c568d305cd95_system.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\nsgC188.tmp\System.dll
Size 11.5KB
Processes 296 (cleanmgrs.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 8b3830b9dbf87f84ddd3b26645fed3a0
SHA1 223bef1f19e644a610a0877d01eadc9e28299509
SHA256 f004c568d305cd95edbd704166fcd2849d395b595dff814bcc2012693527ac37
CRC32 2D13EEA3
ssdeep 192:ex24sihno00Wfl97nH6BenXwWobpWBTtvShJ5omi7dJWjOlESlS:h8QIl972eXqlWBFSt273YOlEz
Yara
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 33bae380a5630ac7_system-software-update.png
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Karyoschisis\Dragering\Perlingual\system-software-update.png
Size 650.0B
Processes 296 (cleanmgrs.exe)
Type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
MD5 2205f2789dc13f04794cf70eb68e6a3f
SHA1 d34bbea3b4e96a6da0d9a74b25b29e7857214649
SHA256 33bae380a5630ac7214f051173c22cddcd8471775d34376f7126e70b95a9f5c2
CRC32 81527C5B
ssdeep 12:6v/7+GBj+8V1gjtjs4vAACl3KRhQBhTj9iER9FEcZmjABD0ZWo1NFi8+Ssesw:BihVuCbxl3KRhMTZzfZLqWoIQ
Yara
  • PNG_Format_Zero - PNG Format
VirusTotal Search for analysis
Name 80e2d0f6dc996e8d_passout.bir
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Karyoschisis\Dragering\Perlingual\Passout.Bir
Size 187.7KB
Processes 296 (cleanmgrs.exe)
Type data
MD5 0923768031c034d4b8163b5d201306b0
SHA1 b75f864be0028f180e67c9fd15cf53eb0b07f625
SHA256 80e2d0f6dc996e8d92906aac399c863907f0f19cf6f9434b636c8fb7c46dd3ad
CRC32 000FBC57
ssdeep 3072:Fg6rSpSp5F0kkjT0Iv6vMzvjxhp6oXPILUjSs4:1SpECXjTb6vuvlhp6FLUel
Yara None matched
VirusTotal Search for analysis
Name e3b0c44298fc1c14_nsfC09B.tmp
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\nsfC09B.tmp
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name 53d8933fa6c1ffc0_robbin.pro
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Karyoschisis\Dragering\Perlingual\Feberkost\Bestandigeres\Robbin.Pro
Size 404.5KB
Processes 296 (cleanmgrs.exe)
Type data
MD5 e669a54bbe5c8830cc2e1c39c4311101
SHA1 a6b0806a04b9866e3b14a972c500ac9f846e29b0
SHA256 53d8933fa6c1ffc00989c77a487e9c4fc27e9aece1743c45305f83bb8f5fe530
CRC32 C280D9DD
ssdeep 6144:m2utxnrejkgaYazq8ycCKQlYEdCFBohSclDiOF3w:utRSFzalLQtdCnohSGDrA
Yara None matched
VirusTotal Search for analysis