popup
Dropped Burrfers | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Buffers

Name 92ddd4037db66d828822b971367850bd0690bf5a
Size 4.5KB
Type PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 db34fda1537ea3d7a047c6f361256e77
SHA1 92ddd4037db66d828822b971367850bd0690bf5a
SHA256 08f23c75858e25be010165e3e6dd5bc5d618745db6e662d1a0a51e82d9db9366
CRC32 C485D121
ssdeep 48:6QsF7uQXGrx6KCF17v0Zder2szXRnaFHGHWSqOPulC0M3I:BRx+FZ2dk2s9naFmCU0M
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • Antivirus - Contains references to security software
  • IsPE32 - (no description)
  • Is_DotNET_DLL - (no description)
VirusTotal Search for analysis
Name 07a5cf87461cd3d6205c411edc5587eea39afd4e
Size 52.2KB
Type PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 6e500f73d5349991165807174fd32ada
SHA1 07a5cf87461cd3d6205c411edc5587eea39afd4e
SHA256 cbbeb5758166f4d532bb155daf3830618e4b31da0c14a66f4d16a308d7477842
CRC32 DA045295
ssdeep 1536:7yMz8ueRvU1Dc1xpHaLIa97v7AVqgwbioQ+wF:7yRvQDg76Lb97sV82F
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • Is_DotNET_DLL - (no description)
VirusTotal Search for analysis
Name 099b916641cdb3cb66aa9242bcb92b00ebce8475
Size 18.7MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 80f8a2ffd54a73c6cc17f427d10dd1da
SHA1 099b916641cdb3cb66aa9242bcb92b00ebce8475
SHA256 2ff9f800cfe3e450b9feb25c171c6813c6e100506068fd4da25a5c7255d6b0dc
CRC32 F5309C8D
ssdeep 393216:gCqFTywoCkhfO/zFXGW/F/P9wXiXzThRmeC/+pWt0p+:gXFTXRkdObGXYztRyMa0c
Yara
  • PhysicalDrive_20181001 - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • Network_Downloader - File Downloader
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • PE_Header_Zero - PE File Signature
  • ftp_command - ftp command
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE64 - (no description)
  • VBScript_Check_OS - VBScript Check OS
  • DllRegisterServer_Zero - execute regsvr32.exe
  • Antivirus - Contains references to security software
  • anti_vm_detect - Possibly employs anti-virtualization techniques
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name d498043dc1a5392d2d1c255005b689ff70e63ad8
Size 5.2KB
Type ASCII text, with CRLF line terminators
MD5 e31e73395f06c575a6df467978781653
SHA1 d498043dc1a5392d2d1c255005b689ff70e63ad8
SHA256 be7d8a8825fde96e1fa449fd1898bc1bd01e07c31e73796fcba61c526f0f9b88
CRC32 36A99214
ssdeep 96:3fx3spmPEbhEHssT77yPIfttP5OQOcs2iqFDHinbI:3Zcp4EbhEMsT77SIftR5/GFqWs
Yara
  • Antivirus - Contains references to security software
VirusTotal Search for analysis