popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 57701aa79bf47414_RESADBB.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\RESADBB.tmp
Size 1.2KB
Processes 2112 (cvtres.exe) 2556 (csc.exe)
Type Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5 880b6d9a59ac1bff16a5c7bb3edf38d1
SHA1 f4cb256096d1735606a43bb5799d8c533e86d080
SHA256 57701aa79bf47414d0fdb4668a6e882e64ff150f44eb2db18717b8822b6f9dc6
CRC32 247E95C4
ssdeep 24:HEJ9YernWwmHZiUnhKLI+ycuZhNtqakSSbPNnqjtd:lernrm59nhKL1ultqa3SRqjH
Yara None matched
VirusTotal Search for analysis
Name 013dc57b18b864d2_sqvffi8a.out
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\sqvffi8a.out
Size 598.0B
Processes 1720 (PoweRShELl.EXe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5 252daf439249fa20ae1c77240c1557ff
SHA1 60fe5dcb05206e17900333980af5a59cc216aee2
SHA256 013dc57b18b864d2218ab438b8a7b7ee817eded5ec464dc79d237217a60f064c
CRC32 E74DF10B
ssdeep 12:K4X/NzR37LvXOLMMnPAE2xOLMYKai31bIKIMBj6I5BFR5y:KyNzd3BMnIE2nYKai31bIKIMl6I5Dvy
Yara None matched
VirusTotal Search for analysis
Name 1f80d6c2a41371e6_sqvffi8a.pdb
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\sqvffi8a.pdb
Size 7.5KB
Processes 2556 (csc.exe) 1720 (PoweRShELl.EXe)
Type MSVC program database ver 7.00, 512*15 bytes
MD5 7adbe95bff2f0539819f7504e6f1dbff
SHA1 74974ac656c561dae1206e314429e638653c515d
SHA256 1f80d6c2a41371e6042e99d19e9b9faf2e5b1171e15831564c49627615eb6b0c
CRC32 CFAFC436
ssdeep 6:zz/BamfXllNS/yABE7X11mllxrS/77715KZYXRABE7EMoGggksl/3YXBGQu+e0Kd:zz/H1W/ykErfSXS/pwSkEhmqRi
Yara None matched
VirusTotal Search for analysis
Name e3b0c44298fc1c14_sqvffi8a.tmp
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\sqvffi8a.tmp
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name fab1c6f8f712c041_sqvffi8a.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\sqvffi8a.dll
Size 3.5KB
Processes 2556 (csc.exe) 1720 (PoweRShELl.EXe)
Type PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 58ebf5b3fd5d99435dea54aeafa3b2b4
SHA1 6d3eb46e7f70baccc1646cf50f946b00aa1f4560
SHA256 fab1c6f8f712c0414ea3b322a82b3840a22a371deba838366bd3606b417c190d
CRC32 A91C0C7E
ssdeep 24:etGSzN6G7wcrCl/Z/kKwneWluWUbdPtkZfY21Ib0mI+ycuZhNtqakSSbPNnq:6suClGe7WMuJY2SbH1ultqa3SRq
Yara
  • Network_Downloader - File Downloader
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • Is_DotNET_DLL - (no description)
VirusTotal Search for analysis
Name 92a1c4c0a07a7d9f_CSCAD4D.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\CSCAD4D.tmp
Size 652.0B
Processes 2556 (csc.exe)
Type MSVC .res
MD5 a6019d1269f749e91302ce1223fc333c
SHA1 20f5d67ce6a1bfa8e35d14d078a8bce95360d287
SHA256 92a1c4c0a07a7d9fc0eecbff23baf93f1ababb4c27feb6d459b6734a0a30c8be
CRC32 B4A9E57B
ssdeep 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gry/Xqak7YnqqqXbPN5Dlq5J:+RI+ycuZhNtqakSSbPNnqX
Yara None matched
VirusTotal Search for analysis
Name 0ed5b0823e71e0e3_590aee7bdd69b59b.customDestinations-ms~RFb952bf.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RFb952bf.TMP
Size 7.8KB
Processes 1720 (PoweRShELl.EXe) 3028 (powershell.exe)
Type data
MD5 f4a8a3e56bca0190031a365f104571cf
SHA1 7a4eac7016b8feca961f757cfe05bfeb4b76c10f
SHA256 0ed5b0823e71e0e3262a8a73ff269499135b20c9c5aa71e34b57a9f43218ed41
CRC32 E95A2C69
ssdeep 96:QtuC6GCPDXBqvsqvJCwoFtuC6GCPDXBqvsEHyqvJCworQStDHXyWlUVul:QtbXoFtbbHnorFTyo
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 1a5721b16a5c9972_sqvffi8a.cmdline
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\sqvffi8a.cmdline
Size 311.0B
Processes 1720 (PoweRShELl.EXe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5 28cf5d688ce9552155b6354e17277d1e
SHA1 f8a191e19aed22fd763813fa97831ecb4dafbf2d
SHA256 1a5721b16a5c997280b5528fa653e83f9a99df50c8ee3597581bc26c525a68d0
CRC32 FEF90BBB
ssdeep 6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23fUmGsSAE2NmQpcLJ23f6A:p37LvXOLMMnPAE2xOLMd
Yara None matched
VirusTotal Search for analysis
Name c55559a073769857_sqvffi8a.0.cs
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\sqvffi8a.0.cs
Size 461.0B
Processes 1720 (PoweRShELl.EXe)
Type C++ source, UTF-8 Unicode (with BOM) text, with very long lines
MD5 28148b3ca10a02b644b2a6fa181ec146
SHA1 df0d5b7b62b90d707483dcec5f080cb249ec3eaa
SHA256 c55559a073769857924e68d27d2de365e18a2d1af948932ae04284da226c6cc8
CRC32 D6BBBA8C
ssdeep 6:V/DsYLDS81zuTe9MGHQXReKJ8SRHy4HqLmcrMmP34SFQy:V/DTLDfu68XfH2LxrSvy
Yara
  • Network_Downloader - File Downloader
VirusTotal Search for analysis