popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 0c5031bae18c7e5b_powershell.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\PowerShell.exe
Size 34.5KB
Processes 840 (PowerShell.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 df4465e6693e489c6db32a427bbd93ec
SHA1 ea8ef0ae2b517e10f934b66ebefa71e2d9007aa5
SHA256 0c5031bae18c7e5b294b89b4b82e30c3862d1e5e4aa5fd664d7a04451dc83847
CRC32 C57FB52F
ssdeep 768:sOMm6sgb2F9hqVRlcQkjm66a99Fk9kWO/hi/7R:sMP/mbExH7Fk9kWO/ATR
Yara
  • PE_Header_Zero - PE File Signature
  • Antivirus - Contains references to security software
  • Is_DotNET_EXE - (no description)
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name fc2f4c48b165e86f_powershell.lnk
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerShell.lnk
Size 742.0B
Processes 840 (PowerShell.exe)
Type MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Sat Oct 26 17:44:35 2024, mtime=Sat Oct 26 17:44:35 2024, atime=Sat Oct 26 17:44:35 2024, length=35328, window=hide
MD5 30c88e3f80fde3bb80cbf13997f9508e
SHA1 aed4b3d5526d61c8e0f44da96b8d3f2b0d2eaeb9
SHA256 fc2f4c48b165e86fb164727b3125a082f8d3fe7cd7ced1b6bf18d81786f48d29
CRC32 D9C9FA6B
ssdeep 12:8iRNFTCe4cZCrR8EvSEm8UzSL89mOaTVXQizCCOLAHniGXUNEgAuP:8iGsERdsLw4yhjzNUGXKEHuP
Yara
  • Antivirus - Contains references to security software
  • lnk_file_format - Microsoft Windows Shortcut File Format
  • Lnk_Format_Zero - LNK Format
VirusTotal Search for analysis