popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 0e075a9419334fea_version.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\version.exe
Size 6.3MB
Processes 2144 (meNversion.exe)
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 1d54f64e7f45b8d4493a5f7934346d5a
SHA1 d342bd1a31517e5a41e4f0b62c1961f63a82e6f2
SHA256 0e075a9419334fea57f5890628f45256112f8dd363f4412c2627c7360619072f
CRC32 052268C8
ssdeep 49152:I8MlY/PjEfY0ZBQA/3y/iRa8HXrdat0luPa6PfuAlUJE1w7vH8q0urQvPD0YG1GQ:VB/PjEfTZBJWi0kdaFi6P2AZuMHxnM
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE64 - (no description)
  • anti_vm_detect - Possibly employs anti-virtualization techniques
  • UPX_Zero - UPX packed file
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 4633554845e64e7a_version.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\version.exe
Size 50.0B
Processes 2144 (meNversion.exe)
Type VISX image file
MD5 743a3c5a39c92981cb90599313880c8c
SHA1 c9bafe96f81b769ac6c2b1929b33656839463cec
SHA256 4633554845e64e7ab0defb2a36f69dd58f5b94c030b9eb5bf5f6360e65c348b5
CRC32 82A7D311
ssdeep 3:rx:rx
Yara
  • Suspicious_Obfuscation_Script_2 - Suspicious obfuscation script (e.g. executable files)
VirusTotal Search for analysis