popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name e3450f2a89811cfa_r77-x86.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\r77-x86.dll
Size 109.5KB
Processes 1880 (Security.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 38fc10fa0e887853119850c77e6067d5
SHA1 5bca8e114613dd3e08c54362ac433fe9f06fa2c0
SHA256 e3450f2a89811cfa81450222ecf1b632ffb339fa4f8b80a147a24969ba45cc65
CRC32 9455E5B2
ssdeep 3072:JIzGXZZgy65eC736iv2l56458VtMtiG0aMwFo9u:JOGXbgyiGi+l5l5VPswFo9u
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 6485ea559bdbbff1_helper32.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\Helper32.dll
Size 8.5KB
Processes 1880 (Security.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 ef7a000bee8770cd0d2b480632421458
SHA1 65683ecb8208f64520c9c8c19418d8fb95abcd35
SHA256 6485ea559bdbbff1fd5386644ea4f7ea6e9afbcbb1028d13d8f2ebbf216857da
CRC32 E4056158
ssdeep 96:OjPnfEKYppLhLLbgORiWGLPuua79SO6rq9WMb5V5t83M5oYL3iZjZAF3hsxb5:0n9G9hLLkRF0uTg5lvb3KAHsxb
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsDLL - (no description)
  • Antivirus - Contains references to security software
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 1b485ebeb910f35d_r77-x64.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\r77-x64.dll
Size 145.0KB
Processes 1880 (Security.exe)
Type PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5 9fc46e9e9259dd82c72f0c01adab7e87
SHA1 c6d3fcd895aa332cf266f967940379ded55ad441
SHA256 1b485ebeb910f35ddb8db2a1225b4049fcf8281404cc39e532148cf7b654d589
CRC32 A022A000
ssdeep 3072:dj3jo8M1zrdJOPBVjt511aFwxIfMLeUB4wJ812U5:Y8PBVjB4F+IUJ7i
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsDLL - (no description)
  • IsPE64 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name ee475b056cb651e5_bytecodeapi.ui.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\BytecodeApi.UI.dll
Size 76.5KB
Processes 1880 (Security.exe)
Type PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 0ee5c134de6df52fdda8b3be2e3198ba
SHA1 50a67723030e2e2c653cc659db49ab3e7170c692
SHA256 ee475b056cb651e58bba55568e07caf8d26fb38c3ed7e0399e4188febe127825
CRC32 10AE205D
ssdeep 1536:K5hDKEtqZ7gVv6JCk6cM6QWAvDy8LKajPAeMb7cO:wRKEtqvkcM6QWOAeccO
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • Is_DotNET_DLL - (no description)
VirusTotal Search for analysis
Name 35eb77c5983a70f2_$77Security.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\$77Security.exe
Size 54.5KB
Processes 2460 ($77Security.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 12c1eb283c7106b3f2c8b2ba93037a58
SHA1 540fc3c3a0a2cf712e2957a96b8aff4c071b0e7e
SHA256 35eb77c5983a70f24ba87d96685d1e2911b523d5972dfcbccf3e549316ff16f1
CRC32 EFD75F9D
ssdeep 1536:RmNLlP/Say9afj4zbjSl8chqoPbOlgo4Q/:oNLlAm4zbjy8KqoPbOlgxQ/
Yara
  • PE_Header_Zero - PE File Signature
  • Antivirus - Contains references to security software
  • Is_DotNET_EXE - (no description)
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name b2cc4454c0a4fc80_install.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\Install.exe
Size 163.0KB
Processes 1880 (Security.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 1a7d1b5d24ba30c4d3d5502295ab5e89
SHA1 2d5e69cf335605ba0a61f0bbecbea6fc06a42563
SHA256 b2cc4454c0a4fc80b1fc782c45ac7f76b1d95913d259090a2523819aeec88eb5
CRC32 00478A88
ssdeep 3072:TQpsSyjlzA664oL8tIoDJxGtIVORPrdAHjl3+uwF+iBDZ/wXxnTFKe8kaz:TQpsSyjlzfnoNGxGo6PrdAHwtMxn4e8N
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • Vidar_IN - Vidar
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 8eb0b160f927ef53_helper64.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\Helper64.dll
Size 10.5KB
Processes 1880 (Security.exe)
Type PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5 abda48204fcff3e06637a4fe8d169b6f
SHA1 fd792beced0977aa9095d66410803bb1758ff5af
SHA256 8eb0b160f927ef53bcd050d54066a9a9e50ab4006af674d89a94d994b9c09451
CRC32 71751A4E
ssdeep 192:l6HK4aI/apUuxpSCillaiZsYa6KCQCoyG7AyOqM9PD:l6HK4aI/iU8Fgl3ZU63G9OquP
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsDLL - (no description)
  • IsPE64 - (no description)
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 16e2c2c38922ada4_bytecodeapi.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\BytecodeApi.dll
Size 317.5KB
Processes 1880 (Security.exe)
Type PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 5330f2ca77ea587a1a3d14da9a623498
SHA1 ae469532f64a2c4d9347e1879b6599cdb487248d
SHA256 16e2c2c38922ada41528faf33db72027b1fdddf696d901ff9bf7cc443ec5c9ca
CRC32 B07693B2
ssdeep 6144:/XgB4q/DyNPto9yc+1/vsd8DjpwUnvosdiboO6k4Z1a3x:SN/DyZ10d2lwYZHs
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • Is_DotNET_DLL - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis