popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name dfce2d4d06de6452_protect544cd51a.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\Protect544cd51a.dll
Size 742.5KB
Processes 2904 (hv.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 544cd51a596619b78e9b54b70088307d
SHA1 4769ddd2dbc1dc44b758964ed0bd231b85880b65
SHA256 dfce2d4d06de6452998b3c5b2dc33eaa6db2bd37810d04e3d02dc931887cfddd
CRC32 94895C27
ssdeep 12288:wCMz4nuvURpZ4jR1b2Ag+dQMWCD8iN2+OeO+OeNhBBhhBBgoo+A1AW8JwkaCZ+36:wCs4uvW4jfb2K90oo+C8JwUZc0
Yara
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 512e4e95427a8c66_tmp4CE2.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\tmp4CE2.tmp
Size 36.0KB
Type SQLite 3.x database, last written using SQLite version 3021000
MD5 f4c540f52d5c08d24a79805eda1d7abf
SHA1 22be46826df7693f58736adb232ab2da790f2571
SHA256 512e4e95427a8c66b2993b27bb23d99cdab2ebd6e9e8937c7f6a39ed8c6a5b94
CRC32 95C9FB3A
ssdeep 24:TLmg/5UcJOyTGVZTPaFpEvg3obNmCFk6Uwcc85fB34444z:T5/ecVTgPOpEveoJZFrU1cQB34444z
Yara None matched
VirusTotal Search for analysis
Name b8a0f9eb3dbf5e78_hv.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1000078001\hv.exe
Size 5.8MB
Processes 2716 (Utsysc.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 36bd43b2792ce1ea475f91074eb2ef61
SHA1 5cec1de19dc29bdc5b1e8b1b407df49bcf570fa2
SHA256 b8a0f9eb3dbf5e78c15777915fdb57b44748c1ece2d1c0e89cc2da8706ef7e16
CRC32 82A3BE80
ssdeep 98304:HbJtyoEqHYztcfN3Ks24t5TPC3oRdZci:NVBHEtcfBKKDzZci
Yara
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • Is_DotNET_EXE - (no description)
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name ffad1db3679cbb41_utsysc.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\b64c58644b\Utsysc.exe
Size 3.2MB
Processes 2560 (amd.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 f4ba796f39305262e65d0ebd9d0ee33e
SHA1 8b425d5af330f85ffd1f0cd3695046a44309fea6
SHA256 ffad1db3679cbb413b1b72a358c986f37327530dddaf91f8feefaff59099b225
CRC32 7266CF2D
ssdeep 49152:OlK6hZB6fbUdfVXiZgX/uvuV6YM2bt831GstdvlbROZuaK60ZsOz/C:GK6hQUNMZgPehs1sP7OZqZs
Yara
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • anti_vm_detect - Possibly employs anti-virtualization techniques
  • UPX_Zero - UPX packed file
  • themida_packer - themida packer
VirusTotal Search for analysis