popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 81e31780a5f20782_y-cleaner.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\s0d7Edv2FGKES7AF5\Y-Cleaner.exe
Size 987.5KB
Processes 2580 (AcroRd32.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 f49d1aaae28b92052e997480c504aa3b
SHA1 a422f6403847405cee6068f3394bb151d8591fb5
SHA256 81e31780a5f2078284b011c720261797eb8dd85e1b95a657dbce7ac31e9df1f0
CRC32 BF7BD674
ssdeep 24576:oKvQFvJPmvQFv9qO7cvDFoiqO7UaaalF0vwqO7VWGZKl2HP:oKvgRPmvg0OIvRGOh0vJOZWGwl2HP
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Is_DotNET_EXE - (no description)
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 51fccea8735432e2_unins000.dat
Submit file
Filepath C:\Users\test22\AppData\Local\DataBase Recovery 1.0.5.29\uninstall\unins000.dat
Size 5.0KB
Processes 2792 (TUkPBSjq98t.tmp)
Type data
MD5 d394c4a50dbdd8096cb03edf9b77b683
SHA1 a5d67ac180fb12a5f5d3d3ea1706044721c55e8b
SHA256 51fccea8735432e2ee0e21780dc81a492947faa712c5c3fe044f63cfca686107
CRC32 71D3633E
ssdeep 96:l8EWDzwprG6B9WI+eOIhOa7ICSss/Ln8mGq1A:l8EWDUpr0xHIh5ICSsAn8RqG
Yara None matched
VirusTotal Search for analysis
Name 068311a498f83965_dbrecovery29.exe
Submit file
Filepath c:\users\test22\appdata\local\database recovery 1.0.5.29\dbrecovery29.exe
Size 5.2MB
Processes 2792 (TUkPBSjq98t.tmp)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 831dae226f7e0131878786d8ba3ea2ae
SHA1 eb4e09af79f97627b93f207777a879610beb348b
SHA256 068311a498f8396526ca85f199160f271c9c62dd4264adb4c5b2dce1bc3727c1
CRC32 38AAF586
ssdeep 98304:MzPCZ+/peFUIwBAI3EJjSoO7n2RQlOc13vizq6dBY6cEWARXQ4m+jKP4E9iKavf5:MzsWBAI3EJjSoU2RQQI6hU
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name ff6507a53076a9c3_qt5printsupport.dll
Submit file
Filepath c:\users\test22\appdata\local\database recovery 1.0.5.29\qt5printsupport.dll
Size 221.0KB
Processes 2792 (TUkPBSjq98t.tmp)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 0e2c47a16bc8ed754e810feaeff64e0d
SHA1 7c23f3c5dd8e613db1b426fae98d0fdc0226068e
SHA256 ff6507a53076a9c33d7ae07cde0e876e1ad5b81a2da18ebdc24608e79b4bbf0e
CRC32 A6E659BA
ssdeep 6144:dN8sMIcF8WExUx855gVPXQj5zxXhvRrxVEYnRWmgZvgiLMOnf:dNL9e8W4UMiV
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 173092c4e256958b_icuin51.dll
Submit file
Filepath c:\users\test22\appdata\local\database recovery 1.0.5.29\icuin51.dll
Size 1.7MB
Processes 2792 (TUkPBSjq98t.tmp)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 a7f201c0b9ac05e950ecc55d4403ec16
SHA1 20b5b9aefd27b11bd129af6bf362d11dffafa5e5
SHA256 173092c4e256958b100683a6ab2ce0d1c9895ec63f222198f9de485e61c728ca
CRC32 4F7C7B0D
ssdeep 24576:7GWPHUAzlcNk0BjXxOKWf8e4VY/+AnattjtpKFJ/t:FPHUGOkIxOKW5OXlKHV
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name d55e86610dcad29c_r8ot56wnpt.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\q8gKvYOtMv\R8ot56WNPt.exe
Size 4.5KB
Processes 2580 (AcroRd32.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 f328a95046e3a2514c36347eaec911c0
SHA1 8ec9c18384ca1e08a397bf7b3d46b6d784669ef0
SHA256 d55e86610dcad29c3d2857d9dae91aa51228b1fa001ea2d7bda88b9a2b5570a9
CRC32 8920353E
ssdeep 48:65uxic/UNMSAjItYiA254tdqlkCuFCpfbNtm:cc9jItYbaC+zNt
Yara
  • PE_Header_Zero - PE File Signature
  • Is_DotNET_EXE - (no description)
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name ea1c89604efcf843_TUkPBSjq98t.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\is-8TGGH.tmp\TUkPBSjq98t.tmp
Size 694.5KB
Processes 2704 (TUkPBSjq98t.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 e81d8f69e63fc48ae0af9b628b063f83
SHA1 6a5c33610e98ec0f7b81df15e95a10391783c375
SHA256 ea1c89604efcf8433bfafb7c89b9c614aae21a71dda5a2ea430e1fa036cc6fed
CRC32 9FAF625A
ssdeep 12288:bQfCh1/aLmSKrPD37zzH2A6QGgx/bsQeq9KgERkVfzrrNV4blS4/Nat/yxyR:bQqh1yLmSKrPD37zzH2A6QD/InqggE2j
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet
  • IsPE32 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
  • mzp_file_format - MZP(Delphi) file format
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name ee1d7d8f396d627f_libegl.dll
Submit file
Filepath c:\users\test22\appdata\local\database recovery 1.0.5.29\libegl.dll
Size 47.0KB
Processes 2792 (TUkPBSjq98t.tmp)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 eae56b896a718c3bc87a4253832a5650
SHA1 4987d30e08490b3c5f356f47c33061e2f7e608c9
SHA256 ee1d7d8f396d627fee7dcf2655fb5acfe5a1ee2a5deeda764ef311e75b94cea1
CRC32 2929D644
ssdeep 768:Ydp3loIiS+gbIdX9h9btywVT+0sdfLKc/IQiInhtTaQotOnKOdHGd3:YH3llRbIdth9JjTvsFec/IYhtuztOnpW
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 16574f51785b0e2f_sqlite3.dll
Submit file
Filepath c:\users\test22\appdata\local\database recovery 1.0.5.29\sqlite3.dll
Size 630.5KB
Processes 2792 (TUkPBSjq98t.tmp)
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 e477a96c8f2b18d6b5c27bde49c990bf
SHA1 e980c9bf41330d1e5bd04556db4646a0210f7409
SHA256 16574f51785b0e2fc29c2c61477eb47bb39f714829999511dc8952b43ab17660
CRC32 9F30A75E
ssdeep 12288:i0zrcH2F3OfwjtWvuFEmhx0Cj37670jwX+E7tFKm0qTYh:iJUOfwh8u9hx0D70NE7tFTYh
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 18af2deade9cc5cf_tukpbsjq98t.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\xvIpS\TUkPBSjq98t.exe
Size 5.1MB
Processes 2580 (AcroRd32.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 c6a56dcb474281ae9d82585cf5882fe2
SHA1 73f8966cd192d05d479bc75444e155c588d9d900
SHA256 18af2deade9cc5cf25a457c307eeefe77ebe96b8da2f6dd588f5cc57c6e7113a
CRC32 01F24CA5
ssdeep 98304:3s6kpm/VYm2U16wCAMrlCuBw+RfC+5i76fAYbP7DkJeaUkZNdJKXSym3XMEIpFRx:JN/SyTvECuZfC+5i76fAIPXrCCS33EnP
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet
  • IsPE32 - (no description)
  • mzp_file_format - MZP(Delphi) file format
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 4027dd8ec4a72404_ycl.lnk
Submit file
Filepath C:\Users\test22\Desktop\YCL.lnk
Size 2.0KB
Processes 2580 (AcroRd32.exe)
Type MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Icon number=0, Archive, ctime=Mon Feb 10 16:40:27 2025, mtime=Mon Feb 10 16:40:27 2025, atime=Mon Feb 10 16:40:27 2025, length=1011200, window=hide
MD5 a74139d2b7cae80a6ea958622a535481
SHA1 aab9d22f49a0739234b27f933b9c9a6eea978d97
SHA256 4027dd8ec4a7240481948761ed48a0d53bc3b413963c1b9e357af03712d3b4e2
CRC32 92B29137
ssdeep 24:8NsERdW/RuV0ShzIcKMIzNR/dL1VhbYVhVO4Z/2qVhU6PyV:8Nsd/RuSqXKMIpRbrbYrVZOqrnyV
Yara
  • Antivirus - Contains references to security software
  • Lnk_Format_Zero - LNK Format
  • lnk_file_format - Microsoft Windows Shortcut File Format
VirusTotal Search for analysis
Name 32b0acdf551507b4_qt5concurrent.dll
Submit file
Filepath c:\users\test22\appdata\local\database recovery 1.0.5.29\qt5concurrent.dll
Size 18.0KB
Processes 2792 (TUkPBSjq98t.tmp)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 c5735f75847667e33a6b2d5e50d19c6f
SHA1 d2c5952138fa5a246ec5900c9e680e7aeaf099af
SHA256 32b0acdf551507b4a8b9bd0467befdc2539c776e3f48221f0b577499f6eae616
CRC32 72CAE15C
ssdeep 384:lLKSmUAPRD6PA/GKge44+4yif7DOnFPV5kzaOCSSZ:IVH/D4z4yG7DOnFdKaO6Z
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 9884e9d1b4f8a873__shfoldr.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\is-J5134.tmp\_isetup\_shfoldr.dll
Size 22.8KB
Processes 2792 (TUkPBSjq98t.tmp)
Type PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5 92dc6ef532fbb4a5c3201469a5b5eb63
SHA1 3e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA256 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
CRC32 AE2C3EC2
ssdeep 384:+Vm08QoKkiWZ76UJuP71W55iWHHoSHigH2euwsHTGHVb+VHHmnH+aHjHqLHxmoq1:2m08QotiCjJuPGw4
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 2357806ca24c9d31_icuuc51.dll
Submit file
Filepath c:\users\test22\appdata\local\database recovery 1.0.5.29\icuuc51.dll
Size 1.2MB
Processes 2792 (TUkPBSjq98t.tmp)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 dae4100039a943128c34ba3e05f6cd02
SHA1 22b25c997c8204ca104cb72d98bc7fe57ea02b48
SHA256 2357806ca24c9d3152d54d34270810da9d9ca943462ebf7291ae06a10e5cb8ba
CRC32 0850898A
ssdeep 24576:DCYW9S/7mMcs50Mf+Av1gQp3Y6ZBGB6riFv9Kk2HPmOh:DCw/8s0IaQp3Y6ZBj+Kf
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 06bbe605d7b0ef04_libglesv2.dll
Submit file
Filepath c:\users\test22\appdata\local\database recovery 1.0.5.29\libglesv2.dll
Size 711.5KB
Processes 2792 (TUkPBSjq98t.tmp)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 a73ee126b2e6d43182d4c3482899d338
SHA1 998f61112f911b050f7e07021f58aab4f64c5d36
SHA256 06bbe605d7b0ef044871633b496948a8d65c78661e457d0844dc434a0609f763
CRC32 B0C1188D
ssdeep 12288:HgCO4mFq3kAVoYQVggbGAoTbmnuNfMxJWVtrKnffO9Py0n4wj:AcmFq37JQOTbZpaffOFy0n4G
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 2f6294f9aa09f59a__iscrypt.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\is-J5134.tmp\_isetup\_iscrypt.dll
Size 2.5KB
Processes 2792 (TUkPBSjq98t.tmp)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 a69559718ab506675e907fe49deb71e9
SHA1 bc8f404ffdb1960b50c12ff9413c893b56f2e36f
SHA256 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc
CRC32 FB05FA3A
ssdeep 24:e1GSgDIX566lIB6SXvVmMPUjvhBrDsqZ:SgDKRlVImgUNBsG
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name d769fafa2b3232de_msvcp100.dll
Submit file
Filepath c:\users\test22\appdata\local\database recovery 1.0.5.29\msvcp100.dll
Size 411.3KB
Processes 2792 (TUkPBSjq98t.tmp)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 e3c817f7fe44cc870ecdbcbc3ea36132
SHA1 2ada702a0c143a7ae39b7de16a4b5cc994d2548b
SHA256 d769fafa2b3232de9fa7153212ba287f68e745257f1c00fafb511e7a02de7adf
CRC32 2492E74F
ssdeep 12288:zNb8zxr1aWPaHX7dGP57rhUgiW6QR7t5qv3Ooc8UHkC2ejGH:zNb8Fpa6aHX7dGP5Kv3Ooc8UHkC2eKH
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name f1b3e0f2750a9103_bunifu_ui_v1.5.3.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\s0d7Edv2FGKES7AF5\Bunifu_UI_v1.5.3.dll
Size 236.5KB
Processes 2580 (AcroRd32.exe)
Type PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 2ecb51ab00c5f340380ecf849291dbcf
SHA1 1a4dffbce2a4ce65495ed79eab42a4da3b660931
SHA256 f1b3e0f2750a9103e46a6a4a34f1cf9d17779725f98042cc2475ec66484801cf
CRC32 8476A72A
ssdeep 6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • ILProtector_Packer - ILProtector Packer
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • Is_DotNET_DLL - (no description)
VirusTotal Search for analysis
Name 7bfd21042fbef712_unins000.exe
Submit file
Filepath c:\users\test22\appdata\local\database recovery 1.0.5.29\uninstall\unins000.exe
Size 705.7KB
Processes 2792 (TUkPBSjq98t.tmp)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 4d6e68456766e7251414c8ef471ccea9
SHA1 10b732b27ba082edf9cfa3d1885cb0e162490c67
SHA256 7bfd21042fbef712dd8ec13a244f2834fcdf7d9783033119ac73370cc9cd257d
CRC32 45782CA2
ssdeep 12288:jQfCh1/aLmSKrPD37zzH2A6QGgx/bsQeq9KgERkVfzrrNV4blS4/Nat/yxyRh:jQqh1yLmSKrPD37zzH2A6QD/InqggE2d
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet
  • IsPE32 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
  • mzp_file_format - MZP(Delphi) file format
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 388a796580234efc__setup64.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\is-J5134.tmp\_isetup\_setup64.tmp
Size 6.0KB
Processes 2792 (TUkPBSjq98t.tmp)
Type PE32+ executable (console) x86-64, for MS Windows
MD5 e4211d6d009757c078a9fac7ff4f03d4
SHA1 019cd56ba687d39d12d4b13991c9a42ea6ba03da
SHA256 388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95
CRC32 2CDCC338
ssdeep 96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 60c06e0fa4449314_msvcr100.dll
Submit file
Filepath c:\users\test22\appdata\local\database recovery 1.0.5.29\msvcr100.dll
Size 755.8KB
Processes 2792 (TUkPBSjq98t.tmp)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 bf38660a9125935658cfa3e53fdc7d65
SHA1 0b51fb415ec89848f339f8989d323bea722bfd70
SHA256 60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa
CRC32 14EE1F12
ssdeep 12288:yMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BV0eAI:dmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV4I
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis