popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name f4c215103fcf41f4_systray.vbs
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Systray.vbs
Size 398.0B
Processes 3036 (powershell.exe)
Type ASCII text, with CRLF line terminators
MD5 b8a8142f02fa92c25864e18940669ddd
SHA1 6587204b3c1c71e430ac0ae4b43416dfab7f5c5b
SHA256 f4c215103fcf41f41cfe31a7af1b39acd1472d712ddd3c0331f9871ca31ecb60
CRC32 B0B4CEB9
ssdeep 12:4qahhoJhYLnOhwpr2sfzTIE2KBnGHpclFsUj9EWbqr7:4qa/oJerOKF352KhvGUjmOqr7
Yara
  • Antivirus - Contains references to security software
VirusTotal Search for analysis
Name 39d4b2ee2aa6e43c_0fpj26uf.cmdline
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\0fpj26uf.cmdline
Size 311.0B
Processes 2416 (powershell.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5 8548a97257cd96412d29c33b95142369
SHA1 b1372d831a4d421608aa7d503e86b9c71630a01b
SHA256 39d4b2ee2aa6e43ca77f5d653657cc4c0e1d72b9efc3fe478dd46bd987c46bdb
CRC32 1EE05DE8
ssdeep 6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23faqmGsSAE2NmQpcLJ23faPn:p37LvXOLMCqnPAE2xOLMCP
Yara None matched
VirusTotal Search for analysis
Name 2628ce9280d490d1_0fpj26uf.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\0fpj26uf.dll
Size 3.5KB
Processes 2524 (csc.exe) 2416 (powershell.exe)
Type PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 d2fd788b7f68573e5742e6eeec764482
SHA1 dc39ba6cc867e65851645872a63c426636b573db
SHA256 2628ce9280d490d1c8cee16c4fc2fc0447e03a79f126ffb3f04dbbe82d815bf7
CRC32 CBC3FC81
ssdeep 24:etGShedBjEeK6D8lsckyTCMikbdPtkZfhjOzZlo2HtV0/DmI+ycuZhNZakS3PNnq:6Q9lD8lsNyOguJh92NVmq1ulZa3lq
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • Is_DotNET_DLL - (no description)
VirusTotal Search for analysis
Name e3b0c44298fc1c14_0fpj26uf.tmp
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\0fpj26uf.tmp
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name b0c500df34b50a16_0fpj26uf.pdb
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\0fpj26uf.pdb
Size 7.5KB
Processes 2524 (csc.exe) 2416 (powershell.exe)
Type MSVC program database ver 7.00, 512*15 bytes
MD5 05f70be927a6fb5fedd589240af927dc
SHA1 a31b96f73066b01ac62477c60fc47841f3c0f1cf
SHA256 b0c500df34b50a16f13f15221a586d4dd6adfdfbae909872df16b4273c910d53
CRC32 FD109ADB
ssdeep 6:zz/BamfXllNS/7hNtk1mllxrS/77715KZYXxGQu+e0KpYXIhNtSKioGggksl/cEb:zz/H1W/TtsSXS/pw2qjtSKiRD
Yara None matched
VirusTotal Search for analysis
Name a9b1dc8eaa5fcd00_d93f411851d7c929.customDestinations-ms~RF226c0fb.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF226c0fb.TMP
Size 7.8KB
Processes 3036 (powershell.exe) 2416 (powershell.exe)
Type data
MD5 c1d8708bab1e838a2deda26d58bb8d42
SHA1 95d39e75a804752961c139bb6c0b67f84f685035
SHA256 a9b1dc8eaa5fcd0034694cf9742ae915a5932142a1477c3ab6fada45d98750b2
CRC32 E71AF2A2
ssdeep 96:QtuC6GCPDXBqvsqvJCwoFtuC6GCPDXBqvsEHyqvJCworFS7HwxWlUVul:QtbXoFtbbHnor/xo
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 414a302889d0909f_0fpj26uf.0.cs
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\0fpj26uf.0.cs
Size 433.0B
Processes 2416 (powershell.exe)
Type UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5 37f91c2e34b7139eb3fba18b5d19e667
SHA1 dca362e9e6cd5030a95ed1daf2b5ce60d4f4b352
SHA256 414a302889d0909f5e2b54aa66ee4a433d9237335da73688f34cd749409cdfde
CRC32 3338E525
ssdeep 6:V/DsDrSxh/eM92SRadPc8hAfzM92SRFo1cLDMezM92SRcBuhmwORX4tXROLtl5AO:V/DGrc+PP+kLucB4mwo4twekN
Yara None matched
VirusTotal Search for analysis
Name bf96dab5f600b308_RES7923.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\RES7923.tmp
Size 1.2KB
Processes 1720 (cvtres.exe) 2524 (csc.exe)
Type Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5 4b9aac8b8603dc6bfe5ccc483f9f01cf
SHA1 77c22af217d95d0c351c48ed70c3b0fd911188dd
SHA256 bf96dab5f600b30850bf52a4a9668d6b682aadb0afb5684828c7c9fd7fc7385a
CRC32 45CAA32E
ssdeep 24:HPJ9YernRKimHaUnhKLI+ycuZhNZakS3PNnqjtd:IernrmFnhKL1ulZa3lqjH
Yara None matched
VirusTotal Search for analysis
Name 79a58148935de016_0fpj26uf.out
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\0fpj26uf.out
Size 607.0B
Processes 2416 (powershell.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5 0c44fde0ca23f9fbb5c311e81e029ef1
SHA1 31c7346c1ac62cfa7b5ae7eda9402c1c27800732
SHA256 79a58148935de016d067c3b9f8129e29352fc5ef1ab982b73bcf88979a8f86b7
CRC32 BDFF3A95
ssdeep 12:K4OLM9nzR37LvXOLMCqnPAE2xOLMC2Kai31bIKIMBj6I5BFR5y:K+9nzd3BtnIE2n7Kai31bIKIMl6I5Dvy
Yara None matched
VirusTotal Search for analysis
Name 1845ac255fc129e3_systray.ps1
Submit file
Filepath C:\Users\test22\AppData\Roaming\Systray.ps1
Size 261.0KB
Processes 3036 (powershell.exe)
Type ASCII text, with very long lines, with CRLF line terminators
MD5 8e481cb2f650b3c90f42f693c83c0e19
SHA1 0acb52a416355c27095f6dd7db801f64f7f2ddb9
SHA256 1845ac255fc129e3bda49d404b68a8a592b5e530c0862dbdc409e62df70912ec
CRC32 4C1C554E
ssdeep 1536:EqMyGPM0URKP7/u5jztKwbqd0b93ltDRIpbcg8EKgG6yvi67GKHWaI1Lw8Ckr0XY:oH+Q
Yara None matched
VirusTotal Search for analysis
Name 38a03660fbd32d76_CSC7913.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\CSC7913.tmp
Size 652.0B
Processes 2524 (csc.exe)
Type MSVC .res
MD5 ed2c63c69f16745946f19abee1fb707f
SHA1 386e757d410180c9c2b0954400f1982b950b0d4f
SHA256 38a03660fbd32d7656a9e00b7ac17e3b2007bb27029c63518e9f970448d00057
CRC32 CB0B02C0
ssdeep 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryLak7Ynqq3PN5Dlq5J:+RI+ycuZhNZakS3PNnqX
Yara None matched
VirusTotal Search for analysis