popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 9f564eb9675e6159_clip64.dll
Submit file
Filepath C:\Users\test22\AppData\Roaming\80c6bf70bf3f8f\clip64.dll
Size 89.0KB
Processes 2096 (oneetx.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 77a6fdd6c731f7da07ffc412c9f17347
SHA1 0017710c7fc14022277ebf151964c79ebdf0106e
SHA256 9f564eb9675e6159111b6d0b1ddf6389dc3d93cefd314443bf5a2b7e73c59946
CRC32 68F4DE1F
ssdeep 1536:Qo4NPCKLbqoYkbpplW9YoUsxXzbcouNhj2ZszsWuKcdJUzKaB89p:QoUCWbBNpplToUs1uNhj25LJUOaB89p
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • IsDLL - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 4437b39c38fbc70e_832866432405
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\832866432405
Size 85.0KB
Processes 2096 (oneetx.exe)
Type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1024x768, frames 3
MD5 3dfc86e7316cd043dbc97789251de5d2
SHA1 7e5a86f09a4182759898566b69e65af56500df4f
SHA256 4437b39c38fbc70e5257420949092a68ad91096681ebb790f5a870ebcafa28e5
CRC32 033AA08A
ssdeep 1536:08qQRlKOtginlqeQf4gq7W9r8Wa8+3vMqHILIIsw/jUrBtvj:NRlk8lqjQg/N8WA0qoLhd/jUFtvj
Yara
  • JPEG_Format_Zero - JPEG Format
VirusTotal Search for analysis
Name f8d015ac4faff5d7_64.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1000006061\64.dll
Size 3.5MB
Processes 2096 (oneetx.exe)
Type PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5 f40e1a15f93696510e5faef3a216f18f
SHA1 6d353491cc7f32bcf9211c7dc1a5b7149e4ebf9a
SHA256 f8d015ac4faff5d7a5da0e95f3cc9e9eb18417cd749b3b4625b5312910a25b7b
CRC32 A5C0D8A8
ssdeep 49152:T+y6I9edJ9qu8moH+xNSJJ1LKz+JsK47C:L69RyLqe
Yara
  • IsDLL - (no description)
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 48fe1f7de453f1c5_youtubeadvert.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1000011051\YoutubeAdvert.exe
Size 3.3MB
Processes 2096 (oneetx.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 4509256a05f0d4090c11f2d424a33529
SHA1 a0812e84e6c423b55c771ad05695cff5e20b37e7
SHA256 48fe1f7de453f1c52b9c1e8f16017e2a39f7cf45ba57748809196f9fd3fcb63e
CRC32 980CF996
ssdeep 98304:UPmS8VELAMoLmnXETJkK6rcfC9kUAm6yK6u:M8VwAM4cElkK6oskUA9
Yara
  • UPX_Zero - UPX packed file
  • Is_DotNET_EXE - (no description)
  • PE_Header_Zero - PE File Signature
  • themida_packer - themida packer
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 38d7fbdc314f881b_oneetx.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\9b11736588\oneetx.exe
Size 3.7MB
Processes 1676 (Amday.exe)
Type MS-DOS executable, MZ for MS-DOS
MD5 325cedfb3e4d23ddf1062ad55b6f6b6e
SHA1 bd30d64d8dd8f4862461da3137686951870a466f
SHA256 38d7fbdc314f881b461c766742a26d3df72c553d25c8f1c20da1adcdbea1afef
CRC32 E13113FC
ssdeep 98304:uSWz0m6iijzsGupvTo9GDd1HwAOiU0KIX6ksJc:Tfti2Ys9GDd1HjpU0pX6m
Yara
  • UPX_Zero - UPX packed file
  • MPRESS_Zero - MPRESS packed file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 6d9865345877c9d5_cred64.dll
Submit file
Filepath C:\Users\test22\AppData\Roaming\80c6bf70bf3f8f\cred64.dll
Size 1.0MB
Processes 2096 (oneetx.exe)
Type PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5 e6ab640c5271a1c4dda09a46e63aeb81
SHA1 aac907437f84098fec291732b5ac05c49217b0f1
SHA256 6d9865345877c9d57b7589392d8870ab7a225287606b9e2019860737cd5da4fe
CRC32 FC6EA5A7
ssdeep 24576:KMq/RX0hoa8wrC+azFbtZhUYFauTZyRMws:Kioa8wrCHz3ZhUYRA/s
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • IsDLL - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • IsPE64 - (no description)
  • Ave_Maria_Zero - Remote Access Trojan that is also called WARZONE RAT
  • PE_Header_Zero - PE File Signature
VirusTotal Search for analysis