popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 7d8f216ba04419aa_clip64.dll
Submit file
Filepath C:\Users\test22\AppData\Roaming\006700e5a2ab05\clip64.dll
Size 89.0KB
Processes 2760 (danke.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 dc587d08b8ca3cd62e5dc057d41a966b
SHA1 0ba6a88377c74a0c53b956d405ad17dd5f8c4164
SHA256 7d8f216ba04419aae32d5902449a0c5271ed577c722e582fb42e7d43b3b08426
CRC32 3DE69A89
ssdeep 1536:eo4NPCKLbqoYkbpplW9YoUsxXzbcouNhj2ZszsWuKcdJUiOfaB89p:eoUCWbBNpplToUs1uNhj25LJUpaB89p
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • IsDLL - (no description)
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name b1b54731f134ed2d_danke.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\3ec1f323b5\danke.exe
Size 226.3KB
Processes 2648 (b0327127.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 0f610939fcaad5552ed8a89c4f1d30a4
SHA1 fd9b1a3abd7edb14d7a75836b304794381775389
SHA256 b1b54731f134ed2d78a5824768bee97f4c7aed33177ec754947b4c330c683229
CRC32 6DE07BE9
ssdeep 3072:oTzC4usLP+wOULUFAB3i9nyRA4/Prk3huiPFSbuZRuNcZVKOUm8LHIMbffWtsm3:oTzYsLdf/Rity237PFHRuNcPKOK3+
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name e3b0c44298fc1c14_raman.exe
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\1000033051\raman.exe
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name 38c69e3f9f3927f8_cred64.dll
Submit file
Filepath C:\Users\test22\AppData\Roaming\006700e5a2ab05\cred64.dll
Size 272.0B
Processes 2760 (danke.exe)
Type HTML document, ASCII text
MD5 d867eabb1be5b45bc77bb06814e23640
SHA1 3139a51ce7e8462c31070363b9532c13cc52c82d
SHA256 38c69e3f9f3927f8178d55cde9774a2b170c057b349b73932b87b76499d03349
CRC32 EAC0AFAB
ssdeep 6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoIR+knaoyjEcXaoD:J0+oxBeRmR9etdzRxGezH0qaQma+
Yara None matched
VirusTotal Search for analysis