popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name c37cdcb978900d3d_winlogson.exe
Submit file
Filepath C:\ProgramData\Dllhost\winlogson.exe
Size 13.0KB
Processes 2564 (conhost.exe)
Type PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5 ed2fbbe2db9b9b5e4696db342824d9d4
SHA1 1ef6200b2be300fe004b3801eeba1a55e4ecf966
SHA256 c37cdcb978900d3d0180d727e4e02427f595dc69d991cf096648a87d5238bb05
CRC32 AB000BAE
ssdeep 192:RhSK7eJeOTVXRiKzp+BmVjXWHK0j5b53Tg64:RhTqJeOTzi0+BmdWHK0j5V3b4
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
VirusTotal Search for analysis
Name 5da3e513bc696492_logs.uce
Submit file
Filepath C:\logs.uce
Size 347.0B
Processes 2564 (conhost.exe)
Type ASCII text, with CRLF line terminators
MD5 0021ae6fee2c5623f66369bdf37d9f13
SHA1 b93432488f8667f32684b6ce26234ea1cda4e311
SHA256 5da3e513bc696492d198c609dd1ff41e1bf8b037a7c3f54df0474951f77f2a1f
CRC32 2E5AC52B
ssdeep 6:DiYgE/ovKDMcPmriYgE/ovKDMcirT5fhXGT2QSBa5ydXnzAiGUlQPoSx3KAKHX:uwgyXmGwgyaH55GT2Qtyc3T3KAU
Yara None matched
VirusTotal Search for analysis
Name 88302b01f3f609b7_d93f411851d7c929.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size 7.8KB
Processes 2828 (powershell.exe)
Type data
MD5 1785a0b9706caedc37f11c08510833dc
SHA1 9d7e88d674ccc876ab63adaf5ca3712dbd503015
SHA256 88302b01f3f609b72da2e5b81798a9bab10ad8782daf272884362080c3554c8e
CRC32 6654483E
ssdeep 96:4tuCcBGCPDXBqvsqvJCwoNtuCcBGCPDXBqvsEHyqvJCwor/47HwxGlUVul:4tCgXoNtCgbHnorLxY
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis