popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name cf200b713f784d76_9faxtitt.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\9faxtitt.dll
Size 3.5KB
Processes 2320 (csc.exe) 2952 (PoweRsHELl.ExE)
Type PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 a1b20fcfa2603dc611f07875a1897ef3
SHA1 3deda5a293bfedc99d57a81983a22adf828c2c42
SHA256 cf200b713f784d76af137ca14620bdb230200d5ad09ff2107802a59ac6cdce8b
CRC32 3D3EA752
ssdeep 24:etGSCNiGTw3lqJTkIT+yOUbdPtkZfqEf2qa1E1pmI+ycuZhNNLakSSkPNnq:6ppQ+MuJbfNaac1ulha3tq
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • Is_DotNET_DLL - (no description)
VirusTotal Search for analysis
Name ce74af7167ef1519_idonna
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\Idonna
Size 130.5KB
Processes 2136 (taskhostw.exe)
Type data
MD5 8e37db57bb8094635a43e5e7b773cd37
SHA1 e3ff228ec56899a27cb3c2043f66f77deae3a5da
SHA256 ce74af7167ef1519128c573d1b9a561738cc6880993286207b0bcd4e188e4b52
CRC32 48CBAA98
ssdeep 3072:M77FbXNWytISASeSzSrS3S7e+FLCFELZME5Eex/UOfmS7/TgV:MZqh7OW+ie0LbX7/U7S7/TgV
Yara None matched
VirusTotal Search for analysis
Name 2eb75142626b34f2_CSCEBB.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\CSCEBB.tmp
Size 652.0B
Processes 2320 (csc.exe)
Type MSVC .res
MD5 200538f40f3941c205057ee0b284e599
SHA1 b7c8b2c0a698c373e90b9e86faedaaba4acca9d0
SHA256 2eb75142626b34f23c11789f1591ffbecf24d716e655d24ab5a03a9e4c95a4ec
CRC32 30A6ABA2
ssdeep 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryPMl3Yak7YnqqSMl3NPN5Dlq5J:+RI+ycuZhNNLakSSkPNnqX
Yara None matched
VirusTotal Search for analysis
Name 163a25e2b68ed09e_taskhostw.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\taskhostw.exe
Size 948.6KB
Processes 2952 (PoweRsHELl.ExE)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 3e2f27edd3deacd8f08f6ed1133b2040
SHA1 060e3218949c5a006bb8607e8228e6539b737bfb
SHA256 163a25e2b68ed09eb4cf82f28c87568969091764bdfb4140b4675a00e2d2ed86
CRC32 4BAD523C
ssdeep 12288:rLkcoxg7v3qnC11ErwIhh0F4qwUgUny5QLhXfyaU9nV6iwCqg3ICHxX6i6fUTRZL:ffmMv6Ckr7Mny5QLtqa8V6iwCqgbHEoL
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 44e8aa0601fffe82_590aee7bdd69b59b.customDestinations-ms~RF13f04f.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF13f04f.TMP
Size 7.8KB
Processes 2952 (PoweRsHELl.ExE) 2268 (powershell.exe)
Type data
MD5 ee6cfd78f72f03663db2a7df0c696dd7
SHA1 56126e81a5f6577f8e24a890185d0c9eb600fa02
SHA256 44e8aa0601fffe82c494bbc7d7280aa3bc5e90effe2aee2d716d5716e1d6b568
CRC32 F27137C4
ssdeep 96:EtuCcBGCPDXBqvsqvJCwoRtuCcBGCPDXBqvsEHyqvJCworu4tDHXyGlUVul:EtCgXoRtCgbHnorBTyY
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name ca4458198236018e_RESF1A.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\RESF1A.tmp
Size 1.2KB
Processes 1632 (cvtres.exe) 2320 (csc.exe)
Type Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5 3dd2c034e37a53e08b2f0837e74a78f9
SHA1 420e3402c291d54c63cacd85883775d2000cb94d
SHA256 ca4458198236018e75a1b075fb7a24fb08700e0ce01fb7f3e1c93818bd8ad129
CRC32 F05FA11B
ssdeep 24:HkJ9YeADQ2GX4H8oUnhKbI+ycuZhNNLakSSkPNnqjtd:FeADQhIcDnhKb1ulha3tqjH
Yara None matched
VirusTotal Search for analysis
Name fc5e127fb9719b2d_9faxtitt.pdb
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\9faxtitt.pdb
Size 7.5KB
Processes 2320 (csc.exe) 2952 (PoweRsHELl.ExE)
Type MSVC program database ver 7.00, 512*15 bytes
MD5 7feafc7039c706408ecd2cf1e31f258c
SHA1 7a4d2cd9b930e1931eee400e2eab8ea77073d246
SHA256 fc5e127fb9719b2d674c7b229c4e63841ecd774ec83cfa449d44af279a72c65c
CRC32 9DD791D6
ssdeep 6:zz/BamfXllNS/sBHv31mllxrS/77715KZYXXBH3oGggksl/3YXBGQu+e0KWEi+:zz/H1W/sx9SXS/pwMx3mqRi
Yara None matched
VirusTotal Search for analysis
Name e3b0c44298fc1c14_9faxtitt.err
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\9faxtitt.err
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name a6053207d9b011b6_9faxtitt.out
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\9faxtitt.out
Size 598.0B
Processes 2952 (PoweRsHELl.ExE)
Type UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5 b0f766fd377b9ab10b457e5a9c9d254e
SHA1 ad1ea491c9195ad72fcaddded230b9ba949787a6
SHA256 a6053207d9b011b65c3a7c9b27d256709f3b44a1265779fa35078df0888793ee
CRC32 B1701071
ssdeep 12:K4X/NzR37LvXOLMnnPAE2xOLMdKai31bIKIMBj6I5BFR5y:KyNzd3BnnIE2ndKai31bIKIMl6I5Dvy
Yara None matched
VirusTotal Search for analysis
Name 86f94f79888fe13d_9faxtitt.cmdline
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\9faxtitt.cmdline
Size 311.0B
Processes 2952 (PoweRsHELl.ExE)
Type UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5 58618b7bffe27ddf4f144eff7e865bb8
SHA1 935119d233e40584c9456d930299e6a2c67e087d
SHA256 86f94f79888fe13dc6062ac3e461ccf8f094af7f102365362b763509eb234200
CRC32 388C9B2F
ssdeep 6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23fM3qmGsSAE2NmQpcLJ23fM3P:p37LvXOLMnnPAE2xOLMo
Yara None matched
VirusTotal Search for analysis
Name 21d7b2d886e9a8c3_9faxtitt.0.cs
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\9faxtitt.0.cs
Size 475.0B
Processes 2952 (PoweRsHELl.ExE)
Type C++ source, UTF-8 Unicode (with BOM) text, with very long lines
MD5 ecc2c10cb4c5954e2d5156bce54e41f4
SHA1 2d7cde31f9942c1dc80c493c03d675962991bf31
SHA256 21d7b2d886e9a8c3cf70d60b612151ecf35df156524dda00bc5f0c14df45b3ac
CRC32 EEC77991
ssdeep 6:V/DsYLDS81zu15Uvl9MenQXReKJ8SRHy4HH1DCsKF/uh5IAhy:V/DTLDfu1sGXfH9TKch5I8y
Yara None matched
VirusTotal Search for analysis