popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 69a695a22c366f9c_postmon.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\postmon.exe
Size 382.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 f7d6bd06f96439787aa170983ab55c3e
SHA1 ed74e29748c586137a3be7c6a519687fb64767bc
SHA256 69a695a22c366f9ccdbcb42e6654834bbecef41cda7f9cd2d81d21912fcd0a1c
CRC32 58F18954
ssdeep 6144:q0FPy3bQeuMyxK2hGFgAObpOXFVrZLqaZ3A8ihSxfw+o7Rpybm:qV3GdGFgliX5+JUq+eAm
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen
  • PE_Header_Zero - PE File Signature
  • Malicious_Library_Zero - Malicious_Library
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 44e8aa0601fffe82_590aee7bdd69b59b.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\590aee7bdd69b59b.customdestinations-ms
Size 7.8KB
Processes 2740 (powershell.exe)
Type data
MD5 ee6cfd78f72f03663db2a7df0c696dd7
SHA1 56126e81a5f6577f8e24a890185d0c9eb600fa02
SHA256 44e8aa0601fffe82c494bbc7d7280aa3bc5e90effe2aee2d716d5716e1d6b568
CRC32 F27137C4
ssdeep 96:EtuCcBGCPDXBqvsqvJCwoRtuCcBGCPDXBqvsEHyqvJCworu4tDHXyGlUVul:EtCgXoRtCgbHnorBTyY
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis