popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 3a255c0024916f19_590aee7bdd69b59b.customDestinations-ms~RF1ba3ce4.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF1ba3ce4.TMP
Size 7.8KB
Processes 2688 (pOweRshEll.eXe) 2848 (powershell.exe)
Type data
MD5 6fd29def73b2779e0ae71c4eecd304f7
SHA1 4ba660e4db856e04eb93a01c59ee764259ec55e7
SHA256 3a255c0024916f19c5b3f5d4aa5cde453cc5d90b0784a15f0456e57e71a764b6
CRC32 1F966CD8
ssdeep 96:ctuCeGCPDXBqvsqvJCwo5tuCeGCPDXBqvsEHyqvJCworDPtDHXyf2lUVul:ctvXo5tvbHnorxTyQ
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name ce2be0ab08c87220_r4dboqdb.pdb
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\r4dboqdb.pdb
Size 7.5KB
Processes 2424 (csc.exe) 2688 (pOweRshEll.eXe)
Type MSVC program database ver 7.00, 512*15 bytes
MD5 d5240c82fcff0a9601a1c7c1d43395cc
SHA1 139ddba6a544e122394ed5c0cd80ad2bf8b90d96
SHA256 ce2be0ab08c87220de42463d4357a9111681e81fb8402ad256a692f8984160cd
CRC32 C1F8DBF1
ssdeep 6:zz/BamfXllNS/0vLnd/91mllxrS/77715KZYXJvLndFCpMoGggksl/3YXBGQu+e1:zz/H1W/0vRPSXS/pwUvRFCpMmqRi
Yara None matched
VirusTotal Search for analysis
Name e3b0c44298fc1c14_r4dboqdb.err
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\r4dboqdb.err
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name 456fd3ce9e51c622_CSC415F.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\CSC415F.tmp
Size 652.0B
Processes 2424 (csc.exe)
Type MSVC .res
MD5 5a0c146cee175c74f8b5288d9661c90c
SHA1 78d285f8bc6aecd270c047aeda840854bc681d66
SHA256 456fd3ce9e51c622ed1bc296d99d6bd095db1700ce708cd9029c061f5dce2326
CRC32 86913128
ssdeep 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryuak7Ynqq8PN5Dlq5J:+RI+ycuZhNwakS8PNnqX
Yara None matched
VirusTotal Search for analysis
Name 6a65d9132bcfca86_RES41CE.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\RES41CE.tmp
Size 1.2KB
Processes 1700 (cvtres.exe) 2424 (csc.exe)
Type Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5 a0cac47818098ecc024e5b228a111f12
SHA1 56c5c5d1b662326ba715c1839d4b81fc0c30f9ec
SHA256 6a65d9132bcfca863a4f6c17b1d1d3ef7bdee28fa260da0e3068c5044e33a3b9
CRC32 F6CE8F3C
ssdeep 24:H1J9YernVYmHZoUnhKLI+ycuZhNwakS8PNnqjtd:aern6m5DnhKL1ulwa3sqjH
Yara None matched
VirusTotal Search for analysis
Name b712fb7d2b0a235b_r4dboqdb.out
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\r4dboqdb.out
Size 598.0B
Processes 2688 (pOweRshEll.eXe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5 f20dedc1eb0002a67c3c3fe55069fda0
SHA1 8f91537fafad858d72d5ae2d5c2d8f4d592ca9fe
SHA256 b712fb7d2b0a235b0380375dbedaa4a87e03db4b2c7271f529849e7a316e148e
CRC32 B4F7DF39
ssdeep 12:K4X/NzR37LvXOLMVVQnPAE2xOLMVWKai31bIKIMBj6I5BFR5y:KyNzd3BVKnIE2nVWKai31bIKIMl6I5Da
Yara None matched
VirusTotal Search for analysis
Name 0652da0455490eaf_r4dboqdb.0.cs
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\r4dboqdb.0.cs
Size 469.0B
Processes 2688 (pOweRshEll.eXe)
Type C++ source, UTF-8 Unicode (with BOM) text, with very long lines
MD5 de4a3e7070e220b427d460a803bf2b1b
SHA1 f59c55466008ca3d557cc114c01395ba724a3a32
SHA256 0652da0455490eaf890ddcbc122a763d5f4031a9b2825d514d105bd8ea142eae
CRC32 FF6696C0
ssdeep 6:V/DsYLDS81zuly0NIMmFB7QXReKJ8SRHy4H6xr8MCLJWxWJWKy:V/DTLDfuldcWXfH1MeGOWKy
Yara
  • Network_Downloader - File Downloader
VirusTotal Search for analysis
Name 4b4529b047d4916c_r4dboqdb.cmdline
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\r4dboqdb.cmdline
Size 311.0B
Processes 2688 (pOweRshEll.eXe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5 a173f0042cac3f772ff6fd22e7db7f18
SHA1 03277f50dc0d3cabf332fdd4c2209ffad85e29a6
SHA256 4b4529b047d4916c1816640a35336e79ca947543e67771ea2451a095e2850cf9
CRC32 B7E8D76F
ssdeep 6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23fLZVQmGsSAE2NmQpcLJ23fLZ9GA:p37LvXOLMVVQnPAE2xOLMVv
Yara None matched
VirusTotal Search for analysis
Name 1fbab7eecaf3bca1_r4dboqdb.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\r4dboqdb.dll
Size 3.5KB
Processes 2424 (csc.exe) 2688 (pOweRshEll.eXe)
Type PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 4e4846a8e8870b592598ae60a0236c0f
SHA1 72bb12aa3b9e4b1a9e5d076568011aa14f0fdb96
SHA256 1fbab7eecaf3bca1bce960b1e82a8607e7ffef5fc0bd1d94937279f006d72e54
CRC32 1AD3BC96
ssdeep 24:etGSXNOHGuEw+7vgXBkcaZqUbdPtkZf8b+z3JA81qUwVBQmI+ycuZhNwakS8PNnq:6sukaZqMuJ8b+Lc3VJ1ulwa3sq
Yara
  • Network_Downloader - File Downloader
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • Is_DotNET_DLL - (no description)
VirusTotal Search for analysis