popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name c58c6742198d8521_feedbacksize.vbs
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FeedbackSize.vbs
Size 88.0B
Processes 776 (update.exe)
Type ASCII text, with no line terminators
MD5 df053ea82f4479131b7dc3c35cfb8485
SHA1 2cbac7e740a2c81aa9c3f2d90ca670c7dfabd294
SHA256 c58c6742198d8521f659ea39a1a6856e0205bfa522122c3b2d102f1e2b80d668
CRC32 3FAA921C
ssdeep 3:FER/n0eFHHomWxpcL4EaKC58VoLNnHn:FER/lFHImQpcLJaZ58VoLNH
Yara None matched
VirusTotal Search for analysis
Name 0b36ff9c400e52e5_windowslib.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\WindowsLib.exe
Size 3.2MB
Processes 776 (update.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 bac3c4cec628a19955fe54e4c916c293
SHA1 79b1a9094c8eb69d248fa0bf700c5d17e96ecd2e
SHA256 0b36ff9c400e52e5c0f3c6f560d7f6f6fcb271c90583cea5846b5af0f2d5c4dd
CRC32 109D29B4
ssdeep 49152:ZIOUSliX7djKJoLCMhsFXfW6u00C5xWq/khPH4:qUiXBePg4Xe6gC5oqMhPH4
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • Is_DotNET_EXE - (no description)
  • IsPE32 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 504a0cf37f6c0070_feedbacksize.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\FeedbackSize.exe
Size 128.0MB
Processes 776 (update.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 e5812970cce33c236471ca881f8b1f9b
SHA1 ac54a5b644c889b75d4350332a0e85e4fb7401cb
SHA256 006b78b934305b4ea77802a6eab06834941e2a8718d0deb032db0fae2df0bc18
CRC32 F37BC5EE
ssdeep 3145728:tJFuqgl1vzXDQmmxncAWoVv5rKjo+q/fDkZXM:XFuBq7zh+cAZXM
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • NorthKorea_Zero - Maybe it's North Korea File
  • Is_DotNET_EXE - (no description)
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis