popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name cd839b176a5432c6_tmpg335.tmp
Submit file
Filepath c:\users\test22\appdata\local\temp\tmpg335.tmp
Size 183.0KB
Processes 1504 (LqnVyMOS2osNsx5.exe) 2388 (I5XUXWO4.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 f69ffc7c810923b24cdbdd4fa63a7dd7
SHA1 897bdce096c1686849682ed22657b56345ac5e09
SHA256 cd839b176a5432c67eaca745ce38ea0ef25326646a31c34febe4b8fb3f35cc7c
CRC32 4664EFB8
ssdeep 3072:JNAOTO/oUDbfQkH+wWtaipGlIQZboLRM9ua/aHyvZRZd2itC:JNNGoUPj74GlVbA
Yara
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Is_DotNET_EXE - (no description)
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • OS_Name_Check_Zero - OS Name Check Signature
  • OS_Memory_Check_Zero - OS Memory Check
  • OS_Processor_Check_Zero - OS Processor Check
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name a0a0c256070d7dc6_63ieha7l.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\Thunderbird\63IEHA7L.exe
Size 46.0KB
Processes 1504 (LqnVyMOS2osNsx5.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 1d4cedae1f44f41d5e449680d0d08686
SHA1 4bfe0787e66c181920a462f805b0652e7c22e2c2
SHA256 a0a0c256070d7dc62a260ca36cf25b08521d8c35f2ac6f93224854cc538b564a
CRC32 F84DB055
ssdeep 768:tjin0gzbPbcgfrBZh06p5sG4WHPdnfkiP+IEsQOtQDbgi:8n0gzlrfO6EGxdknBbgi
Yara
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • ASPack_Zero - ASPack packed file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis