Dropped Files | ZeroBOX
Name b4cba17e11233333_ICSharpCode.SharpZipLib.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\ICSharpCode.SharpZipLib.dll
Size 184.0KB
Processes 2040 (update.exe)
Type PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 70ecb43c490ed5b16dafaff662bf7653
SHA1 7306f3b64daf3cb0c4b96df281f0189af81c73f8
SHA256 b4cba17e1123333356bf7e80a20e3adffd8ec335c14da1a249d1b10f3d7cfd0b
CRC32 4F79E381
ssdeep 3072:rJ613DnPspO8dsZ4olHTfEVFU6Vuu0tzbCwzayDwVqSrgIN4fICG:RO8d6ljEV+6Vu/dW
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • Is_DotNET_DLL - (no description)
VirusTotal Search for analysis
Name 051099983b896673_Ad.Credit Updater.exe.config
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\Ad.Credit Updater.exe.config
Size 174.0B
Processes 2040 (update.exe)
Type XML 1.0 document, ASCII text, with CRLF line terminators
MD5 2a2df45a07478a1c77d5834c21f3d7fd
SHA1 f949e331f0d75ba38d33a072f74e2327c870d916
SHA256 051099983b896673909e01a1f631b6652abb88da95c9f06f3efef4be033091fa
CRC32 1681F272
ssdeep 3:vFWWMNHU8LdgCQcIMOoIRuQVK/FNURAmIRMNHjFHr0lUfEyhTRpFKGKWREBAW4QA:TMVBd1IffVKNC7VJdfEyFRpwIuAW4QIT
Yara None matched
VirusTotal Search for analysis
Name dc1c9337435fa372_Office.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\Office.dll
Size 446.6KB
Processes 2040 (update.exe)
Type PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 819a773f2e255e8d653174b5994f5454
SHA1 8d53158a611411131c17c6094c81e21c586b7f3d
SHA256 dc1c9337435fa37201dbb8c012e0397e0a1bae7273305ca397feed566ba0f9e9
CRC32 405D9D80
ssdeep 12288:kdibwbpYvAwcjOvNCsFHHEH0wLZ8rwGXQVcyjlNSOnR5:kdibwbpYvAwcjOvFE9ZkwGXQ/5
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • Is_DotNET_DLL - (no description)
VirusTotal Search for analysis
Name 2196b89a00622534_Ad.Credit Updater.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\Ad.Credit Updater.exe
Size 711.0KB
Processes 2040 (update.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 56cac3c7ce703f18405bf8033a5666cb
SHA1 5f9c973273784feab0be0b574076c36fb972bc5a
SHA256 2196b89a006225345decfb16e9acd292394d7931381198597e1b42e6d34b82af
CRC32 436FEF5D
ssdeep 3072:vSUutndGcyNq5tg2iO48NrsxzOrbrC2iO48NrsxzOrbrWx+3K6PPPPCU6pIZH/2w:aUmndGnq5koIoaxuKzUUI1VoxLmBD
Yara
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • Is_DotNET_EXE - (no description)
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name e1e27af7b07eeedf_Newtonsoft.Json.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\Newtonsoft.Json.dll
Size 695.3KB
Processes 2040 (update.exe)
Type PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 195ffb7167db3219b217c4fd439eedd6
SHA1 1e76e6099570ede620b76ed47cf8d03a936d49f8
SHA256 e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d
CRC32 B76210F4
ssdeep 12288:GBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTUO:GBjk38WuBcAbwoA/BkjSHXP36RMG/
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • Is_DotNET_DLL - (no description)
VirusTotal Search for analysis
Name d521fd8f381f5547_ADC_TASKBAR.ico
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\ADC_TASKBAR.ico
Size 109.4KB
Processes 2040 (update.exe)
Type MS Windows icon resource - 6 icons, 256x256 withPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 128x128, 32 bits/pixel
MD5 b7010101f1738b951d46a06135b048d7
SHA1 87337e0c083b0e2a3931d2bacd6741089f9a2564
SHA256 d521fd8f381f5547c31f7664ea55d9d267ff449fc398d02f6b65bf34619bece0
CRC32 766366A2
ssdeep 768:X4FWP2iZElNPAUWh4F+IIDkiUzPs5Iu5iOsFNIIMsbmCAd:IFWP2iO48+I8WrsxzOS6bmCe
Yara
  • icon_file_format - icon file format
VirusTotal Search for analysis
Name e8c88b0448083663_System.CodeDom.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\System.CodeDom.dll
Size 30.3KB
Processes 2040 (update.exe)
Type PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 59c830ac0d99f8c906292de85f804b84
SHA1 68b6740e6ce97de8b1398f3a6e320940a0e16458
SHA256 e8c88b0448083663910587efeacb6a1977749fe3ffe83b263fc01f7b63d7dfd2
CRC32 E40E2605
ssdeep 384:FuE8ujCiLMTPji3h8241EEqYC0iIcwBxehzsCtZ7U6r1fDMqyt5/WduWTTb2HRNq:FDBCi4TWaveEqYChzZpgRoj/iP9zgBV
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • Is_DotNET_DLL - (no description)
VirusTotal Search for analysis