popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name d757263bdbcdb4ae_produktionskden.slu
Submit file
Filepath C:\Users\test22\AppData\Local\peggle\produktionskden.slu
Size 7.6KB
Processes 2572 (sahost.exe)
Type data
MD5 2bb28d61ddf2533ccbb803ddbe326bdc
SHA1 8b7c2571f544ec2aed6ac232d561fee3016d99c8
SHA256 d757263bdbcdb4ae46691df9bcb12e168f745a5716a9feea75c20e359e2ad2af
CRC32 863FDD2C
ssdeep 192:cvQVyl9vo9vkEB/g8s5GI4SGvPEu/mVI1PVpb80:c4V4xbEdR8T4SaFuVI7
Yara None matched
VirusTotal Search for analysis
Name 4883cd4231744be2_langdll.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\nstF6E4.tmp\LangDLL.dll
Size 5.5KB
Processes 2572 (sahost.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 08de81a4584f5201086f57a7a93ed83b
SHA1 266a6ecc8fb7dca115e6915cd75e2595816841a8
SHA256 4883cd4231744be2dca4433ef62824b7957a3c16be54f8526270402d9413ebe6
CRC32 D761A6E9
ssdeep 48:S46+/1TKYKxbWsptIpBtWZ0iV8jAWiAJCvxft2O2B8mLofjLl:zHuPbOBtWZBV8jAWiAJCdv2CmeL
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 298d4a8a68181b21_guddomme.gen
Submit file
Filepath C:\Users\test22\AppData\Local\peggle\Guddomme.Gen
Size 99.8KB
Processes 2572 (sahost.exe)
Type ASCII text, with very long lines, with no line terminators
MD5 f564f6fdde367bb7965fc8392eaa978b
SHA1 d23bf8557e4d61cddd87ea919b2a4f03040d78b4
SHA256 298d4a8a68181b2151e3fd186faa6f6a6630c5e3a07db210a524e003d8cc0f38
CRC32 523516F6
ssdeep 1536:D6PUYGxKE1W3MTonGMuGvbHUogVP09X7NOVzaqcKueY8NW799s:/hWzGayzaV1s
Yara
  • Suspicious_Obfuscation_Script_2 - Suspicious obfuscation script (e.g. executable files)
VirusTotal Search for analysis
Name 17931d5fa3f3e93f_cuddled.txt
Submit file
Filepath C:\Users\test22\AppData\Local\peggle\cuddled.txt
Size 469.0B
Processes 2572 (sahost.exe)
Type ASCII text, with CRLF line terminators
MD5 3483fab1a78f10e7784ca3ca3150b2ca
SHA1 fe5e671a0a0d3b278bef62e29d3bc95a6b842b82
SHA256 17931d5fa3f3e93fe13344de61e8239d41a1b7b603493f07aa5a04d131557592
CRC32 D3E9CB90
ssdeep 12:SqmZZmYO+JMI95DvGK9yfxLXILabVNUXUSb8ztLy:zmXlMc5DeK9ypL4LahCXP8Be
Yara None matched
VirusTotal Search for analysis
Name acf90ab6f4edc687_system.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\nstF6E4.tmp\System.dll
Size 12.0KB
Processes 2572 (sahost.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 6e55a6e7c3fdbd244042eb15cb1ec739
SHA1 070ea80e2192abc42f358d47b276990b5fa285a9
SHA256 acf90ab6f4edc687e94aaf604d05e16e6cfb5e35873783b50c66f307a35c6506
CRC32 3ECDAF87
ssdeep 192:MenY0qWTlt70IAj/lQ0sEWc/wtYbBH2aDybC7y+XBaIwL:M8+Qlt70Fj/lQRY/9VjjgL
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 8f73ab5e525b8659_nsec.tar
Submit file
Filepath C:\Users\test22\AppData\Local\peggle\nsec.tar
Size 6.2KB
Processes 2572 (sahost.exe)
Type data
MD5 39dcabfd6c10c19cc2d532b2c03e57ea
SHA1 1b2813c18ff9f2f6344704133e579a70d623f0e2
SHA256 8f73ab5e525b86591b138f15fd4315876f07f0222683711d84a56966c5901a9f
CRC32 5CDB1BFF
ssdeep 96:YPAr4BCbpOje1kysgOM27luhZl9ubZmlRe9zKOfTKeDxy8nO433trIO8syU+B8:Y4rSje1FI85uU78hTTDUB433tkGCu
Yara None matched
VirusTotal Search for analysis
Name 6f3094d50c44e9b8_kontraktforholdene.aro
Submit file
Filepath C:\Users\test22\AppData\Local\peggle\Kontraktforholdene.Aro
Size 314.3KB
Processes 2572 (sahost.exe)
Type data
MD5 21d9e5a1e5ee62378ee957c2e35f2814
SHA1 78e5720f9ac016d29bd6d9fd5ed70e9787243082
SHA256 6f3094d50c44e9b8d4930486a05d114409f3ea6bd53762a61306030982287a5e
CRC32 79CBB900
ssdeep 6144:OYMkqvMYp82l3vmFTgQgHO+77GXXOUb8vrqpu06m2lttMwFYg:O1kJYp8o3vegQiO+7Metrqpu06m2lvug
Yara
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name e3b0c44298fc1c14_nslF145.tmp
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\nslF145.tmp
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name bd2421d6c1b53d01_opspring.dia
Submit file
Filepath C:\Users\test22\AppData\Local\peggle\Opspring.dia
Size 8.3KB
Processes 2572 (sahost.exe)
Type data
MD5 82a269f5bae8475eacd0e5cf4c7fa6db
SHA1 e50aa449bfeab5c72eb98bf0f98d16c7b5846e23
SHA256 bd2421d6c1b53d016f7c61004bfa7640a36a25686d29d87372d736e241ad5314
CRC32 9DEE6BC4
ssdeep 192:MVenofP5CL1Vkht0EjXViZ/jjRI6CUwHC6dqSAzZ+PHPwEc2VO:9s5CLwIaXkZLjMrC2EZ+PvwX
Yara None matched
VirusTotal Search for analysis
Name 706a3591732ab4fc_piggy.riv
Submit file
Filepath C:\Users\test22\AppData\Local\peggle\piggy.riv
Size 9.8KB
Processes 2572 (sahost.exe)
Type data
MD5 0843d03d3c1cc92613470216de0ef1a1
SHA1 ac8e656c3a2044b4fc51b38ba985e57eabf0b995
SHA256 706a3591732ab4fc5a227386e6c3b32592f9a5467327c876d45a3070035c844b
CRC32 34AE4501
ssdeep 192:A9k5U5K4UkC9ZN17ktv4u2vwusr8JwlHRPguH48XsSNdJOAosgASLfljirw:AsMtlCHTwCu29K8uJRhH488oJ4MSzc0
Yara None matched
VirusTotal Search for analysis
Name 4336f9f5f28e007e_overfamiliarly.lit
Submit file
Filepath C:\Users\test22\AppData\Local\peggle\Overfamiliarly.lit
Size 1.8KB
Processes 2572 (sahost.exe)
Type data
MD5 19ad849311a96a6e4cf732f801e4e82f
SHA1 097a4d680e6ec048650497bf0a5de57045435ac2
SHA256 4336f9f5f28e007e6a48a5b2078d04fcbfabddf8fa91c7a1a1496965459600f2
CRC32 16BFBFBF
ssdeep 48:PO0abdHVY7V/JaLI57SrGchj45PxgrHS/r/:m2zacoGlgy/r/
Yara None matched
VirusTotal Search for analysis