popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name e6628344b75746ee_ssllibrary.ddl
Submit file
Filepath C:\ProgramData\Synaptics\SSLLibrary.ddl
Size 8.0MB
Processes 2824 (Synaptics.exe)
Type UTF-8 Unicode text, with CRLF line terminators
MD5 eba3e2b5b435a818ed6213e6a1f3789e
SHA1 bcc4ee82fde65bb32ed49f8cb1264b34ac8ef0b1
SHA256 dbd618ae2fb1671b6e8fb5cde7693c374c227553f93d005338d0b3193ef3c868
CRC32 0BC93EA6
ssdeep 6:aieZleZleZleZleZleZleZleZleZleZleZleZleZleZleZleZleZleZleZleZle3:av
Yara None matched
VirusTotal Search for analysis
Name abf87add2f7148b8_yitmjp4f.jpg
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\yitMJp4F.jpg
Size 21.3KB
Processes 2824 (Synaptics.exe)
Type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1024x768, frames 3
MD5 2e1bc4b21f024940469f46b608d2e5b8
SHA1 a7affd9e8a98154db6b699689b8618e4f660653d
SHA256 abf87add2f7148b8ce7ca47176b00cba40c520f53e6bc345bf881072817ba0d7
CRC32 583551D8
ssdeep 192:ebDo5NukShRb1ASYQY4dFXYMNfG9WB2Cv27zWJMdIocWArY:eDoSkeV1JXbNfG02b6w7
Yara
  • JPEG_Format_Zero - JPEG Format
VirusTotal Search for analysis
Name b9eae90f8e942cc4_synaptics.dll
Submit file
Filepath C:\ProgramData\Synaptics\Synaptics.dll
Size 15.0KB
Processes 2824 (Synaptics.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 c0ef4d6237d106bf51c8884d57953f92
SHA1 f1da7ecbbee32878c19e53c7528c8a7a775418eb
SHA256 b9eae90f8e942cc4586d31dc484f29079651ad64c49f90d99f86932630c66af2
CRC32 9466E8B5
ssdeep 192:n+s61A/0LiwxqfKD6Vk/gqWhiQ7ST92s2APu4Tk8QjcW5tPx:lx0iwxqsRQmT92sPuR8Azr5
Yara
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • mzp_file_format - MZP(Delphi) file format
VirusTotal Search for analysis
Name 6eeed242e576f6c1_uboeimb.ini
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\uBoEimb.ini
Size 1.6KB
Processes 2824 (Synaptics.exe)
Type HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
MD5 5b57c3bcb2cca58e27dfc495a3eaa74a
SHA1 543a111d57e9c6c2099d507ae149a46d2dbca20f
SHA256 6eeed242e576f6c1eec14d062d041d4b27770be7001a6c371b4a59123d72227d
CRC32 770879F2
ssdeep 24:bsF+0A63ISU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+q3I+pAZewRDK4mW
Yara None matched
VirusTotal Search for analysis
Name 838844689936cb68_._cache_psexec.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\._cache_PsExec.exe
Size 3.3MB
Processes 2648 (PsExec.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 00b39a66a0a4c9cb062e13f94f43fb73
SHA1 cfe7009f9be3bb876acec8bc98f34a967b5d60f2
SHA256 838844689936cb6845b77fa94010477e3b5cccef67c1519b9683a1025d2e23c7
CRC32 F7E062FA
ssdeep 49152:xQBh/VoRYskNIXyjgYLriNw5mPPAy0ezYu6KD63AvHZ8kn:shXMy81/PAyTznI3Av57
Yara
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • Is_DotNET_EXE - (no description)
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name eefcd06256306f43_synaptics.exe
Submit file
Filepath c:\programdata\synaptics\synaptics.exe
Size 753.5KB
Processes 2648 (PsExec.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 4ab537a98144bc11b5dd6cfef2881dcf
SHA1 1a9e0ec3204eb1f9565d1200147892234176cd1c
SHA256 eefcd06256306f4325182718c73df359eff13ffe9397bcfd9351f2688b897e6c
CRC32 A9732E9D
ssdeep 12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9Ibr:ansJ39LyjbJkQFMhmC+6GD9Y
Yara
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file
  • mzp_file_format - MZP(Delphi) file format
VirusTotal Search for analysis