popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 6da2995798ef476e_fraqbc8wsa1xvpfvjcrgrywt.exe
Submit file
Filepath C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe
Size 1.5MB
Processes 2220 (explert.exe)
Type PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5 8f1ddc73cd5ca16d3ac140423ce7726b
SHA1 af1a6ac67a1e2103e530b9e35a5e78c026a4fc36
SHA256 6da2995798ef476e92954858d00324d379166907184367bf909578d220f3b894
CRC32 86349339
ssdeep 49152:qIoJQLAmGXo6itBWoUEq28HvCbqpMfVd/aN0Ee:7LzGXo6vnabqpadln
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
VirusTotal Search for analysis
Name fa480b1998854338_iizs2trqf69azblax3cf3edn.exe
Submit file
Filepath C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe
Size 1.1MB
Processes 2220 (explert.exe)
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 18bbc3fb86e902afb59c06811a5b01f4
SHA1 e9ea82ea8199bcb882b933a90707d7ca71f25899
SHA256 fa480b199885433840abe9d506ccf32fc75fc1dd771695cce2dcb4f438a98d00
CRC32 C3819B91
ssdeep 24576:KmUPjztESBDhakdbtl7vq6bknwKTaA9Cpr2r:KmUPv+eldbtl7i6FKeFpy
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE64 - (no description)
  • anti_vm_detect - Possibly employs anti-virtualization techniques
  • UPX_Zero - UPX packed file
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 447ed0bdf4f8d047_hm3solbph71yexuieaoeiigx.exe
Submit file
Filepath C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe
Size 681.5KB
Processes 2220 (explert.exe)
Type PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 4f5771aa008fb55801a3f9fba7130f69
SHA1 eaace725791c08810198c08907b84b8850d4ef5b
SHA256 447ed0bdf4f8d0479545724b9578d2a3296b6bc5e2162d7ba405276234eccf0d
CRC32 EEB7BAA5
ssdeep 12288:Llq9SNKjqNUt5LRfyUgpBvBV9aPp2exoxNxFhWuR4OM8AfCZghsWT9FLUI/D/vqO:Ll+SNKeslybnBOexBO
Yara
  • PE_Header_Zero - PE File Signature
  • Is_DotNET_EXE - (no description)
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 0593eef89f1bde96_d3d9.dll
Submit file
Filepath C:\Users\test22\AppData\Roaming\d3d9.dll
Size 649.5KB
Processes 3012 (HM3SOlbpH71yEXUIEAOeIiGX.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 103c525aa49b81407e72a346baa3ec19
SHA1 1ae74f6ef71b929472d28d064fc0c17d0fc54d1c
SHA256 0593eef89f1bde96f5d469281de905717e9b38a70d9b374c9c3193fcb740a22d
CRC32 20EC9052
ssdeep 6144:ZaHgJLlHUmYnuOZ1WuFv4cHSdzZU8QZgWhKrUrTAeT5CbdiAAxDCDb2+W:ZaHCXYnukUzZU8bWhjIKqFAxDCf2+
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis