popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name e3b0c44298fc1c14___tmp_rar_sfx_access_check_28862000
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\RarSFX0\__tmp_rar_sfx_access_check_28862000
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name ecbccacd00cdf388_rolex.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\RarSFX0\rolex.exe
Size 4.4MB
Processes 2556 (pic1.exe)
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 8866d677a3309a0ad903f37557c5941b
SHA1 2b03d0c6cb74defedfc31154c57b073c889ea11a
SHA256 ecbccacd00cdf38870bea7d203909da1ea2261477125ff7e0bdcef5f3fc4d17d
CRC32 19773FF1
ssdeep 98304:ZqwfM8jZlts7Dnfg+u5NIg1GbnBH9Ltl4NFA0kA8X1KpWQMt:Zqw0v7DnZu5NnobnDtl4TjZ8X1/QK
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • UPX_Zero - UPX packed file
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 277e5a8095063986_yondex.exe
Submit file
Filepath c:\users\test22\appdata\roaming\sysfiles\yondex.exe
Size 4.0MB
Processes 2804 (rolex.exe) 2948 (None)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 bd2413c32e34d0031f7881d51ae731ff
SHA1 8771733c460f22adc0e1865f0b3f2ac19e9c1001
SHA256 277e5a809506398685fe20ba674b7f3f75b2e04a34c2b150a84088b266138894
CRC32 13ED615A
ssdeep 49152:GBNDFFPJu8fBsVE6ij+RNg+UKpBvtqB3m1RC3:GnzP88fBsnZTgOtqB3m1RC3
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • MPRESS_Zero - MPRESS packed file
  • Is_DotNET_EXE - (no description)
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 8d6abba9b216172c_driver.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\Sysfiles\Driver.exe
Size 3.9MB
Processes 2948 (None)
Type MS-DOS executable, MZ for MS-DOS
MD5 02569a7a91a71133d4a1023bf32aa6f4
SHA1 0f16bcb3f3f085d3d3be912195558e9f9680d574
SHA256 8d6abba9b216172cfc64b8802db0d20a1c634c96e1049f451eddba2363966bf0
CRC32 2D90BDE3
ssdeep 49152:SNDFFPJu8fBsVE6ij+RNg+UKpBvtqB3m1RC3Z:wzP88fBsnZTgOtqB3m1RC3Z
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • MPRESS_Zero - MPRESS packed file
VirusTotal Search for analysis
Name 940d3c2d3a6665d5_1.bat
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\RarSFX0\1.bat
Size 36.0B
Processes 2556 (pic1.exe)
Type DOS batch file, ASCII text, with CRLF line terminators
MD5 ce32eea7c273547d3fb75f8e4191e25a
SHA1 07d0edd1f64c799b01da4e670126b4b2c5091dde
SHA256 940d3c2d3a6665d5017c0bf64120a71b2ce61106ae015399282ae8f4656cb91f
CRC32 AAD4E1AC
ssdeep 3:mKDDFRK9NyVXMMH:hBVc2
Yara None matched
VirusTotal Search for analysis
Name 309f695715b94b85_driver.url
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Driver.url
Size 177.0B
Processes 2948 (None)
Type MS Windows 95 Internet shortcut text (URL=<file:///C:\Users\test22\AppData\Roaming\Sysfiles\yondex.exe>), ASCII text, with CRLF line terminators
MD5 68c6f1f389129c53d9d9d36a9f8d36f7
SHA1 71de4837d82eafbdce94ea3d303eea4e3b40eeea
SHA256 309f695715b94b854be102cd8235e8fcf31ff07612a8a8f78709291d90e6a2eb
CRC32 402082C8
ssdeep 3:HRAbABGQYm5uOmWxpcL4EaKC5SQnPB4L4NIJ4ovstwWDmWxpcL4E2J5xAIkP2dLR:HRYFVmwOmQpcLJaZ5lI4NIJlvstwWDmS
Yara
  • url_file_format - Microsoft Windows Internet Shortcut File Format
VirusTotal Search for analysis