popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name ac0b1b8a16402e52_j7xjtvt4.pdb
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\j7xjtvt4.pdb
Size 7.5KB
Processes 2708 (csc.exe) 2544 (powershell.exe)
Type MSVC program database ver 7.00, 512*15 bytes
MD5 8478a7feddb6769697f1183c992ad4db
SHA1 77862cec443fc9dd180f33d58e54864b90fc3640
SHA256 ac0b1b8a16402e52f030028dc3c9d3d10c9770f29328d9e5eb56e90cadf2d712
CRC32 39758548
ssdeep 6:zz/BamfXllNS/WXYJAtP1mllxrS/77715KZYXxGQu+e0KpYX5XYJANfoGggksl/b:zz/H1W/WswSXS/pw2qGsoRD
Yara None matched
VirusTotal Search for analysis
Name bffda91ccd4d4d45_j7xjtvt4.0.cs
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\j7xjtvt4.0.cs
Size 280.0B
Processes 2544 (powershell.exe)
Type UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5 2b94837e5cc8a9782cd0510de984300e
SHA1 0c02063905cb9f977f556932cf1d2d79fb0d60bf
SHA256 bffda91ccd4d4d45bc13eb01e1e9e8f41670e0183cd5ad3666987d4ef5ec0584
CRC32 03373120
ssdeep 6:gysnS6i7+M/sOzhkKwGButFS2SRYK4uOmg:gyIq7krW0FE4h
Yara None matched
VirusTotal Search for analysis
Name e3b0c44298fc1c14_j7xjtvt4.tmp
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\j7xjtvt4.tmp
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name e323f5cdcb02f330_yp4qo1kw.ifq.inf
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\yp4qo1kw.ifq.inf
Size 682.0B
Processes 2544 (powershell.exe)
Type Windows setup INFormation, ASCII text, with CRLF line terminators
MD5 2e224a5efc5c200948becb52b181349b
SHA1 3a3337dfb56df5e0a2c21ebe9a79d6b6631cebbd
SHA256 e323f5cdcb02f33036633db0528c558e81936afc06f07af32ad805a50ca84392
CRC32 F1626EE5
ssdeep 12:OSBz03qrc3hcI3Cur00noxy1SQpctPrx0vVEQB5OJB0YiVjkvqqwKX6JQEVsJQn:O4zOX/zoxNtx0NbfZVASqwKqaEVsan
Yara
  • Antivirus - Contains references to security software
VirusTotal Search for analysis
Name b7c225ef3cc3e875_d93f411851d7c929.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size 7.8KB
Processes 2544 (powershell.exe)
Type data
MD5 81ca4510272caf505e8091e9a28cb716
SHA1 71414aeec9f1e4a6f5a461b01700cc9cc992cd9e
SHA256 b7c225ef3cc3e87506150eb140e7b9cc127a3469c50a808854acac71a53d98bf
CRC32 FC31E90F
ssdeep 96:EtuCcBGCPDXBqvsqvJCwoRtuCcBGCPDXBqvsEHyqvJCwor/47HwxGlUVul:EtCgXoRtCgbHnorLxY
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 504e5c3f87b84390_j7xjtvt4.cmdline
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\j7xjtvt4.cmdline
Size 311.0B
Processes 2544 (powershell.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5 8a3a5a6e0fa68ce148e2f779fbd1bd38
SHA1 07aa020c735631f0a9b682e76bf8af31b7db5e13
SHA256 504e5c3f87b843902510aa710e6f8a8502e5405dfde0dca9590f9900600a712a
CRC32 F1CC37A9
ssdeep 6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23fWsmGsSAE2NmQpcLJ23fWyAn:p37LvXOLM5nPAE2xOLMdA
Yara None matched
VirusTotal Search for analysis
Name 99b0588e0c48ab70_CSCF76F.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\CSCF76F.tmp
Size 652.0B
Processes 2708 (csc.exe)
Type MSVC .res
MD5 76b80c8cea41f4675660e1182ab42178
SHA1 593c87b99f5580c9119c63c36bef58c5306df37a
SHA256 99b0588e0c48ab70d70fcc523a7fc79650dc4ea234ce56494062de2b1699e41a
CRC32 ABB8F795
ssdeep 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5grygeak7YnqqR/PN5Dlq5J:+RI+ycuZhNXakS5PNnqX
Yara None matched
VirusTotal Search for analysis
Name ab34c25ba1bc77ca_j7xjtvt4.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\j7xjtvt4.dll
Size 3.5KB
Processes 2708 (csc.exe) 2544 (powershell.exe)
Type PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 f208ec8fd0774b4887103615bed8e672
SHA1 e686c7fb6f211daa6577a4f2b5eec11a634e3943
SHA256 ab34c25ba1bc77ca545e152a41fda62ae8fce3aa4b2cde0fa12e963a908e2c00
CRC32 5F457FB2
ssdeep 24:etGSCda2SJemaXsJUzbbdPtkZfTWmHEkj8Sk8/ns/mI+ycuZhNXakS5PNnq:6B5JuxzduJTWmtjOe1ulXa37q
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • Is_DotNET_DLL - (no description)
VirusTotal Search for analysis
Name 96b3fad0d9928c02_r2iv3c14a1f.ps1
Submit file
Filepath C:\Users\test22\Music\r2iv3c14a1f.ps1
Size 31.0B
Processes 2544 (powershell.exe)
Type ASCII text, with CRLF line terminators
MD5 85af210d76f2d0bd9d4156910bbefd3f
SHA1 d4488443606dac3ba8f163ad86021737910caad6
SHA256 96b3fad0d9928c027c001322b5a52478402467d4bb4a906ed898b35f992b3f7e
CRC32 0F257A74
ssdeep 3:jKMFmEAJY4GIw:jKMFmEsDw
Yara None matched
VirusTotal Search for analysis
Name f5eb12c8acc785d9_j7xjtvt4.out
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\j7xjtvt4.out
Size 607.0B
Processes 2544 (powershell.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5 9784c6dd815a6bd642062f2f24157822
SHA1 27d548d3acbbbcfe11a53112618c35550be2eef4
SHA256 f5eb12c8acc785d908145a95d1aa9ac4b7a658a447b558f1e3e259452804cba3
CRC32 EE2BB8C7
ssdeep 12:K4OLM9nzR37LvXOLM5nPAE2xOLMd1Kai31bIKIMBj6I5BFR5y:K+9nzd3B5nIE2n/Kai31bIKIMl6I5Dvy
Yara None matched
VirusTotal Search for analysis
Name 83fe0af4b1e03943_RESF780.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\RESF780.tmp
Size 1.2KB
Processes 2760 (cvtres.exe) 2708 (csc.exe)
Type Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5 1587753121910582422391a357ef6cac
SHA1 71805841d6ab43a7dd924964b4e691f67be170f5
SHA256 83fe0af4b1e03943ba65d57e435b266bdae059339f88efde06ea556530eab9e2
CRC32 1CE9058E
ssdeep 24:HUJ9YernAu7GmHiUnhKLI+ycuZhNXakS5PNnqjtd:Vern0mdnhKL1ulXa37qjH
Yara None matched
VirusTotal Search for analysis