popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 6a9368cdd7b3ff9b_irimg2.jpg
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\_ir_tu2_temp_0\IRIMG2.JPG
Size 36.7KB
Processes 2220 (JTDyCoL5.exe)
Type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 166x312, frames 3
MD5 f6bf82a293b69aa5b47d4e2de305d45a
SHA1 4948716616d4bbe68be2b4c5bf95350402d3f96f
SHA256 6a9368cdd7b3ff9b590e206c3536569bc45c338966d0059784959f73fe6281e0
CRC32 24A00A7C
ssdeep 768:S0jPDrkTYU5n10PIUcLbnkC59fNaeocQXiWN6hhm4gj0mVWQySgA1:RvqYe0PINLkC5Haeoik6HMHWQySgg
Yara
  • JPEG_Format_Zero - JPEG Format
VirusTotal Search for analysis
Name cfd9677e1c0e10b1_irimg1.jpg
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\_ir_tu2_temp_0\IRIMG1.JPG
Size 6.7KB
Processes 2220 (JTDyCoL5.exe)
Type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 111x63, frames 3
MD5 e39405e85e09f64ccde0f59392317dd3
SHA1 9c76db4b3d8c7972e7995ecfb1e3c47ee94fd14b
SHA256 cfd9677e1c0e10b1507f520c4ecd40f68db78154c0d4e6563403d540f3bf829f
CRC32 C9F4FE19
ssdeep 192:EqK9OIJV7hREPQEOPdivlu54UovmNqg0aB0kOI:EJIIJVcPQEOEvMJoON/0aBwI
Yara
  • JPEG_Format_Zero - JPEG Format
VirusTotal Search for analysis
Name 237a14ddfe7add79_jtdycol5.dat
Submit file
Filepath C:\Users\Public\Music\Gw9ZYn3d2\JTDyCoL5.dat
Size 132.2KB
Processes 1880 (rundll32.exe)
Type Zip archive data, at least v2.0 to extract
MD5 37a4ffa3a651769a0e162d871245e3c6
SHA1 c999a5973db8b1aeb56e7cd5fcd3cc898ded5565
SHA256 237a14ddfe7add791e35322d902ca927d6e652b44cdec241447ab1df3c30b283
CRC32 B3C9F8E8
ssdeep 3072:KV5ghImOLzHHcTzmK80URMQ+D3ityYiuEB753xU:KV5o8LHcd8bMdD3iwuy75y
Yara
  • zip_file_format - ZIP file format
VirusTotal Search for analysis
Name 239d56287dce1f16_edge.xml
Submit file
Filepath C:\Users\Public\Music\Gw9ZYn3d2\edge.xml
Size 76.5KB
Processes 1880 (rundll32.exe)
Type data
MD5 47c4d19e2703e75b2c3a7eb247e6f269
SHA1 8fa268935cf41a5256b7e2c90a56c3764c7fd80c
SHA256 239d56287dce1f164f85c4746eb4ea5b9c3d342f5d170ae8d6a08513ae43afa4
CRC32 C66CBF91
ssdeep 768:2RpWambJz8/3LBePqAQZksj73L0DvP/E9u7fVZ768Cn8CnIqSreZrUnhdxvv9NFL:2LYq/LUPmr0d7vqINreZqvDq5E5ax
Yara
  • Malicious_Library_Zero - Malicious_Library
  • Network_Downloader - File Downloader
VirusTotal Search for analysis
Name 7160743469232ddc_xshell 6 update log.txt
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\Xshell 6 Update Log.txt
Size 347.0B
Processes 2220 (JTDyCoL5.exe)
Type ASCII text, with CRLF line terminators
MD5 553b2ac4eacbcb50b00215ed689da7d2
SHA1 36acba017a1f4d2b93458ec6531d3277f1102e8b
SHA256 7160743469232ddcc8c39db4d8b58a07a4cc8c67070a4b447f7f10bb2c969df2
CRC32 AD7B787C
ssdeep 6:SpbA6yttIaHpWZiauKBA3pb7C6AbKiCmUOpb7XiSpb7tWmcNVFADpb74eSp7xAQa:SRqtzWcadA3R7C6BifxR7XiSR7t7DR7X
Yara None matched
VirusTotal Search for analysis
Name d7641d7e258c476b_88vu.exe
Submit file
Filepath C:\Users\Public\Music\Gw9ZYn3d2\88Vu.exe
Size 525.6KB
Processes 2220 (JTDyCoL5.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 812e331b32911a07692d24bd0b4fc944
SHA1 d41051e054e47a92841df2c6f342f55f708a4001
SHA256 d7641d7e258c476b34e6d079a6fceb3f6fe76b7bc6b7ffeeb59725b6548f36f1
CRC32 18FDB81A
ssdeep 12288:4NrhTLpMP+R+QDCfA832AtBYmz6af0F7Z1QVj7jN:4thTiP+ffCfB5Lf0F7Z1E7jN
Yara
  • IsPE32 - (no description)
  • Network_Downloader - File Downloader
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 0f94def8744f6732_88vu.dat
Submit file
Filepath C:\Users\Public\Music\Gw9ZYn3d2\88Vu.dat
Size 132.2KB
Processes 2220 (JTDyCoL5.exe)
Type Zip archive data, at least v2.0 to extract
MD5 f29d69820801d6fcad0bd22589d1afd0
SHA1 3f0abc40de7fc762ad157d273d0c8de5c3248b69
SHA256 0f94def8744f6732d872e768be79902e9a9f8673e279d9a2a43f12657c0e8cbe
CRC32 CBC28751
ssdeep 3072:KV5ghImOLzHHcTzmK80URMQ+D3ityYiuEB753xJ:KV5o8LHcd8bMdD3iwuy75j
Yara
  • zip_file_format - ZIP file format
VirusTotal Search for analysis
Name 2e331b7deb6a4406_jtdycol5.exe
Submit file
Filepath C:\Users\Public\Music\Gw9ZYn3d2\JTDyCoL5.exe
Size 525.6KB
Processes 1880 (rundll32.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 5176c6dae5c293479067444b19338fd7
SHA1 5a8b2a0a4c635920d73bc2552fa8a205462eb9dd
SHA256 2e331b7deb6a44061d8d13e211cfa9ed4724e4d9e3a18687989044ea860239c9
CRC32 987CD11E
ssdeep 12288:4NrhTLpMP+R+QDCfA832AtBYmz6af0F7Z1QVj7j3:4thTiP+ffCfB5Lf0F7Z1E7j3
Yara
  • IsPE32 - (no description)
  • Network_Downloader - File Downloader
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 4b86a2632f171427_edge.jpg
Submit file
Filepath C:\Users\Public\Music\Gw9ZYn3d2\edge.jpg
Size 358.7KB
Processes 1880 (rundll32.exe)
Type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, baseline, precision 8, 350x622, frames 3
MD5 c1194bc9dd6a68571176da650b15aeb3
SHA1 451257a0115cbe0d6c34a81de0696220aa159365
SHA256 4b86a2632f171427a24418fa381d3b30f2cb5815fd0dc10300fd8c1e68b18986
CRC32 6EAB914A
ssdeep 6144:W+ACk/u6n9aBOmmD1oQFu0oOOxKnJPWyD9Dcqt1oFsxNqW7mb6:N8u69CghoQxoOTFQqtKFY97mb6
Yara
  • JPEG_Format_Zero - JPEG Format
VirusTotal Search for analysis
Name c507a68f3093e885__tuprojdt.dat
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\_ir_tu2_temp_0\_TUProjDT.dat
Size 5.0B
Processes 2220 (JTDyCoL5.exe)
Type ASCII text, with no line terminators
MD5 c5fe25896e49ddfe996db7508cf00534
SHA1 69df79bef9287d3bcb8f104a408b06de6a108fd8
SHA256 c507a68f3093e885765257ed3f176c757aaf62bb4cbc2ef94b2e7da3406d9676
CRC32 BE34E996
ssdeep 3:FQFn:En
Yara None matched
VirusTotal Search for analysis