popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 0289ed449236c270_setup64.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\sib3323.tmp\0\setup64.exe
Size 13.8MB
Processes 3064 (OInstallLite_x64.exe)
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 8ac6e3e2059145eeec60f7d5ff3abb0b
SHA1 69df4f0157432616e9e0019b46ed1a285034fa9e
SHA256 0289ed449236c270afb004af5a3e483b2c8d778c7a001b07181951ec12e50a68
CRC32 C570D69E
ssdeep 196608:+hzeqFWPCFJybY7+AkZGvkhfO/7QyOU7XGW/F/P9w9xiXGqXCdUjdLV:ECqFTywoCkhfO/zFXGW/F/P9wXiXzThV
Yara
  • Malicious_Library_Zero - Malicious_Library
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • PE_Header_Zero - PE File Signature
  • ftp_command - ftp command
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE64 - (no description)
  • VBScript_Check_OS - VBScript Check OS
  • DllRegisterServer_Zero - execute regsvr32.exe
  • Antivirus - Contains references to security software
  • anti_vm_detect - Possibly employs anti-virtualization techniques
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 04ba4487f95290e0_cleanospp.exe
Submit file
Filepath C:\files\x86\cleanospp.exe
Size 25.8KB
Processes 564 (files.dat)
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 98821a7a5737d656633d10a3afb724bd
SHA1 0307ba03137de39735c6e5bde8afd22d5279f0f9
SHA256 04ba4487f95290e0b0557b44300c18f637fbaf0872ee96e3111013b8a1539f25
CRC32 3C84535E
ssdeep 384:N9FuUOvAiG0gIVDKDYgmh02HPwzi3AnXdOKV1TE54UslGsGK3:wUAAYgmO21QXPV1Y1i3
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name cbbeb5758166f4d5_sibclr.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\sib3323.tmp\SibClr.dll
Size 52.2KB
Processes 3064 (OInstallLite_x64.exe)
Type PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 6e500f73d5349991165807174fd32ada
SHA1 07a5cf87461cd3d6205c411edc5587eea39afd4e
SHA256 cbbeb5758166f4d532bb155daf3830618e4b31da0c14a66f4d16a308d7477842
CRC32 DA045295
ssdeep 1536:7yMz8ueRvU1Dc1xpHaLIa97v7AVqgwbioQ+wF:7yRvQDg76Lb97sV82F
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • Is_DotNET_DLL - (no description)
VirusTotal Search for analysis
Name f1369f222371fdcc_sibca.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\sib3323.tmp\SibCa.dll
Size 4.5KB
Processes 3064 (OInstallLite_x64.exe)
Type PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 3395339c5cb259f158ded419a176b283
SHA1 7a67d10501d28178412f1383d79b392efab7e59a
SHA256 f1369f222371fdcc62447d61d9e6fb6d4498e2b91fb1c06d986da9ff5de137ee
CRC32 3A2630AD
ssdeep 48:6QNsF7uQXGrx6KCF17v0Zder2szEFRn5FHGHWSqOPulf0MSI:5Rx+FZ2dk2sQvn5FmC90M
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • Antivirus - Contains references to security software
  • IsPE32 - (no description)
  • Is_DotNET_DLL - (no description)
VirusTotal Search for analysis
Name e3b0c44298fc1c14_nsu3246.tmp
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\nsu3246.tmp
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name caf295438040eca0_setup.exe
Submit file
Filepath C:\files\setup.exe
Size 7.3MB
Processes 2400 (setup64.exe)
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 6b6f44e4ef1ee8fb94ea28aed02964fb
SHA1 c9f845c97b5c5863682c2f38f8f1ed26377b4dfb
SHA256 caf295438040eca0632d475eeecf51a16307a23cb87dcfce796d274e8e8ff221
CRC32 D5E707CA
ssdeep 196608:hXqTPuiy2bA5G4GGxNd226ALHcXSHo36r6weCUJaI6HMaJTtGb8b:tSuiy2Qx76ALHqK6wxBb
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • Antivirus - Contains references to security software
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name be7d8a8825fde96e_static.ps1
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\sib3323.tmp\1\static.ps1
Size 5.2KB
Processes 3064 (OInstallLite_x64.exe)
Type ASCII text, with CRLF line terminators
MD5 e31e73395f06c575a6df467978781653
SHA1 d498043dc1a5392d2d1c255005b689ff70e63ad8
SHA256 be7d8a8825fde96e1fa449fd1898bc1bd01e07c31e73796fcba61c526f0f9b88
CRC32 36A99214
ssdeep 96:3fx3spmPEbhEHssT77yPIfttP5OQOcs2iqFDHinbI:3Zcp4EbhEMsT77SIftR5/GFqWs
Yara
  • Antivirus - Contains references to security software
VirusTotal Search for analysis
Name cdcd3fa3cb1ebfaf_configure.xml
Submit file
Filepath C:\files\Configure.xml
Size 836.0B
Processes 2400 (setup64.exe)
Type exported SGML document, ASCII text, with CRLF line terminators
MD5 f693e4fb8d3907e6cc44a34e1cc87296
SHA1 e3b646ddeeb72d1e2fd9e6ea654aca44d61feb5f
SHA256 cdcd3fa3cb1ebfafc98273ae52632f80b95cb9d25933ee1c7d2fdec640b264d0
CRC32 2F2D0BE4
ssdeep 12:9MFVrwGC1soAoEZ41soAoELK41soAoZJ1rnVpSd6BkO5ekSC5wWZVg5odjciLe4a:2aldl2ldH5pSNWZPi9p
Yara None matched
VirusTotal Search for analysis
Name edf85f4e2ef1a427_cleanospp.exe
Submit file
Filepath C:\files\x64\cleanospp.exe
Size 28.3KB
Processes 564 (files.dat)
Type PE32+ executable (console) x86-64, for MS Windows
MD5 d3467cb7b83b654c2d05407dc7ba2360
SHA1 af7b4fdde21434f9e8d2e90fbff7b1d64af8a0a3
SHA256 edf85f4e2ef1a427b34265a22f261d664ec78de90c3b5da4174ef28558c8522a
CRC32 52868DC0
ssdeep 384:AQAInWKpEFFzpjq37oIOU6GHq33QPiu431VPjdOKV1TQilrkK:AxWTpOFagUb2qiu43P7PV1D
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 4e3b13b56bec0e41_files.dat
Submit file
Filepath C:\files\files.dat
Size 765.8KB
Processes 2400 (setup64.exe)
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 bb5569b15d68c10b7ff2d96b45825120
SHA1 d6d2ed450aae4552f550f59bffe3dd42d8377835
SHA256 4e3b13b56bec0e41778e6506430282bbbd75ccaa600fd4b645ce37dd95b44c8e
CRC32 2CB81075
ssdeep 12288:qXRqml2fcarViUC6TViXyKxhqahbqiR6WEttE6iITi44eKwV3uSI:ygEGcarV7CqViXtxAadq/WEtO8O/en9S
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 09d5b42140bab131_uninstall.xml
Submit file
Filepath C:\files\Uninstall.xml
Size 59.0B
Processes 564 (files.dat)
Type ASCII text, with CRLF line terminators
MD5 364f86f97324ea82fe0d142cd01cf6dd
SHA1 fc2a45da2ede0c018ab8e46044e6a25765c27d99
SHA256 09d5b42140bab13165ba97fbd0e77792304c3c93555be02c3dce21a7a69c66dd
CRC32 00963AB4
ssdeep 3:3NMOoytn5HHQbyi9MOov:3NL5HHa9m
Yara None matched
VirusTotal Search for analysis
Name 2f84a196af20ae45_start.ps1
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\sib3323.tmp\0\start.ps1
Size 1.1KB
Processes 3064 (OInstallLite_x64.exe)
Type UTF-8 Unicode text, with CRLF line terminators
MD5 8b9048be76fd5f6986b1512d4e7e075d
SHA1 3de5e37aea32df21c859da0939f57ef1de305786
SHA256 2f84a196af20ae4534f147cbbe70091e892ab90db2cb7ddfd17ae3f1ba1cfb2c
CRC32 863844BF
ssdeep 24:FxYyQxGIX582XXApZfL5kz/sikrAQtSzZl+YWV:FxYyMrApVdY/s/AQt6Zl+7V
Yara None matched
VirusTotal Search for analysis
Name a9b1dc8eaa5fcd00_d93f411851d7c929.customDestinations-ms~RFdd6696.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RFdd6696.TMP
Size 7.8KB
Processes 1368 (powershell.exe) 3036 (powershell.exe)
Type data
MD5 c1d8708bab1e838a2deda26d58bb8d42
SHA1 95d39e75a804752961c139bb6c0b67f84f685035
SHA256 a9b1dc8eaa5fcd0034694cf9742ae915a5932142a1477c3ab6fada45d98750b2
CRC32 E71AF2A2
ssdeep 96:QtuC6GCPDXBqvsqvJCwoFtuC6GCPDXBqvsEHyqvJCworFS7HwxWlUVul:QtbXoFtbbHnor/xo
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name dbd8412d2109210c_sibuia.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\nsj3256.tmp\Sibuia.dll
Size 534.2KB
Processes 3064 (OInstallLite_x64.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 3c6305db9e44895e77393a81620cfda0
SHA1 e8bd8df743f2366440d9af1d39803c80b8d2b326
SHA256 dbd8412d2109210c19bb3d3d6a2aa7810b4d0390edef2b8f6445849fe3d44c81
CRC32 7AE7C610
ssdeep 12288:n1wZo0Mb8ddmou3zlNn1EbIpQ3sXfvh8c7:n1Zb8dfuibIvXfvec7
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsDLL - (no description)
  • Win32_Trojan_Emotet_1_Zero - Win32 Trojan Emotet
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 1d1a1ae540ba132f_msvcr100.dll
Submit file
Filepath C:\files\x64\msvcr100.dll
Size 809.8KB
Processes 564 (files.dat)
Type PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5 df3ca8d16bded6a54977b30e66864d33
SHA1 b7b9349b33230c5b80886f5c1f0a42848661c883
SHA256 1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36
CRC32 EDAC09D7
ssdeep 12288:3gzGPEett9Mw9HfBCddjMb2NQVmTW752fmyyKWeHQGokozS:QzJetPMw9HfBCrMb2Kc6ymyyKWewGzUS
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE64 - (no description)
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 60c06e0fa4449314_msvcr100.dll
Submit file
Filepath C:\files\x86\msvcr100.dll
Size 755.8KB
Processes 564 (files.dat)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 bf38660a9125935658cfa3e53fdc7d65
SHA1 0b51fb415ec89848f339f8989d323bea722bfd70
SHA256 60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa
CRC32 14EE1F12
ssdeep 12288:yMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BV0eAI:dmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV4I
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis