popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 24f5b5f112f240ce_-dkbv9vj.out
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\-dkbv9vj.out
Size 598.0B
Processes 908 (powershell.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5 a5e1ff52b5b33e535272651dc003353c
SHA1 fb206c5aa7b4af99f2a2217488d67d1f8d054a1f
SHA256 24f5b5f112f240ce0d22e8b8cbd1f53c859cce9165bd1e5846c42bcf83508b53
CRC32 FBD31BED
ssdeep 12:K4X/NzR37LvXOLMfnPAE2xOLM1Kai31bIKIMBj6I5BFR5y:KyNzd3BfnIE2n1Kai31bIKIMl6I5Dvy
Yara None matched
VirusTotal Search for analysis
Name d45921848c9a29e1_CSCA563.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\CSCA563.tmp
Size 652.0B
Processes 2408 (csc.exe)
Type MSVC .res
MD5 c34381635ffd0ce56df977ecf3698b70
SHA1 72b5c9f56b66263604a680fc44a67b388a861a10
SHA256 d45921848c9a29e14cb6429c42bbfab0a58001e7749247f4e5388588b320b4a2
CRC32 D96B5503
ssdeep 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5grywsak7YnqqRhPN5Dlq5J:+RI+ycuZhN5akSHPNnqX
Yara None matched
VirusTotal Search for analysis
Name 81dd5096264d4ead_okayneweragifcomet.vbs
Submit file
Filepath C:\Users\test22\AppData\Roaming\okayneweragifcomet.vBS
Size 3.4KB
Processes 908 (powershell.exe)
Type Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
MD5 03d825add08e67300781d56e5f1ef77b
SHA1 b8280bb4366d5370233823ab0b7ebe665a39b40c
SHA256 81dd5096264d4ead6c92e7934d4858c48dbc4bd113c3fda893d9b2ce3b7069dc
CRC32 71607B92
ssdeep 48:V3+OOLOsQ1+3+OODJ3+OOnN3+OOI3+OOaOsQH43+OO+ghMkghMXpghMQklOsQFgV:N+dOs/+b+xF+8+MOsX+US7+kOsm0+U
Yara None matched
VirusTotal Search for analysis
Name 5372c64d5af89b9a_-dkbv9vj.0.cs
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\-dkbv9vj.0.cs
Size 470.0B
Processes 908 (powershell.exe)
Type C++ source, UTF-8 Unicode (with BOM) text, with very long lines
MD5 21cab80ce7c92e6f067f0d1bbf00a77f
SHA1 b2b5735b98398eec046403913382a6f6ffd79060
SHA256 5372c64d5af89b9a2cde1f0f410e966d6f013e7d3008ed3e484f508b0e6f3379
CRC32 CB4B43D3
ssdeep 6:V/DsYLDS81zuyQI58wROMGhQXReKJ8SRHy4H9oLmYU44MW5/2CyTwk+y:V/DTLDfu2pXfHZoLJzfzwk+y
Yara
  • Network_Downloader - File Downloader
VirusTotal Search for analysis
Name d4292aeca3578887_-dkbv9vj.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\-dkbv9vj.dll
Size 3.5KB
Processes 2408 (csc.exe) 908 (powershell.exe)
Type PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 0fe7e11f58825a7cc2c3c4a956ef9022
SHA1 793ab26b31a1ac3d2f42e0cfb2f08c7eefe55273
SHA256 d4292aeca35788874cea5eb7e0a58668a5caf543d170f85cbacb7a07d4cf3776
CRC32 41CD9D9B
ssdeep 24:etGS9datX2vw1/LktXhY4UbdPtkZfCHLc1bJ9t1PFmI+ycuZhN5akSHPNnq:6apj8MuJELmb1ZA1ul5a3Vq
Yara
  • PE_Header_Zero - PE File Signature
  • Network_Downloader - File Downloader
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • Is_DotNET_DLL - (no description)
VirusTotal Search for analysis
Name 00abcd70c5fc1fca_-dkbv9vj.pdb
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\-dkbv9vj.pdb
Size 7.5KB
Processes 2408 (csc.exe) 908 (powershell.exe)
Type MSVC program database ver 7.00, 512*15 bytes
MD5 6a007be3c3c8724da9dd99d1f6b579dc
SHA1 82aac0db20ed9a1de6002d7de0e20a0d37dfa3e1
SHA256 00abcd70c5fc1fca02985d84b38af1e2eb36a9c6eccdb14ea0847833f90b3a4c
CRC32 329E08E3
ssdeep 6:zz/BamfXllNS/GMk/4d1mllxrS/77715KZYXtMk/4toGggksl/3YXBGQu+e0KWEb:zz/H1W/dkQXSXS/pw9kQtmqRi
Yara None matched
VirusTotal Search for analysis
Name 44e8aa0601fffe82_590aee7bdd69b59b.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\590aee7bdd69b59b.customdestinations-ms
Size 7.8KB
Processes 908 (powershell.exe)
Type data
MD5 ee6cfd78f72f03663db2a7df0c696dd7
SHA1 56126e81a5f6577f8e24a890185d0c9eb600fa02
SHA256 44e8aa0601fffe82c494bbc7d7280aa3bc5e90effe2aee2d716d5716e1d6b568
CRC32 F27137C4
ssdeep 96:EtuCcBGCPDXBqvsqvJCwoRtuCcBGCPDXBqvsEHyqvJCworu4tDHXyGlUVul:EtCgXoRtCgbHnorBTyY
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 6c6864e8ead95b19_RESA5D1.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\RESA5D1.tmp
Size 1.2KB
Processes 2588 (cvtres.exe) 2408 (csc.exe)
Type Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5 4cf2280d5e25caea5196a804f67f983d
SHA1 e72ae057b195bbada071b03e62504454d3e85703
SHA256 6c6864e8ead95b194b453507293e53fbb99dbcffbaa82a7dba1e5dd1a3e63247
CRC32 742D9226
ssdeep 24:HXJ9Yern2xomH8UnhKLI+ycuZhN5akSHPNnqjtd:AernBmXnhKL1ul5a3VqjH
Yara None matched
VirusTotal Search for analysis
Name e3b0c44298fc1c14_-dkbv9vj.err
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\-dkbv9vj.err
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name 27fd9948cf76ef35_-dkbv9vj.cmdline
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\-dkbv9vj.cmdline
Size 311.0B
Processes 908 (powershell.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5 6a5c673937fd0d0f53f559049002d542
SHA1 71bb36d6c892cccf770ac8647d2f9a073ca746a4
SHA256 27fd9948cf76ef35db56675315a7c24c1f6ea2f45c0de4d7003f86476635adf9
CRC32 4885C24F
ssdeep 6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23fcT7emGsSAE2NmQpcLJ23fcT3:p37LvXOLMfnPAE2xOLMA
Yara None matched
VirusTotal Search for analysis