popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name fe8e63e7e59a274a_winstart.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\winstart.exe
Size 223.5KB
Processes 2636 (cp.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 aed4c0c1a8eddddad6e556442795f474
SHA1 53df97729cb9adf5b4a9e7214ce9677ebda9167c
SHA256 fe8e63e7e59a274abab2a40d63458baec9db24511a52c3f1151a70fbb7e3345d
CRC32 B1BB1E21
ssdeep 3072:jGmrRiCFi937O+a3p65qvSar/g8MVtDKO0auu:jrrRHi9F77C
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Antivirus - Contains references to security software
  • Is_DotNET_EXE - (no description)
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 08e5b2bd3afab7f6_winstart.lnk
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winstart.lnk
Size 732.0B
Processes 2636 (cp.exe)
Type MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Sun Jul 28 19:20:28 2024, mtime=Sun Jul 28 19:20:28 2024, atime=Sun Jul 28 19:20:28 2024, length=228864, window=hide
MD5 003ab159de6e2eb04adfa713df42a3cb
SHA1 91f9e19bdf682fb85252408b0e739a34ce7e4c8c
SHA256 08e5b2bd3afab7f66d3664576487b07812a550f1334c86ee7432fe42696508a7
CRC32 8371D81E
ssdeep 12:8+BQCq4cZCrR8EvSEnCSLWvdQ/WizCCOLAHDoc0NEghdN:8VwsERdlTielzNCFNEydN
Yara
  • lnk_file_format - Microsoft Windows Shortcut File Format
  • Lnk_Format_Zero - LNK Format
VirusTotal Search for analysis