popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name e19781aabe466dd8__isdecmp.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\is-5T67G.tmp\_isetup\_isdecmp.dll
Size 13.0KB
Processes 2076 (TestLAB.tmp)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 a813d18268affd4763dde940246dc7e5
SHA1 c7366e1fd925c17cc6068001bd38eaef5b42852f
SHA256 e19781aabe466dd8779cb9c8fa41bbb73375447066bb34e876cf388a6ed63c64
CRC32 03FC4C88
ssdeep 384:BXvhMwoSitz/bjx7yxnbdn+EHvbsHoOODCg:BZ7FEAbd+EDsIO
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name a1574bd1c7b2d072_difxapi.dll
Submit file
Filepath c:\users\test22\appdata\roaming\{ea11343b-b7fa-4762-9963-c343d36a91da}\difxapi.dll
Size 689.0KB
Processes 2260 (TestLAB.tmp)
Type PE32+ executable (DLL) (GUI) Intel Itanium, for MS Windows
MD5 eb568732c7f20c2f96059935785a21e5
SHA1 dd08b69db910796e50fa73d74d1519ec68c745a7
SHA256 a1574bd1c7b2d072b624ba736414e408f259b72f0c2ee3974590072ca4e81a8d
CRC32 ACD87185
ssdeep 6144:RSo+Ubtv3EwuNDEqtauD21OvFmgIku2OUIswzDhN8O6QrbBG9pnty7ixKrSSzYpt:LetGcNzs8ORBwIsUBrFXjhq
Yara
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsDLL - (no description)
  • IsPE64 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 2ffabb0018d33526_TestLAB.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\is-9L5T6.tmp\TestLAB.tmp
Size 1.1MB
Processes 800 (TestLAB.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 b1f9d665e52c29972b50d7145d88dce1
SHA1 df2c67a5c32a19bb110ec8372134522c0dab9ac2
SHA256 2ffabb0018d335267d2d0101a41cac7ac7d1aa80956fae91825e46aaa85c0787
CRC32 7EF412CC
ssdeep 24576:nKbqslNoiGO+h84C6f8HSCNFfoJMbNOED5TOzuRdTxyt:KwY6fUVNvN1j
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • mzp_file_format - MZP(Delphi) file format
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 9884e9d1b4f8a873__shfoldr.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\is-5T67G.tmp\_isetup\_shfoldr.dll
Size 22.8KB
Processes 2076 (TestLAB.tmp)
Type PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5 92dc6ef532fbb4a5c3201469a5b5eb63
SHA1 3e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA256 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
CRC32 AE2C3EC2
ssdeep 384:+Vm08QoKkiWZ76UJuP71W55iWHHoSHigH2euwsHTGHVb+VHHmnH+aHjHqLHxmoq1:2m08QotiCjJuPGw4
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 69984a04e3bcba0c_bassenc_ogg.dll
Submit file
Filepath c:\users\test22\appdata\roaming\{ea11343b-b7fa-4762-9963-c343d36a91da}\bassenc_ogg.dll
Size 671.5KB
Processes 2260 (TestLAB.tmp)
Type PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5 089844de1d9eec95b223cec157eb5ab2
SHA1 acd2e414c1c505b0a1207e144e040154b59f00de
SHA256 69984a04e3bcba0cc5ac8ab36f9d62f8c76cc0277ad33e473bda053f523faa2a
CRC32 5C3AF7C6
ssdeep 12288:u4LK+Lc1/Hr3/gS+RcNcQc6KaxIe4z8y:u2E1/H72RcNcQc6KaxIe4z
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE64 - (no description)
VirusTotal Search for analysis
Name 74dbea34d5b2c424_vboxproxystub.dll
Submit file
Filepath c:\users\test22\appdata\roaming\{ea11343b-b7fa-4762-9963-c343d36a91da}\vboxproxystub.dll
Size 887.4KB
Processes 2260 (TestLAB.tmp)
Type PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5 166f9409ec301bd79860933cbb8b6708
SHA1 aa51281832ad1767b8480ae48760d0e8e1088710
SHA256 74dbea34d5b2c424281719df754bd1e4a28cc3c03759cc1d38e23b8fc120a7fd
CRC32 FEB2A3A3
ssdeep 6144:d2fXUu/K1T5QhjJQixZQmHj9yZAii+UU8XFgEBFkrSbUKkF0egDIBJqGqILcQ8Q6:dg4CdSnkjiLSRHhWsfl4GhW4sQj
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE64 - (no description)
  • anti_vm_detect - Possibly employs anti-virtualization techniques
  • DllRegisterServer_Zero - execute regsvr32.exe
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name e78fd6976ed159d5_microsoft.azure.management.resourcemanager.dll
Submit file
Filepath c:\users\test22\appdata\roaming\{ea11343b-b7fa-4762-9963-c343d36a91da}\microsoft.azure.management.resourcemanager.dll
Size 1.1MB
Processes 2260 (TestLAB.tmp)
Type PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 ecd60174801ae159054ff85de41525fa
SHA1 95ae17f3aa152a93bb37fc431861c4e664f31fc2
SHA256 e78fd6976ed159d56142428e3cfaba17eedb0d2883df24b758ac29d9cffc6a98
CRC32 E45CE5F2
ssdeep 24576:LsiQrVQpbtyn5UtRxOHJoXKKfDLQ3l2xjDkhY5NS9USeDKo5q1TsRprDfxxXo1Vv:LsiQrVQpbtyn5UsHJoXKKfDLQ3l2xjD6
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • Is_DotNET_DLL - (no description)
VirusTotal Search for analysis
Name 2f6294f9aa09f59a__iscrypt.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\is-5T67G.tmp\_isetup\_iscrypt.dll
Size 2.5KB
Processes 2076 (TestLAB.tmp)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 a69559718ab506675e907fe49deb71e9
SHA1 bc8f404ffdb1960b50c12ff9413c893b56f2e36f
SHA256 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc
CRC32 FB05FA3A
ssdeep 24:e1GSgDIX566lIB6SXvVmMPUjvhBrDsqZ:SgDKRlVImgUNBsG
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 8ed926351e3c5acf_7za.dll
Submit file
Filepath c:\users\test22\appdata\roaming\{ea11343b-b7fa-4762-9963-c343d36a91da}\7za.dll
Size 385.8KB
Processes 2260 (TestLAB.tmp)
Type PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5 cb99bbdea56a7e08c8b475bcecd5df41
SHA1 5c9eb462054c8242b2a9f69b3e5d27c6a1daa0f6
SHA256 8ed926351e3c5acfffd5d3890b17d5d96990b7ccbdfc4e549df46ef963d52f88
CRC32 E63392BC
ssdeep 6144:pnjWnHuPir9TyRyTa0EQKiq67fh+vCfd0in/zSl9cxxUTAuEF+wIso:pKOPtmD7KiqghpT/zSlkUTwMso
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE64 - (no description)
  • Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 388a796580234efc__setup64.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\is-5T67G.tmp\_isetup\_setup64.tmp
Size 6.0KB
Processes 2076 (TestLAB.tmp)
Type PE32+ executable (console) x86-64, for MS Windows
MD5 e4211d6d009757c078a9fac7ff4f03d4
SHA1 019cd56ba687d39d12d4b13991c9a42ea6ba03da
SHA256 388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95
CRC32 2CDCC338
ssdeep 96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 2d9be23bc56d30c3_operaairsetup.exe
Submit file
Filepath c:\users\test22\appdata\roaming\{ea11343b-b7fa-4762-9963-c343d36a91da}\operaairsetup.exe
Size 128.0MB
Processes 2260 (TestLAB.tmp)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 cf1149d1b8d673334fc301024fc04306
SHA1 7fc8818e3c20d14587d310533f1ee2cb5497c1fd
SHA256 65960dc675ea136a3c573c82aa3925f67bcf799e29484428f4f5f6d7289e876c
CRC32 22A606DE
ssdeep 196608:QcsqhAhkDAW4N01PGFj1U7kDAW4N01PGFC1U7kDAW4N01PGFE:zhAQ4N0Nm554N0Nms54N0NmE
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis