popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name ee59a241d7250c8b_rw22.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\rw22.exe
Size 247.0KB
Processes 2820 (docrw20230925.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 affedd10250198f0781ed03c7436dd73
SHA1 7f288722f40f1a922d52806c3a2c1be38976af42
SHA256 ee59a241d7250c8bb85adab597bbfdac65fdc06ce8ab8906a0f539f15f2c6a4d
CRC32 5212466A
ssdeep 3072:6e4Z4RnoT+HI5ceJ+CyllGyjMLPxgXLuvjIlLG5:6bwo6HI5ceJ+Rllt4LPNvs
Yara
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Is_DotNET_EXE - (no description)
  • Malicious_Packer_Zero - Malicious Packer
VirusTotal Search for analysis
Name b82e41ff47a84abf_rw22s.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\rw22s.exe
Size 126.0KB
Processes 2820 (docrw20230925.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 bb2040e262a906cdd553a14bfdf69c83
SHA1 8be60fa020cea2dd37ae876e9e6e0b571e04fd50
SHA256 b82e41ff47a84abf4995b74382c70bbe8190f19173a4f8d6006f8cb952f68c97
CRC32 BC16973D
ssdeep 3072:7ALhE1U1mv5C425pqikR3b7t+jfwBlTx1gbY:JchEJ5bwUxWb
Yara
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Is_DotNET_EXE - (no description)
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • Malicious_Packer_Zero - Malicious Packer
VirusTotal Search for analysis
Name 3629ed9b94ae5d0f_svchost.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\svchost.exe
Size 621.5KB
Processes 2552 (docrw20230925.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 ed9d91fe584d5109d4067734ac452753
SHA1 c277e57866833509d94787fc6f4d634a2714825d
SHA256 3629ed9b94ae5d0f2659d02dcb7ce258cb5c2497d5bf18f3c4fed78878fba030
CRC32 F9547DD3
ssdeep 3072:BgYB72Q1ulDBuk18+NRnZY5OWTP9inYRBCDMLKU+wmeqBXYcLho34dmeGmoE:B2Q1OkynW1NCD/XYkqodzo
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Is_DotNET_EXE - (no description)
VirusTotal Search for analysis