popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 4e55b1bbe2e0e099_KDECO.bat
Submit file
Filepath C:\Users\Public\Libraries\KDECO.bat
Size 152.0B
Processes 2556 (None)
Type ASCII text, with CRLF line terminators
MD5 7e5fbd29557a68383dfb34e696964e93
SHA1 c1f748f89b47864301255d1fb2bfed04ed0d1300
SHA256 4e55b1bbe2e0e099592ac57a747fa8d4ef67409901d6c64323a1b73d50e5de67
CRC32 A6C4E54C
ssdeep 3:pLACpr5LJJLNyMhQQNb3DM9bWQqA5SkrF2VCceGAFddGeWLCXlRA3+OAn:pLXrznyiMMQ75ieGgdEYlRA/An
Yara
  • Antivirus - Contains references to security software
VirusTotal Search for analysis
Name 2dd9964aa7c59c01_null
Submit file
Filepath C:\Users\Public\Libraries\Null
Size 4.0B
Processes 2556 (None)
Type ASCII text, with CRLF line terminators
MD5 16722fb76137858a49e43e3cfb570dbb
SHA1 b849eef5cf28b718f4038040f490be1c57a1359a
SHA256 2dd9964aa7c59c01362061846da85dcf727bb9f7f25e6b1c67ff342e6ef8c69c
CRC32 D2A6217B
ssdeep 3:tyn:k
Yara None matched
VirusTotal Search for analysis
Name 4932360063556963_irzhkxyx.url
Submit file
Filepath C:\Users\Public\Irzhkxyx.url
Size 100.0B
Processes 2556 (None)
Type MS Windows 95 Internet shortcut text (URL=<file:"C:\\Users\\Public\\Libraries\\Irzhkxyx.PIF">), ASCII text, with CRLF line terminators
MD5 e1a30be3689ed4d1dfef591867beb755
SHA1 3ee5b21e00157edefe5cbc065008226db4aac083
SHA256 493236006355696349bc2c6454468bc8178955bc47fa8d2c191a6b95ee9d9595
CRC32 5B198527
ssdeep 3:HRAbABGQYmTWAX+rSF55i0XMqoHysb+VoA9Zn:HRYFVmTWDyzpETQZn
Yara
  • url_file_format - Microsoft Windows Internet Shortcut File Format
VirusTotal Search for analysis
Name b5cc2ed53e0a7316_miie.dat
Submit file
Filepath C:\Users\test22\remcos\miie.dat
Size 300.0B
Processes 2260 (colorcpl.exe)
Type data
MD5 32a3a6aedf4f33bcd350d119e02a4545
SHA1 a2a61941f54cff95d626fcd595b5d95888f7fb5c
SHA256 b5cc2ed53e0a731674707d15d4e0a5b781d52505a0c5d318823af0c29f8ea037
CRC32 F3E486DC
ssdeep 6:KlrlAgc5YcIeeDAlslrlAgAbWA4dbJWEogltmgXl1oV:KlrlCecmlrlybWNW+ltZI
Yara None matched
VirusTotal Search for analysis
Name 964aab3b72b3545f_IrzhkxyxO.bat
Submit file
Filepath C:\Users\Public\Libraries\IrzhkxyxO.bat
Size 466.0B
Processes 2556 (None)
Type ASCII text, with CRLF line terminators
MD5 9e80036aabe3227dbf98b3975051a53b
SHA1 9670aab8897770a93293d85426b7b13dda23a152
SHA256 964aab3b72b3545fabc58a209714ebeade739a0fec40b33af675d7157b9cb252
CRC32 9D10A996
ssdeep 6:pLXzU44BbzUG2cL4XBbg/T2cLZCUULT2cLZCOhGKFIs2cLZZi2cL9aXSLp6N2cLR:ljU4MvUhzGiJL6EGeWkVPS93tOf
Yara None matched
VirusTotal Search for analysis
Name be00f70763a053bf_netutils.dll
Submit file
Filepath C:\Users\Public\Libraries\netutils.dll
Size 109.1KB
Processes 2556 (None)
Type PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5 f3734dd95652252d02090c287c556522
SHA1 a9b9479f66516922a119eec78d3610342f22a68b
SHA256 be00f70763a053bf9c4b35e97319afbffa71dbb6e9c2c3c3f642a5e1fa7eb004
CRC32 7A6845C8
ssdeep 1536:lwywvapYoBID3TTy6Xt8amsy1o865jd5w8DdD05Cl7MbiRHRY9Mnb:lLoapG/N8ago865w8DdD0wRY9Mnb
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE64 - (no description)
VirusTotal Search for analysis
Name 59446c75c678dcd9_irzhkxyx.pif
Submit file
Filepath C:\Users\Public\Libraries\Irzhkxyx.PIF
Size 1.7MB
Processes 2556 (None)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 c0af31044fcaa756f32f13007d50724f
SHA1 e8a2cd1b9e63d413e52940ea76aa9ec310704101
SHA256 59446c75c678dcd9b9ab8c5f7e5d9566c2a5137ef7c128732f6ffcc5340e44e8
CRC32 8372F65A
ssdeep 24576:g90C4/05Xhq/4dB6E8oqGQCbPEzbjvy27wPtmQ4Xl+gWeq9X9VxHfg8IitnJ0MTp:g94MN91+vzwPtmQA+qq/H48htnOM1
Yara
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file
  • mzp_file_format - MZP(Delphi) file format
VirusTotal Search for analysis
Name 30951db8bfc21640_easinvoker.exe
Submit file
Filepath C:\Users\Public\Libraries\easinvoker.exe
Size 128.6KB
Processes 2556 (None)
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 231ce1e1d7d98b44371ffff407d68b59
SHA1 25510d0f6353dbf0c9f72fc880de7585e34b28ff
SHA256 30951db8bfc21640645aa9144cfeaa294bb7c6980ef236d28552b6f4f3f92a96
CRC32 F0720D31
ssdeep 3072:zar2xXibKcf5K67+k02XbFbosspwUUgcR:Nibl7+k02XZb9UA
Yara
  • Malicious_Packer_Zero - Malicious Packer
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • UPX_Zero - UPX packed file
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis