popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 6c6af015e0bfec69_ccwkrlib.dll
Submit file
Filepath C:\ProgramData\AviraProductFamily\ccwkrlib.dll
Size 128.0MB
Processes 2544 (Helpstore.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 463edd427483862d9d4c5c565ff668d6
SHA1 a299806936189d967e716723935bd25f10646565
SHA256 be5b2c58292f31074d4f1c8c1c292b6ac50606a94aa096b510b08510aa3fab64
CRC32 37160827
ssdeep 3072:T99szqbwVch0v9+cjrPlKBekRUtEbVuj343RS5OiOMRWGU:590uhYrgB/UCJuj34cOOWGU
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 8f92e935d65d0db1_~EC73.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\~EC73.tmp
Size 1.2MB
Processes 2544 (Helpstore.exe)
Type Microsoft Cabinet archive data, 1305181 bytes, 1 file
MD5 361ab016855f96f11ec7456c0817a604
SHA1 c98bb78b9941ebb9f0032fc8e9bee29a78fa7897
SHA256 8f92e935d65d0db100fe89f6bd66245ab7d2c3947049791e048c2cddd572d33c
CRC32 2FA590ED
ssdeep 24576:yYIXhbQwncaNhSu51891k9+/t9LfRBW6ul7EK7JnheLQpsYmc3XJiRiXS:AhHcKt5188it9LfG6ulQknhekqYmcHw5
Yara
  • Antivirus - Contains references to security software
  • CAB_file_format - CAB archive file
VirusTotal Search for analysis
Name 4d22ee588789d00c_res.rc
Submit file
Filepath C:\ProgramData\AviraProductFamily\RES.RC
Size 32.0KB
Processes 2544 (Helpstore.exe)
Type data
MD5 0f92e98c922a4309194114917ac8b17f
SHA1 78ec623b3b0532c1461e7ea46c38cc1b655adf32
SHA256 4d22ee588789d00cdbae100f64fcd75e92779463c1f6ada866e131e238016b1b
CRC32 3BB935B2
ssdeep 384:pLK++Q4isaz0NaPsbcrtpLHQTh7cWxc7ekXQyNKQtIixb/X/AHZRWIGABGVLjmpr:pP+QsIUbchpQtc1qHQtUTBGVLj8r
Yara None matched
VirusTotal Search for analysis
Name d51b187d3d3bdcd4_avcenter.exe
Submit file
Filepath C:\ProgramData\AviraProductFamily\avcenter.exe
Size 2.7MB
Processes 2544 (Helpstore.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 2b288dd03db8bb2426de9101fc61e9a6
SHA1 fe22cd98f33ed674f0a20e9ed7fc4956921274ea
SHA256 d51b187d3d3bdcd4841a8bdbe3306e223647c673156e868c71c9b241ca48ea2b
CRC32 82265633
ssdeep 49152:jnDdPffCVmaLGYvHVMv5Mck3P6yhKGkZ565Sjh5WqNQ8S80kbzaTh/v:XdnfClLGYvVMv5Mck3P6yhKGkZM5Sjhm
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Antivirus - Contains references to security software
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name c9bfbc1a40e9d955_~EC75.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\~EC75.tmp
Size 13.1KB
Processes 2544 (Helpstore.exe)
Type Microsoft Cabinet archive data, 12604 bytes, 1 file
MD5 bc2cc8e159cabf539c22f0ce0f6f5f88
SHA1 1539ead46ccf007f1074524e49a1f82ecf41ba54
SHA256 c9bfbc1a40e9d95576a13d8e7203ecaf14fff996e0e7f2ab5649ddca1a4efbf2
CRC32 1E2E03C5
ssdeep 384:VJWCOVn2gedrU/OVTNpFOA++lphaRyU5L1gnK5:8VnsU2eA7fhaRhpg
Yara
  • CAB_file_format - CAB archive file
VirusTotal Search for analysis
Name f8c119bfc057dc02_~EC74.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\~EC74.tmp
Size 54.6KB
Processes 2544 (Helpstore.exe)
Type Microsoft Cabinet archive data, 55892 bytes, 1 file
MD5 460b1a96cf8a55535ba3cdee7f6a5e5a
SHA1 893cefcd6d48409e5aa78d2587d3c30a0a6df90b
SHA256 f8c119bfc057dc027e6c54b966d168ee1ef38c790e581fb44cf965ca0408db1d
CRC32 15798D8B
ssdeep 1536:KVY3Uef5blG3fG7ZGfN6oyusklNBoRhQn:KqEexsG7ZC6oykYR2n
Yara
  • CAB_file_format - CAB archive file
VirusTotal Search for analysis