popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 5dc562978f766525_RESFE37.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\RESFE37.tmp
Size 1.2KB
Processes 2900 (cvtres.exe) 2852 (csc.exe)
Type Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5 a474abe2ec597269f63da69d830a43cd
SHA1 d5775c00db632a883705cf7443bbe9b53c8f31e6
SHA256 5dc562978f76652556f58a00a877f6474f847975352bc0b57b8528828d37ddac
CRC32 866196C6
ssdeep 24:HVMJ9YernZ8Y9mHSTUnhKLI+ycuZhN+akSGPNnqjtd:LernyY9mygnhKL1ul+a36qjH
Yara None matched
VirusTotal Search for analysis
Name 3ff92b9542cdd1fc_gy236rcb.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\gy236rcb.dll
Size 3.5KB
Processes 2852 (csc.exe) 2716 (None)
Type PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 66f2a0ba0fe1d214c0e5c04fc8fa027c
SHA1 6e9330b91fbebeb4be61453241ade56f00568c2d
SHA256 3ff92b9542cdd1fcf194bab7818739d48f375a98c058688505d59e38b9406c7e
CRC32 D9C6CB42
ssdeep 24:etGSVWt+mWEPSRa873EJEtcbdPtkZf6h+wO2KbYEmI+ycuZhN+akSGPNnq:6VpkEam0JEKuJ6hpbOY31ul+a36q
Yara
  • PE_Header_Zero - PE File Signature
  • Is_DotNET_DLL - (no description)
  • IsDLL - (no description)
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name ac3dbc83ebdb0d20_gy236rcb.cmdline
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\gy236rcb.cmdline
Size 311.0B
Processes 2716 (None)
Type UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5 f20d42488206b57c7a33e338ca6b4220
SHA1 5ee6337c4d37813c65dc7a6418c625197342a95c
SHA256 ac3dbc83ebdb0d20573702e36bfcfd1bb193b5205a54f46ef447bdee3a34b611
CRC32 E8402CCA
ssdeep 6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23fZBwmGsSAE2NmQpcLJ23fZb:p37LvXOLM3wnPAE2xOLMh
Yara None matched
VirusTotal Search for analysis
Name 75ed6c8ced1c3eed_lo-2clp1.cmdline
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\lo-2clp1.cmdline
Size 311.0B
Processes 2716 (None)
Type UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5 5b0a659e80b84a9f5a38b6cffb4da45b
SHA1 dbd734654a53b8fcd607415252ebce866c078784
SHA256 75ed6c8ced1c3eed4f404382ce7ebc531bde27953cac9692a7992a5d60ba92ca
CRC32 D03965BD
ssdeep 6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23fNJQmGsSAE2NmQpcLJ23fvFH:p37LvXOLM1enPAE2xOLMVH
Yara None matched
VirusTotal Search for analysis
Name 2d3d25eee42500fa_CSCFE36.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\CSCFE36.tmp
Size 652.0B
Processes 2852 (csc.exe)
Type MSVC .res
MD5 b0a9e5c3868adc5bb27bfdbb9b3f5ce5
SHA1 0203c32f1c7523405632b32784f12bac2d9c8f8d
SHA256 2d3d25eee42500fa56e326e36a446f6ca22034eac6616c621cfb0b9fc88dceaf
CRC32 E848AC67
ssdeep 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5grywak7YnqqGPN5Dlq5J:+RI+ycuZhN+akSGPNnqX
Yara None matched
VirusTotal Search for analysis
Name e3b0c44298fc1c14_gy236rcb.tmp
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\gy236rcb.tmp
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name e89e123156bce875_lo-2clp1.pdb
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\lo-2clp1.pdb
Size 7.5KB
Processes 2972 (csc.exe)
Type MSVC program database ver 7.00, 512*11 bytes
MD5 72bda8cec1f78602559cb0424d103136
SHA1 be8959cf38ad39abed2d6e513309ec658242f180
SHA256 e89e123156bce875eff28c74bc0e10894516d088019a8fa76d406c3c6b96899e
CRC32 DE4641D3
ssdeep 6:zzsctNazX08Qlt11mllxrS/77715KZYXxGQu+e0KpYX4llNS/:zzsctuTQltfSXS/pw2q7W/
Yara None matched
VirusTotal Search for analysis
Name b7c225ef3cc3e875_d93f411851d7c929.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size 7.8KB
Processes 2716 (None)
Type data
MD5 81ca4510272caf505e8091e9a28cb716
SHA1 71414aeec9f1e4a6f5a461b01700cc9cc992cd9e
SHA256 b7c225ef3cc3e87506150eb140e7b9cc127a3469c50a808854acac71a53d98bf
CRC32 FC31E90F
ssdeep 96:EtuCcBGCPDXBqvsqvJCwoRtuCcBGCPDXBqvsEHyqvJCwor/47HwxGlUVul:EtCgXoRtCgbHnorLxY
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 10aa26a2b7110e1a_gy236rcb.out
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\gy236rcb.out
Size 607.0B
Processes 2716 (None)
Type UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5 8e5ad9f3f3b05ef20dc0ad5b64842e35
SHA1 0bf61bc2aa95934f6e3463ce8b11d68e1ff48d51
SHA256 10aa26a2b7110e1a1b2678f3ad597d36b5e3b0d4ef3a26811f0fe98b74c718fa
CRC32 8277DDCA
ssdeep 12:K4OLM9nzR37LvXOLM3wnPAE2xOLMEKai31bIKIMBj6I5BFR5y:K+9nzd3BgnIE2nEKai31bIKIMl6I5Dvy
Yara None matched
VirusTotal Search for analysis
Name 02cda252627b9110_winlogin.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winlogin.exe
Size 40.0KB
Processes 2716 (None)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 64aa45857bbf819ca0516126748ddfdb
SHA1 7b57da0f3115410b67456983b72df35c0f168ba8
SHA256 02cda252627b911029c6123d83e211312a5bba40b4afcc06d3eb40595f0baee8
CRC32 D455A20B
ssdeep 768:k1/imAZfCL6p0nMskv+JUBkquxKdVC7kadRzdq2:k9imNPnMtTCTbq2
Yara
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Is_DotNET_EXE - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 98ad01511bbfab47_lo-2clp1.out
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\lo-2clp1.out
Size 791.0B
Processes 2716 (None)
Type UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5 7efd53fa363537abf8b952f93aafbd3b
SHA1 ae08630a44e56340ec008a100a46c65bc9330eea
SHA256 98ad01511bbfab47376ddbeb1169f1d9a62f469bff7baee75c3f947dedcf8083
CRC32 4B94A61B
ssdeep 24:K+9nzd3B8nIE2nVOKai31bIKIMl6I5Dv1nVB7Ze0zJn:79BB8nIE2nVOKb31UKxl6I5D1VVpn
Yara None matched
VirusTotal Search for analysis
Name 532d0af87d00f3de_lo-2clp1.0.cs
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\lo-2clp1.0.cs
Size 13.1KB
Processes 2716 (None)
Type UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5 59a381ddbca1cf69fd09a1c92ea5ecf7
SHA1 270f9209c2ce173043f9a881eae585e1a9b51877
SHA256 532d0af87d00f3dee381a1fc63c6253a7017306a12dde7333c253289aa60394d
CRC32 5525A5BB
ssdeep 384:3Aod6DKKYL8X3+n4zrkskMH1tXoqsqBVhU5o0Cawmem:3AoID+Wu4zdFbVVeo0Cawmem
Yara
  • hide_executable_file - Hide executable file
VirusTotal Search for analysis
Name 3a5397b67fabfb9d_gy236rcb.pdb
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\gy236rcb.pdb
Size 7.5KB
Processes 2852 (csc.exe) 2716 (None)
Type MSVC program database ver 7.00, 512*15 bytes
MD5 b35d45552c7906d474f811a057040175
SHA1 3063f662772cbb440d07dcc8ddca16a6644141a4
SHA256 3a5397b67fabfb9dfca109e662a1f846b44b554c307b72896ccd79945117e8d5
CRC32 FED1BB68
ssdeep 6:zz/BamfXllNS/fpyKASo1mllxrS/77715KZYXxGQu+e0KpYX2pyKASwoGggksl/b:zz/H1W/h34SXS/pw2qx3wRD
Yara None matched
VirusTotal Search for analysis
Name 95663fc25b248304_gy236rcb.0.cs
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\gy236rcb.0.cs
Size 210.0B
Processes 2716 (None)
Type UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5 0ad933604125ec9937c6f4daf872e6a6
SHA1 6d24004a768b9f664cda12297aeb537d1a197808
SHA256 95663fc25b2483044b92264f3ead29ff7e1434938e7660a84aa9956f941adc54
CRC32 BE4692A0
ssdeep 6:V/DsDrSWVPeM/s62SRw6AKowvlLOlFzRXAL:V/DGr5DDtokOlF1AL
Yara None matched
VirusTotal Search for analysis