popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 54e19ff0a436f980_sumatrapdf.exe
Submit file
Filepath C:\Program Files (x86)\ClocX\SumatraPDF.exe
Size 6.2MB
Processes 1648 (12026.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 a66c9054c372978b5752566361c27535
SHA1 527b8a0f9bffc41df878fb45e73f58e01e827e25
SHA256 54e19ff0a436f9806ff4dec14882a3391026751242b0e53330325e7c256d5155
CRC32 F47C4213
ssdeep 196608:DDXbNtDd/MmCp3XH0PXBs72S3CKCXCv2a/At:DDXht5/MmCpHUPXOR39Uk20C
Yara
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • Malicious_Packer_Zero - Malicious Packer
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name c666bf73cdca47f9_Checker.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\nstBF64.tmp\Checker.dll
Size 41.5KB
Processes 1648 (12026.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 db76b369da7b4a1fe6bdf0a9806434da
SHA1 2cdbc81ee332c15cb73e7b4d9e1afce6727fde52
SHA256 c666bf73cdca47f9fe3247110a1a23cc5f335fc6a1b00329697150b9c5f71ecd
CRC32 509E0897
ssdeep 768:UNZoBQfjXtKahyIXlQWBh/GxHxn2hEDVyx1jZvz9FN:UNZwApK0XlLYd9oV9L
Yara
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 766659bb3671a9a2_nsiBF74.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\nsiBF74.tmp
Size 700.5KB
Processes 1648 (12026.exe)
Type data
MD5 5a774ed0e036286705f387bd0a6ec04e
SHA1 0c38cea7f61ef06616b9971c14446750a1c8706a
SHA256 766659bb3671a9a21ee7de0d5137df669d6299da8c7fa936c08e80f6e707adea
CRC32 279565E8
ssdeep 12288:ppRFBXxGC6sbKh824h8tFEANQCJPP49E0x77ph8bhFdSUDXcdHrKrmEW4HUCZe4:ppRZjeh82coOiQ+3yE0x77phGhlzcxrO
Yara None matched
VirusTotal Search for analysis
Name 191fe9788bb044ba_Zip.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\nstBF64.tmp\Zip.dll
Size 76.0KB
Processes 1648 (12026.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 dd8a93893df1c2189a12569d15d5cc1a
SHA1 00eb8eaddd3c4b633920146cc00bf5cdd263b8c0
SHA256 191fe9788bb044baa332170facdb40ed090a9f772971cc0ca752d8f46627c3bb
CRC32 C69D3B42
ssdeep 768:uqzEOfLo2T0pHES42P2wsSrSlAKL0RvTZTEeo9L1Po0OQuiSKcKysNU3her9dohM:uhQspHrXK5eKO5KysyxAd4CtR
Yara
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 85c5e051df957236_sumatrapdf.lnk
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SumatraPDF\SumatraPDF.lnk
Size 1.0KB
Processes 1648 (12026.exe)
Type MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Sat Oct 18 09:32:50 2014, mtime=Fri Jan 26 22:01:17 2024, atime=Sat Oct 18 09:32:50 2014, length=6476896, window=hide
MD5 d5f697ca1600654dee6d3e0fa0e6ce5d
SHA1 9c922676e69fb1668f846fb16c27504b99152e2c
SHA256 85c5e051df957236e406fb8d6967271df5c7c8f33d7bcb0e182082cd106eb94c
CRC32 23B690C0
ssdeep 24:8mYBDdOEppFONA21ADRUdjzSagdjIUPPyR:8mIdO2rOG21ADRUd/QdZnyR
Yara
  • lnk_file_format - Microsoft Windows Shortcut File Format
  • Lnk_Format_Zero - LNK Format
VirusTotal Search for analysis
Name e3b0c44298fc1c14_nsiBF24.tmp
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\nsiBF24.tmp
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name a534e20fc73ea320_uninstall.lnk
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SumatraPDF\Uninstall.lnk
Size 798.0B
Processes 1648 (12026.exe)
Type MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 15:32:08 1600, mtime=Sun Dec 31 15:32:08 1600, atime=Sun Dec 31 15:32:08 1600, length=0, window=hide
MD5 2f43c8c79fe87ab0ccf69254c54f3a94
SHA1 08cc4340fc17c2a3706987b3de29ecf0fe63131e
SHA256 a534e20fc73ea320f9ef66e71006b1807a03bdfb070ab9a6f9067220246042d3
CRC32 C6797CBC
ssdeep 12:8wl0Q02lqqdp8uUXUceZbdpYmp50y0bdpYmp5ucKNUGa4t2YLEPKzlX8:8ceqdO/XuldjKygdj+UG2Py
Yara
  • lnk_file_format - Microsoft Windows Shortcut File Format
  • Lnk_Format_Zero - LNK Format
VirusTotal Search for analysis
Name 446c3dc2041bd1d0_uninst.exe
Submit file
Filepath C:\Program Files (x86)\ClocX\uninst.exe
Size 39.6KB
Processes 1648 (12026.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5 b462f3c38bc5b56e06976a94a7c36bc7
SHA1 0106bf912fa9a37bb975afb00fd4ebaf7dff13cd
SHA256 446c3dc2041bd1d0968e92ec21d538da95dd85c62535293fdca425b02587bbe5
CRC32 FEFD7B18
ssdeep 768:0Gn4o4BL/akfpI1nu0LXGS8BPfeyWMZtuHvwbtOuIYdPciuc1sJ:T4hwgonu0fJytuPwbdNcir1sJ
Yara
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis