popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 9b85b84a1167b4b2_i6.bat
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\i6.bat
Size 175.0B
Processes 2348 (Popup.exe)
Type DOS batch file, ASCII text, with CRLF line terminators
MD5 2f9a56bfc0c9abab6286bc22ae5dced4
SHA1 fb81d3afa7a0df68a084785c9720ef9cdccf5636
SHA256 9b85b84a1167b4b20f53a14c6df197e6f16ff5d36e3b680765534243265f14f0
CRC32 FAFB536D
ssdeep 3:mKDDfiU2mwc4a7MfEmRPmWxpcL4E2J5xAI2vKwc4aliCowHumWxpcL4E2J5xAI2C:hGvmcayRPmQpcLJ23fQKca68umQpcLJI
Yara None matched
VirusTotal Search for analysis
Name 3a255c0024916f19_590aee7bdd69b59b.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\590aee7bdd69b59b.customdestinations-ms
Size 7.8KB
Processes 2628 (powershell.exe)
Type data
MD5 6fd29def73b2779e0ae71c4eecd304f7
SHA1 4ba660e4db856e04eb93a01c59ee764259ec55e7
SHA256 3a255c0024916f19c5b3f5d4aa5cde453cc5d90b0784a15f0456e57e71a764b6
CRC32 1F966CD8
ssdeep 96:ctuCeGCPDXBqvsqvJCwo5tuCeGCPDXBqvsEHyqvJCworDPtDHXyf2lUVul:ctvXo5tvbHnorxTyQ
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name fa0d3dcc18fe0175_postmon.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\postmon.exe
Size 281.5KB
Processes 1460 (postmonn.exe) 2676 (cmd.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 352608e9f22bd39d5ea3686af87ed94b
SHA1 f7e82b7b92f218cf11282cfcfaf9cd56d8f8beac
SHA256 fa0d3dcc18fe01757a289265ea268c86e622b048461e0b04202b700cc3e67668
CRC32 38C7AA9A
ssdeep 6144:jtQMKBNFTvXhomf5qbSwCGAOuPkjKK/eUiWP:RQ3FTLf5qbSw9l/eKP
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Malicious_Packer_Zero - Malicious Packer
VirusTotal Search for analysis
Name f61739ee5b082c5e_popup.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\Popup.exe
Size 88.3KB
Processes 1460 (postmonn.exe)
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 a2733013ecc1c1f0c9df0f6426a88cda
SHA1 9b6b408b49a479b7fc45b29e4cb9dbe4e7705a2d
SHA256 f61739ee5b082c5e8dfe579ce44b2f05a0e4f478965fcf336e9c9c49d75679be
CRC32 23269BB4
ssdeep 1536:42Y0VNblnigen1FQGpaika1PASjg/ozRAHHL:423rbZi/8GprF3jg/od6HL
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis