popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 50ea6c698e72e13b_hi_due8zkhysjwacrwavmqyu.exe
Submit file
Filepath C:\Users\test22\Documents\iofolko5\HI_DUe8ZkHySJWaCrwaVMQYu.exe
Size 17.0B
Processes 2528 (RegAsm.exe)
Type ASCII text, with no line terminators
MD5 c965aa525ae4cfbc3b45c6b7e9271a59
SHA1 3a84d4c1c9277173b530263107af4caf1f61213f
SHA256 50ea6c698e72e13b8132b66bbca9479b7f4815ebb2f8adb3ca1cfec79523107e
CRC32 1C78BB2E
ssdeep 3:Obyo:ObV
Yara None matched
VirusTotal Search for analysis
Name 0ad3bca28149eb3c_zwg_0nh8ldrg3bg1p_ze4sgk.exe
Submit file
Filepath C:\Users\test22\Documents\iofolko5\Zwg_0nH8LDRG3bg1P_Ze4SGk.exe
Size 77.1KB
Processes 2528 (RegAsm.exe)
Type PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 fe8c7afb41b40dde018e7406e132c0b1
SHA1 3a16472621c8232a7075cdeebc48dca867c48084
SHA256 a93a074ae7d97ab8752fc3cc682c7c0d2c6581d4e15c937ba5d0edc2d2ce2494
CRC32 6EE49000
ssdeep 1536:05IgzsHSOVWQRP/xvdGstNxSCLLUWsABI6JyhnBvieInq7wxJOgZ8e:zwCP/xFGstNxS4UnouhB69nq7wxJl+e
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name eba091f4887e9bc9_ynt9jksdanqdycrhrs0i4kbz.exe
Submit file
Filepath C:\Users\test22\Documents\iofolko5\ynT9jksdANQDYcrhrs0i4kBz.exe
Size 77.1KB
Processes 2528 (RegAsm.exe)
Type PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 db0b9e99de0195f91722b6153a68f06b
SHA1 7321686e37f27446a5599bd0c2eba4435ab5f7f0
SHA256 04c6042d2de8b53862f62f28107c4a5c22f8de9b6cc90b445b7c93e9e3ca8f2e
CRC32 8040D9C9
ssdeep 1536:l9N5C7xHsESCNQr5cWVMibLPn7mKxOYw7ef3L0H91OuGvot5kTZiwt:lD5OHsESi+SK7LP7JxObC0dtGvot5yt
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 98f576bf9c2b7f7c_tonnf7gkpuffrvflglwwjj7c.exe
Submit file
Filepath C:\Users\test22\Documents\iofolko5\ToNNf7GKpUFfrvfLglWwjJ7c.exe
Size 77.1KB
Processes 2528 (RegAsm.exe)
Type PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 472edf39fb211b88c5d1cfae888a4048
SHA1 c09f0de4ffe7ed2d422aa5267394b49aabb2bec8
SHA256 3905d515a9f3f056ef7068850a7db0c1fc9c87bc69d2f20361147d6c83c3b030
CRC32 834728C0
ssdeep 1536:iqs+NqBUlbG6jejoigIk43Ywzi0Zb78ivombfexv0ujz:AuCMYk+zi0ZbYe1g0uH
Yara
  • MALWARE_Win_VT_RedLine - Detects RedLine infostealer
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • RedLine_Stealer_b_Zero - RedLine stealer
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name abf88cbe8a21804c_vmfgau0yunlcvmqi6p941hex.exe
Submit file
Filepath C:\Users\test22\Documents\iofolko5\vMfgaU0YUnlCVMqi6p941Hex.exe
Size 77.1KB
Processes 2528 (RegAsm.exe)
Type PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 5807974209ae8f94dc8011ab99282b11
SHA1 8d1c6dc20347d68fe69c2cbb6c783c91c7550b21
SHA256 778875e9ef8e4b6a4fee968e72dfebea33182b85048668c7865602e7c797d3a9
CRC32 C8C2767F
ssdeep 1536:dndONgo3btoJdX+ncbxbj0WU3Cl9s1+6NsQIloQ3NZ8Uu9HazNTm6Z7OuN:hdONV5kbxbYWoc9snkZ3hQaAOh
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 179804dcf927959b_togxa3kvpnu8sfuf7yle7ezr.exe
Submit file
Filepath C:\Users\test22\Documents\iofolko5\toGXa3kvpnU8sFUF7yLE7EZr.exe
Size 77.1KB
Processes 2528 (RegAsm.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 023575f8fdefb893be31d8e9b7b4af2d
SHA1 6336ade37c9149a3f3ae3fef4b52be9a3465826b
SHA256 f5a074273a2332e290be10670aaef0f2cb87d59714db2e6f868fc24dcada8c47
CRC32 E200BD1B
ssdeep 1536:p8J/IpIrLGQJvWv129cgYW8l36PjQAhEoJF0/aydm19IAp:uL59c8kAhEEdydcBp
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name b832829177dcfb2f_enbwdsdtvr1fugo02l8ls8dz.exe
Submit file
Filepath C:\Users\test22\Documents\iofolko5\EnBWDsdTvr1fuGO02L8LS8DZ.exe
Size 77.1KB
Processes 2528 (RegAsm.exe)
Type PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 e49b97377262cc4e1e0045cb89f1415f
SHA1 7ff7e529fcd59446f310a41feba98e9324a05d33
SHA256 94fdef5fa5ce6e36f4dff8c6c59f8477039ed5d0cbee2f649ff1402f70ff16f5
CRC32 AD01FED1
ssdeep 1536:rgT59/zA/SMvduDvCBDG7onj9D+QNIF/ZoYUrBudm/XVWZCGm:8l9ri2yFnMlZoYO5/EgX
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 470eb3cbcee0130e_gm4zntpotlhsryiwxazs1fyx.exe
Submit file
Filepath C:\Users\test22\Documents\iofolko5\gM4ZNTPOtLHSRyiWxaZs1fyX.exe
Size 77.1KB
Processes 2528 (RegAsm.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 03a3ef9e2063a57c67ab78ccfe7c7f6d
SHA1 4f76a466ae2b7c98552e87e493fb264919e1911f
SHA256 854efa8f505cbb82854857667da7393b389f32efced6a1e67f201b86689bce0a
CRC32 4BFF56D3
ssdeep 1536:xlciwn/fLu5L3u2Ga/JpitlLPsgpJSvX4jBlaY4kj:3OLc39JktZ19YAj
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name afabd219f0d644da_6cudbwfpegrqbjbdlkoya6oi.exe
Submit file
Filepath C:\Users\test22\Documents\iofolko5\6cudbWFpegrQBjbDlkOYA6oI.exe
Size 77.1KB
Processes 2528 (RegAsm.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 de3af210d49413181b9599f6cd78fe52
SHA1 1d2b9dca51b28fef2f761d162553c6298773793d
SHA256 b5636d14a52a0a6c998d530a39208eda500b76cfffc63908b9d4f73225482bdd
CRC32 0050FD69
ssdeep 1536:8s2JeN+LV9LFFpd+Fv9hcMeBAPMsDatOwpLDLr/lRyF8:mRV9LVQhcsROtOeLDL/y8
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis