popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 81de043323b0121c_xclient.lnk
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XClient.lnk
Size 725.0B
Processes 1460 (XClient.exe)
Type MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Mon Jan 6 00:32:23 2025, mtime=Mon Jan 6 00:32:23 2025, atime=Mon Jan 6 00:32:23 2025, length=41984, window=hide
MD5 760565ed09f3dff5c2466ba98482a977
SHA1 3c877d3194f85f7dfe8fd2eb15f47535f0a49b7b
SHA256 81de043323b0121c137d336f51aa0343933a7418654df82e226fba8821bf0f02
CRC32 A90424BA
ssdeep 12:89kcHKR4cZCrR8EvSErp8SLYXrMuizCCOLAHkqEgAuP:86usERdJp9grMNzNqqEHuP
Yara
  • lnk_file_format - Microsoft Windows Shortcut File Format
  • Lnk_Format_Zero - LNK Format
VirusTotal Search for analysis
Name fdefedd8f02446dd_xclient.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\XClient.exe
Size 41.0KB
Processes 1460 (XClient.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 2e525ccebf9ede7492931251eb66571a
SHA1 a0598bffa349759fb3dcf130cf93ed41a3c3d8f4
SHA256 fdefedd8f02446dd47723f4b1829f685f64e76b9d29002545dd4c5d5257eae29
CRC32 B4145E8C
ssdeep 768:hJn0mOvGjMI5r2NpaNFu9vsOChR6RklT:ht0raCNaFu9vsOCLYmT
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Antivirus - Contains references to security software
  • Is_DotNET_EXE - (no description)
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis