popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name e4e2e4a9a6dbfa7a_runinconsole.mfx
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\3ce01f1a-399d-48b4-bb76-b82713c7c122.FusionApp\RunInConsole.mfx
Size 113.5KB
Processes 840 (Winlock.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 e31137fadc4e75bacab2258a5d295a2d
SHA1 c9b75af685b6fd724b5059b9666888f0985d4d08
SHA256 e4e2e4a9a6dbfa7ac537ae39c8b43040b752d90d409bc1c1d09c03d8e195bcd0
CRC32 76C9EEA6
ssdeep 1536:ddcYmKxS+7QhmYWwcdj/ad2QlQUv3sXlkHBomwEjcdWEAr3lf/nodU752Jc5bSfo:PrmKhYWLdeF2cWLYEeoU752Jc5btp
Yara
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 4ef8833efd044780_getkillprocess.mfx
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\3ce01f1a-399d-48b4-bb76-b82713c7c122.FusionApp\GetKillProcess.mfx
Size 360.0KB
Processes 840 (Winlock.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 099360222ca4f2631a039e99f2d620e5
SHA1 64437db0fea66b57e4fb5b746463db86c46a746f
SHA256 4ef8833efd0447806acf51f6609b30bbf4f946b47c300992408fa9a06ec24b10
CRC32 FF3B5C9C
ssdeep 6144:jcAobxhbUDuTA+QAnGoDeO97FySWWrxlG0aIbuWirpwXtUJT:NojGuTA+VGYeO97F3WWrxlJHbuWiediT
Yara
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 3407eb12f6bacec5_ctrlx.mfx
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\3ce01f1a-399d-48b4-bb76-b82713c7c122.FusionApp\ctrlx.mfx
Size 44.0KB
Processes 840 (Winlock.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 ceb8b2e522d0aaaecdf69b3bcc89a530
SHA1 c1cf769a96a9612f7fd0c1965413f4a57e4907e1
SHA256 3407eb12f6bacec5ebd4df96ff3fd34741a3919fd46c2ec527364c5f1e753a65
CRC32 9BB383BF
ssdeep 384:zZ0UzWLt4DGVwVpat0AwYUPr9mM8UUgAVrcQ5k3OEsRUcEIenwQAI4rj7rmUhgYY:90vtD3w4P8h7rKtDtNm
Yara
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 32a6843b7a32e69a_internetconnectionoperations.mfx
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\3ce01f1a-399d-48b4-bb76-b82713c7c122.FusionApp\InternetConnectionOperations.mfx
Size 115.0KB
Processes 840 (Winlock.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 715f47554c73bb77ff0e463592462cef
SHA1 75671893da8c786d4fc34ae122fb3754c92f85ff
SHA256 32a6843b7a32e69aa2cc0decae3b7ea322bb20a7d9834573141030f87d8c54e2
CRC32 F8148526
ssdeep 1536:gBkFAP+7/bbpgg0GLdjmbSA4Rg0P0tvlkHkoew3jYdWEndmtDTnodkx7jdYqRQZn:guFLgb2dPoNcXzxEdPO7jeqRVPG
Yara
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name a0ada42e3a476009_kcwctrl.mfx
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\3ce01f1a-399d-48b4-bb76-b82713c7c122.FusionApp\kcwctrl.mfx
Size 79.5KB
Processes 840 (Winlock.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 2c34e977f898ab60eddb72075c4be223
SHA1 adf883dd06e5ae340a03e6c22a56a4c0caf909ea
SHA256 a0ada42e3a4760097c1c2f98905f12b19de47159543aa21e1c604dbcac7337f2
CRC32 9573D55C
ssdeep 1536:cwk3FPBc4adaq8YUb9OB8CIE3sWoCcd0x47DGGGGfxKo:G1PB6daNFC8n70x47DGGGGfxKo
Yara
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 3cde7a9181ab63a4_mmf2d3d9.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\3ce01f1a-399d-48b4-bb76-b82713c7c122.FusionApp\mmf2d3d9.dll
Size 1.1MB
Processes 840 (Winlock.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 72bb9180f8905c0da95566b778cdac5e
SHA1 e96145e8120514092b35f67f1f120b958997f921
SHA256 3cde7a9181ab63a42cd3535d279d0ab1397b7b78fa3ddddef832757ab2024101
CRC32 6D84816D
ssdeep 24576:EE6cfv6jilsTCw8RCmttZtcJPFGySBDmXA4HwLSJcl:CyA8omXGSFmdkl
Yara
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 9cba4d670209c690_mmf2d3d8.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\3ce01f1a-399d-48b4-bb76-b82713c7c122.FusionApp\mmf2d3d8.dll
Size 447.0KB
Processes 840 (Winlock.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 59aeab50440b9f50389a997bc6c44866
SHA1 61e7a377a98df935bc4a0c94776cf8e4b49c4cb8
SHA256 9cba4d670209c69039d0d92598aab6d916d9fbd215b634012ff9cef55bfaf559
CRC32 3EF763A4
ssdeep 12288:FET+JrnmtBKpjh7RhObbSstL7pDt35JXF/GRK:FA+Jrakjh710HpDt3nVuRK
Yara
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 3e84a1296556efb1_pbl32b53obp3fbbcxbibhb9383ybv3.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pbl32b53obP3FbbCxbibhb9383YbV3.exe
Size 3.0MB
Processes 840 (Winlock.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 18563c62462e92e3c81dfe737e3a8997
SHA1 46b7af31847f18e886a33779dc53199776d0b666
SHA256 3e84a1296556efb107c12d4b936b0e1a1a7a5a70d6ecd3ed7ecff79e4b39bd54
CRC32 8DD6B28C
ssdeep 49152:88ntDZAcCVT1ZgESZlkBg9HCx6CtcX4EwgGW7XoUPIwEi2xQwqM:vZAcCKMECuX4EwN0RIzxQc
Yara
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 3a288448e88a296b_mmfs2.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\3ce01f1a-399d-48b4-bb76-b82713c7c122.FusionApp\mmfs2.dll
Size 509.4KB
Processes 840 (Winlock.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 98f647d1ed220e1d715aed9dcf69f387
SHA1 d1d9f5361672553a394bee9afe1d30814dd0ac53
SHA256 3a288448e88a296b2bceeaf093e76a22e3083e937a3c4efeb6a61565ca7e35df
CRC32 CC63F830
ssdeep 12288:Cl2w5SNFe2TMNMfeZJyxqNEQ8W7zf+IL2SUoOHxwVoipcVDNLTrgqiJsRr:PdNFe2TMNMG4qNEQ8W7zGWYd1DLTE9Ox
Yara
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 57be6725dabfe6e1_encryption.mfx
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\3ce01f1a-399d-48b4-bb76-b82713c7c122.FusionApp\Encryption.mfx
Size 10.5KB
Processes 840 (Winlock.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 f54e708d3fc6667e71e6ae69215275c0
SHA1 5c8af159419e768608fc8b787362296ac381c3f5
SHA256 57be6725dabfe6e192f4a121a46cff05b95bb3c9a68c7cc3cc0f9af931005693
CRC32 F7A3CA25
ssdeep 192:WKQ3AGffALFBi8V1eFkO7Klwt21JxA095ssZk0vhQ:N8rnAiN7KA2173a0vhQ
Yara
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 7daa995fbf72b941_kcfile.mfx
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\3ce01f1a-399d-48b4-bb76-b82713c7c122.FusionApp\kcfile.mfx
Size 116.0KB
Processes 840 (Winlock.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 fe2b4c6a45ce244f1c40f730008465c9
SHA1 9dfd41a915c19a4520a3024e9133e9a24e61779f
SHA256 7daa995fbf72b941859177b08b2785dc107f1a3deb99f6ab4c675d2b0f03a06b
CRC32 86EE3B93
ssdeep 3072:yizFhi3x1WAs+AxlENojvbsdJ2hjxUZh3QH:e3jc+APxD4m
Yara
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 48d5965b2347cfda_registry2.mfx
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\3ce01f1a-399d-48b4-bb76-b82713c7c122.FusionApp\Registry2.mfx
Size 28.0KB
Processes 840 (Winlock.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 31a275222d4a7fdb261d677cd45351ee
SHA1 de02aefe60242e3cdc93bfb1082defa68901bacf
SHA256 48d5965b2347cfda307f87667f46ef1fcc698b2842bf8cb4669d96c44f2017f6
CRC32 94B3DAD8
ssdeep 384:v3k/z8icsm54HJFmoBf8IB64AOlilQlvl7lplKl:vU7C51o2IVpGw9hL+
Yara
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
VirusTotal Search for analysis
Name 95374f7a8baf4aa4_mmf2d3d11.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\3ce01f1a-399d-48b4-bb76-b82713c7c122.FusionApp\mmf2d3d11.dll
Size 547.4KB
Processes 840 (Winlock.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 34f59e6e9dc838d4fb2e66572895b743
SHA1 1fc52b466a658e8be485e8db4bfa4616229089c3
SHA256 95374f7a8baf4aa4851a6cab31f04cb2450cec3837dacfdc9456e37b0b6c1496
CRC32 7CDA8099
ssdeep 12288:037fHyZr4SykN5fixzIx+5pzuLMH3nWDxx1j/Afk5Owi66b2kyvBv:0JSxNoxz8+5sLMXnWt/AOiJ2VJv
Yara
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 7bab74b8686d54e2_kcsyso.mfx
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\3ce01f1a-399d-48b4-bb76-b82713c7c122.FusionApp\KcSyso.mfx
Size 24.0KB
Processes 840 (Winlock.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 5a360a702ca0e4c6929d63f44d80aa9a
SHA1 c1ffee5e1e7e790112e524833881aff097482e38
SHA256 7bab74b8686d54e2e4d882d13c50ae7173fa664f8b6829acca8839ad623240bb
CRC32 170B2442
ssdeep 96:vO4sUAyLyYyFQNXYGCdWCwG1PbrXEIhNYQpvZTgstE5+QzH:xm+IPdpwK2Wu+M
Yara
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
VirusTotal Search for analysis
Name 791e717345991c4b_get.mfx
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\3ce01f1a-399d-48b4-bb76-b82713c7c122.FusionApp\Get.mfx
Size 340.0KB
Processes 840 (Winlock.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 c61fd0d847df328fd6f0a98e4f030f41
SHA1 c3d8c3493818c44723e1466b411a3b5e188d823f
SHA256 791e717345991c4bf183c6450667498a89b59c4e8a5abb52e2751fde63d3ad43
CRC32 94CCC26D
ssdeep 6144:v1xzFQHtjxSA8gGMtobtDaq7eYzQzsgXsJ9XWLrpV0k:v15FQNx8gGM6tuq7eA0sgg9XWsk
Yara
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 48bb645990f1a703_kcedit.mfx
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\3ce01f1a-399d-48b4-bb76-b82713c7c122.FusionApp\kcedit.mfx
Size 32.0KB
Processes 840 (Winlock.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 b00898b2cf3f8bfc98d782fba8b5c72b
SHA1 4851163436946fd145048104bd1a47d34840fc3d
SHA256 48bb645990f1a703a1e9fdad3c765824db23c8f5e25b388c82dd25cb83fe31d0
CRC32 BB15B383
ssdeep 384:s1Ye/oIRL3Pe34vFRNBX5jkDEXCeyHoPy0Kgr:+vQqLfrT5meqoHK
Yara
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis