popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 8332308f5792a032_tmpBBB9.tmp.bat
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\tmpBBB9.tmp.bat
Size 153.0B
Processes 2544 (ohoyeczx.exe) 2064 (cmd.exe)
Type DOS batch file, ASCII text, with CRLF line terminators
MD5 6e59d1784302fd636b269f7ae7016103
SHA1 2945e6f5fdf8aae9735f922d65fd3a821d12de04
SHA256 8332308f5792a0325d39791bf63ec7a4042799d04052aa31c3a15de666dbca1d
CRC32 E204421C
ssdeep 3:mKDDCMNqTtvL5omWxpcL4EaKC5ZACSmqRDmWxpcL4E2J5xAInTRINn6azVZPy:hWKqTtT6mQpcLJaZ5Omq1mQpcLJ23fTn
Yara None matched
VirusTotal Search for analysis
Name c733022895dda21f_590aee7bdd69b59b.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\590aee7bdd69b59b.customdestinations-ms
Size 7.8KB
Processes 3024 (powershell.exe)
Type data
MD5 5dc4a58d680b6c1b2d2e11d25689d379
SHA1 c31f846f845a23008277d8a4f936527e9c541b14
SHA256 c733022895dda21f656b74ae726d18c6eb8147c6f665574df134e6b7d8afebf3
CRC32 FA6119C4
ssdeep 96:EtuCcBGCPDXBqvsqvJCwoRtuCcBGCPDXBqvsEHyqvJCworu4tDHXyWlUVul:EtCgXoRtCgbHnorBTyo
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 543991ca8d1c6511_zemana.sys
Submit file
Filepath C:\Zemana.sys
Size 198.9KB
Processes 2264 (svchost.exe)
Type PE32+ executable (native) x86-64, for MS Windows
MD5 21e13f2cb269defeae5e1d09887d47bb
SHA1 16d7ecf09fc98798a6170e4cef2745e0bee3f5c7
SHA256 543991ca8d1c65113dff039b85ae3f9a87f503daec30f46929fd454bc57e5a91
CRC32 E9C7BB58
ssdeep 3072:uIYCsz96ZvVJ9b9sJCfShQ0/COLYYfUFtKXFZHOaIKyAYrPcQL9Rsm:uhCS8Bh3SaeCWYE1Oncovsm
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 4a84d6c38aa517a0_svchost.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\svchost.exe
Size 19.5KB
Processes 2544 (ohoyeczx.exe)
Type PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
MD5 f7d1117ace1e63a2a3cf9d45cb94b9b5
SHA1 09855f01b837fe3bffc0d38ddc713da070072f5f
SHA256 4a84d6c38aa517a0d9de7061f11ebffb73f6580eabae4d7e3d6d888d3ac7a611
CRC32 25F3E142
ssdeep 384:Hm6GfkbfZO01twZeTSlxTSSifV/1Sczw/FZqcqTDV08KCTL6sy0iHog23t:HNq701+Ze2l0d/zzwv5qvVvlL1ynHo39
Yara
  • UPX_Zero - UPX packed file
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
VirusTotal Search for analysis