popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name a3ad3fc7dabb3db0_9z8y.dat
Submit file
Filepath C:\Users\Public\Libraries\GMjHlXXkw\9Z8y.dat
Size 132.2KB
Processes 2772 (xBkkGuaG.exe)
Type Zip archive data, at least v2.0 to extract
MD5 0a696552e79f3e184d7ebf15f53185d0
SHA1 e80d34e6a2ce6a1ae94713bfa9ece590c37ae23a
SHA256 a3ad3fc7dabb3db0996ceed1a8f1d3a20388f7ec9c05aa4f524304fa1f749d15
CRC32 EA63DF75
ssdeep 3072:KV5ghImOLzHHcTzmK80URMQ+D3ityYiuEB753x4:KV5o8LHcd8bMdD3iwuy756
Yara
  • zip_file_format - ZIP file format
VirusTotal Search for analysis
Name 6a9368cdd7b3ff9b_irimg2.jpg
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\_ir_tu2_temp_0\IRIMG2.JPG
Size 36.7KB
Processes 2772 (xBkkGuaG.exe)
Type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 166x312, frames 3
MD5 f6bf82a293b69aa5b47d4e2de305d45a
SHA1 4948716616d4bbe68be2b4c5bf95350402d3f96f
SHA256 6a9368cdd7b3ff9b590e206c3536569bc45c338966d0059784959f73fe6281e0
CRC32 24A00A7C
ssdeep 768:S0jPDrkTYU5n10PIUcLbnkC59fNaeocQXiWN6hhm4gj0mVWQySgA1:RvqYe0PINLkC5Haeoik6HMHWQySgg
Yara
  • JPEG_Format_Zero - JPEG Format
VirusTotal Search for analysis
Name cfd9677e1c0e10b1_irimg1.jpg
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\_ir_tu2_temp_0\IRIMG1.JPG
Size 6.7KB
Processes 2772 (xBkkGuaG.exe)
Type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 111x63, frames 3
MD5 e39405e85e09f64ccde0f59392317dd3
SHA1 9c76db4b3d8c7972e7995ecfb1e3c47ee94fd14b
SHA256 cfd9677e1c0e10b1507f520c4ecd40f68db78154c0d4e6563403d540f3bf829f
CRC32 C9F4FE19
ssdeep 192:EqK9OIJV7hREPQEOPdivlu54UovmNqg0aB0kOI:EJIIJVcPQEOEvMJoON/0aBwI
Yara
  • JPEG_Format_Zero - JPEG Format
VirusTotal Search for analysis
Name b25f913c9d5fab8c_9z8y.exe
Submit file
Filepath C:\Users\Public\Libraries\GMjHlXXkw\9Z8y.exe
Size 525.6KB
Processes 2772 (xBkkGuaG.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 66467a260755b9c62f53bb4f08be04dd
SHA1 813dbb81afe25224e4b70d558c7a944e06ac072f
SHA256 b25f913c9d5fab8cc6e124839ef8daf990a3007cb40c1653a28d681dcf2e2651
CRC32 4080C745
ssdeep 12288:4NrhTLpMP+R+QDCfA832AtBYmz6af0F7Z1QVj7je:4thTiP+ffCfB5Lf0F7Z1E7je
Yara
  • IsPE32 - (no description)
  • Network_Downloader - File Downloader
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 4079233b1a26f423_xbkkguag.dat
Submit file
Filepath C:\Users\Public\Libraries\GMjHlXXkw\xBkkGuaG.dat
Size 132.2KB
Processes 2560 (rundll32.exe)
Type Zip archive data, at least v2.0 to extract
MD5 a8d48da9b738bb6705c57b99010838b8
SHA1 dceb751488180062579889ce61ef6a05e44f5f18
SHA256 4079233b1a26f4235c1d2f61ab619ba64967770404f2b8cb75bff5be8b167f59
CRC32 1B2434C8
ssdeep 3072:KV5ghImOLzHHcTzmK80URMQ+D3ityYiuEB753xD:KV5o8LHcd8bMdD3iwuy75V
Yara
  • zip_file_format - ZIP file format
VirusTotal Search for analysis
Name 5364057aaaa42a10_edge.jpg
Submit file
Filepath C:\Users\Public\Libraries\GMjHlXXkw\edge.jpg
Size 358.7KB
Processes 2560 (rundll32.exe)
Type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, baseline, precision 8, 350x622, frames 3
MD5 a3413eb04ec3aa1d040153e7179df730
SHA1 8f9dd54d42d1999ad845fa8c814771d63cc1dff5
SHA256 5364057aaaa42a10c44a7c1937c007a06e773f01351cb919d5d73f4243bc5623
CRC32 676A0671
ssdeep 6144:w+ACk/u6n9aBOmmD1oQFu0oOOxKnJPWyD9Dcqt1oFsxbqW7mb6:D8u69CghoQxoOTFQqtKFYD7mb6
Yara
  • JPEG_Format_Zero - JPEG Format
VirusTotal Search for analysis
Name 65baac69597298af_xshell 6 update log.txt
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\Xshell 6 Update Log.txt
Size 351.0B
Processes 2772 (xBkkGuaG.exe)
Type ASCII text, with CRLF line terminators
MD5 b2163684b4fd57f7d726fb7a051b5670
SHA1 d169ed5c993207b1a25d7587237f93169c273f67
SHA256 65baac69597298af8cae9437bfceb5dcc4be31243a518739070db4d1943c3913
CRC32 1C0FB718
ssdeep 6:SDxcyttIaH1BR4DxRW6AbKiCmUODxRziSDxnWmcNVFADDxGeSp7xAQGrBv:SDxvtjBR4DxRW6BifxDxRziSDxn7DDxV
Yara None matched
VirusTotal Search for analysis
Name 71ad70a22291b003_xbkkguag.exe
Submit file
Filepath C:\Users\Public\Libraries\GMjHlXXkw\xBkkGuaG.exe
Size 525.6KB
Processes 2560 (rundll32.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 03f83d95799103ecb2fff44b10ea42c6
SHA1 0c35c5a853c2e6df4fe7973f33fe281e55126a70
SHA256 71ad70a22291b003d52601bf6e754615cd7c2349b3ba8bb76e03d583afcedd65
CRC32 EA4D5CB2
ssdeep 12288:4NrhTLpMP+R+QDCfA832AtBYmz6af0F7Z1QVj7jZ:4thTiP+ffCfB5Lf0F7Z1E7jZ
Yara
  • IsPE32 - (no description)
  • Network_Downloader - File Downloader
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name ced6b85c02ef25ec_edge.xml
Submit file
Filepath C:\Users\Public\Libraries\GMjHlXXkw\edge.xml
Size 76.5KB
Processes 2560 (rundll32.exe)
Type data
MD5 264c0a82185b357fd43ab35bbd694b09
SHA1 8d94048646f86a018b3c6feb02bdd29ce1ee3162
SHA256 ced6b85c02ef25ec49d396e2b11265faf490d2382f454ea00ab0fa31420c6ebf
CRC32 CDF31A77
ssdeep 768:4RpWambJz8/3LBePqAQZksj73L0DvP/E9u7fVZ768Cn8CnIqSreZrUnhdxvv9NFL:4LYq/LUPmr0d7vqINreZqvDq5E5ax
Yara
  • Malicious_Library_Zero - Malicious_Library
  • Network_Downloader - File Downloader
VirusTotal Search for analysis
Name c507a68f3093e885__tuprojdt.dat
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\_ir_tu2_temp_0\_TUProjDT.dat
Size 5.0B
Processes 2772 (xBkkGuaG.exe)
Type ASCII text, with no line terminators
MD5 c5fe25896e49ddfe996db7508cf00534
SHA1 69df79bef9287d3bcb8f104a408b06de6a108fd8
SHA256 c507a68f3093e885765257ed3f176c757aaf62bb4cbc2ef94b2e7da3406d9676
CRC32 BE34E996
ssdeep 3:FQFn:En
Yara None matched
VirusTotal Search for analysis