popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 7fef4f073134fd11_cwdeprxrvlonbdrjec.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\cwdeprxrvlonbdrjec.exe
Size 2.9MB
Processes 2436 (RegSvcs.exe)
Type MS-DOS executable
MD5 1eee6fe991fbfea8075eb5dfd56a1175
SHA1 62c14d25364fed50bedcb2a5f3625914e6752312
SHA256 7fef4f073134fd117bf3d923ce2ff18cb1fe076a287f69faa3f26f72107219c7
CRC32 CF6A996F
ssdeep 49152:ttdfZ18uyF0/xtrbNB2SEwPooeafK4t0qfofdAkJGa/GanGLFHFuJiR:ttd0h0JtrbNVEboeH4poanuGaaFHFr
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • Is_DotNET_EXE - (no description)
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 08c00aa7beb9f277_s214.0.bat
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\s214.0.bat
Size 178.0B
Processes 2632 (innkmiukfdgrakq.exe)
Type DOS batch file, ASCII text, with CRLF line terminators
MD5 4e8468c290d7a9b47914a4b2eee633b9
SHA1 a063d849dc49ae0dadfbb1308703f0c8ca984030
SHA256 08c00aa7beb9f27771ab6269fc0868f83dd98e87118782eaef64a47e7894857f
CRC32 4CA4EBCB
ssdeep 3:mKDDCMNqTtvL5mZkREH0jfrRBvmqRDmWxpcL4E2J5xAIcIdhkHm1mWxpcL4E2J5D:hWKqTtTPA0jlBvmq1mQpcLJ23fHkHm1B
Yara None matched
VirusTotal Search for analysis
Name 799aba39bebe3177_832866432405
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\832866432405
Size 87.1KB
Processes 1836 (Utsysc.exe)
Type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1024x768, frames 3
MD5 e7c7bca107e9b77375181fca1df88ecd
SHA1 58b807b70dbb892e5cfce2d2c724177e45ecd408
SHA256 799aba39bebe31774142109b0678af57c36e5bfc757e588e73774021cf2a1e94
CRC32 4ABD9D6C
ssdeep 1536:08qQRlKOtginlqeQf4gq7W9r8Wa8+3vMqHILWGBNojNM1IymNgp+S:NRlk8lqjQg/N8WA0qoLTNojNM1PmNG/
Yara
  • JPEG_Format_Zero - JPEG Format
VirusTotal Search for analysis
Name 9e6e4772050998a5_readme.txt
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\_Files_\readme.txt
Size 10.0B
Type ASCII text, with no line terminators
MD5 eb6b6c90251ab33cee784713c451e6d8
SHA1 451685e9efac4a6dc1fee73ec53ffb6b2c4c38b5
SHA256 9e6e4772050998a5c0dc3c61acf3dab0a7e594566171fa5746d6b62f9598efb6
CRC32 22598B08
ssdeep 3:IS:7
Yara None matched
VirusTotal Search for analysis
Name 8b797d5eb755101f_utsysc.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\4fdb51ccdc\Utsysc.exe
Size 3.1MB
Processes 2828 (wgkpgkairhk.exe)
Type MS-DOS executable, MZ for MS-DOS
MD5 15338185f2edc42b6ba7ef2a16c3cf90
SHA1 9141a5deba487ef7b33b9795b7744621f2a3550c
SHA256 8b797d5eb755101fbe821f125cfef241be994de6dd063b4e19216d8c545a87c4
CRC32 935DED2A
ssdeep 49152:aze8wAG8JM9gqjBg6O+s/R82KSvUOGJyDfKnMkUUBa2OBNDKHUnO4HBT:2NhPiBg6Of/R82KS0hnMkU52OBgHLC
Yara
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • MPRESS_Zero - MPRESS packed file
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 92342e62a3f51b7e_cred64.dll
Submit file
Filepath C:\Users\test22\AppData\Roaming\80c6bf70bf3f8f\cred64.dll
Size 1.2MB
Processes 1836 (Utsysc.exe)
Type PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5 b5cdfc4ca11aa7705c605fd93538a310
SHA1 c9c1baac2fe2be6d924cea5affa0518aa665dc3f
SHA256 92342e62a3f51b7e205863f58b6a0e0145c4fecc31d40049b91e97ed0bb710ca
CRC32 3B58739B
ssdeep 24576:sxYTyT6AMgQZvBHa726ZwccIIF1cV6n6zyYkEFzd6:BAMgQ7672swJIR06yF
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE64 - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name dfce2d4d06de6452_protect544cd51a.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\Protect544cd51a.dll
Size 742.5KB
Processes 444 (file.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 544cd51a596619b78e9b54b70088307d
SHA1 4769ddd2dbc1dc44b758964ed0bd231b85880b65
SHA256 dfce2d4d06de6452998b3c5b2dc33eaa6db2bd37810d04e3d02dc931887cfddd
CRC32 94895C27
ssdeep 12288:wCMz4nuvURpZ4jR1b2Ag+dQMWCD8iN2+OeO+OeNhBBhhBBgoo+A1AW8JwkaCZ+36:wCs4uvW4jfb2K90oo+C8JwUZc0
Yara
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name f5d35a2366cf1331_clip64.dll
Submit file
Filepath C:\Users\test22\AppData\Roaming\80c6bf70bf3f8f\clip64.dll
Size 102.0KB
Processes 1836 (Utsysc.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 c06513af505f65393b4ebcd2a11a2ee4
SHA1 6e9e8a6b93fc9afbcc781790881d821b0bfb0821
SHA256 f5d35a2366cf13312a30c9384f1ac30d9dc9ced46fa6b1b9c2d0621493cc2495
CRC32 CE0C781B
ssdeep 3072:ewTxt8T+Mz7G2MosmfNuQR/SrT7BUEYW0Z:eQ7R0PseNuQREmW0Z
Yara
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • UPX_Zero - UPX packed file
  • Win_Amadey_Zero - Amadey bot
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 74e6accd78227cd4_innkmiukfdgrakq.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\innkmiukfdgrakq.exe
Size 5.1MB
Processes 2436 (RegSvcs.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 5309a7480103b940550664f54041d0ef
SHA1 76eecbb4270f39420bb43175dd3f8f73de21def5
SHA256 74e6accd78227cd46a44c1feda29513e1de29fa18d5ad455838cc4eacf7cb2de
CRC32 A6FED4D2
ssdeep 98304:1DRLD+2uDM/3l935PWxW7mU67ARgzq0tbXVnwB0ej73XCth8flvO0vEg:dBi2VvsxW7p6cAtblnQlnCthelvO0sg
Yara
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis