popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 6f432712db3c5b3c_RES22E5.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\RES22E5.tmp
Size 1.2KB
Processes 2980 (cvtres.exe) 2936 (csc.exe)
Type Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5 982abe6067356d2718ee153535ac0c9b
SHA1 a2075defff8daa7a2e47eef544f5ab0594de5ac3
SHA256 6f432712db3c5b3c0086ccccef50902e0db47ef4c0531d711816e6b6c29a7691
CRC32 EB33DF75
ssdeep 24:H1J9YernAZmHtUnhKLI+ycuZhNxqakSIbPNnqjtd:aernwmanhKL1ulxqa3IRqjH
Yara None matched
VirusTotal Search for analysis
Name 2002e027f386feb1_kdcxyvbi.pdb
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\kdcxyvbi.pdb
Size 7.5KB
Processes 2936 (csc.exe) 2848 (powershell.exe)
Type MSVC program database ver 7.00, 512*15 bytes
MD5 eb6046caa0164920f05fcb3f6facf509
SHA1 1e56c48a4e8e1c584a19c31c7524cabe5fe977d0
SHA256 2002e027f386feb17953e35c26c8ddb451bb68d73f93fbaa1258c00e4b98c4c4
CRC32 52D42C5E
ssdeep 6:zz/BamfXllNS//QEHl31mllxrS/77715KZYXxGQu+e0KpYX6QE1oGggksl/cEDf:zz/H1W//QEHfSXS/pw2qPQE1RD
Yara None matched
VirusTotal Search for analysis
Name 414a302889d0909f_kdcxyvbi.0.cs
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\kdcxyvbi.0.cs
Size 433.0B
Processes 2848 (powershell.exe)
Type UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5 37f91c2e34b7139eb3fba18b5d19e667
SHA1 dca362e9e6cd5030a95ed1daf2b5ce60d4f4b352
SHA256 414a302889d0909f5e2b54aa66ee4a433d9237335da73688f34cd749409cdfde
CRC32 3338E525
ssdeep 6:V/DsDrSxh/eM92SRadPc8hAfzM92SRFo1cLDMezM92SRcBuhmwORX4tXROLtl5AO:V/DGrc+PP+kLucB4mwo4twekN
Yara None matched
VirusTotal Search for analysis
Name e3b0c44298fc1c14_kdcxyvbi.tmp
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\kdcxyvbi.tmp
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name 3814a021a722ff25_kdcxyvbi.cmdline
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\kdcxyvbi.cmdline
Size 311.0B
Processes 2848 (powershell.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5 8488a983f66b2522fde32cbd45e3f73e
SHA1 7f9484025936250ef16c8c1499967b16d5254221
SHA256 3814a021a722ff25696db1281a214371745c253f2e3e9bc9b4a95fa0504fd8ad
CRC32 A0DDF0D4
ssdeep 6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23fcGmmGsSAE2NmQpcLJ23fcGQAn:p37LvXOLM0TnPAE2xOLM00n
Yara None matched
VirusTotal Search for analysis
Name bee436b54202702f_anyclesk.vbs
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AnyClesk.vbs
Size 399.0B
Processes 2564 (powershell.exe)
Type ASCII text, with CRLF line terminators
MD5 a1aae87e32a7a3d76bb83e539b9ac118
SHA1 34f39f5be260ea46a039fcde0bd48fc2964783fd
SHA256 bee436b54202702f7b76b5c2b837deee9b2c20d2f8822696185b7b6152855d68
CRC32 FEC0DDE2
ssdeep 12:4qahhoJhYLnOhwpr2kozTIE2KBnGHpclFsUj9EWbqr7:4qa/oJerOKy52KhvGUjmOqr7
Yara
  • Antivirus - Contains references to security software
VirusTotal Search for analysis
Name 9ef5b8d0b70e6d0f_anyclesk.ps1
Submit file
Filepath C:\Users\test22\AppData\Roaming\AnyClesk.ps1
Size 175.8KB
Processes 2564 (powershell.exe)
Type ASCII text, with very long lines, with CRLF line terminators
MD5 36b6376a1763c4751be6f698b6bf2ce9
SHA1 3b6e38ea8ca94205b8d747867f6657c605e2d719
SHA256 9ef5b8d0b70e6d0f8cc59fbf81950825c77bee1703d0cf33a708a8ba14a10e2e
CRC32 5AB303B1
ssdeep 1536:kW212KdV0/OPcgz3Xa06RqNqGMC9SoXxuke8DMcbYp2Q29KKURg69Y9jZG/NQH0L:kCqNqymB
Yara None matched
VirusTotal Search for analysis
Name 9830ecf45a6caf80_kdcxyvbi.out
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\kdcxyvbi.out
Size 607.0B
Processes 2848 (powershell.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5 9d5df38ef98a2f75f9fc6da725eea8bd
SHA1 c5f51216a95e3ec704aa15c78c7412cabe4fc40b
SHA256 9830ecf45a6caf809fa7c3d6386e38e3613e0683a2d36b154e6308adb7bce5af
CRC32 30E3A1CB
ssdeep 12:K4OLM9nzR37LvXOLM0TnPAE2xOLM00uKai31bIKIMBj6I5BFR5y:K+9nzd3B0TnIE2n0BKai31bIKIMl6I5G
Yara None matched
VirusTotal Search for analysis
Name 66275eaf304b5f58_CSC22D5.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\CSC22D5.tmp
Size 652.0B
Processes 2936 (csc.exe)
Type MSVC .res
MD5 40941f9d7f9c538883a01f3cb54611c4
SHA1 431772b1a9d2a1b6e4cf6931b0d5b474db35a93b
SHA256 66275eaf304b5f588c3df7248183408490e8bdcdc55d6a0b5363b90cf1440187
CRC32 CB7C888E
ssdeep 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryoGF8ak7YnqqJGFRPN5Dlq5J:+RI+ycuZhNxqakSIbPNnqX
Yara None matched
VirusTotal Search for analysis
Name b7c225ef3cc3e875_d93f411851d7c929.customDestinations-ms~RF181a344.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF181a344.TMP
Size 7.8KB
Processes 2564 (powershell.exe) 2848 (powershell.exe)
Type data
MD5 81ca4510272caf505e8091e9a28cb716
SHA1 71414aeec9f1e4a6f5a461b01700cc9cc992cd9e
SHA256 b7c225ef3cc3e87506150eb140e7b9cc127a3469c50a808854acac71a53d98bf
CRC32 FC31E90F
ssdeep 96:EtuCcBGCPDXBqvsqvJCwoRtuCcBGCPDXBqvsEHyqvJCwor/47HwxGlUVul:EtCgXoRtCgbHnorLxY
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 8582e1669ebab296_kdcxyvbi.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\kdcxyvbi.dll
Size 3.5KB
Processes 2936 (csc.exe) 2848 (powershell.exe)
Type PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 5141919d26022078eea74aa78a61937a
SHA1 c5e7e8c59a636c688f4de428fe2b943a74e6bf18
SHA256 8582e1669ebab2961ed455ce5fbfa1e2b62a83bb4285356b549c89c03f5480c3
CRC32 2A210CEF
ssdeep 24:etGSLmdBjEeK6D8lsckyTCMumkbdPtkZfEjOz/42h09mI+ycuZhNxqakSIbPNnq:6q9lD8lsNyO9uJEt2h041ulxqa3IRq
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • Is_DotNET_DLL - (no description)
VirusTotal Search for analysis