popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name d6431d5645fffd05_d93f411851d7c929.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size 7.8KB
Processes 2140 (powershell.exe)
Type data
MD5 260d23ce04a8f8555a73b7d2dc15e911
SHA1 ebad746fb7de847c50f7502a44f6e35534733efd
SHA256 d6431d5645fffd05a23166d630253bc7ce8c099cf6e9c956f8ae5e1249ee8588
CRC32 11D6B213
ssdeep 96:ctuCeGCPDXBqvsqvJCwo5tuCeGCPDXBqvsEHyqvJCworSP7Hwxf2lUVul:ctvXo5tvbHnorrxQ
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 064c59b3a8b03e6c_2uuvatmjlx7l1otcruqpqmbz.exe
Submit file
Filepath C:\Users\test22\AppData\Local\2UuVAtmjLx7l1otCRUqPqmbZ.exe
Size 264.0KB
Processes 776 (CasPol.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 7d965b121fbddfc9365634a2d04b3e27
SHA1 9daea9fd6d474ff7d0ce2a475575e49c2412d7e8
SHA256 064c59b3a8b03e6c733f88483fd675d99bc805399c55d4a1a7b613aa20d08de8
CRC32 E7DD7EA6
ssdeep 3072:k7B9qLlNkgF1VD7aMWCGNpYg3enJDRV5TlN+LkNoRewP6:F1F1FNCYien5rSkNoRe
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 2cb4d2dd842b6d47_w15mrxghakyact7djjkculm7.bat
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\w15mrXgHAkyAcT7dJJkculm7.bat
Size 70.0B
Processes 776 (CasPol.exe)
Type ASCII text, with no line terminators
MD5 3bfefb006634dc99dee7be7b956bcb1d
SHA1 41237a7b11e40f0705d0dfc475f7287308191eaa
SHA256 2cb4d2dd842b6d47626f18ddf6c90f6c06594dc9195b632369bb3c1657950abb
CRC32 D0A85FC7
ssdeep 3:Ljn9m1mWxpcL4E2J5XKVA3+Cl:fE1mQpcLJ23iATl
Yara None matched
VirusTotal Search for analysis
Name 4f375931016c6527_on4lsewfp5s3byzqh9vhlfbh.bat
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\on4lsEWFP5S3BYZqH9VhlFbH.bat
Size 70.0B
Processes 776 (CasPol.exe)
Type ASCII text, with no line terminators
MD5 2b8810693fb82ca1ef67338f0762db6c
SHA1 c5f575244309552e02f6c04348b131ba3a955040
SHA256 4f375931016c652794c39d84b3e9ff45f04c456ab05e228985c0cc9c10dd86c3
CRC32 E233D64C
ssdeep 3:Ljn9m1mWxpcL4E2J5wqXpmmIXmn:fE1mQpcLJ23wIPAm
Yara None matched
VirusTotal Search for analysis
Name 370532fc20afa0e7_ud9wajt4i8eoa2ahbsb1vwqo.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Ud9WaJT4i8EoA2aHBSB1VWQO.exe
Size 7.3MB
Processes 776 (CasPol.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 43a4c130cb9c41aee2554d613e1f8be7
SHA1 7984fe8344a0708061c7b845bf7b43d0747d744c
SHA256 370532fc20afa0e78ac802d1656e1f4458328743432022909b454d5c548db302
CRC32 F4943D78
ssdeep 196608:91OPfBLOTieu3Al76MLxOVkAEI3pQp+x3tZC6aSKn2tCdp:3OxLOe8lPtOVkAt3SYt4yv4
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis