popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 7d8aaf09d6756ca3_ca-bundle.crt
Submit file
Filepath C:\Users\test22\AppData\Roaming\Demm\ca-bundle.crt
Size 250.3KB
Processes 2536 (laryyyyy.exe)
Type UTF-8 Unicode text
MD5 3c58c3f2435598a942dc37cdb02a3ec3
SHA1 6ff742bd18dfefe600f05dd6dae28c921c180a52
SHA256 7d8aaf09d6756ca3387bc1f1927debd748378dda807c30c84d116ed4e90d31b8
CRC32 04CCD1D7
ssdeep 6144:ZKN5WXkqxsjNGdcd9D0hD/kiNR68ptcm+d4tLKb0z:ZKNASDOhDh76AI4tLC0z
Yara None matched
VirusTotal Search for analysis
Name 5a830fb816027b32_client.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\Demm\client.exe
Size 302.0KB
Processes 2536 (laryyyyy.exe)
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 23eef6cc4a41f45c1ade4b0530945500
SHA1 8cafe3f2eb757585bdb505700ba7b3a167121874
SHA256 5a830fb816027b3274598c55f6e12149f3ceff8fc6e05a8536edc50a9dfdb4b1
CRC32 F8E88C34
ssdeep 3072:YR/9ED6BH8rHMbEVlLBwPmbsbye11P4CCH7Dgf2Sr7LrY7PC/C:YR/9BH8rGEVdBwPmbMyiACCbjPC
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 33590cfb79131c33_launch.bat
Submit file
Filepath C:\Users\test22\AppData\Roaming\Demm\launch.bat
Size 142.0B
Processes 2536 (laryyyyy.exe) 2692 (cmd.exe)
Type ASCII text, with CRLF line terminators
MD5 eadfd74bc8f8bfc2aca9a87dca0a1598
SHA1 ef020cd0d6025ba1f7393a9a32d3274762ebc799
SHA256 33590cfb79131c330bb9a4adb1888d4a6778327877eb2ed15e1cf12d75fe618c
CRC32 9961D65A
ssdeep 3:GLtuoYFkJr+jn9m1mWxpcL4EaKC5PvC8SBkZOmWxpcL4EaKC5PgVAYSn:GLcAr+DE1mQpcLJaZ5fSKomQpcLJaZ5J
Yara None matched
VirusTotal Search for analysis
Name df3aca8ffefd4238_curl.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\Demm\curl.exe
Size 1.7MB
Processes 2536 (laryyyyy.exe)
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 f67a4e5f3827a876cd53ba8caedd1baa
SHA1 8c0b081a0c662911ae00433c3276d867fc810ead
SHA256 df3aca8ffefd42383dfde13978ba4c9764d4b55610d8f65150fb9d361198f0c2
CRC32 FCF9253F
ssdeep 49152:gRpPAw0tR0SvPpI7GxusNMGXHtCGP3KNf:8pIbtFvAsf86
Yara
  • Malicious_Library_Zero - Malicious_Library
  • curl_command - curl command
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • ftp_command - ftp command
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis