popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name d6431d5645fffd05_d93f411851d7c929.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size 7.8KB
Processes 2600 (powershell.exe)
Type data
MD5 260d23ce04a8f8555a73b7d2dc15e911
SHA1 ebad746fb7de847c50f7502a44f6e35534733efd
SHA256 d6431d5645fffd05a23166d630253bc7ce8c099cf6e9c956f8ae5e1249ee8588
CRC32 11D6B213
ssdeep 96:ctuCeGCPDXBqvsqvJCwo5tuCeGCPDXBqvsEHyqvJCworSP7Hwxf2lUVul:ctvXo5tvbHnorrxQ
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name a9220271c0eb79e5_d93f411851d7c929.customDestinations-ms~RF1de63d5.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF1de63d5.TMP
Size 7.8KB
Type data
MD5 b0c9ff441742f3847ea27da9dee7f2cd
SHA1 c42a1eb32ba953a0ce5d8635caabf71b5b281495
SHA256 a9220271c0eb79e5750e0d0e62058ecac560e09cdf9e82ef61aeeabada5d48a4
CRC32 0BBCAB1A
ssdeep 96:RutuCOGCPDXBqvsqvJCwo+utuCOGCPDXBqvsEHyqvJCworSP7Hwxf2lUVul:UtvXoxtvbHnorrxQ
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 4cce5f45f185524b_LogfirelocktMNgpOmjPLjJNonurlaNcvdcGgbBfbOgquipu
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Templates\TEST22-PC-test22\LogfirelocktMNgpOmjPLjJNonurlaNcvdcGgbBfbOgquipu
Size 1.2MB
Type SQLite 3.x database, user version 30, last written using SQLite version 3031001
MD5 fe169ca1afaa6be2776a175c90427b38
SHA1 72bb87cd1b2b000088d1ee4c14675b2c19de4aa9
SHA256 4cce5f45f185524b6c75c819ad5923d70dcb9662e833b5e1229022693f471235
CRC32 8B4FBD0F
ssdeep 96:D7/cYoynhZlbJPZOwr4oR84J4Aqx4ZA7O9jgv106WEWbEm2JioMetQ:3cYoEn/oGJYxapEWAm2J2
Yara None matched
VirusTotal Search for analysis
Name 084e6af7f798500e_fireplough.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Templates\fireplough.exe
Size 994.0KB
Processes 2748 (ChromeSetup.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 647f17f3cbca30359b98deb1ec7e6c18
SHA1 1134d88884bbe379557a3da2b1a4561d2cd713bd
SHA256 084e6af7f798500eaf2e9f11ccce06d70cde7d1cd2b8c9c02846f58b5ccce973
CRC32 9A30CA71
ssdeep 24576:+U7ypXGGf2xZ0dEp946+KAGsB0hblzm9:+SypWGImkm6+Fmhb5
Yara
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • Is_DotNET_EXE - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name dcfcd16fbf0511d3_vbsqlite3.dll
Submit file
Filepath C:\Users\Public\Libraries\vbsqlite3.dll
Size 161.5KB
Processes 2748 (ChromeSetup.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 073a17b6cfb1112c6c838b2fba06a657
SHA1 a54bb22489eaa8c52eb3e512aee522320530b0be
SHA256 dcfcd16fbf0511d3f2b3792e5493fa22d7291e4bb2efbfa5ade5002a04fc2cab
CRC32 9619DAD7
ssdeep 3072:eNFwdmspaPg9g9oOavAQBNrPkVdc88GjU+vF6nuxRocX5GOOUleo+c:e8d1/w5KA81IJ8GpF6nuTmOOU
Yara
  • UPX_Zero - UPX packed file
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name c119a54b6bef3a48_WebData
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Templates\TEST22-PC-test22\WebData
Size 80.0KB
Type SQLite 3.x database, last written using SQLite version 3033000
MD5 255929949dea51a2f43a1f40e63764ec
SHA1 8f32ab419264fdad05f4f3828db3c1cd38d919fd
SHA256 c119a54b6bef3a48234950dc07fe70f73b69d1390ef0235e66481faa1048ead6
CRC32 F7A79605
ssdeep 96:5Bc7fYLKYZCIdE8XwUWaPdUDg738Hsa/NhuK0l0q8oc5PyWTJereWb3lxzasq9u4:5BPOUNlCTJMb3rEDFAa6E/
Yara None matched
VirusTotal Search for analysis
Name 824fae3331b95e2f_LogfirelocktMNgpOmjPLjJNonurlaNcvdcGgbBfbOgquipu
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Templates\TEST22-PC-test22\LogfirelocktMNgpOmjPLjJNonurlaNcvdcGgbBfbOgquipu
Size 40.0KB
Type SQLite 3.x database, last written using SQLite version 3033000
MD5 41c19a9e8541fcb934c13c075bf47721
SHA1 648a7622d533d79b9a0bb31dc370134ec3a75ed7
SHA256 824fae3331b95e2f88ca60c87a6c9569086906ec76fc1db8d6dee9adddc4e80c
CRC32 560F7642
ssdeep 48:+35TqYzDGF/8LKBwUf9KfWfkMUEilGc7xBM6vu3f+fmyJqhU:Ulce7mlcwilGc7Ha3f+u
Yara None matched
VirusTotal Search for analysis
Name adba394507c8ce35_tmp4DF7.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\tmp4DF7.tmp
Size 1.5KB
Processes 1944 (ChromeSetup.exe)
Type XML 1.0 document, ASCII text
MD5 999912b2bd590a2dcb271fef167b45e5
SHA1 64de71075f8de2d150e84b6f272fd01b1068a5ba
SHA256 adba394507c8ce352f69fc7127ba97cb95d242571c013e08ec70388fd42af194
CRC32 6390C0D7
ssdeep 24:2di4+S2qhH/1ny1mEUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtPxvn:cgefAYrFdOFzOzN33ODOiDdKrsuTJv
Yara None matched
VirusTotal Search for analysis
Name 89c57cdff7f53e45_ThunderBirdContacts.txt
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Templates\TEST22-PC-test22\ThunderBirdContacts.txt
Size 21.0B
Processes 2748 (ChromeSetup.exe)
Type ASCII text, with CRLF line terminators
MD5 aae099b12d63d4ff58e570ea2fdb126e
SHA1 72c2652e15cc35394dedefaeedfe711b159c0ecc
SHA256 89c57cdff7f53e45bfb5c04d9ed99c3ad4c182a503bba441ebbc4bb5de45f9bb
CRC32 99E67AA1
ssdeep 3:HvzIyHy:HvzID
Yara None matched
VirusTotal Search for analysis