Dropped Files | ZeroBOX
Name b338a1f3bae4c9f4_rbwggplluqq.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\hhdmmir\rbwggplluqq.exe
Size 178.0KB
Processes 2652 (sagob.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 83b85c48d603c93eb7d6e43c137c0418
SHA1 ee1a210aba02466fc767539619e2f2d2685df9e7
SHA256 b338a1f3bae4c9f486092f7296408d7368965a0311ad3660249796ac429c7eaa
CRC32 CC240848
ssdeep 3072:OtEQ7oFFcPsUSuUy54wzLj+nkAdiFlUGmgUV:ZQUFgp4wTRe/
Yara
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name e3b0c44298fc1c14_nscF01C.tmp
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\nscF01C.tmp
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name 852231943aa4e1c6_ixtpndna.e
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\ixtpndna.e
Size 300.6KB
Processes 2556 (imolight2.1.exe)
Type data
MD5 58791de66ce0c77094b1e2ac267125a3
SHA1 aa704a543ab869ed5a8b6a0544c9ca00c41c0dbd
SHA256 852231943aa4e1c6cd92894827bf24dc40bbb175dded3eab20add0086b8f50e3
CRC32 0BEDD104
ssdeep 6144:aRLc9Kj2STcFzt2OKXx1O1xSRYYnyPD+dzslbYjz8cE:5LQcRsOCL2x29IDEzobizc
Yara
  • anti_vm_detect - Possibly employs anti-virtualization techniques
VirusTotal Search for analysis
Name eda822eec05ec5d3_run.dat
Submit file
Filepath C:\Users\test22\AppData\Roaming\017BD04F-B3BF-45B6-8167-9E8F41FF87BF\run.dat
Size 8.0B
Processes 2740 (sagob.exe)
Type International EBCDIC text, with no line terminators
MD5 6068859968fccae8641c6d64d14249b0
SHA1 dc7e58abd6f733279c217bfc346389d252eb8930
SHA256 eda822eec05ec5d3a19b914f82c4944f963db2a1aebb75dcc5db7062ad7bdfa1
CRC32 8A79C57B
ssdeep 3:P2n:e
Yara None matched
VirusTotal Search for analysis