popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name f9ffa56280087809_cnswa.exe
Submit file
Filepath C:\ProgramData\Chrome\CNSWA.exe
Size 43.8MB
Processes 2644 (TJeAjWEEeH.exe) 2840 (powershell.exe)
Type PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5 9fb8c741d2eb7e7da302091791af1665
SHA1 b117bbbb56d064b8e1f68e83a02fe32c22fbd5b6
SHA256 e938cd426d50624561b96d05b2d253eecd3ef1de9e4bab80e01127d4bd3cfd42
CRC32 F67F36BD
ssdeep 12288:TDX6EUtFA+RLxx6aLm05opfN+0gr3FMWrMZXAzz77xQaoS:TbDUtm+hxx6aLo5snaR
Yara
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
VirusTotal Search for analysis
Name 7deb4877798c018d_cnswa.exe
Submit file
Filepath C:\ProgramData\Chrome\CNSWA.exe
Size 43.9MB
Processes 2644 (TJeAjWEEeH.exe)
Type PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5 92b93bb49554354da62d3dfe005bab6d
SHA1 217eb9052ee2e425eba5ecbf8a5b4400b1bfc011
SHA256 d01af4391cd76251b1c30606878f4a7317e959f5a1c1fc24459c772eddd51751
CRC32 273D47A9
ssdeep 12288:TDX6EUtFA+RLxx6aLm05opfN+0gr3FMWrMZXAzz77xQaoS:TbDUtm+hxx6aLo5snaR
Yara
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
VirusTotal Search for analysis
Name 0c93a25083d1070c_590aee7bdd69b59b.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\590aee7bdd69b59b.customdestinations-ms
Size 7.8KB
Processes 2644 (TJeAjWEEeH.exe) 2840 (powershell.exe)
Type data
MD5 fd9de167ea136ee61bd4f2760ba40502
SHA1 e63b15a75ef5213bb330701884af28fa0325c6ec
SHA256 0c93a25083d1070c0f8f8aa9278b3b764b4c14da4d42be4d3169edc1b36caf94
CRC32 C97C3612
ssdeep 96:n0tuCcBGCPDXBqvsqvJCwoy0tuCcBGCPDXBqvsEHyqvJCworu4tDHXyGlUVul:n0tCgXoy0tCgbHnorBTyY
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis