popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name a8124500cae0aba3_libeay32.dll
Submit file
Filepath C:\Users\test22\AppData\Roaming\RMS Agent\69110\86337C6FA9\libeay32.dll
Size 1.3MB
Processes 2556 (a.exe)
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 4cb2e1b9294ddae1bf7dcaaf42b365d1
SHA1 a225f53a8403d9b73d77bcbb075194520cce5a14
SHA256 a8124500cae0aba3411428c2c6df2762ea11cc11c312abed415d3f3667eb6884
CRC32 38C3AB6E
ssdeep 24576:VD8B+KpPexB6mqwktXUcAVEaFQXhL0porIqo+Frzba:WKkmlktXUcAVEDhQporIqo+Frzba
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 970cb3e00fa68dae_vp8decoder.dll
Submit file
Filepath C:\Users\test22\AppData\Roaming\RMS Agent\69110\86337C6FA9\vp8decoder.dll
Size 380.3KB
Processes 2556 (a.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 1ea62293ac757a0c2b64e632f30db636
SHA1 8c8ac6f8f28f432a514c3a43ea50c90daf66bfba
SHA256 970cb3e00fa68daec266cd0aa6149d3604cb696853772f20ad67555a2114d5df
CRC32 A4ACBDF3
ssdeep 6144:QIIDyjBnydesbWoiwS7dVIclCzoqHO/gCaEkkH8TuX6RTrWD4siZMZ+LG4IPWwcv:QI8tiDOzyH9H8Tu6h04fZMZoMPuvf/
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • DllRegisterServer_Zero - execute regsvr32.exe
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 7b4fc8e104914cdd_vp8encoder.dll
Submit file
Filepath C:\Users\test22\AppData\Roaming\RMS Agent\69110\86337C6FA9\vp8encoder.dll
Size 1.6MB
Processes 2556 (a.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 89770647609ac26c1bbd9cf6ed50954e
SHA1 349eed120070bab7e96272697b39e786423ac1d3
SHA256 7b4fc8e104914cdd6a7bf3f05c0d7197cfcd30a741cc0856155f2c74e62005a4
CRC32 B42B27F1
ssdeep 49152:qSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSvSSSSSSSSSSSSSSSlwwwwwwwwwwwwww7:qSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSl
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • DllRegisterServer_Zero - execute regsvr32.exe
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 654f43108fbd56bd_webmmux.dll
Submit file
Filepath C:\Users\test22\AppData\Roaming\RMS Agent\69110\86337C6FA9\webmmux.dll
Size 260.3KB
Processes 2556 (a.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 d29f7070ee379544aeb19913621c88e6
SHA1 499dcdb39862fd8ff5cbc4b13da9c465bfd5f4be
SHA256 654f43108fbd56bd2a3c5a3a74a2ff3f19ea9e670613b92a624e86747a496caf
CRC32 A52C26D9
ssdeep 3072:IW218gr7s2yIHB0pTPdTX9zUbEbStE97zjAs1RtTcJTfIv0se7POWu/HgsGU1VTu:IWSfr7sXSmPDbKPJ6/AsNk+o
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • DllRegisterServer_Zero - execute regsvr32.exe
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name b46f3ae494d9effb_rfusclient.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\RMS Agent\69110\86337C6FA9\rfusclient.exe
Size 6.3MB
Processes 2556 (a.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 cd97f125a6462574065fd1e3854f9d7f
SHA1 fee8a2a4b8e7cd15d69915f2f9d84ccf09f9868f
SHA256 b46f3ae494d9effb0b3cfb4ab6d364ecff8d65f94090344f6526094d067b5df2
CRC32 78FEBAB7
ssdeep 49152:fW0Dknu5+agQSvEoqnMbJexe3HjXZYGvpps/cSdvcXhu7AxuYyTRTVDkDWRLmDua:fWoN9xgZnxps/cSdUXhhYLmh2tG
Yara
  • Malicious_Library_Zero - Malicious_Library
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • DllRegisterServer_Zero - execute regsvr32.exe
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • mzp_file_format - MZP(Delphi) file format
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name b497d07ed995b16d_webmvorbisdecoder.dll
Submit file
Filepath C:\Users\test22\AppData\Roaming\RMS Agent\69110\86337C6FA9\webmvorbisdecoder.dll
Size 365.3KB
Processes 2556 (a.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 7a9eeac3ceaf7f95f44eb5c57b4db2e3
SHA1 be1048c254aa3114358f76d08c55667c4bf2d382
SHA256 b497d07ed995b16d1146209158d3b90d85c47a643fbf25a5158b26d75c478c88
CRC32 2369FA1B
ssdeep 6144:maoH9sDRlDLD0GDkEp00tc6TKUOmrRK1jRsAOO04sAO88Rtd:eoPH0GgEp0gVd1ValsQXsHd
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • DllRegisterServer_Zero - execute regsvr32.exe
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 9dc30fb2118aad48_webmvorbisencoder.dll
Submit file
Filepath C:\Users\test22\AppData\Roaming\RMS Agent\69110\86337C6FA9\webmvorbisencoder.dll
Size 860.3KB
Processes 2556 (a.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 5308b9945e348fbe3a480be06885434c
SHA1 5c3cb39686cca3e9586e4b405fc8e1853caaf8ff
SHA256 9dc30fb2118aad48f6a5e0a82504f365fe40abb3134f6cceeb65859f61ad939a
CRC32 FF466870
ssdeep 12288:NTAPYZEyRr+NDnaLyx2lz8MSjtX08pYRc29qcQmsGahsQZsbRNG:SYF+Eyx2lzujtEIYRc1cQmsGa7ONG
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • DllRegisterServer_Zero - execute regsvr32.exe
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 64c70065830cc623_english.lg
Submit file
Filepath C:\Users\test22\AppData\Roaming\RMS Agent\69110\86337C6FA9\English.lg
Size 58.8KB
Processes 2556 (a.exe)
Type Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators
MD5 246286feb0ed55eaf4251e256d2fe47e
SHA1 bc76b013918e4c1bd6dff44708a760496d8c717c
SHA256 64c70065830cc623be55c73a940aa3da57c134ee459afbd983ff17960dc57c27
CRC32 38141D25
ssdeep 384:jKr1yWBWEalNK4EvR1DesngQ90NfOgiZWhKvsOd+J4s1T894FF6LlI:cLgE2N+kh1hv+lI
Yara None matched
VirusTotal Search for analysis
Name 1f4b3efc919af110_ssleay32.dll
Submit file
Filepath C:\Users\test22\AppData\Roaming\RMS Agent\69110\86337C6FA9\ssleay32.dll
Size 337.3KB
Processes 2556 (a.exe)
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 5c268ca919854fc22d85f916d102ee7f
SHA1 0957cf86e0334673eb45945985b5c033b412be0e
SHA256 1f4b3efc919af1106f348662ee9ad95ab019058ff502e3d68e1b5f7abff91b56
CRC32 09338731
ssdeep 6144:8EXfWSXFKIsrpivdM+kPsmWak8dfthPDP0wrE90k7DUT/NaDB7JlwScihgbX5/GU:8EXfWSVKIsrpivdM+msmWak8dfnPDPPz
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name fc2a3c786f29d19d_eula.rtf
Submit file
Filepath C:\Users\test22\AppData\Roaming\RMS Agent\69110\86337C6FA9\EULA.rtf
Size 114.6KB
Processes 2556 (a.exe)
Type Rich Text Format data, version 1, unknown character set
MD5 7b2ae57b538bda3d80fbea07191aa5c9
SHA1 5e9cb335930757e4da565093c6958c511a01984f
SHA256 fc2a3c786f29d19da156a7156d535b348ad5c8187f1198ffa09482932d35a662
CRC32 0C74EDC5
ssdeep 768:w0m4JDvJNJt2cGTXxl5loUWDTEhkClEgoKt9ai1IYdO5NVSUeDfy0sTMYpphNHei:w630KsTfY1MqYGO4zb
Yara None matched
VirusTotal Search for analysis
Name decfe9f582f6eed3_rutserv.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\RMS Agent\69110\86337C6FA9\rutserv.exe
Size 12.6MB
Processes 2556 (a.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 55d66bd554511f803bebead2bd1bfde0
SHA1 34d8176565909b7b756d92a32cd8a50185f998f1
SHA256 decfe9f582f6eed39ade6c5770e4146d4ba9b488b146753d7f652815d25379bd
CRC32 0C3DBC0F
ssdeep 98304:G9Lm1gy0m2gBLEbSrOtdH2qsWeC5sWSqg6gHekBU/8SjvXI+bEW+5PElhHoyL/ud:KcgyX2gKuitdH25W6uiXIIIK5PEl6upm
Yara
  • Malicious_Library_Zero - Malicious_Library
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • DllRegisterServer_Zero - execute regsvr32.exe
  • Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • mzp_file_format - MZP(Delphi) file format
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 704a1a83d11c2171_russian.lg
Submit file
Filepath C:\Users\test22\AppData\Roaming\RMS Agent\69110\86337C6FA9\Russian.lg
Size 64.3KB
Processes 2556 (a.exe)
Type Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR, LF line terminators
MD5 55a0b95a1d1b7e309f2c22af82a07cc0
SHA1 521c41e185e5b5e73cfc4e1b18646dc4ed171942
SHA256 704a1a83d11c21717c17e6a7eb264d94a98d45a7c1aba8ebb82fafc65f4f199d
CRC32 B1FE7DFB
ssdeep 384:EK8HD4FpDrTkMiUHaTzVnJwu6q/RYy1tRzIlOrA7sdO9l2i:aGDrTk42LRj8t
Yara None matched
VirusTotal Search for analysis
Name df08980e873a534a_settings.dat
Submit file
Filepath C:\Users\test22\AppData\Roaming\RMS Agent\69110\86337C6FA9\settings.dat
Size 9.7KB
Processes 2556 (a.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5 1f5e03201fb158a2a462f3d1c0f95738
SHA1 11a5bc8c03a2f88a650dc079616576c373c50211
SHA256 df08980e873a534ab470db7aecee57928114e01d62ee471bbc2fec891055514b
CRC32 AE2B3F4B
ssdeep 192:GqE2MIc64rQXaq7VKatT0vQ8byxDMRhfQp+mMLJcKw4uHtSRnOZe:AIcrrQDtTF8bySfSQ3L
Yara None matched
VirusTotal Search for analysis