popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name f3f9eaea20dc0d3d_6518l.dat
Submit file
Filepath C:\Users\Public\Downloads\1mawohK\6518L.dat
Size 132.2KB
Processes 2156 (jVTzulFlK.exe)
Type Zip archive data, at least v2.0 to extract
MD5 4d9ff3aee166aa0816045ed7c80185c0
SHA1 507c32e1584c01d8e5c2ba3f32dc951412597eab
SHA256 f3f9eaea20dc0d3d5ea4e309eaae0575d98d8440bb466d52c03f3841eb25e897
CRC32 71086136
ssdeep 3072:KV5ghImOLzHHcTzmK80URMQ+D3ityYiuEB753xH:KV5o8LHcd8bMdD3iwuy75d
Yara
  • zip_file_format - ZIP file format
VirusTotal Search for analysis
Name 6a9368cdd7b3ff9b_irimg2.jpg
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\_ir_tu2_temp_0\IRIMG2.JPG
Size 36.7KB
Processes 2156 (jVTzulFlK.exe)
Type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 166x312, frames 3
MD5 f6bf82a293b69aa5b47d4e2de305d45a
SHA1 4948716616d4bbe68be2b4c5bf95350402d3f96f
SHA256 6a9368cdd7b3ff9b590e206c3536569bc45c338966d0059784959f73fe6281e0
CRC32 24A00A7C
ssdeep 768:S0jPDrkTYU5n10PIUcLbnkC59fNaeocQXiWN6hhm4gj0mVWQySgA1:RvqYe0PINLkC5Haeoik6HMHWQySgg
Yara
  • JPEG_Format_Zero - JPEG Format
VirusTotal Search for analysis
Name f8b1d3749f188024_jvtzulflk.exe
Submit file
Filepath C:\Users\Public\Downloads\1mawohK\jVTzulFlK.exe
Size 529.6KB
Processes 1280 (rundll32.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 9f8ead8135681c23edd73015a83247d6
SHA1 77600ae0a0df71ba2a7c29e2cc7e87c3d33152df
SHA256 f8b1d3749f18802419c0ec3dfc352198033639bbeabc337633c6dfa873e94bbb
CRC32 A5B3B18F
ssdeep 12288:INrhTLpMP+R+QDCfA832AtBYmz6af0F7Z1QVj7D4:IthTiP+ffCfB5Lf0F7Z1E7D4
Yara
  • IsPE32 - (no description)
  • Network_Downloader - File Downloader
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 62e89d55b323789b_edge.jpg
Submit file
Filepath C:\Users\Public\Downloads\1mawohK\edge.jpg
Size 358.7KB
Processes 1280 (rundll32.exe)
Type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, baseline, precision 8, 350x622, frames 3
MD5 368df153d91dd2131f2f906cc17d1b1c
SHA1 30f1ed0f1d3005b39f0916d34845c9e3604f90a7
SHA256 62e89d55b323789b96245ce0be9c84cce9293590f78f5831094cc2e6be3c6832
CRC32 EA5D2AB7
ssdeep 6144:r+ACk/u6n9aBOmmD1oQFu0oMOxKnJPWyD9Dcqt1oFsnNqW7mb6:68u69CghoQxoMTFQqtKFC97mb6
Yara
  • JPEG_Format_Zero - JPEG Format
VirusTotal Search for analysis
Name cfd9677e1c0e10b1_irimg3.jpg
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\_ir_tu2_temp_0\IRIMG3.JPG
Size 6.7KB
Processes 2156 (jVTzulFlK.exe)
Type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 111x63, frames 3
MD5 e39405e85e09f64ccde0f59392317dd3
SHA1 9c76db4b3d8c7972e7995ecfb1e3c47ee94fd14b
SHA256 cfd9677e1c0e10b1507f520c4ecd40f68db78154c0d4e6563403d540f3bf829f
CRC32 C9F4FE19
ssdeep 192:EqK9OIJV7hREPQEOPdivlu54UovmNqg0aB0kOI:EJIIJVcPQEOEvMJoON/0aBwI
Yara
  • JPEG_Format_Zero - JPEG Format
VirusTotal Search for analysis
Name 4bc810ad3a5574e4_6518l.exe
Submit file
Filepath C:\Users\Public\Downloads\1mawohK\6518L.exe
Size 529.6KB
Processes 2156 (jVTzulFlK.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 2f2261bfc03ca78507a18bd3aebf294c
SHA1 939ae8eef9e111cde031fe39dd338113a18aa6d4
SHA256 4bc810ad3a5574e4c7b0863c25a2d2df8fbe978210c80699375b73eea8dc3dbf
CRC32 D34C2978
ssdeep 12288:INrhTLpMP+R+QDCfA832AtBYmz6af0F7Z1QVj7Dy:IthTiP+ffCfB5Lf0F7Z1E7Dy
Yara
  • IsPE32 - (no description)
  • Network_Downloader - File Downloader
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name e7006c81643ffb81_xshell 6 update log.txt
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\Xshell 6 Update Log.txt
Size 350.0B
Processes 2156 (jVTzulFlK.exe)
Type ASCII text, with CRLF line terminators
MD5 32121e9139ae842d6cee1ff3c9e1b6ba
SHA1 d64979f4e5266c6c021f690c709d78be14bd8f4f
SHA256 e7006c81643ffb81c8c399276d7d5df82f8897845027cecbe9397599603df338
CRC32 FBE45AE9
ssdeep 6:SCUdzyttIaH9JZZ7p7SCUdFP6AbKiCmUOCUdFIiSCUduWmcNVFADCUdZeSp7xAQa:SCUatrJv7p7SCUbP6BifxCUbIiSCUs78
Yara None matched
VirusTotal Search for analysis
Name 1ada89a97174a2d7_edge.xml
Submit file
Filepath C:\Users\Public\Downloads\1mawohK\edge.xml
Size 76.5KB
Processes 1280 (rundll32.exe)
Type data
MD5 e7c7b6bb67cacdbe574c479c19ca7c33
SHA1 a5f7930ea77e5312ff172b8730e3498e00a35544
SHA256 1ada89a97174a2d7608f3ea8543140c1025cdbedecbca4d0ab3507bfef8b8b33
CRC32 3D385CF9
ssdeep 768:sRpWambJz8/3LBePqAQZksj73L0DvP/E9u7fVZ768Cn8CnIqSreZrUnhdxvv9NFL:sLYq/LUPmr0d7vqINreZqvDq5E5ax
Yara
  • Malicious_Library_Zero - Malicious_Library
  • Network_Downloader - File Downloader
VirusTotal Search for analysis
Name 988272f079ea5bcf_jvtzulflk.dat
Submit file
Filepath C:\Users\Public\Downloads\1mawohK\jVTzulFlK.dat
Size 132.2KB
Processes 1280 (rundll32.exe)
Type Zip archive data, at least v2.0 to extract
MD5 5269aa21c99e2b325e75a9c0f4afdf5b
SHA1 c8a1ebb77d641d0de37b47e656e375e79cfe829f
SHA256 988272f079ea5bcf3eebc37e480194d28d9633d8946958654df188efb1f0a6ea
CRC32 0EE06479
ssdeep 3072:KV5ghImOLzHHcTzmK80URMQ+D3ityYiuEB753xI:KV5o8LHcd8bMdD3iwuy75S
Yara
  • zip_file_format - ZIP file format
VirusTotal Search for analysis
Name c507a68f3093e885__tuprojdt.dat
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\_ir_tu2_temp_0\_TUProjDT.dat
Size 5.0B
Processes 2156 (jVTzulFlK.exe)
Type ASCII text, with no line terminators
MD5 c5fe25896e49ddfe996db7508cf00534
SHA1 69df79bef9287d3bcb8f104a408b06de6a108fd8
SHA256 c507a68f3093e885765257ed3f176c757aaf62bb4cbc2ef94b2e7da3406d9676
CRC32 BE34E996
ssdeep 3:FQFn:En
Yara None matched
VirusTotal Search for analysis