popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 802abe5195c325f9_svchost.exe
Submit file
Filepath C:\Windows\Resources\svchost.exe
Size 741.9KB
Processes 2712 (spoolsv.exe)
Type MS-DOS executable, MZ for MS-DOS
MD5 5717799a91236f33fd5a9ceabaf0e12f
SHA1 e88d17d529c9e099717900636e5bd2f12c4c3455
SHA256 802abe5195c325f94c4366d6251d29ec17ef36826c93a9632ad231dd3378fd89
CRC32 A41AB369
ssdeep 12288:ltTuh645I8jWtJ8OgL27rd69bk5NCgGhSFB79gYhLIf6EQ9EYcw1FJ:lIg4kt0Kd6F6CNzYhUiEWEYcwB
Yara
  • PE_Header_Zero - PE File Signature
  • anti_vm_detect - Possibly employs anti-virtualization techniques
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name f462ee3f58111245_explorer.exe
Submit file
Filepath C:\Windows\Resources\Themes\explorer.exe
Size 742.0KB
Processes 2548 (63747acb643b84a943895e5f34d34858e4ad9a6e58cdf222e3e703d6666af0e7.exe.exe)
Type MS-DOS executable, MZ for MS-DOS
MD5 af42b430d289031c20b260c9d4c6b34d
SHA1 f8b18a71a4f4328326e84af814f787cbb2345b1c
SHA256 f462ee3f58111245aa9de0c3af8185d4105580c6e1d30a67f223c1994476ed28
CRC32 A17E93F4
ssdeep 12288:ltTuh645I8jWtJ8OgL27rd69bk5NCgGhSFB79gYhLIf6EQ9EYcw1Fx:lIg4kt0Kd6F6CNzYhUiEWEYcwJ
Yara
  • PE_Header_Zero - PE File Signature
  • anti_vm_detect - Possibly employs anti-virtualization techniques
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 52440845f3222efd_~DF66F027DB5E7FEC8D.TMP
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\~DF66F027DB5E7FEC8D.TMP
Size 5.5KB
Type Composite Document File V2 Document, Cannot read section info
MD5 855428d4ef40cee4387b13bcbba9b7b3
SHA1 c7983c7f10cb34c59f5e207533e87f815ae34acf
SHA256 52440845f3222efd8387892e1afe3e51cc6cce8aac3dc09f2b0aa615012339be
CRC32 6B70511B
ssdeep 6:rl91bxbtg/Ul+CFQXyi/t9Xblt59Xh9XR5+1lf35X:rl3b/VFQ3bltD7Ovf5
Yara
  • Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal Search for analysis
Name f371f3a6f51f3df0_~DFB8C7D53CDD3BB394.TMP
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\~DFB8C7D53CDD3BB394.TMP
Size 5.5KB
Type Composite Document File V2 Document, Cannot read section info
MD5 557f6711c196f85b77a1fb87c1ead4bb
SHA1 88256e57ef40676f76b6d2c5ca5cc8456b4cd12e
SHA256 f371f3a6f51f3df0c37b046146335bd930a3d6a570c4d0dc0bef989dce91dbf5
CRC32 B14F4C8E
ssdeep 6:rl91bxbtg/Ul+CFQXAcC//t9Xblt59Xh9XR5+1lf35X:rl3b/VFQAcabltD7Ovf5
Yara
  • Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal Search for analysis
Name 75912975ec0c2e99_~DF4027CF24F7100FC9.TMP
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\~DF4027CF24F7100FC9.TMP
Size 5.5KB
Type Composite Document File V2 Document, Cannot read section info
MD5 20f00bf16e20dbf4cb979ffe0b843217
SHA1 63abd9e569518ac9f98dc250ea273648e22c136d
SHA256 75912975ec0c2e991ba65c39872442d45b22d29cf099544de5675f5cf533049c
CRC32 0C0F2DC6
ssdeep 6:rl91bxbtg/Ul+CFQXg/t9Xblt59Xh9XR5+1lf35X:rl3b/VFQQbltD7Ovf5
Yara
  • Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal Search for analysis
Name e3b0c44298fc1c14_explorer.exe
Empty file or file not found
Filepath c:\Windows\resources\Themes\explorer.exe
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name c5d9efa38f28c42a_spoolsv.exe
Submit file
Filepath C:\Windows\Resources\spoolsv.exe
Size 741.9KB
Processes 2644 (explorer.exe)
Type MS-DOS executable, MZ for MS-DOS
MD5 1a4ab4a94cb3eb89a5ac30cdc5f99188
SHA1 9130b09a7004409a5d3afc3ba05ce278040995aa
SHA256 c5d9efa38f28c42aec78b0fa95125219e18e3b8d8674f75bca59249e702afd07
CRC32 D2E33EC3
ssdeep 12288:ltTuh645I8jWtJ8OgL27rd69bk5NCgGhSFB79gYhLIf6EQ9EYcw1FM:lIg4kt0Kd6F6CNzYhUiEWEYcwE
Yara
  • PE_Header_Zero - PE File Signature
  • anti_vm_detect - Possibly employs anti-virtualization techniques
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis