popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 7ba9ebd94cababe8_1nz3znr0.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1nz3znr0.dll
Size 41.5KB
Processes 2156 (csc.exe) 1028 (js.exe)
Type PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 edddb545ecbc64c5d59c47b4515c7309
SHA1 94aa6c320ac74e774064643f0164bb8aefbe1e09
SHA256 7ba9ebd94cababe8675e38dae1b9adf4decb1403eac9b599af92991e8fd30bc8
CRC32 A0E38504
ssdeep 768:dpRPD9OQhx/B03Tw4xqdVFE9jZOjhAbOXqfukjG:dpd9OW/03U4x8FE9jZOjeyXqfukjG
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • Antivirus - Contains references to security software
  • IsPE32 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
  • Is_DotNET_DLL - (no description)
VirusTotal Search for analysis
Name a34b50e0bad6183b_CSC9F0AC95411B84AF289C6265E6FDB7F4B.TMP
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\CSC9F0AC95411B84AF289C6265E6FDB7F4B.TMP
Size 652.0B
Processes 2156 (csc.exe)
Type MSVC .res
MD5 b6abdf964759e8dd726f4ff4671dfab5
SHA1 8a2bd1883fcc0af32392a9d5e3180022c4f50a5e
SHA256 a34b50e0bad6183b66867382e43921385db1f02f713a3ac6ccdf3ff3f2169d8e
CRC32 A8FC895A
ssdeep 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryGak7YnqqEPN5Dlq5J:+RI+ycuZhN4akSEPNnqX
Yara None matched
VirusTotal Search for analysis
Name 6209e8dccfcbad6c_RESC0DA.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\RESC0DA.tmp
Size 1.3KB
Processes 2216 (cvtres.exe) 2156 (csc.exe)
Type Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48e, 9 symbols
MD5 40ca9d4322f466ccc0b4981fd4f179b4
SHA1 7b6a22282826711128ec1b49865cba65bc4aec2b
SHA256 6209e8dccfcbad6c5542fef68a77da42bda0606d052e8af293f28a539cd3f59b
CRC32 B421F1BC
ssdeep 24:HtFzW99/Ele1HhwrUeKnxfeI+ycuZhN4akSEPNnqw2d:A/Ele1AfKnxm1ul4a3EqwG
Yara None matched
VirusTotal Search for analysis
Name 0b46b6975ef214fa_1nz3znr0.0.cs
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1nz3znr0.0.cs
Size 101.6KB
Processes 1028 (js.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5 06624c6c424bbbc8e115a0fcc70bfb0e
SHA1 a881d70d6d5995b91ee52e53990be564fa0de46c
SHA256 0b46b6975ef214fae4ba4c7a239ff2b89537e2d80d33142238465f7f5d7e7e16
CRC32 E67BE676
ssdeep 1536:tWGNGxG/GXGyG4fGRwGK5/GFo5J+42ZyjS61V8NU2SF0:tWGNGxG/GXGyG2GKGK5/GB
Yara
  • hide_executable_file - Hide executable file
VirusTotal Search for analysis
Name d87624e2753c3b44_1nz3znr0.out
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1nz3znr0.out
Size 444.0B
Processes 1028 (js.exe)
Type UTF-8 Unicode (with BOM) text, with CRLF, CR line terminators
MD5 cc3001d13ffc10e6d86562430aca0945
SHA1 90dca8af4d5887a8f87e169ff28c37cac73d099b
SHA256 d87624e2753c3b4492b8f2bbd5b51efd68b6b6ffaab07e067e4fdf0dca3953d8
CRC32 D7B4BB3A
ssdeep 12:K4OLM9qR37L/6KQOLMQmUXOLMQm0Ka8GIKO5SBFN+y:K+9qdn6K2QTQ5Ka2KoSDQy
Yara None matched
VirusTotal Search for analysis
Name 96906de16625a8cd_1nz3znr0.cmdline
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1nz3znr0.cmdline
Size 188.0B
Processes 1028 (js.exe)
Type UTF-8 Unicode (with BOM) text, with no line terminators
MD5 cc798a419a9b192e3ba73b14f75c7031
SHA1 fb487954cf0d887dc5227ff262b18646ef5146ca
SHA256 96906de16625a8cd5e2fdd5ab30945674f53843b16157eb018415ca4e5e6ac04
CRC32 D221B209
ssdeep 3:0HXEXA8F+H2R5BJiWR5mKWLRRmWxpcL4E2J5xAImfWfLnlaiQCIFRVRMxTPImWxD:pAu+H2L/6K2mQpcLJ23foYLUzxszImQD
Yara None matched
VirusTotal Search for analysis
Name e3b0c44298fc1c14_1nz3znr0.tmp
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\1nz3znr0.tmp
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis