popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 485b0a0e9b47ccb9_832866432405
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\832866432405
Size 85.0KB
Processes 2432 (Utsysc.exe)
Type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1024x768, frames 3
MD5 0ff388de40fb9b57068ec29937d01f51
SHA1 45ee88b95c3e518a1ed065c996f463234277c249
SHA256 485b0a0e9b47ccb928fdb104b574993b533d684fb58f6a6516d9faa03ba269a8
CRC32 53531681
ssdeep 1536:08qQRlKOtginlqeQf4gq7W9r8Wa8+3vMqHILIIsw/jUrBts:NRlk8lqjQg/N8WA0qoLhd/jUFts
Yara
  • JPEG_Format_Zero - JPEG Format
VirusTotal Search for analysis
Name 478aa272d465eaa4_cred64.dll
Submit file
Filepath C:\Users\test22\AppData\Roaming\465dbc52837d81\cred64.dll
Size 1.1MB
Processes 2432 (Utsysc.exe)
Type PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5 1c27631e70908879e1a5a8f3686e0d46
SHA1 31da82b122b08bb2b1e6d0c904993d6d599dc93a
SHA256 478aa272d465eaa49c2f12fc141af2c0581f569ccf67f628747d90cc03a1e6a9
CRC32 487753B1
ssdeep 24576:OGKcuUK9Jyi+Uj+TGHWTZNyMuB/J/TO/pYmea+Xo45qG:o9Jyi+UjyGGZNyMur/TO/qb4Uq
Yara
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • infoStealer_browser_b_Zero - browser info stealer
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE64 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 9e6e4772050998a5_readme.txt
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\_Files_\readme.txt
Size 10.0B
Type ASCII text, with no line terminators
MD5 eb6b6c90251ab33cee784713c451e6d8
SHA1 451685e9efac4a6dc1fee73ec53ffb6b2c4c38b5
SHA256 9e6e4772050998a5c0dc3c61acf3dab0a7e594566171fa5746d6b62f9598efb6
CRC32 22598B08
ssdeep 3:IS:7
Yara None matched
VirusTotal Search for analysis
Name 3a5addf4fef89f39_utsysc.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\ea7c8244c8\Utsysc.exe
Size 1.6MB
Processes 2176 (cleanupdate.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 c9aa05e75a369370955cf71b12a2121a
SHA1 dd5f45524e0a73c36f7e429943e87864c90914c7
SHA256 3a5addf4fef89f397e1abe68c3e4605e13f1aefb20ac7a705e944dde4ccd5b8a
CRC32 C37EA312
ssdeep 24576:6dczsM3Cfptr89p7vyCuWk1s0BClDKBcPME5OLi:wWsM3Cfptr8z+CuWk1PBClDKBcBwLi
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • hide_executable_file - Hide executable file
  • Is_DotNET_EXE - (no description)
VirusTotal Search for analysis
Name e3b0c44298fc1c14_amers.exe
Empty file or file not found
Filepath C:\Users\test22\AppData\Roaming\1000060000\amers.exe
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name da0bf5520986c2fb_clip64.dll
Submit file
Filepath C:\Users\test22\AppData\Roaming\465dbc52837d81\clip64.dll
Size 102.0KB
Processes 2432 (Utsysc.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 ceffd8c6661b875b67ca5e4540950d8b
SHA1 91b53b79c98f22d0b8e204e11671d78efca48682
SHA256 da0bf5520986c2fb92fa9658ee2fcbb07ee531e09f901f299722c0d14e994ed2
CRC32 CDB79102
ssdeep 3072:bHEjxEfCk+EeY22JosmvWuQRRIQrT7xUD0YNS60Z:DsqqdLsOWuQRbaHNS60Z
Yara
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • Win_Amadey_Zero - Amadey bot
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis