popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 2050cc232710a2ea_nsm.lic
Submit file
Filepath C:\Users\Public\Pictures\NSM.LIC
Size 257.0B
Processes 2556 (random.exe)
Type ASCII text, with CRLF line terminators
MD5 7067af414215ee4c50bfcd3ea43c84f0
SHA1 c331d410672477844a4ca87f43a14e643c863af9
SHA256 2050cc232710a2ea6a207bc78d1eac66a4042f2ee701cdfeee5de3ddcdc31d12
CRC32 0103BE9A
ssdeep 6:O/oPn4xRPjwx1lDKHMoEEjLgpW2MezvLdNWYpPM/ioVLa8l6i7s:XeR7wx6JjjqW2MePBPM/ioU8l6J
Yara None matched
VirusTotal Search for analysis
Name 9074fd40ea6a0caa_pcicapi.dll
Submit file
Filepath C:\Users\Public\Pictures\pcicapi.dll
Size 32.4KB
Processes 2556 (random.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 dcde2248d19c778a41aa165866dd52d0
SHA1 7ec84be84fe23f0b0093b647538737e1f19ebb03
SHA256 9074fd40ea6a0caa892e6361a6a4e834c2e51e6e98d1ffcda7a9a537594a6917
CRC32 7C3A9775
ssdeep 768:FFvNhAyi5hHA448qZkSn+EgT8To1iTYiu:FCyoHA448qSSzgI2GQ
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name d96856cd944a9f15_nskbfltr.inf
Submit file
Filepath C:\Users\Public\Pictures\nskbfltr.inf
Size 328.0B
Processes 2556 (random.exe)
Type Windows setup INFormation, ASCII text, with CRLF line terminators
MD5 26e28c01461f7e65c402bdf09923d435
SHA1 1d9b5cfcc30436112a7e31d5e4624f52e845c573
SHA256 d96856cd944a9f1587907cacef974c0248b7f4210f1689c1e6bcac5fed289368
CRC32 91EDA8F7
ssdeep 6:a0S880EeLL6sWqYFcf8KYFEAy1JoHBIr2M2OIAXFYJKRLIkg/LH2yi9vyifjBLWh:JShNvPG1JoHBx2XFhILH4Burn
Yara None matched
VirusTotal Search for analysis
Name e3b0c44298fc1c14___tmp_rar_sfx_access_check_15661078
Empty file or file not found
Filepath C:\Users\Public\Pictures\__tmp_rar_sfx_access_check_15661078
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name 7780ac164e450f9e_client32.ini
Submit file
Filepath C:\Users\Public\Pictures\client32.ini
Size 702.0B
Processes 2556 (random.exe)
Type ASCII text, with CRLF line terminators
MD5 4d273adec8e85615509d57ef7da5a6da
SHA1 601ca5c56475c09daa007dc843e3042b504c1096
SHA256 7780ac164e450f9e87d7bc3f80dfbe4bff742d347faa69c86faf3161699e2c6c
CRC32 2E3FD3FD
ssdeep 12:Yrqzd+mPZGS/py6z8BlsVTXuZ7+DP981E7GXXfDWQClnmSu3vbIAlkz6:cqzEmPZly6YBlLoG1fXXfDievbIAaz6
Yara None matched
VirusTotal Search for analysis
Name 63aa18c32af71441_pcicl32.dll
Submit file
Filepath C:\Users\Public\Pictures\PCICL32.DLL
Size 3.6MB
Processes 2556 (random.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 00587238d16012152c2e951a087f2cc9
SHA1 c4e27a43075ce993ff6bb033360af386b2fc58ff
SHA256 63aa18c32af7144156e7ee2d5ba0fa4f5872a7deb56894f6f96505cbc9afe6f8
CRC32 30B78C29
ssdeep 49152:cTXNZ+0ci2aYNT8wstdAukudJ1xTvIZamclSp+73mPu:cTXNo0cpKwstTJIkS43mm
Yara
  • Malicious_Library_Zero - Malicious_Library
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsDLL - (no description)
  • Antivirus - Contains references to security software
  • Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 6795d760ce7a955d_tcctl32.dll
Submit file
Filepath C:\Users\Public\Pictures\TCCTL32.DLL
Size 387.4KB
Processes 2556 (random.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 eab603d12705752e3d268d86dff74ed4
SHA1 01873977c871d3346d795cf7e3888685de9f0b16
SHA256 6795d760ce7a955df6c2f5a062e296128efdb8c908908eda4d666926980447ea
CRC32 63E9E6A2
ssdeep 12288:OpwbUb48Ju0LIFZB4Qaza4yFaMHAZtJ4Yew2j/bJa+neNQ:epq7BaGIn4BbLneNQ
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • anti_vm_detect - Possibly employs anti-virtualization techniques
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 49a568f8ac11173e_bild.exe
Submit file
Filepath C:\Users\Public\Pictures\bild.exe
Size 103.4KB
Processes 2556 (random.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 8d9709ff7d9c83bd376e01912c734f0a
SHA1 e3c92713ce1d7eaa5e2b1fabeb06cdc0bb499294
SHA256 49a568f8ac11173e3a0d76cff6bc1d4b9bdf2c35c6d8570177422f142dcfdbe3
CRC32 2904524F
ssdeep 384:qTjV5+6j6Qa86Fkv2Wr120hZIqeTSGRp2TkFimMP:qHVZl6FhWr80/heT8TkFiH
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 313117e723dda6ea_pcichek.dll
Submit file
Filepath C:\Users\Public\Pictures\PCICHEK.DLL
Size 18.4KB
Processes 2556 (random.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 a0b9388c5f18e27266a31f8c5765b263
SHA1 906f7e94f841d464d4da144f7c858fa2160e36db
SHA256 313117e723dda6ea3911faacd23f4405003fb651c73de8deff10b9eb5b4a058a
CRC32 841ED427
ssdeep 192:1ANeiOT8Z2b6SoVF6RRHaPrpF3o47jtd3hfwHjvud3hfwx7bjuh:1ANt+E2exrpxTSDuTuih
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 26dbb528c270c812_remcmdstub.exe
Submit file
Filepath C:\Users\Public\Pictures\remcmdstub.exe
Size 75.4KB
Processes 2556 (random.exe)
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 325b65f171513086438952a152a747c4
SHA1 a1d1c397902ff15c4929a03d582b09b35aa70fc0
SHA256 26dbb528c270c812423c3359fc54d13c52d459cc0e8bc9b0d192725eda34e534
CRC32 17583D2B
ssdeep 1536:zfafvTuNOwphKuyUHTqYXHhrXH4+LIyrxomee/+5IrAee/DIr3:jafLSpAFUzt0+LIyr7eR5IUeCIz
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 8793353461826fbd_msvcr100.dll
Submit file
Filepath C:\Users\Public\Pictures\msvcr100.dll
Size 755.8KB
Processes 2556 (random.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 0e37fbfa79d349d672456923ec5fbbe3
SHA1 4e880fc7625ccf8d9ca799d5b94ce2b1e7597335
SHA256 8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18
CRC32 4623CD62
ssdeep 12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name edfe2b923bfb5d10_htctl32.dll
Submit file
Filepath C:\Users\Public\Pictures\HTCTL32.DLL
Size 320.4KB
Processes 2556 (random.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 2d3b207c8a48148296156e5725426c7f
SHA1 ad464eb7cf5c19c8a443ab5b590440b32dbc618f
SHA256 edfe2b923bfb5d1088de1611401f5c35ece91581e71503a5631647ac51f7d796
CRC32 49F7B0FE
ssdeep 6144:2ib5YbsXPKXd6ppGpwpbGf30IVFpSzyaHx3/4aY5dUilQpAf84lH0JYBAnM1OK/Y:2ib5YbsXioEgULFpSzya9/lY5SilQCfg
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • anti_vm_detect - Possibly employs anti-virtualization techniques
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis