popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 5b5a116249f46e13_2wzujqkftognamcksfkntmr8.bat
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2wZUjqKftOgnAMcKsFknTmR8.bat
Size 70.0B
Processes 2644 (InstallUtil.exe)
Type ASCII text, with no line terminators
MD5 e2910c7ce26265229d8206b836f63562
SHA1 e2aede903442104ad89bd068073ba066d0bc2646
SHA256 5b5a116249f46e13ba0303e38d86f808a6e9375db5f41590fa9cbd1ea1e4bffe
CRC32 79499EA8
ssdeep 3:Ljn9m1mWxpcL4E2J58kDE4ar01LAEF:fE1mQpcLJ2388E4K01LAEF
Yara None matched
VirusTotal Search for analysis
Name 94b8e90cbe16e4dd_wsfvxiqozo0pqmdr2gj84tgr.bat
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wSFvxIqOzo0PqMDR2GJ84tgr.bat
Size 70.0B
Processes 2644 (InstallUtil.exe)
Type ASCII text, with no line terminators
MD5 1520e10622e2472bc8cdaf6a93ac4834
SHA1 348acafe771d7307b6d4636800c126b139a89f45
SHA256 94b8e90cbe16e4ddd0f2c488cc06dfc128a26998174d694168f5f54620ec2dce
CRC32 F974969C
ssdeep 3:Ljn9m1mWxpcL4E2J5BUvbq/fvhACl:fE1mQpcLJ23Qq/fOCl
Yara None matched
VirusTotal Search for analysis
Name a2ce3a0fa7d2a833_e0f5c59f9fa661f6f4c50b87fef3a15a
Submit file
Filepath C:\Users\test22\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
Size 893.0B
Processes 2644 (InstallUtil.exe)
Type data
MD5 d4ae187b4574036c2d76b6df8a8c1a30
SHA1 b06f409fa14bab33cbaf4a37811b8740b624d9e5
SHA256 a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7
CRC32 1C31685D
ssdeep 24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x
Yara None matched
VirusTotal Search for analysis
Name 90cafba36a98181b_8phcoenucac11lrxf7bgtu9v.bat
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8PHCoENUcAc11lrXF7bGtU9v.bat
Size 70.0B
Processes 2644 (InstallUtil.exe)
Type ASCII text, with no line terminators
MD5 3970ff3660531c37bb94bd15a683f5e5
SHA1 1d36c568d0d6adb28f2f15fe59297f1fc2c6fc21
SHA256 90cafba36a98181bddf3cffe58e8ccb0411995b3ed43102739e43958972e9057
CRC32 BF203985
ssdeep 3:Ljn9m1mWxpcL4E2J5ojVAU1UNIF:fE1mQpcLJ23opxM4
Yara None matched
VirusTotal Search for analysis
Name 710a3e1beda67e1c_d1qs2b0pfafjv0ywtkurzyvs.exe
Submit file
Filepath C:\Users\test22\AppData\Local\d1qS2B0Pfafjv0YWtkURzyvS.exe
Size 5.2MB
Processes 2644 (InstallUtil.exe)
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 df280925e135481b26e921dd1221e359
SHA1 877737c142fdcc03c33e20d4f17c48a741373c9e
SHA256 710a3e1beda67e1c543ba04423bfb0ba643815582310c0b3d03d03e071c894b8
CRC32 184C99A5
ssdeep 98304:Po/+yDDRT0Vzalb9K8K+ZR+wc6cw5FTEsDNJZe6w43eK:A/+yHxlb9K8K+rYq9NJZeD43eK
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
VirusTotal Search for analysis
Name b90615ddc8af6744_ya5uhxe5sswozzsrhhzjskkq.exe
Submit file
Filepath C:\Users\test22\Pictures\yA5UHXe5SsWoZZSRhhzJSkKQ.exe
Size 4.2MB
Processes 2644 (InstallUtil.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 9c15a5e1d3df758d401ecc404cefd296
SHA1 c36caa1ddc6744835914b6eccc5e3add1741095b
SHA256 b90615ddc8af67446b86b1d5366e87ac60609564ec1471afe0ec4cb913db5ba2
CRC32 7CC6B0A0
ssdeep 98304:ScmrIAVqPxXnpymEhqlghivg6FN8W0va3N6vEzfWiyZFe3Li5flgU:A8AV+XpT+hiJKWgwiEz+iyMGuU
Yara
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 246411eb4d336db6_Opera_installer_2310190107596562064.dll
Submit file
Filepath C:\Users\test22\Pictures\Opera_installer_2310190107596562064.dll
Size 4.7MB
Processes 2064 (Sw3y8W0DslF2ivCXrkg0wwdg.exe)
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 1312b9c3111e7eaea09326ff644feb04
SHA1 114f2fd35c67fe5378e0cac3335485eb2ae8f292
SHA256 246411eb4d336db6f5563483030c3ebdc476e6715f264658655f6712aee5bb0f
CRC32 5ADF55F9
ssdeep 98304:h6666666666666666666666666666666x666666666666666fwwwwwwwwwwwwwwh:9cbzfJe6nQB0PVrBmPcHVqjPxQ6rfdgM
Yara
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • Malicious_Packer_Zero - Malicious Packer
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • Antivirus - Contains references to security software
  • OS_Processor_Check_Zero - OS Processor Check
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 042b14f9d56e6aa1_ndkrfetze30b1wcagfcmxvec.bat
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nDKrFetzE30B1WCAgFcMXvEc.bat
Size 70.0B
Processes 2644 (InstallUtil.exe)
Type ASCII text, with no line terminators
MD5 c3bedc6a21660a1868e1aaec2e56cc77
SHA1 877a3303116c16f2d34f586d6f540839e145ee43
SHA256 042b14f9d56e6aa141ffaf53435e24b96acf14f1320bd594c11655b995a2e051
CRC32 39C3DDBD
ssdeep 3:Ljn9m1mWxpcL4E2J5dnwefUOz17y5AdAHFn:fE1mQpcLJ23lwefUYqACl
Yara None matched
VirusTotal Search for analysis
Name d50a95601d358117_ofg4l3a49c8jvwmpxdlxriv2.exe
Submit file
Filepath C:\Users\test22\Pictures\ofG4l3a49c8jVWMpxDLXRIv2.exe
Size 4.2MB
Processes 2644 (InstallUtil.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 7137630e1f9b1fa058b017c7092c52d9
SHA1 fd4de247868eaf3fb3ee4a2634bd27d2ee4a0d9d
SHA256 d50a95601d358117dedf4f59f06d97c0b0743c1109ed5b41d2e1c46fe5c50d7d
CRC32 793F4F9B
ssdeep 98304:ycmrIAVqPxXnpymEhqlghivg6FN8W0va3N6vEzfWiyZFe3Li5flgp:g8AV+XpT+hiJKWgwiEz+iyMGup
Yara
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 6f4297025fa48f5f_bbewqjjif4tphgbafcqe8yxq.exe
Submit file
Filepath C:\Users\test22\Pictures\BbewQJjIF4TpHgbafcqE8yXQ.exe
Size 262.5KB
Processes 2644 (InstallUtil.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 6ee1132b0c299af41a511637032bbfc9
SHA1 7394c775575eb698c2e2988fe50e0982de4dc8a5
SHA256 6f4297025fa48f5f412dd305ba5a03560c1ee83e32e94a461b788c3b42575155
CRC32 9240DB0B
ssdeep 3072:WDBNqJzyIjXEG+W68WP/oGhEC3ZjyHP5FSDqgAL/0vLTzyS9vBHpJ:KqyIj0G+W68WIaJofS2gAroLTzyS9t
Yara
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 0bdc1fb0e91081a0_e0f5c59f9fa661f6f4c50b87fef3a15a
Submit file
Filepath C:\Users\test22\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
Size 252.0B
Processes 2644 (InstallUtil.exe)
Type data
MD5 2470f50b06e9eee54cb4185d6cd996ef
SHA1 9dec1637e8a6fea49d2ecf87f27a205652d8fadc
SHA256 0bdc1fb0e91081a0a5429cdb5534728307e92f551e7a98e257c1e10741853803
CRC32 DE6437B4
ssdeep 3:kkFklislfllXlE/E/KRkzllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB8V7lnklc:kKDslxliBAIdQZV7I7kc3
Yara None matched
VirusTotal Search for analysis
Name 19513e94d0d2321f_qwj2muhoqwamkbdtatw6rbqj.exe
Submit file
Filepath C:\Users\test22\AppData\Local\qwJ2mUhoQWAMkbDTaTw6RBQj.exe
Size 372.5KB
Processes 2644 (InstallUtil.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 fb822de297dc253056e7538748d43a3a
SHA1 17ddc8a4afa80fbf69840b5cf58f6f6e9414d78a
SHA256 19513e94d0d2321f8f6ad3d34063e1e367d10a83be69b9fcef74202ae6d894f9
CRC32 C7FF904E
ssdeep 6144:xuKy3YGLhMXWU0X+jJiyr2SvjBpnLxI5frT1mQ0t3iZ:xqfLhZU0X+UovjBpe9rT4QeiZ
Yara
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name e1b6d80af865e174_galrn4wmeofeaqfvxpzufo0e.bat
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gAlRn4wMEOFeAqfvXpZufO0E.bat
Size 70.0B
Processes 2644 (InstallUtil.exe)
Type ASCII text, with no line terminators
MD5 eea56279b99ec9f9dabf550980c22293
SHA1 15fa9633ed81e80a76004c4a83f5e9248d8c6f8a
SHA256 e1b6d80af865e174bcac7d6b8e46a9b2fcd6c4f3aa4e3e6ab74fa8327d6add9f
CRC32 D6DC6303
ssdeep 3:Ljn9m1mWxpcL4E2J5UT6EUykiF:fE1mQpcLJ23UT8vm
Yara None matched
VirusTotal Search for analysis
Name aaa892cc780399f1_nwnnayrbx2lldrat8cxhcinw.bat
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nwNnAYrBx2LLdrAT8cxhcInw.bat
Size 91.0B
Processes 2644 (InstallUtil.exe)
Type ASCII text, with no line terminators
MD5 56a669ea42ec818a5e913ee6563734e6
SHA1 1d831bf9a195f7ac2eefb5b30f6f625f3cdcd454
SHA256 aaa892cc780399f13147b1ce42008638f667030ac49094acc10fb5d71398a89c
CRC32 D5E55EAC
ssdeep 3:Ljn9m1mWxpcL4E2J5Nh/DhPNFpUBNIkdan:fE1mQpcLJ23z/9PxU8D
Yara None matched
VirusTotal Search for analysis
Name 4146c615a60bc21c_hdztpwydwymus886oljtqdvx.exe
Submit file
Filepath C:\Users\test22\AppData\Local\hDZtpwYDwYmUs886OLJTqdVx.exe
Size 2.8MB
Processes 2644 (InstallUtil.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 5c59df5bc464917b8c2335d1c280edf6
SHA1 66a840bdc95fbe766645c87de86d65555216b86a
SHA256 4146c615a60bc21cf561539dcaa6bd5802cf0863bc418b0be7d2f1b398da1199
CRC32 2DAE188C
ssdeep 49152:/kWllTIS37fjkeKhkruZqrqxA3fz58zQ1OKFuPj7q43jc69G8dcRoXczwtqTl7dA:JlaY7f4lhCuZiH58zQkSJ43jhA8yRoX1
Yara
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis