popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name cd3314bd837c138a_svchost.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\svchost.exe
Size 381.5KB
Processes 2544 (ok.exe)
Type PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5 ba84cb431da839bba1bf4dedb3e2ee8f
SHA1 02241488d6044e1355d377b493e3b8b4877ac13c
SHA256 cd3314bd837c138a281178784346756a37b84e95a32222e4dcd527be6a66e331
CRC32 845D9253
ssdeep 6144:0aPoIVYrV63Zmc1GrfSy4l0w4wN1o2Ef4ckkV5gZ0sK07yj31xrWuMotome1iu4U:0OHVWUZmVf6ylwN1nEnh5sNyjjidJbyc
Yara
  • Malicious_Library_Zero - Malicious_Library
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
VirusTotal Search for analysis
Name 6f20e48e91819a24_590aee7bdd69b59b.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\590aee7bdd69b59b.customdestinations-ms
Size 7.8KB
Processes 2496 (powershell.exe)
Type data
MD5 bd6812e0920bb6487f575b93149449fb
SHA1 8e5a8cb57342bb57c1072e36ac44e5f4f7647d14
SHA256 6f20e48e91819a24d32f4c08be38f60eed5eaa1213cac7135d71f156312c1fea
CRC32 8E30DD61
ssdeep 96:EtuCcBGCPDXBqvsqvJCwoRtuCcBGCPDXBqvsEHyqvJCworC4tDHXyKlUVul:EtCgXoRtCgbHnorFTys
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name b0ada3c76c18852d_tmp63E5.tmp.bat
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\tmp63E5.tmp.bat
Size 153.0B
Processes 2544 (ok.exe) 2980 (cmd.exe)
Type DOS batch file, ASCII text, with CRLF line terminators
MD5 044cb27efba384beb4f46bf1826abb6d
SHA1 aa184eebe07250efea86e6d8828bc9c3a84fa8aa
SHA256 b0ada3c76c18852df2f7d656a6a293ea78777befd75426f91fa50982119ee5da
CRC32 2452AE5D
ssdeep 3:mKDDCMNqTtvL5omWxpcL4EaKC5ZACSmqRDmWxpcL4E2J5xAInTRI5QS7ZPy:hWKqTtT6mQpcLJaZ5Omq1mQpcLJ23fT3
Yara None matched
VirusTotal Search for analysis
Name 543991ca8d1c6511_zemana.sys
Submit file
Filepath C:\Zemana.sys
Size 198.9KB
Processes 604 (svchost.exe)
Type PE32+ executable (native) x86-64, for MS Windows
MD5 21e13f2cb269defeae5e1d09887d47bb
SHA1 16d7ecf09fc98798a6170e4cef2745e0bee3f5c7
SHA256 543991ca8d1c65113dff039b85ae3f9a87f503daec30f46929fd454bc57e5a91
CRC32 E9C7BB58
ssdeep 3072:uIYCsz96ZvVJ9b9sJCfShQ0/COLYYfUFtKXFZHOaIKyAYrPcQL9Rsm:uhCS8Bh3SaeCWYE1Oncovsm
Yara
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis