popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 75e4bcb0db07f035_celesta.exc
Submit file
Filepath C:\Users\test22\sororates\erose\arveordet\celesta.Exc
Size 210.5KB
Processes 2552 (koob7.exe)
Type data
MD5 f17dc3af82ad7ca43885695dfc0532a5
SHA1 e5999bdcd3e16a412a77a331fbf610280b59e41f
SHA256 75e4bcb0db07f035d933885fd08ec2509e39553beac72c6e2a43ceaee62b21a9
CRC32 DB2D0518
ssdeep 6144:kowbZxLOi/ogRNUxn5GMp/IXPChGUc3Pwkg:kTnSi/o4aG5XKQUcBg
Yara None matched
VirusTotal Search for analysis
Name 9740d1fd215e18d1_text-x-generic-symbolic.symbolic.png
Submit file
Filepath C:\Users\test22\sororates\erose\arveordet\Counsellable203\Silur\Mythus\text-x-generic-symbolic.symbolic.png
Size 176.0B
Processes 2552 (koob7.exe)
Type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
MD5 fe15388ef82854af2e58eb9f0c54db47
SHA1 7218c6f67d22ff1811178fb973e7c24c0c14e930
SHA256 9740d1fd215e18d12b1a631d8703ad492bd158cbd8b41205c234c66ac01ff591
CRC32 F6AC6ED6
ssdeep 3:yionv//thPl9vt3lAnsrtxBllXq3UrrwMyvuSxBBYSq5t00r6X4o0ExMeUVP4oqy:6v/lhPys9dTy1rq5+0rgl0LjPl0YFlVp
Yara
  • PNG_Format_Zero - PNG Format
VirusTotal Search for analysis
Name 7ea52bbd8d87b338_media-record.png
Submit file
Filepath C:\Users\test22\sororates\erose\arveordet\Counsellable203\Silur\Mythus\media-record.png
Size 419.0B
Processes 2552 (koob7.exe)
Type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
MD5 2c33e50810752aa57611d3a24736ed70
SHA1 9e72889a8fcab3e3eb3aa13daf9a4820aea126ea
SHA256 7ea52bbd8d87b338664bc8f072fff0956e80492a5e367aed8a02292ad3b2b556
CRC32 CAB7D1E8
ssdeep 12:6v/7AqTlTOItVLddNcRgMX55jS5nz0Jb/Au:IZXldNcRgK55wz0Jb/Au
Yara
  • PNG_Format_Zero - PNG Format
VirusTotal Search for analysis
Name 67a84ba3c6cafb8c_boligydelsers.whe
Submit file
Filepath C:\Users\test22\sororates\erose\arveordet\Boligydelsers.Whe
Size 36.4KB
Processes 2552 (koob7.exe)
Type ASCII text, with very long lines, with no line terminators
MD5 2b93467f2817b12683759ad40779f43b
SHA1 83fdb118d6dff66c1f6502c615780ebd6d0110d9
SHA256 67a84ba3c6cafb8c2d1627aadc8e4339b6a3d7c8fe48bd19d94c49e3b1d4781e
CRC32 BB1C5506
ssdeep 768:GMEEsEo5lT8g/Dhod1epr61RoQZfIEEFFdB6lxSGQPlKG0dbLI:9EnqfTrPva
Yara
  • Suspicious_Obfuscation_Script_2 - Suspicious obfuscation script (e.g. executable files)
VirusTotal Search for analysis
Name 904fd5481d72f4e0_system.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\nsxEE0A.tmp\System.dll
Size 11.0KB
Processes 2552 (koob7.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 55a26d7800446f1373056064c64c3ce8
SHA1 80256857e9a0a9c8897923b717f3435295a76002
SHA256 904fd5481d72f4e03b01a455f848dedd095d0fb17e33608e0d849f5196fb6ff8
CRC32 A16F0C47
ssdeep 192:MPtkumJX7zBE2kGwfy9S9VkPsFQ1Mx1c:97O2k5q9wA1Mxa
Yara
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name e3b0c44298fc1c14_nscECF0.tmp
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\nscECF0.tmp
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name 67e68f3a96a9cfc3_battery-full-symbolic.svg
Submit file
Filepath C:\Users\test22\sororates\erose\arveordet\Skolstens226\Vanjas\guldringer\Gudsforngterens\battery-full-symbolic.svg
Size 910.0B
Processes 2552 (koob7.exe)
Type SVG Scalable Vector Graphics image
MD5 99b43c40e67f9438a0bad3adea7041cf
SHA1 3aab1a0e6d1d3c4269bc4919e247f2c5197dd477
SHA256 67e68f3a96a9cfc3c66644bb9bbbff37f13974522db14661e00edc24c14b3478
CRC32 F416DCB2
ssdeep 24:t4CQl+cVkcqy5BrpayyKbRAecFhBrNxrGDT/I0rGQ:6kqvayNtAecFZwDT/IRQ
Yara None matched
VirusTotal Search for analysis