popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name b42d9d15d878f209_xshell 6 update log.txt
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\Xshell 6 Update Log.txt
Size 356.0B
Processes 2192 (h1nrQeErm.exe)
Type ASCII text, with CRLF line terminators
MD5 c8770b9aa3339f09c8af5ad3ace63bbe
SHA1 d45744812c3fc55d65b0d91e5a9d55386a042b78
SHA256 b42d9d15d878f209ddf7703fcbd978babe8341189c56593db0f1719f86ea4b6c
CRC32 2D0F6630
ssdeep 6:FULyttImQpcLJaZ5XAyFUAP6AbKiCmUBUAIiFUcwWmcNVFAkUcfeSp7xAQGrBv:GstuOLAHNGY6BifRJiG377WdpljGrBv
Yara None matched
VirusTotal Search for analysis
Name 6a9368cdd7b3ff9b_irimg2.jpg
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\_ir_tu2_temp_0\IRIMG2.JPG
Size 36.7KB
Processes 2192 (h1nrQeErm.exe)
Type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 166x312, frames 3
MD5 f6bf82a293b69aa5b47d4e2de305d45a
SHA1 4948716616d4bbe68be2b4c5bf95350402d3f96f
SHA256 6a9368cdd7b3ff9b590e206c3536569bc45c338966d0059784959f73fe6281e0
CRC32 24A00A7C
ssdeep 768:S0jPDrkTYU5n10PIUcLbnkC59fNaeocQXiWN6hhm4gj0mVWQySgA1:RvqYe0PINLkC5Haeoik6HMHWQySgg
Yara
  • JPEG_Format_Zero - JPEG Format
VirusTotal Search for analysis
Name cfd9677e1c0e10b1_irimg1.jpg
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\_ir_tu2_temp_0\IRIMG1.JPG
Size 6.7KB
Processes 2192 (h1nrQeErm.exe)
Type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 111x63, frames 3
MD5 e39405e85e09f64ccde0f59392317dd3
SHA1 9c76db4b3d8c7972e7995ecfb1e3c47ee94fd14b
SHA256 cfd9677e1c0e10b1507f520c4ecd40f68db78154c0d4e6563403d540f3bf829f
CRC32 C9F4FE19
ssdeep 192:EqK9OIJV7hREPQEOPdivlu54UovmNqg0aB0kOI:EJIIJVcPQEOEvMJoON/0aBwI
Yara
  • JPEG_Format_Zero - JPEG Format
VirusTotal Search for analysis
Name c0d07bbbdd97071e_edge.jpg
Submit file
Filepath C:\Users\test22\AppData\Roaming\WhpLhPs\edge.jpg
Size 358.7KB
Processes 1508 (rundll32.exe)
Type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, baseline, precision 8, 350x622, frames 3
MD5 b06f6c670f7438f5432ea0ac018f4ae7
SHA1 564be7a2980091116e523df1fb915d9ec60432bb
SHA256 c0d07bbbdd97071ecf7ffd7e5e189fac8f2164e9f27dc46cefd7a5ba1fba952a
CRC32 F13E81E2
ssdeep 6144:G+ACk/u6n9aBOmmD1oQFu0oOOxKnJPWyD9Dcqt1oFsxjqW7mb6:d8u69CghoQxoOTFQqtKFYL7mb6
Yara
  • JPEG_Format_Zero - JPEG Format
VirusTotal Search for analysis
Name c90e727e61a58b2c_h1nrqeerm.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\WhpLhPs\h1nrQeErm.exe
Size 525.6KB
Processes 1508 (rundll32.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 825d045dcb52803e00cb75220895c67b
SHA1 a41ace49b4e3c31e03798e74cc38bff9c1fa7ad8
SHA256 c90e727e61a58b2c8ff2b033fc284acb67d17c8bd62f3dd02f37d66da2bd3218
CRC32 DEB7A071
ssdeep 12288:4NrhTLpMP+R+QDCfA832AtBYmz6af0F7Z1QVj7j2:4thTiP+ffCfB5Lf0F7Z1E7j2
Yara
  • IsPE32 - (no description)
  • Network_Downloader - File Downloader
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name fcfa041be1b82f67_h1nrqeerm.dat
Submit file
Filepath C:\Users\test22\AppData\Roaming\WhpLhPs\h1nrQeErm.dat
Size 132.2KB
Processes 1508 (rundll32.exe)
Type Zip archive data, at least v2.0 to extract
MD5 5b0e7777b71595dbed8c797ab5fc73a6
SHA1 8ec054abceadd4ce0442439661c13c0e03c49b51
SHA256 fcfa041be1b82f673bd257f7cce152a9f54ce4407d9b7b146550af7eee4c58f6
CRC32 168305E3
ssdeep 3072:KV5ghImOLzHHcTzmK80URMQ+D3ityYiuEB753x0:KV5o8LHcd8bMdD3iwuy75q
Yara
  • zip_file_format - ZIP file format
VirusTotal Search for analysis
Name 6a71a8c9541095a1_l3u.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\WhpLhPs\l3U.exe
Size 525.6KB
Processes 2192 (h1nrQeErm.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 e9037f86bba5af6fc97db0ff6650236c
SHA1 c574c22f728986b17706d5c6e686982963f641e8
SHA256 6a71a8c9541095a17f8f818eb311726ef1ce7267750ab248d6d0bf179d5c0984
CRC32 7181B8D9
ssdeep 12288:4NrhTLpMP+R+QDCfA832AtBYmz6af0F7Z1QVj7ji:4thTiP+ffCfB5Lf0F7Z1E7ji
Yara
  • IsPE32 - (no description)
  • Network_Downloader - File Downloader
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 9c6b9b8d21f1ba57_l3u.dat
Submit file
Filepath C:\Users\test22\AppData\Roaming\WhpLhPs\l3U.dat
Size 132.2KB
Processes 2192 (h1nrQeErm.exe)
Type Zip archive data, at least v2.0 to extract
MD5 6916bde031260c7546613afbcc1ecb03
SHA1 17e93dba0567ff8181acbafe63c5762f97b339c9
SHA256 9c6b9b8d21f1ba570febff512e288c71bf1fabedd7159812b4cd2765c7180791
CRC32 0AF0BE02
ssdeep 3072:KV5ghImOLzHHcTzmK80URMQ+D3ityYiuEB753xC:KV5o8LHcd8bMdD3iwuy75w
Yara
  • zip_file_format - ZIP file format
VirusTotal Search for analysis
Name 1366d41a684f0188_edge.xml
Submit file
Filepath C:\Users\test22\AppData\Roaming\WhpLhPs\edge.xml
Size 76.5KB
Processes 1508 (rundll32.exe)
Type data
MD5 31a8a8692b1dbc3a9e49b41d8ed6b7b3
SHA1 9dbf46485a2078862caa36ad7c2dd1f5e6114576
SHA256 1366d41a684f0188c79984027a45d1a42609cee943730a984f4fca16534adf0e
CRC32 6A05E318
ssdeep 768:GRpWambJz8/3LBePqAQZksj73L0DvP/E9u7fVZ768Cn8CnIqSreZrUnhdxvv9NFL:GLYq/LUPmr0d7vqINreZqvDq5E5ax
Yara
  • Malicious_Library_Zero - Malicious_Library
  • Network_Downloader - File Downloader
VirusTotal Search for analysis
Name c507a68f3093e885__tuprojdt.dat
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\_ir_tu2_temp_0\_TUProjDT.dat
Size 5.0B
Processes 2192 (h1nrQeErm.exe)
Type ASCII text, with no line terminators
MD5 c5fe25896e49ddfe996db7508cf00534
SHA1 69df79bef9287d3bcb8f104a408b06de6a108fd8
SHA256 c507a68f3093e885765257ed3f176c757aaf62bb4cbc2ef94b2e7da3406d9676
CRC32 BE34E996
ssdeep 3:FQFn:En
Yara None matched
VirusTotal Search for analysis