popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name af5b2fa95bc61763_cred64.dll
Submit file
Filepath C:\Users\test22\AppData\Roaming\c75c6c37b2d7a3\cred64.dll
Size 1.1MB
Processes 2300 (bstyoops.exe)
Type PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5 c1c1cbbe1a7f19f86c4b830b7eb17e80
SHA1 8a33b8eed9542b6cc4a15a22abf40b41395e3712
SHA256 af5b2fa95bc61763ac5bc5c4b7b5007b293ee141d79765946aaaeb653c3d110b
CRC32 D3FC202B
ssdeep 24576:UaSMLyrm87DcT+RZCPbZ1HslyolNVwzoGivKBDy:wm87DcTsZ6Z1HDWIoGivKBDy
Yara
  • Malicious_Library_Zero - Malicious_Library
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • infoStealer_browser_b_Zero - browser info stealer
  • IsPE64 - (no description)
VirusTotal Search for analysis
Name f9fb27bc95c68dfa_clip64.dll
Submit file
Filepath C:\Users\test22\AppData\Roaming\c75c6c37b2d7a3\clip64.dll
Size 89.0KB
Processes 2300 (bstyoops.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 9112db881a78e38564003aa002c1d7d8
SHA1 d48f7b8e5aa0d220339aa0875994d6085bd3ffa6
SHA256 f9fb27bc95c68dfa12f4d3844529daeeda639a4309caaa632cbdee4e05564a7e
CRC32 3F6C7B94
ssdeep 1536:No4NPCKLbqoYkbpplW9YoUsxXzbcouNhj2ZszsWuKcdJUrKaB89p:NoUCWbBNpplToUs1uNhj25LJUeaB89p
Yara
  • Malicious_Library_Zero - Malicious_Library
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • Win_Amadey_Zero - Amadey bot
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 01fc633de5281c7e_832866432405
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\832866432405
Size 85.0KB
Processes 2300 (bstyoops.exe)
Type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1024x768, frames 3
MD5 22e78463617afef111ea1ba8a110b874
SHA1 6d8f762240b8aab2b21d6b55c49201ca7d46c49c
SHA256 01fc633de5281c7e294602f84e8824278b7423cfde2c1b7b66f439754e939187
CRC32 5AEAFA97
ssdeep 1536:08qQRlKOtginlqeQf4gq7W9r8Wa8+3vMqHILIIsw/jUrBtiq:NRlk8lqjQg/N8WA0qoLhd/jUFtf
Yara
  • JPEG_Format_Zero - JPEG Format
VirusTotal Search for analysis
Name e3b0c44298fc1c14_-Qy9oyXf.exe
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\1000038001\-Qy9oyXf.exe
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name 57fe95c40d83f395_bstyoops.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\b6ba12ff32\bstyoops.exe
Size 665.0KB
Processes 2052 (CS-Cheat-Installer.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 64f1d67b14dafea71c599e9c5498edc2
SHA1 6099ea6ef4fe0066c9d97822402878966026dae1
SHA256 57fe95c40d83f395bad243134a47ac8af1a322c7d246979562e2574036da5661
CRC32 5F038CD6
ssdeep 12288:plKxWCF+i/o4m8mMLkV4dz62TigPHRD/cYWqBGspdHtK:plKxWCP/oRMLDFpigPHlkYWpEH
Yara
  • PE_Header_Zero - PE File Signature
  • Is_DotNET_EXE - (no description)
  • IsPE32 - (no description)
VirusTotal Search for analysis