popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 8286d000d4045fe4_build2.exe
Submit file
Filepath C:\Users\test22\AppData\Local\4798d325-d608-4ca6-9e7c-904ba0655e61\build2.exe
Size 320.0KB
Processes 2876 (buildcr.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 335a64e110185d35bcfbc3ef86a382e9
SHA1 2c4bfa3c09e96fd7d6e10de8807e19929b1e2960
SHA256 8286d000d4045fe41788db22d353553ced31258eeaa0d52825e317f94d23dd9a
CRC32 6B89122C
ssdeep 3072:V1dPzcpmx6U25NN9k9oqYRZn2uEm5nZTkvfXC5WhpNumh:V7Pz3xcNU9oquZ2uEmfTkXXNFumh
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 044f1dd5eaa0ade7_personalid.txt
Submit file
Filepath C:\SystemID\PersonalID.txt
Size 42.0B
Processes 2876 (buildcr.exe)
Type ASCII text, with CRLF line terminators
MD5 0546085542e69f2d499247a3e422f084
SHA1 2f9e2dcd208bf98beb4e8f3dfb31ae193e611ea9
SHA256 044f1dd5eaa0ade75a46a07bc3dd0cae03086795a309914a776fc87ff88920b8
CRC32 B6BD11D9
ssdeep 3:p8K/rGS/xRwRLov:h/rGSIRe
Yara
  • Suspicious_Obfuscation_Script_2 - Suspicious obfuscation script (e.g. executable files)
VirusTotal Search for analysis
Name d41e0c54d7084adb_bowsakkdestx.txt
Submit file
Filepath C:\Users\test22\AppData\Local\bowsakkdestx.txt
Size 558.0B
Processes 2876 (buildcr.exe)
Type ASCII text, with very long lines, with no line terminators
MD5 85557c03fd6d28a8b409991992c98bcf
SHA1 ac0ff09edcc668d2b195687b880cbcdc1b63a727
SHA256 d41e0c54d7084adb61db82bc00ec8f03bbb82ffeb39f36459c4b944ac7939412
CRC32 AE342DE6
ssdeep 12:YGJ68Y129ELvQTsDJ9S+1foJ9Y94Ss8kT+Aa8eJy155o8jnT:YgJw29ELvxS+FoJ78LAahMDHLT
Yara None matched
VirusTotal Search for analysis
Name fef2c8ca07c500e4_build3.exe
Submit file
Filepath C:\Users\test22\AppData\Local\4798d325-d608-4ca6-9e7c-904ba0655e61\build3.exe
Size 299.5KB
Processes 2876 (buildcr.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 41b883a061c95e9b9cb17d4ca50de770
SHA1 1daf96ec21d53d9a4699cea9b4db08cda6fbb5ad
SHA256 fef2c8ca07c500e416fd7700a381c39899ee26ce1119f62e7c65cf922ce8b408
CRC32 94B17B3E
ssdeep 6144:2neDcgRQv5VaNT9DW7a6dtM9VstSttuvqIT:2O0v5VuT9DW7hdt9tKt2qI
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis