popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name a113f192195f245f_vcruntime140_1.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\onefile_1372_133788430378906250\vcruntime140_1.dll
Size 48.4KB
Processes 1372 (l4.exe)
Type PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5 f8dfa78045620cf8a732e67d1b1eb53d
SHA1 ff9a604d8c99405bfdbbf4295825d3fcbc792704
SHA256 a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5
CRC32 845F4C63
ssdeep 768:wPIyGVrxmKqOnA4j3z6Su77A+i0QLxi9z9Rtii9zn+:fBr87uW1nA8QLx+zrti+zn+
Yara
  • IsDLL - (no description)
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name cb15d6cc7268d3a0__bz2.pyd
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\onefile_1372_133788430378906250\_bz2.pyd
Size 83.3KB
Processes 1372 (l4.exe)
Type PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5 30f396f8411274f15ac85b14b7b3cd3d
SHA1 d3921f39e193d89aa93c2677cbfb47bc1ede949c
SHA256 cb15d6cc7268d3a0bd17d9d9cec330a7c1768b1c911553045c73bc6920de987f
CRC32 B11E2CB9
ssdeep 1536:Iyhz79151BVo1vXfzIFnaR4bO1As0n8qsjk+VIMCVl7SyVx7:/hzx15evXkuxAP8qMk+VIMCVlJ
Yara
  • IsDLL - (no description)
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 73b7ee3156ef63d6__wmi.pyd
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\onefile_1372_133788430378906250\_wmi.pyd
Size 36.8KB
Processes 1372 (l4.exe)
Type PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5 827615eee937880862e2f26548b91e83
SHA1 186346b816a9de1ba69e51042faf36f47d768b6c
SHA256 73b7ee3156ef63d6eb7df9900ef3d200a276df61a70d08bd96f5906c39a3ac32
CRC32 88C24729
ssdeep 768:rUmqQhTcYr6NxO0VIMCit5YiSyv4YmAJAMxkEn:Im7GBNxO0VIMCiz7SyQYmQxz
Yara
  • IsDLL - (no description)
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 00bd8bb6dec8c291_select.pyd
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\onefile_1372_133788430378906250\select.pyd
Size 30.3KB
Processes 1372 (l4.exe)
Type PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5 7c14c7bc02e47d5c8158383cb7e14124
SHA1 5ee9e5968e7b5ce9e4c53a303dac9fc8faf98df3
SHA256 00bd8bb6dec8c291ec14c8ddfb2209d85f96db02c7a3c39903803384ff3a65e5
CRC32 3BA695BE
ssdeep 384:IyRVBC9t6Lhz64CHf2slDT90Y5IMQGCHQIYiSy1pCQFm/AM+o/8E9VF0Ny/r5n+/:LGyKHfx1H5IMQGY5YiSyv4AMxkEFNnq
Yara
  • IsDLL - (no description)
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 4e5d5d20d6d31e72_libcrypto-3.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\onefile_1372_133788430378906250\libcrypto-3.dll
Size 5.0MB
Processes 1372 (l4.exe)
Type PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5 123ad0908c76ccba4789c084f7a6b8d0
SHA1 86de58289c8200ed8c1fc51d5f00e38e32c1aad5
SHA256 4e5d5d20d6d31e72ab341c81e97b89e514326c4c861b48638243bdf0918cfa43
CRC32 2AE9411E
ssdeep 98304:/V+Qs2NuR5YV0L8PQ1CPwDvt3uFlDC4SC9c:9rs2NuDYV0L841CPwDvt3uFlDC4SCa
Yara
  • IsDLL - (no description)
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name bf669344d1b1c607_unicodedata.pyd
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\onefile_1372_133788430378906250\unicodedata.pyd
Size 1.1MB
Processes 1372 (l4.exe)
Type PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5 a8ed52a66731e78b89d3c6c6889c485d
SHA1 781e5275695ace4a5c3ad4f2874b5e375b521638
SHA256 bf669344d1b1c607d10304be47d2a2fb572e043109181e2c5c1038485af0c3d7
CRC32 76C4F8DF
ssdeep 12288:arEHdcM6hbuCjJ43w9hIpCQvb0QN8MdIEQ+U2BNNmD+99FfcAIU:arEXDCjfk7bPNfv42BN6yzUAIU
Yara
  • IsDLL - (no description)
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 4d292623516f65c8_vcruntime140.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\onefile_1372_133788430378906250\vcruntime140.dll
Size 116.4KB
Processes 1372 (l4.exe)
Type PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5 be8dbe2dc77ebe7f88f910c61aec691a
SHA1 a19f08bb2b1c1de5bb61daf9f2304531321e0e40
SHA256 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83
CRC32 CCAF35C5
ssdeep 1536:+qvQ1Dj2DkX7OcujarvmdlYNABCmgrP4ddbkZIecbWcFML/UXzlghzdMFw84hzk:+qvQ1D2CreiABCmgYecbWVLUD6h+b4ho
Yara
  • Malicious_Library_Zero - Malicious_Library
  • IsDLL - (no description)
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name a46189c5bd030202__lzma.pyd
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\onefile_1372_133788430378906250\_lzma.pyd
Size 156.3KB
Processes 1372 (l4.exe)
Type PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5 9e94fac072a14ca9ed3f20292169e5b2
SHA1 1eeac19715ea32a65641d82a380b9fa624e3cf0d
SHA256 a46189c5bd0302029847fed934f481835cb8d06470ea3d6b97ada7d325218a9f
CRC32 9FBCC255
ssdeep 3072:ssvkxujgo7e2uONOG+hi+CTznfF9mNoDXnmbuVIMZ10L:snu0o7JUCNYOD2Kg
Yara
  • IsDLL - (no description)
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 151524f6c1d1aeac_l4.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\onefile_1372_133788430378906250\l4.exe
Size 5.9MB
Processes 1372 (l4.exe)
Type PE32+ executable (console) x86-64, for MS Windows
MD5 63c4e3f9c7383d039ab4af449372c17f
SHA1 f52ff760a098a006c41269ff73abb633b811f18e
SHA256 151524f6c1d1aeac530cfd69de15c3336043dc8eb3f5aeaa31513e24bfd7acdd
CRC32 5C13E1C5
ssdeep 98304:OSoY112XQr2fqDVS1K17UpJwIX4OzWObPPumo0:doq1QQSfqDVgX
Yara
  • Malicious_Library_Zero - Malicious_Library
  • wget_command - wget command
  • ftp_command - ftp command
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name c045b57348c21f5f_python312.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\onefile_1372_133788430378906250\python312.dll
Size 6.6MB
Processes 1372 (l4.exe)
Type PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5 166cc2f997cba5fc011820e6b46e8ea7
SHA1 d6179213afea084f02566ea190202c752286ca1f
SHA256 c045b57348c21f5f810bae60654ae39490846b487378e917595f1f95438f9546
CRC32 A8D08B9D
ssdeep 49152:mRSn173WIgXqQYRn0I+gaYFD0iRpIrCMEGXgeieBwHTuJTA8LbLH7ft4OCLj8j4V:mIn8hYEgw8Ij887GlSvBHDMiEruuln
Yara
  • Malicious_Library_Zero - Malicious_Library
  • IsDLL - (no description)
  • IsPE64 - (no description)
  • anti_vm_detect - Possibly employs anti-virtualization techniques
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 43acecdc00dd5f9a__hashlib.pyd
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\onefile_1372_133788430378906250\_hashlib.pyd
Size 64.8KB
Processes 1372 (l4.exe) 1236 (explorer.exe)
Type PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5 a25bc2b21b555293554d7f611eaa75ea
SHA1 a0dfd4fcfae5b94d4471357f60569b0c18b30c17
SHA256 43acecdc00dd5f9a19b48ff251106c63c975c732b9a2a7b91714642f76be074d
CRC32 548A8C80
ssdeep 1536:9PgLpgE4Z27jHZWZnEmoANIMOIi7SyAx2:9EtHZeEmoANIMOIit
Yara
  • IsDLL - (no description)
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 67aca001d36f2fce__socket.pyd
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\onefile_1372_133788430378906250\_socket.pyd
Size 81.8KB
Processes 1372 (l4.exe) 1236 (explorer.exe)
Type PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5 69801d1a0809c52db984602ca2653541
SHA1 0f6e77086f049a7c12880829de051dcbe3d66764
SHA256 67aca001d36f2fce6d88dbf46863f60c0b291395b6777c22b642198f98184ba3
CRC32 8CAEC54E
ssdeep 1536:mOYhekrkJqlerLSyypHf9/s+S+pzMii/n1IsJqKN5IMLwoR7SygCxkWN:vwkJqHyypHf9/sT+pzMiE1IwdN5IMLw0
Yara
  • IsDLL - (no description)
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name da8bb3d54bbba20d__decimal.pyd
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\onefile_1372_133788430378906250\_decimal.pyd
Size 251.3KB
Processes 1372 (l4.exe)
Type PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5 7ae94f5a66986cbc1a2b3c65a8d617f3
SHA1 28abefb1df38514b9ffe562f82f8c77129ca3f7d
SHA256 da8bb3d54bbba20d8fa6c2fd0a4389aec80ab6bd490b0abef5bd65097cbc0da4
CRC32 6E03A7C8
ssdeep 6144:/CxJS14bteS9B+ApcG0Qos0KR29py9qWM53pLW1AZHVHMhhhKoDStGwL0zsWD:/aeS9B+HQosbY9FfHVHXfEsWD
Yara
  • IsDLL - (no description)
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis