popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 8225a61c1ba65eb2_s28s.0.bat
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\s28s.0.bat
Size 171.0B
Processes 2908 (clips.exe)
Type DOS batch file, ASCII text, with CRLF line terminators
MD5 101faba0a9d56d0dc457ed24bd22ad90
SHA1 3471d12fa6e9ce3af9c64864e8ead2bd1768cb49
SHA256 8225a61c1ba65eb2f283d40e7715ddf6c1184761ca40fcbec6803021cb47418e
CRC32 819F13CC
ssdeep 3:mKDDCMNqTtvL5mZkRE0Y8nmvmqRDmWxpcL4E2J5xAIczrHm1mWxpcL4E2J5xAIci:hWKqTtTP1Y8nmvmq1mQpcLJ23fYHm1mK
Yara None matched
VirusTotal Search for analysis
Name b587f52032999910_mnr.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1000004001\mnr.exe
Size 2.8MB
Processes 2720 (Utsysc.exe)
Type PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5 6584c57539dd7f05013ecd3806683fb4
SHA1 db5a75108f2185b2e0680ccebcadaa339e517f0b
SHA256 b587f52032999910f4f2ba4fad3b734667be1ca93de36af283386af3fe4866e2
CRC32 13AA957A
ssdeep 49152:18KfYEwq6BCW4QKdgsI50GDLWZeIHako1+b/Ev8MhmWYyvL1mgJFDUg:ECSotIJBmgJFDz
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Packer_Zero - Malicious Packer
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 06de55c057b8778e_utsysc.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\b64c58644b\Utsysc.exe
Size 5.2MB
Processes 2552 (amday.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 3e478dcc2a01b6115012627f06045690
SHA1 c55cebd0cae4f5cf4136e9f83c0c33164a45412f
SHA256 06de55c057b8778e494903b3da7588e4c9d1cec766f969000d7986ed31f213cb
CRC32 FED1A118
ssdeep 98304:y6fw/xdWJY6iIF7yKZm4deNzzt2ydOt7FECnxInG99CW:Tw/xzwGGdIDYpFwnCL
Yara
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 0c45879e4f510d8e_clips.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1000001001\clips.exe
Size 4.8MB
Processes 2720 (Utsysc.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 c6ae3bd0ab0e78257468cdab2b867707
SHA1 7ceaea50b3684b4fd5394da5bcdaf2b892f0aca2
SHA256 0c45879e4f510d8eef11fb33154a26d2dae2e42ff1c78414f513643cd2a9bbd1
CRC32 BC804263
ssdeep 98304:YCPO66/Yrv9RuZLiTfhDTAySK1Vsb/RBUXm7vdojR1AfxHI3oiggocIBAES8o3:YCPO6y+TuLidxSwCRn7vd0kxo3oiggoc
Yara
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • VMProtect_Zero - VMProtect packed file
  • themida_packer - themida packer
VirusTotal Search for analysis