popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name e33a4b2dd2016b05_4w226f.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\4W226f.exe
Size 2.6MB
Processes 184 (same.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 b05b0c93819da7e2fa89ac4b028abec2
SHA1 f592bd40335076ccfdd40003f3f44c4a3d7a87a2
SHA256 e33a4b2dd2016b05f7b0dabe7af1ddf0776fbc86ef75ba81ed28f6e1c727d00f
CRC32 E5081F48
ssdeep 49152:WdmIEsG2NLmOCKZznO2rlZPSToH4Hoe5/JY8GI/vdov:Emb72pmOCKVlZaTS4HoWlhdo
Yara
  • themida_packer - themida packer
  • PE_Header_Zero - PE File Signature
  • anti_vm_detect - Possibly employs anti-virtualization techniques
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name f1c1ca6cc68860aa_skotes.job
Submit file
Filepath C:\Windows\Tasks\skotes.job
Size 270.0B
Processes 2240 (1c55e8.exe)
Type VAX-order 68k Blit mpx/mux executable
MD5 56e2279cdad581f0f249de28a92db066
SHA1 54ec7c465edd8ea3154415f3e39a9cadbaaaee87
SHA256 f1c1ca6cc68860aaa0196e7873e9d3e5250726c0ca796206118cb7c0c7ebf95e
CRC32 E2BEADD2
ssdeep 6:o/EjlbXE/E/UEZ+lX1CGdKUe6tI4y0lQkldt0:zrkE/Q1CGAFv4VQkzt0
Yara None matched
VirusTotal Search for analysis
Name 234280ffc991114a_3s26w.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP001.TMP\3s26W.exe
Size 1.7MB
Processes 2108 (L3N25.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 b2b25c53809cd8a4d1ad9a4c66dac6cb
SHA1 e1f1d1c7bb790d4d7f43b1ad320815bc3db47286
SHA256 234280ffc991114a1b74687cdf084ba754d826a3f6026aee65c3f21c21d57cf1
CRC32 31DBC978
ssdeep 24576:bYhZe1B6+8Q+XSTR9TDQJ29C7C3Sgzbi8ZMSesantnNHUWwdgDiQ8825XdvyvjGQ:uy98Q+Cl9TDpPPq8ZkJxqq38FwjW/eQ
Yara
  • themida_packer - themida packer
  • PE_Header_Zero - PE File Signature
  • anti_vm_detect - Possibly employs anti-virtualization techniques
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name d6c2d5d21f1df175_m1f68.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP001.TMP\M1f68.exe
Size 3.4MB
Processes 2108 (L3N25.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 2f569098803b6cf7c5005e38c272da71
SHA1 78562fdea114c42992ec8f86f8096d352379d117
SHA256 d6c2d5d21f1df1752ef4cb79a495a18ca32455f08798322fbb9e479cace8e44f
CRC32 C082960A
ssdeep 98304:oQh6hHB1d7PB0Gm9iFmi37PGEuTTE6kWrP:dKHB1d7iG/IA7eE4p
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
  • CAB_file_format - CAB archive file
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 4c4c426a18b567c2_skotes.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\abc3bc1985\skotes.exe
Size 3.1MB
Processes 2240 (1c55e8.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 9382cd7e6ceb76d050bff3005e03b9c3
SHA1 d9151497af31b58947ef7dab3182adccd8f4120c
SHA256 4c4c426a18b567c2f8b8cb31df30313ce0407244f5b5dad4c39ef64dbb543628
CRC32 04D2BD33
ssdeep 49152:NZs31p14BCyFnZ0hHeqKu3ToxMA5ObHKtsY0O:W1YRFnZ0hHeqKuY5ObKOY0O
Yara
  • themida_packer - themida packer
  • PE_Header_Zero - PE File Signature
  • anti_vm_detect - Possibly employs anti-virtualization techniques
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 0a7f99cdea9b6310_l3n25.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\L3N25.exe
Size 5.2MB
Processes 184 (same.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 99b75282f379bdff3121c3aa1d2f817d
SHA1 55e676531a965320ad681382c3c3280756562169
SHA256 0a7f99cdea9b6310e8b7515857e7d58cdfa28c996ae60d2fa84a2cbce86bdfb8
CRC32 1A7C68C9
ssdeep 98304:wn/pH+SOX1uWWmFGm9QyRJ3/rBB7hnzPO9h09k/FHZbInCBejmQht9mqNf3pWol3:wnBnOX1uj4GTqd/NBtoSYFHZbuZjmQh7
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
  • CAB_file_format - CAB archive file
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis