popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 1a56132c23284253_1.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1.exe
Size 284.0KB
Processes 2552 (QkZoHEBKmB.exe) 2888 (QkZoHEBKmB.exe) 2192 (QkZoHEBKmB.exe) 2380 (QkZoHEBKmB.exe) 2780 (QkZoHEBKmB.exe) 2564 (QkZoHEBKmB.exe) 2084 (QkZoHEBKmB.exe) 2748 (QkZoHEBKmB.exe) 2908 (QkZoHEBKmB.exe) 3208 (QkZoHEBKmB.exe) 3832 (QkZoHEBKmB.exe) 3340 (QkZoHEBKmB.exe) 4048 (QkZoHEBKmB.exe)
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 95d5aa97a3c15cee24aad800cc169d2b
SHA1 2ace4e384316f6aba1a77fbea5a30d73259760d6
SHA256 1a56132c232842530d78edb6d0ce387b98995e2912df0075d74db9b2f9aa3770
CRC32 466D8F93
ssdeep 3072:ee0wdS4pSSCfqYF64y1cwTicuqCk+s9oAx5jL1XSHDF2Svhnx6SV+lcgZPb+4q1:/ASCf9ccRjkX9oAxxL1KZ2AnsXlcmPC
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name d52c40b759d5c215_2.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\2.exe
Size 1.1MB
Processes 2552 (QkZoHEBKmB.exe) 2888 (QkZoHEBKmB.exe) 2192 (QkZoHEBKmB.exe) 2380 (QkZoHEBKmB.exe) 2780 (QkZoHEBKmB.exe) 2564 (QkZoHEBKmB.exe) 2084 (QkZoHEBKmB.exe) 2748 (QkZoHEBKmB.exe) 2908 (QkZoHEBKmB.exe) 3468 (powershell.exe) 3208 (QkZoHEBKmB.exe) 3832 (QkZoHEBKmB.exe) 3340 (QkZoHEBKmB.exe) 4048 (QkZoHEBKmB.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 1a2b16c17517d602806431c0744f5f8f
SHA1 465e2d6bd37972295cd017f78f35faa07102ab4e
SHA256 d52c40b759d5c215ab4090e972038dd6bdcad31c56d72d9a25ed6e76f3f952f1
CRC32 5B873574
ssdeep 24576:BpEpwjeXUU6c69x5lDjkDphyAfWkUKO4O3zVymvqSDKL:kzU5pDk1uky3xysX
Yara
  • PE_Header_Zero - PE File Signature
  • Obsidium_Zero - Obsidium protector file
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name b7c225ef3cc3e875_d93f411851d7c929.customDestinations-ms~RF937d24.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF937d24.TMP
Size 7.8KB
Processes 2968 (powershell.exe) 2360 (powershell.exe)
Type data
MD5 81ca4510272caf505e8091e9a28cb716
SHA1 71414aeec9f1e4a6f5a461b01700cc9cc992cd9e
SHA256 b7c225ef3cc3e87506150eb140e7b9cc127a3469c50a808854acac71a53d98bf
CRC32 FC31E90F
ssdeep 96:EtuCcBGCPDXBqvsqvJCwoRtuCcBGCPDXBqvsEHyqvJCwor/47HwxGlUVul:EtCgXoRtCgbHnorLxY
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 49b7477db8dd22f8_G2DH7W.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\nsiFAEB.tmp\G2DH7W.dll
Size 6.5KB
Processes 2888 (QkZoHEBKmB.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 293165db1e46070410b4209519e67494
SHA1 777b96a4f74b6c34d43a4e7c7e656757d1c97f01
SHA256 49b7477db8dd22f8cf2d41ee2d79ce57797f02e8c7b9e799951a6c710384349a
CRC32 A8874D27
ssdeep 96:4BNbUVOFvfcxEAxxxJzxLp+eELeoMEskzYzeHd0+uoyVeNSsX4:EUVOFvf9ABJFHE+FkEad0PLVeN
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name e3b0c44298fc1c14_nstF0E7.tmp
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\nstF0E7.tmp
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis