popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 9ae4784f0b139619_pyld611114.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\pyld611114.exe
Size 14.5MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 43bce45d873189f9ae2767d89a1c46e0
SHA1 34bc871a24e54a83740e0df51320b9836d8b820b
SHA256 9ae4784f0b139619ca8fdadfa31b53b1cbf7cd2b45f74b7e4004e5a97e842291
CRC32 D9294A44
ssdeep 393216:4PsdXtBcda7nzo7Vd7Qv1CPwDvt3uFRCvfxlXnwXAaGueVW3XSdEVB3:4ITkS6
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • ftp_command - ftp command
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE64 - (no description)
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 3a255c0024916f19_590aee7bdd69b59b.customDestinations-ms~RF14705c.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF14705c.TMP
Size 7.8KB
Processes 2180 (powershell.exe) 2780 (powershell.exe)
Type data
MD5 6fd29def73b2779e0ae71c4eecd304f7
SHA1 4ba660e4db856e04eb93a01c59ee764259ec55e7
SHA256 3a255c0024916f19c5b3f5d4aa5cde453cc5d90b0784a15f0456e57e71a764b6
CRC32 1F966CD8
ssdeep 96:ctuCeGCPDXBqvsqvJCwo5tuCeGCPDXBqvsEHyqvJCworDPtDHXyf2lUVul:ctvXo5tvbHnorxTyQ
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 397a1dd2d8dcde26_printui.dll
Submit file
Filepath C:\Windows \System32\printui.dll
Size 13.6MB
Processes 2520 (usvcinsta64.exe) 2988 (cmd.exe)
Type PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5 6cd5395f5675abbf7644268f0023b0bd
SHA1 f64379354ef7d7261d7c8250f98c515ddbdf577d
SHA256 397a1dd2d8dcde26f5d22ae33afbf6c6201920f8d27ee213b65896fe99944239
CRC32 AF5B5E4A
ssdeep 393216:BPsdXtBcda7nzo7Vd7Qv1CPwDvt3uFRCvfxlXnwXAaGueVW3XSdEVB3:BITkS6
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • ftp_command - ftp command
  • Malicious_Packer_Zero - Malicious Packer
  • IsDLL - (no description)
  • IsPE64 - (no description)
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name ffe2d56375bb4e8b_libwinpthread-1.dll
Submit file
Filepath C:\Windows\System32\libwinpthread-1.dll
Size 51.5KB
Processes 1688 (printui.exe)
Type PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
MD5 9dc829c2c8962347bc9adf891c51ac05
SHA1 bf9251a7165bb2981e613ac5d9051f19edb68463
SHA256 ffe2d56375bb4e8bdee9037df6befc5016ddd8871d0d85027314dd5792f8fdc9
CRC32 8ADEE4D9
ssdeep 768:fE20UsQSmxsJ/jPxsiFFnoCImovqcyz88rtYNChvThLaim3Yu/g/D8:cis0sP5FBQ7vU9BYshtaim3Yuo78
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE64 - (no description)
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 6f974da162259619_winlogsvc
Submit file
Filepath C:\Windows\System32\winsvcf\winlogsvc
Size 400.0B
Processes 1688 (printui.exe)
Type data
MD5 5b5e3152b3862fb64a11f90d69d3f481
SHA1 bf9f3a4201897a77f41e5434b128317c43c9ebaf
SHA256 6f974da1622596197b659cbc9e7d5d0bb3aa497b3330c73066a4d873dabb5ec7
CRC32 7B8B8C0F
ssdeep 12:qm4BYhVXAst2cx7OxeM5Uww4BN/Qfxsmhhaw:qmYyX2CM5r/Xmhhaw
Yara None matched
VirusTotal Search for analysis
Name ffac21dd5ae0e22a_x748413.dat
Submit file
Filepath C:\Windows\System32\x748413.dat
Size 2.2MB
Processes 1688 (printui.exe)
Type PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5 e4bd51c06cff7a34fccc4576af852afe
SHA1 d503aaff2986c8f714d0fa457125be566b6a9f95
SHA256 ffac21dd5ae0e22a1dc423361ecbfe5d73f2f11db5a1f6906b03b2a0a2b6612c
CRC32 A33D96D4
ssdeep 24576:IIVkvsArhlpgxVnHkVnya+h0lhSMXlMDXg87/iXAah0lhSMXlDT/Z6Po7al9Nbtw:IMkkA1EHGnLag8TL3J6P7FGcjq
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsDLL - (no description)
  • IsPE64 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name cf131738f4b5fe3f_libiconv-2.dll
Submit file
Filepath C:\Windows\System32\libiconv-2.dll
Size 1.8MB
Processes 1688 (printui.exe)
Type PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5 158bc77453d382cf6679ce35df740cc5
SHA1 9a3c123ce4b6f6592ed50d6614387d059bfb842f
SHA256 cf131738f4b5fe3f42e9108e24595fc3e6573347d78e4e69ec42106c1eebe42c
CRC32 E328B528
ssdeep 24576:SAlxpPnBAUZLY9OVbbTiZGavkg3NyeuQ6l9fH+f2ykqZrkgecviRd7mQFz:DPnBAUZLY9OEZGaXBuQQ9e2YYUQFz
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE64 - (no description)
VirusTotal Search for analysis
Name a25db94ff6564067_libpq.dll
Submit file
Filepath C:\Windows\System32\libpq.dll
Size 311.0KB
Processes 1688 (printui.exe)
Type PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5 7eee6a30591a00c01f78007e954b502c
SHA1 360ff971de182db92ac8c785a6558b8510ee954c
SHA256 a25db94ff6564067ad5a54dcbdbb4feebae24a58fab0b7f9262f89dd00d5dc63
CRC32 0C54D5D4
ssdeep 6144:+JaSRPj+16OHFy0e94o5qyPvHlY0aBHzI4l/47Mx7apSPNHy:c/Pj2/y0e945GC0at2Ow
Yara
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsDLL - (no description)
  • IsPE64 - (no description)
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 1125ac8dc0c4f5c3_libintl-9.dll
Submit file
Filepath C:\Windows\System32\libintl-9.dll
Size 464.6KB
Processes 1688 (printui.exe)
Type PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5 e79e7c9d547ddbee5c8c1796bd092326
SHA1 8e50b296f4630f6173fc77d07eea36433e62178a
SHA256 1125ac8dc0c4f5c3ed4712e0d8ad29474099fcb55bb0e563a352ce9d03ef1d78
CRC32 51CC3F73
ssdeep 12288:YoSRYqB/kDraXbQTNRC6RsclS8DzT6Bam:+YY/kDraLQTNRCPWDzT6Bam
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE64 - (no description)
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 0c396f737c1decd3_usvcinsta64.exe
Submit file
Filepath C:\Windows\System32\usvcinsta64.exe
Size 14.0MB
Processes 292 (pyld611114.exe) 2792 (cmd.exe)
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 11ddc0a34bac7ab099d2ee8d9817bf58
SHA1 c9bd99f91118fca4e1bfdebc36cded5b09be39d0
SHA256 0c396f737c1decd395926cb52cc9f3d2ad1a3eee5290db62197cf617f2f0e554
CRC32 0D40729A
ssdeep 393216:3PsdXtBcda7nzo7Vd7Qv1CPwDvt3uFRCvfxlXnwXAaGueVW3XSdEVB3:3ITkS6
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • ftp_command - ftp command
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE64 - (no description)
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name eee42eabc546e5aa_ucrtbased.dll
Submit file
Filepath C:\Windows\System32\ucrtbased.dll
Size 1.7MB
Processes 1688 (printui.exe)
Type PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5 c3130cfb00549a5a92da60e7f79f5fc9
SHA1 56c2e8fb1af609525b0f732bb67b806bddab3752
SHA256 eee42eabc546e5aa760f8df7105fcf505abffcb9ec4bf54398436303e407a3f8
CRC32 8E6E4325
ssdeep 24576:JUV0C8E3W4JoceLErS6P0qoc6uoPrT5PgVBHmaw+zrGOzli7Gi0m9ZRXyYk:i8/B90ozghlGJ7js
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE64 - (no description)
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name ae8951ad96124a39_zlib1.dll
Submit file
Filepath C:\Windows\System32\zlib1.dll
Size 88.5KB
Processes 1688 (printui.exe)
Type PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5 bb78414fb31b53ef8fad8afbedbb834c
SHA1 2ca62ed9a628e17887c0c9e5c07a2cc44b926ef8
SHA256 ae8951ad96124a39b63610d7a5a53b446fc7f19151ac1d8e5ac15e8c88227ebf
CRC32 9F3F8D9E
ssdeep 1536:EarCl5V5lEwda1RnSbFfbpYwayRyivl9bEKIOcIOZgyZ6rM3SIryPoIKr:EKcV5lEwUbShbpbaCpvsYSZgU6A3SIrf
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE64 - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name dcc1fa1a341597dd_libcrypto-3-x64.dll
Submit file
Filepath C:\Windows\System32\libcrypto-3-x64.dll
Size 4.5MB
Processes 1688 (printui.exe)
Type PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5 158f0e7c4529e3867e07545c6d1174a9
SHA1 9ff0cccb271f0215ad24427b7254832549565154
SHA256 dcc1fa1a341597ddb1476e3b5b3952456f07870a26fc30b0c6e6312764baa1fc
CRC32 6096F226
ssdeep 98304:E1+WtBcda7nzo7Vd8qQQPQ1CPwDvt3uFGCC:gXtBcda7nzo7Vd8qQQY1CPwDvt3uFGCC
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE64 - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name ba979c2dbfb35d20_libssl-3-x64.dll
Submit file
Filepath C:\Windows\System32\libssl-3-x64.dll
Size 799.0KB
Processes 1688 (printui.exe)
Type PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5 69d0fee0cc47c3b255c317f08ce8d274
SHA1 782bc8f64b47a9dcedc95895154dca60346f5dd7
SHA256 ba979c2dbfb35d205d9d28d97d177f33d501d954c7187330f6893bb7d0858713
CRC32 AC938DA3
ssdeep 12288:NGbc08emtUas2F158w1T4qLgl85MNRlqnZ5ydEVB3i:NGoL9W0lJ5cR9dEVB3
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE64 - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 47d031a636f58fe3_590aee7bdd69b59b.customDestinations-ms~RF14aebd.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF14aebd.TMP
Size 7.8KB
Processes 2780 (powershell.exe) 3040 (powershell.exe)
Type data
MD5 6680602350df08222761154bd81e067a
SHA1 8e52d83f252d84ff14a8c119e56b81b7f0d49159
SHA256 47d031a636f58fe31b9fba766bf9e76a49c3e68358626683b341d5bd16bd3214
CRC32 A0944A6C
ssdeep 96:ctuCeGCPDXBqvsqvJCwo5tuCeGCPDXBqvsEHyqvJCworDq6tDHXyf2lUVul:ctvXo5tvbHnoruqTyQ
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name a77277af540d411a_vcruntime140d.dll
Submit file
Filepath C:\Windows\System32\vcruntime140d.dll
Size 128.8KB
Processes 1688 (printui.exe)
Type PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5 f57fb935a9a76e151229f547c2204bba
SHA1 4021b804469816c3136b40c4ceb44c8d60ed15f5
SHA256 a77277af540d411ae33d371cc6f54d7b0a1937e0c14db7666d32c22fc5dca9c0
CRC32 E726EE45
ssdeep 1536:QB6NlnzaWMj6FBknM+eHLEQE9gHAWdwfP5sd4Sohg7vMHvqZecb399R0BqZEBFP:QBYl5MOcM1HAb1wM0ecb39/0BqZEjP
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE64 - (no description)
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 941cb9145aca265c_console_zero.exe
Submit file
Filepath C:\Windows\System32\console_zero.exe
Size 466.5KB
Processes 1688 (printui.exe)
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 74cf33f8c2fcb56f749aaf411b9ae302
SHA1 934fc91ee0ab5d8879e26bd9a5f002edcb474602
SHA256 941cb9145aca265c4e209ef54c14e746696f198c48ce216a0f3fcdab23db877e
CRC32 26F085D3
ssdeep 6144:gxB2z8RCqsezXL7YiebX6u+bjq7TC78Vd29ZXph0lhSMXlBXBWnZLcN5hwcf:UIqt7M2bjqnC7m2Xph0lhSMXliZLcF
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 334b66ba0dc0eed2_printui.exe
Submit file
Filepath C:\Windows \System32\printui.exe
Size 60.5KB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 6cb8923169ca734dbb2706b56a0ba5ef
SHA1 1de97a2c9f8271355c75dfd417ba1b2f8e362b0d
SHA256 334b66ba0dc0eed2a9f842a86d755edcce6a0fdffeb153eb6a6dd9ed0d88683c
CRC32 F24057EB
ssdeep 768:4BvJQK5vI1iQfCIWVM9G4qW4ne+S/ly+PKAoXRZX6fbX57UWkCRPPA7/Qn1:eJHVIPd4n+lbeRZIbSQPPA7w
Yara
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE64 - (no description)
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 78993f8e7ac2d139_libcurl.dll
Submit file
Filepath C:\Windows\System32\libcurl.dll
Size 548.0KB
Processes 1688 (printui.exe)
Type PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5 93f8f5133ed40262b9fd437915718b82
SHA1 a18e34f2e1ecada88249d5b6a87f137a2a1e5041
SHA256 78993f8e7ac2d139a8b7198f229d8ef1ba2000d7eb1b07fb7aa4fcccf7786151
CRC32 E2CEDE1B
ssdeep 12288:0u3rEnX6Gtd3+XZRnRNvNu86p07GZiDnwXA3qGueVW08G:d7EnX/L3+p7NvNu8OqnwXA3qGueVWG
Yara
  • PE_Header_Zero - PE File Signature
  • ftp_command - ftp command
  • IsDLL - (no description)
  • IsPE64 - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis