Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Dropped Files | ZeroBOX

Name	2cc9e3899e2effe1_OfferServiceSDK.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7zS496521CD\OfferServiceSDK.dll
Size	28.9KB
Processes	1684 (op.exe) 660 (installer.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`d1a50cb0c70f8e24a7c09650461a3e57`
SHA1	`fc6e49f99588d202dd73073b64828aadec519587`
SHA256	`2cc9e3899e2effe19ba48950fa3280b20b4aad3ef649cb96c424dfd1f43d8db1`
CRC32	`CB76D0B6`
ssdeep	`768:lvU0G4/tcy5KSRvXgftjtDonwrDonIfKSY:lvU0GrPtJDPrD/f+`
Yara	IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	7b8c76a85261c5f9_TranslateOfferTemplate.tis Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\TranslateOfferTemplate.tis
Size	2.3KB
Processes	1684 (op.exe) 660 (installer.exe)
Type	ASCII text, with CRLF line terminators
MD5	`551029a3e046c5ed6390cc85f632a689`
SHA1	`b4bd706f753db6ba3c13551099d4eef55f65b057`
SHA256	`7b8c76a85261c5f9e40e49f97e01a14320e9b224ff3d6af8286632ca94cf96f8`
CRC32	`005FCED2`
ssdeep	`48:q7FHLieZMup+2U7DbLX50MQJpFncCIyPE2Pt++zKD8:8dWeZM0+2OfTQjFncCJE2PtBzKD8`
Yara	None matched
VirusTotal	Search for analysis

Name	d31388110ffdef2a_OfferInstaller.exe.config Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7zS496521CD\OfferInstaller.exe.config
Size	1.1KB
Processes	1684 (op.exe) 660 (installer.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`dd39824adeb4ff5bcda330f48a1777b9`
SHA1	`ee46838177b0cd7e17c77f1fadb2a516a960af12`
SHA256	`d31388110ffdef2ac150bdf02e69ebf81895d2b0ec8400558601a9e498e05dfc`
CRC32	`BDC96019`
ssdeep	`24:JduG/mh9jnk3Jc3J4YH33Jy34OqsJ+J4YHKJy34OOT:30nnKS4YHJyILsJ+J4YHKJyIvT`
Yara	Malicious_Library_Zero - Malicious_Library
VirusTotal	Search for analysis

Name	e77239dbdcc6762f_ViewStateLoader.tis Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\ViewStateLoader.tis
Size	15.0KB
Processes	1684 (op.exe) 660 (installer.exe)
Type	ASCII text, with CRLF line terminators
MD5	`ef47b355f8a2e6ab49e31e93c587a987`
SHA1	`8cf9092f6bb0e7426279ac465eb1bbee3101d226`
SHA256	`e77239dbdcc6762f298cd5c216a4003cf2aa7b0ef45d364dd558a4bd7f3cdb25`
CRC32	`1A7B0AFE`
ssdeep	`192:ggVOiFMLv6pA12VETqJ7PkPpnc5Timljf5tFaI+9jvm92VETqJ712VWBLi84K4Ey:ggNFXwezljffFaI+9jCWBN4K46Ow6b`
Yara	None matched
VirusTotal	Search for analysis

Name	a6a0b05b1d5c5230_loader.gif Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\images\loader.gif
Size	16.3KB
Processes	1684 (op.exe) 660 (installer.exe)
Type	GIF image data, version 89a, 120 x 120
MD5	`2b26f73d382ab69f3914a7d9fda97b0f`
SHA1	`a3f5ad928d4bec107ae2941fa6b23c69d19eedd0`
SHA256	`a6a0b05b1d5c52303dd3e9e2f9cda1e688a490fbe84ea0d6e22a051ab6efd643`
CRC32	`6498A1F3`
ssdeep	`384:ZnITuNydK/vGIgevnC1TQydIUiKPl8y2m49f03vVa7tyqpfAc0aP7a9:ZXN55ge/CVFpi6Wy219fQvVahfdP7a9`
Yara	None matched
VirusTotal	Search for analysis

Name	b90ea75c72845250_BundleConfig.json Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7zS496521CD\BundleConfig.json
Size	1.3KB
Processes	1684 (op.exe) 660 (installer.exe)
Type	ASCII text, with CRLF line terminators
MD5	`720e816b722b5d82ebfc9dcb44f28f69`
SHA1	`f3a7ec0cc47e7c5da8759e601f617bd2a946fd5b`
SHA256	`b90ea75c7284525014467554cd68b3dca1fa8cd2420013b960e377523a9ab962`
CRC32	`2A1AD77E`
ssdeep	`24:N/FRAY6xOFb2w1arpMQhyNITfxbg/Ap2kWwyt0KLU+ClFuc5iMDqV53XzsLGtqee:1XAv4FbmrnhgI7xbn2wymKGlUcRqDe`
Yara	None matched
VirusTotal	Search for analysis

Name	aa4113da0b93d814_style.css Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\style.css
Size	11.9KB
Processes	1684 (op.exe) 660 (installer.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`fdb25da41967d335a1ea14324d77b2d2`
SHA1	`bf086894de83e740f039ab143f6936dbe462b8e9`
SHA256	`aa4113da0b93d8148f371126a3b62c411f38d7be494f94a568b672340afbfcfb`
CRC32	`64E88F99`
ssdeep	`192:hfGGBIkjEkTiO5sBvH3U4sYbgUaqPIbVDxap1ZYHE9zxagtINFt7//HYC:1jEAs1U4f5aDV1ahf91EFtMC`
Yara	None matched
VirusTotal	Search for analysis

Name	f4ce1887367deabc_sciter32.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7zS496521CD\sciter32.dll
Size	5.1MB
Processes	1684 (op.exe) 660 (installer.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`e72b0f013723cb891f7507f0633631ea`
SHA1	`eb31de8728c0367db584a941f591c608b700e00d`
SHA256	`f4ce1887367deabc6c560cc8c965ff8a335a3b7708a046b44063e6e30dbcc338`
CRC32	`3EA01892`
ssdeep	`98304:yVQINUZjR4HXo0a8K9DxhTe5O4rEdrqNdN7Rs4:3RR4HY0aDrqNdw4`
Yara	Malicious_Library_Zero - Malicious_Library NSIS_Installer - Null Soft Installer Malicious_Packer_Zero - Malicious Packer IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	b0163365c1a3a37a_H2OSciter.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7zS496521CD\H2OSciter.dll
Size	139.4KB
Processes	1684 (op.exe) 660 (installer.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`0b5ec61c8a594bcf411da311ce7c472f`
SHA1	`de906c7aec2fda0efb1a0d21739f4b9d280cd8c9`
SHA256	`b0163365c1a3a37a9ad3a6744bc2851f2a3eabe9cfd5788077aca4e47e7ac385`
CRC32	`56DB3BDD`
ssdeep	`1536:FObpvsRgbXf6gm2TuBmKWTuNe9XPS/DBLRQw1qkuaaf2+b7FoBohf5Qb/6hOwMaf:evnnFDPKb3qE+5xg/XarUtrIBfytEl`
Yara	IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	f8378be90b61292f_DevLib.resources.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7zS496521CD\de\DevLib.resources.dll
Size	21.9KB
Processes	1684 (op.exe) 660 (installer.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`bfc7936b79d5168f2ca58edf91b38efc`
SHA1	`f6da18e4e2e0bd5becc15f9df30069e43678af84`
SHA256	`f8378be90b61292f146ad361081d81ae263cf57454a98075a10e52c383a55f14`
CRC32	`880098AE`
ssdeep	`384:r+2QEOjsCnI7pWCxbWrnnwWRHZWCxbWrnnIWr97SWsalH:UEAItDonwG5DonI8SSH`
Yara	Malicious_Library_Zero - Malicious_Library IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	b73d6238e9a29848_MyDownloader.Core.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7zS496521CD\MyDownloader.Core.dll
Size	68.9KB
Processes	1684 (op.exe) 660 (installer.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`f186e4845cf98bd997f7f4f4096e5765`
SHA1	`6e7d5275f19914cf01fcc70f5d735dd97ac10a8c`
SHA256	`b73d6238e9a29848a438276638d318b766e43d21dc2df1a503b553497a7db4fc`
CRC32	`BFDB1642`
ssdeep	`768:z/nineequbTcsaB8+bfAvCIlATfL99Vi2oc4wjtDonw2hDonImS+:LineezcsaBbfCCRTfL/V5MwJDPaD/k`
Yara	Malicious_Library_Zero - Malicious_Library IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	73ed0be73f408ab8_Log.tis Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\Log.tis
Size	1014.0B
Processes	1684 (op.exe) 660 (installer.exe)
Type	ASCII text, with CRLF line terminators
MD5	`cef7a21acf607d44e160eac5a21bdf67`
SHA1	`f24f674250a381d6bf09df16d00dbf617354d315`
SHA256	`73ed0be73f408ab8f15f2da73c839f86fef46d0a269607330b28f9564fae73c7`
CRC32	`8FFB3F6C`
ssdeep	`12:My/l6pA3Z0F9L0A2Rf/cKcNXQm3RKtJF0FnqspWi464I2+Oc2+Odtu92+O1kE45y:Pn3Z0X4JRf/cTAmhMF0JW6drD/gyxud5`
Yara	None matched
VirusTotal	Search for analysis

Name	effd42c5e471ea37_app.ico Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7zS496521CD\app.ico
Size	766.0B
Processes	1684 (op.exe) 660 (installer.exe)
Type	MS Windows icon resource - 1 icon, 32x64, 4 bits/pixel
MD5	`4003efa6e7d44e2cbd3d7486e2e0451a`
SHA1	`a2a9ab4a88cd4732647faa37bbdf726fd885ea1e`
SHA256	`effd42c5e471ea3792f12538bf7c982a5cda4d25bfbffaf51eed7e09035f4508`
CRC32	`BA645937`
ssdeep	`12:HkaGiU0XpgUSedTpFXxMSFlhP3hdU1JVvKK2EiaAIueyn+C7naioeFue5:TGiUUgjUTpFySFlhP3oJ3X9qL`
Yara	icon_file_format - icon file format
VirusTotal	Search for analysis

Name	f40f91da5479bb87_DevLib.resources.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7zS496521CD\fr\DevLib.resources.dll
Size	21.4KB
Processes	1684 (op.exe) 660 (installer.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`11b92281a999057fa3fd0f2c5ac91a26`
SHA1	`522b3a3eca5ff48f37a6f5142ba5f5784bbf1552`
SHA256	`f40f91da5479bb8727667de820c95836c55e2fa1dc299f6b40006d399c017ab6`
CRC32	`1D3425FA`
ssdeep	`384:IXyI4JGEqQ5XQTW+I7pWCxbWrnnwWrqWCxbWrnnIWfmJSWsaj:wyIxxQmTW9tDonwwqDonIYmSI`
Yara	Malicious_Library_Zero - Malicious_Library IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	76b26701e92a9ca6_GenericSetup.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7zS496521CD\GenericSetup.exe
Size	19.4KB
Processes	1684 (op.exe) 660 (installer.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`dc5c6cc514e5faf7c9f67b23cb739550`
SHA1	`fd65e2cd32280624cc404ea308f78ddeb7d3de2c`
SHA256	`76b26701e92a9ca6c47459ae8c3adbd73779f9079a4b720c325d2fab5ee4eff6`
CRC32	`AAA0D734`
ssdeep	`384:Dlv6I7pWCx4Ww7vGW/dxRWCx4Ww7vKWkaQSWsa29q:DlvxtQvTGQJQvTKIQSFq`
Yara	Is_DotNET_EXE - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	316cc927c92bdc10_DevLib.Services.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7zS496521CD\DevLib.Services.dll
Size	232.4KB
Processes	1684 (op.exe) 660 (installer.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`68680186a2638c7439e62f7873bd2a05`
SHA1	`aaf9d047aa8eab9b0890c5c66778aab82e7d0b38`
SHA256	`316cc927c92bdc104fa41cdcd10ae6cff20373d08bfb748ffbd8ea04b2a71aa0`
CRC32	`A537C74E`
ssdeep	`6144:hsX3Aek1gsWu7UUiXmNJlHrEpMPq7WNcYIV8jx1ywpU:hsXTaPAYcaowpU`
Yara	Malicious_Library_Zero - Malicious_Library IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file Is_DotNET_DLL - (no description) OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	8ace7607ad674a9f_OfferPage.html Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\OfferPage.html
Size	1.5KB
Processes	1684 (op.exe) 660 (installer.exe)
Type	HTML document, ASCII text, with CRLF line terminators
MD5	`46cb27da449f8bd0edcbd92720c6d5e5`
SHA1	`adb4968b5970474560bf65ddfe0bd5b0369248aa`
SHA256	`8ace7607ad674a9f26fdd625801b9e1b9fd10f2d261abdfd912fb0ee61f032fe`
CRC32	`ED1E3973`
ssdeep	`24:0IPe1l3MCXjBvFXdzy93JogMzBvZRcsktGk:0IPeL8CFld+VJH2LwGk`
Yara	None matched
VirusTotal	Search for analysis

Name	9a23979eb2e5d3fa_InstallingPage.html Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\InstallingPage.html
Size	1.6KB
Processes	1684 (op.exe) 660 (installer.exe)
Type	HTML document, ASCII text, with CRLF line terminators
MD5	`182facad1a7a6722f02415f18380159f`
SHA1	`65c1af45c0e817c10104002803b95594fa182c89`
SHA256	`9a23979eb2e5d3fabb1826ed42f4e21dabfe3eb1a239006e826849fc92095ac4`
CRC32	`3713EE5F`
ssdeep	`24:0Iue1l3MCXjBvFXdzy93jL7YyZety6BuZRvEJJrJk:0IueL8CFld+Vcysty02e9k`
Yara	None matched
VirusTotal	Search for analysis

Name	9941cd2a1f6b9dbf_HtmlAgilityPack.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7zS496521CD\HtmlAgilityPack.dll
Size	162.4KB
Processes	1684 (op.exe) 660 (installer.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`a275083c3e74df3641a260a06aaba535`
SHA1	`c717b274e751fa8fbcbfc3ba620cf8c2402c054a`
SHA256	`9941cd2a1f6b9dbf3a3cc5092ce903d160dc2db032c7d0a5cd5acd36ff508eb9`
CRC32	`A9242F1E`
ssdeep	`1536:35GBA6Iwve7y4OqR2+7sa0v/ow+aAVjvXVYloeHhdrlELbgSAUiB7KwYOUZJ5u6z:pGBAb1O8Jk//AVjXVYl3dvFUZebr3q`
Yara	IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	13c3248a834c5f7c_DevLib.resources.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7zS496521CD\ru\DevLib.resources.dll
Size	23.4KB
Processes	1684 (op.exe) 660 (installer.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`3d3ebee857b5952281eaf6b0265fdb38`
SHA1	`668bac77580e02f2fda40d659b0f899ae91ae624`
SHA256	`13c3248a834c5f7c6243ae7369fd2f9a3d4d881943f790502a9b3912d1cad1fe`
CRC32	`A1D8B1E0`
ssdeep	`384:A4Pr8mQNJp8+txX1I7pWCxbWrnnwWz4WCxbWrnnIWjDSWsaWh:XTnQXmtDonw84DonI6S9h`
Yara	Malicious_Library_Zero - Malicious_Library IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	003e0beda739fb97_GenericSetup.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7zS496521CD\GenericSetup.dll
Size	130.9KB
Processes	1684 (op.exe) 660 (installer.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`fd7595ed21bfa07c4d9591771e5e7b9a`
SHA1	`98d10c6bea7c8d9fc4d14fcef0e2fd9fafc1da68`
SHA256	`003e0beda739fb9760cb939dd94c1d32f1f158d0018a85c623aa4c3c90ded20a`
CRC32	`57E4E3D5`
ssdeep	`3072:qDJ1XvQhs0Nn/TThtgSof2qSw3L1ZivIXnVSIg:I/QrXhiSofFL1ZMP`
Yara	IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	0f56d717fea313ee_Newtonsoft.Json.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7zS496521CD\Newtonsoft.Json.dll
Size	481.9KB
Processes	1684 (op.exe) 660 (installer.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`aad594c15911f1554982ee21d55029cf`
SHA1	`0ad06cb604cd4f77bd6ca81a02d585553865d29d`
SHA256	`0f56d717fea313ee94b2a2bbaa2650c5fb225575789f83f54750500cd4f07cb2`
CRC32	`D533A2DA`
ssdeep	`6144:lxDl/HgeQ6iL35JY+fy2zqXZIGjk6qTlyCalnBu8jeguAkMAeC:B/gecNU2zqX6lUB2AkeC`
Yara	IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	91c5a090148bd616_MyDownloader.Extension.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7zS496521CD\MyDownloader.Extension.dll
Size	180.9KB
Processes	1684 (op.exe) 660 (installer.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`15bdd1c6dbee57849faf507d9dcdbf2b`
SHA1	`54d00165cd11709885d266a5def87c76a0976828`
SHA256	`91c5a090148bd616e443aabaf15e5c80d142a8ad993af693283a13b6118c99cb`
CRC32	`6B31D84A`
ssdeep	`3072:quAjNMSC7Mdlszb/0DfV9H8I++Wy/6EAwZZIm11ufs48TVB2F:37rzb/0DfDH8I++Wy/6EAwTIm1gfaY`
Yara	Malicious_Library_Zero - Malicious_Library IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	320a56448860eb32_DevLib.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7zS496521CD\DevLib.dll
Size	74.9KB
Processes	1684 (op.exe) 660 (installer.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`bc324abef123d557ece4efc5a168d452`
SHA1	`33064c1fbd30256dc5e1a5771c6d90b571faa59b`
SHA256	`320a56448860eb32360481a88d8d6ef87d563fd1bd353bd3006aa3054c728d98`
CRC32	`152C4AFE`
ssdeep	`1536:kM8PcXcFBtzMapIhEWVFwZIXjjzZhvCjjKVDPUD/Yn:jocTD4yvzZhavK3n`
Yara	Malicious_Library_Zero - Malicious_Library IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file Is_DotNET_DLL - (no description) OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	8b439cc5bf4db70a_installer.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7zS496521CD\installer.exe
Size	1.6MB
Processes	1684 (op.exe) 660 (installer.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`56e9fd0907c410efa0d1b900530ced6d`
SHA1	`355053bcbd29eed77126ff7239d94c8a991b70da`
SHA256	`8b439cc5bf4db70a29dc68cb2adb72daa747ccbe75e447c2423f7793de69fbcb`
CRC32	`C3B07D9F`
ssdeep	`49152:ov13Hq2ORVsIMUaikqGf7hW6G2GAG/PDZWK5UHXJZyMFIGvU:aaBMPGAGntWA5`
Yara	Malicious_Library_Zero - Malicious_Library ftp_command - ftp command IsPE32 - (no description) PE_Header_Zero - PE File Signature Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	54f1667525366c3c_GenericSetup.exe.config Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7zS496521CD\GenericSetup.exe.config
Size	1.8KB
Processes	1684 (op.exe) 660 (installer.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`c5bb4979ee79c1a681c76afea65c95ed`
SHA1	`d1714ece77da71e377011b9a689af2e0675bb036`
SHA256	`54f1667525366c3c0f21949b406f62097ff9c5b4982a188a1ae5a3b61ae9a59c`
CRC32	`36050C25`
ssdeep	`48:30JkmxugIHjnKS4YHJyILsJ+J4YHKJyIvT:kJkI6zKS4Ypy6sJ+J4YqJyC`
Yara	Malicious_Library_Zero - Malicious_Library
VirusTotal	Search for analysis

Name	e2827a1c6570477f_DevLib.resources.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7zS496521CD\it\DevLib.resources.dll
Size	21.4KB
Processes	1684 (op.exe) 660 (installer.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`ff7be68172b53c68e90d4ef3e91c09a2`
SHA1	`7fccb2e98d63c9b7b9c10787d101ec7757242df7`
SHA256	`e2827a1c6570477f14b27f33111c98ad9cea246bfbc4cfe307ac45f4085fc55e`
CRC32	`3C7AE25D`
ssdeep	`384:edVFrYtw1ElQqI7pWCxbWrnnwWQWCxbWrnnIWxiuSWsazQ:WFrY6nhtDonwzDonImBSr`
Yara	Malicious_Library_Zero - Malicious_Library IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	01c72994650487ba_OfferServiceBLL.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7zS496521CD\OfferServiceBLL.dll
Size	101.9KB
Processes	1684 (op.exe) 660 (installer.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`611faad8e605895d8d34c6d5bb45b648`
SHA1	`15eb53c327268524c32c0e6f86aa3af9f36a0af5`
SHA256	`01c72994650487ba0bad43534f6866b4a32c203b03375d1c67d4a2255a63514d`
CRC32	`B033049F`
ssdeep	`3072:hlZC7s1wmc/tQldCeerhmA/6TMfRmACay70DJ+:fZCQ1RKBM`
Yara	IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file Is_DotNET_DLL - (no description) OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	16b70981d446f454_DynActsBLL.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7zS496521CD\DynActsBLL.dll
Size	20.9KB
Processes	1684 (op.exe) 660 (installer.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`9fdd07a61f28a1649e022a23dadfa375`
SHA1	`23018134936b4363137346be39f89f3350906224`
SHA256	`16b70981d446f4541ed97c85e708e027f05a88a17fecd958ee9be491f313f088`
CRC32	`6F1E5407`
ssdeep	`384:k37oE78jepBafKyLebbGEI7pWCxbWrnnwWqm+WCxbWrnnIWQkSWsaRp:M8kaUyen+tDonw5VDonIESGp`
Yara	IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file Is_DotNET_DLL - (no description) OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	293959c3f8ebb87b_Config.tis Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\Config.tis
Size	102.0B
Processes	1684 (op.exe) 660 (installer.exe)
Type	ASCII text, with CRLF line terminators
MD5	`fb1c09fc31ce983ed99d8913bb9f1474`
SHA1	`bb3d2558928acdb23ceb42950bd46fe12e03240f`
SHA256	`293959c3f8ebb87bffe885ce2331f0b40ab5666f9d237be4791ed4903ce17bf4`
CRC32	`F3992C26`
ssdeep	`3:lSL/15AQumDfAM7/1m1IDfAM7/1iJFLoWPd/:Vcs1aoJqWP5`
Yara	None matched
VirusTotal	Search for analysis

Name	4f849197842619ed_Shared.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7zS496521CD\Shared.dll
Size	228.9KB
Processes	1684 (op.exe) 660 (installer.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`0dd8e9c38cb3410dd31168078adffc61`
SHA1	`ae65a5d368516af72f48d2774d1bb0cdb8183a63`
SHA256	`4f849197842619edf756c5957ed9ac13ac30d876ea540e170899063d92fd11ea`
CRC32	`D72F6F5F`
ssdeep	`6144:cS35yrkMgRE07hGLzd1tqN7phbXcFq/Ds:z1y0hkwN7phcFq/Ds`
Yara	Malicious_Library_Zero - Malicious_Library IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file Is_DotNET_DLL - (no description) OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	ad4773664ecd9295_DevLib.resources.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7zS496521CD\pt\DevLib.resources.dll
Size	21.4KB
Processes	1684 (op.exe) 660 (installer.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`3a90c71e26df1ef102dde3983752cf61`
SHA1	`3748301ee9d3e5ef36dbaf821a04c8120babadd2`
SHA256	`ad4773664ecd9295d5cb71f8469ed5464048e88b29934c858f1f9d2e2fa1bab5`
CRC32	`19E59F85`
ssdeep	`384:bgaJ/HGv9Qus2I7pWCxbWrnnwWykYEWCxbWrnnIWq25SWsaf:xJONgtDonwvEDonIcSs`
Yara	Malicious_Library_Zero - Malicious_Library IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	56739925aada73f9_warning48x48.png Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\images\warning48x48.png
Size	749.0B
Processes	1684 (op.exe) 660 (installer.exe)
Type	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
MD5	`d3361cf0d689a1b34d84f483d60ba9c9`
SHA1	`d89a9551137ae90f5889ed66e8dc005f85cf99ff`
SHA256	`56739925aada73f9489f9a6b72bfaaa92892b27d20f4d221380ba3eae17f1442`
CRC32	`8AED89F7`
ssdeep	`12:6v/7FkmCOh2ryo8L2IL2KXrEw3XCWQk4n1nhRBT1OWvGdzZmr+aP1mHh6MpIA1+y:RlPuo812KXrEwiXk4xh31GdzZmr+a0HH`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	8b6db98fc656949c_2024.11.15_22.24.21.562500_installer_pid=660.txt Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7zS496521CD\2024.11.15_22.24.21.562500_installer_pid=660.txt
Size	9.4KB
Processes	660 (installer.exe)
Type	ASCII text, with CRLF line terminators
MD5	`0968897ee43060de57d1803b414edd1f`
SHA1	`a4be45f74c504451ad43a9987dfccf84bfce25a3`
SHA256	`8b6db98fc656949c18277155242bff71360b65bacedb4397440ccf47d72980f3`
CRC32	`98247B52`
ssdeep	`48:/m7IHmhI7hm+hIShmohILmxIrmCIQmCttmC6bIkmzQmtm+mQ7mVJKIImCtbmC6bm:ZNnH6TtVDxBL0HVLjXk`
Yara	None matched
VirusTotal	Search for analysis

Name	3355aaa66db29234_genericsetup.exe.config Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7zS496521CD\GenericSetup.exe.config
Size	2.0KB
Processes	660 (installer.exe)
Type	XML 1.0 document, ASCII text, with CRLF line terminators
MD5	`34959dff7d7bb83408092db6e5d7a1b6`
SHA1	`347bfc791a815e99cba1eb4b9ec37f5a6d12b47e`
SHA256	`3355aaa66db292342048ba0deae0e6dac4776ae382a9826bc0eed09860747a12`
CRC32	`94E7D878`
ssdeep	`48:cP02Epki1Xn6bQ/tM/IQ2vHKMKI4YHJyIcsJcJ4YHKJyI+:l28kKFFKI4YpytsJcJ4YqJyt`
Yara	Malicious_Library_Zero - Malicious_Library
VirusTotal	Search for analysis

Name	f44c546992d85944_OfferInstaller.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7zS496521CD\OfferInstaller.exe
Size	27.9KB
Processes	1684 (op.exe) 660 (installer.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`31457c0cefad56e514098da380e2dda5`
SHA1	`ea3360fbd326fa63f0b731b213f934da672266f1`
SHA256	`f44c546992d859445b8537b30cdc55dedaaebef91a8e6e5dd2cfbf27d0a7a9d2`
CRC32	`021E5642`
ssdeep	`768:dhXlKYGkQa5tYcF0Kc6KbtDonwEBDonIAS4:d750KclRDPEBD/o`
Yara	Is_DotNET_EXE - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	d16d225dc289aaf0_2024.11.15_22.24.21.562500_installer_pid=660.txt Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7zS496521CD\2024.11.15_22.24.21.562500_installer_pid=660.txt
Size	23.5KB
Processes	660 (installer.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`d06b39bb32131ed2647353377a75baa4`
SHA1	`ca16f07d6ccf876c1b0a6aace4e1bbf490c0771b`
SHA256	`d16d225dc289aaf0ba4a02d87295fe0febc97c120c6ab14bf34eb0b5f898c7bc`
CRC32	`AEF701C6`
ssdeep	`192:ZNnH6TtVDxBL0HVLjXrZiESl6q/6Hezq3ibv+hLzjZjuIDu+:UlEyu`
Yara	None matched
VirusTotal	Search for analysis

Name	ed0c25c6a79641b0_DevLib.resources.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7zS496521CD\es\DevLib.resources.dll
Size	21.4KB
Processes	1684 (op.exe) 660 (installer.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`b152cb68a405cff7fa4c32f751adf209`
SHA1	`14350254e3458e31ee8da5816def9c509c6080af`
SHA256	`ed0c25c6a79641b029fe81a684a4e49ffd96bd66974535193ab9e145c4517cf2`
CRC32	`19150313`
ssdeep	`384:05IGAYKWrdntb3E52I7pWCxbWrnnwWL3WCxbWrnnIWl3rSWsa4H:hV/LtDonwC3DonI8bSD`
Yara	Malicious_Library_Zero - Malicious_Library IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	22c7a278b418b027_DevLib.resources.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7zS496521CD\en\DevLib.resources.dll
Size	17.4KB
Processes	1684 (op.exe) 660 (installer.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`87c2a8de3c78b31c60c47e7170d70646`
SHA1	`22c3589014bde84af44098058cf8889f897cd28d`
SHA256	`22c7a278b418b027627a96331d8fc63606d601e0451df0d17d76791316a7c7f4`
CRC32	`B5E08E24`
ssdeep	`384:2a2I7pWCxbWrnnwWVtpWCxbWrnnIWr2+SWsafcm:3FtDonwaDonIASut`
Yara	Malicious_Library_Zero - Malicious_Library IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	8ef25a490d94a4de_EventHandler.tis Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\EventHandler.tis
Size	10.8KB
Processes	1684 (op.exe) 660 (installer.exe)
Type	ASCII text, with CRLF line terminators
MD5	`0cdeed0a5e5fd8a64cc8d6eaa7a7c414`
SHA1	`2ae93801a756c5e2bcfda128f5254965d4eb25f8`
SHA256	`8ef25a490d94a4de3f3d4a308c106b7435a7391099b3327e1fdfde8beef64933`
CRC32	`AB30ED6B`
ssdeep	`192:/kKclXboB4HWkYmExWNxExWHUP83pGWynHkWkiykiOk4xMd/OIj/YFf+s:iPfYYFk83pLyHRByBOXxMd/OILYFB`
Yara	None matched
VirusTotal	Search for analysis

Name	eedc08e61270149b_Microsoft.Win32.TaskScheduler.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7zS496521CD\Microsoft.Win32.TaskScheduler.dll
Size	303.4KB
Processes	1684 (op.exe) 660 (installer.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`3907d3c77489e3cf63441eac6bdae223`
SHA1	`00bf790b0b871f90dc876880e43485be49bea9bc`
SHA256	`eedc08e61270149b7ba20f779720279830eeafec464f98054f85dd23a5493dcf`
CRC32	`9A831454`
ssdeep	`6144:RG07E8NW93vlxjYULsxwwnpfmEtXqMDYr5vnA+19afZM:pE73vPYULsxwwnpfmEtXqMuvFkfO`
Yara	Malicious_Library_Zero - Malicious_Library IsDLL - (no description) Antivirus - Contains references to security software IsPE32 - (no description) PE_Header_Zero - PE File Signature NorthKorea_Zero - Maybe it's North Korea File UPX_Zero - UPX packed file Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis