popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name cb796b084db699f9_3teoh03e.cmdline
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\3teoh03e.cmdline
Size 188.0B
Processes 2548 (yr.exe)
Type UTF-8 Unicode (with BOM) text, with no line terminators
MD5 8b0e35623311e7128d9ac98e7867640f
SHA1 1dc778a9e8a470a271bd1018cb930181ed391e35
SHA256 cb796b084db699f9e3a240d18fcbfcedb340c4fd717444bf7f15f79e6d5c09be
CRC32 5A501FE0
ssdeep 3:0HXEXA8F+H2R5BJiWR5mKWLRRmWxpcL4E2J5xAILKN8OJJHFaiQCIFRVRMxTPImd:pAu+H2L/6K2mQpcLJ23f+NzJJH0zxszT
Yara None matched
VirusTotal Search for analysis
Name a58014add824e74e_3teoh03e.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\3teoh03e.dll
Size 41.5KB
Processes 2616 (csc.exe) 2548 (yr.exe)
Type PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 97f3ce296f52a80bb4c8259990811330
SHA1 582e7e492bbb5400cd5c2c5961e2ec69f7710865
SHA256 a58014add824e74ed86aaef8d4442a6ee78af80085ce48cc34117e48828c157d
CRC32 C80001FA
ssdeep 768:GVa+vNtg+PB93Tw4xqdVFE9jVVOjh7b+pJRfubUr:ovNtgw93U4x8FE9j7Ojp6FfubUr
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • Antivirus - Contains references to security software
  • IsPE32 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
  • Is_DotNET_DLL - (no description)
VirusTotal Search for analysis
Name ee706cfb175aecc4_3teoh03e.out
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\3teoh03e.out
Size 444.0B
Processes 2548 (yr.exe)
Type UTF-8 Unicode (with BOM) text, with CRLF, CR line terminators
MD5 2e3bb06edf0a540a0a94a1585584fb7c
SHA1 2fee2b773ed87949a77e6bb46cced04646fd1fe6
SHA256 ee706cfb175aecc46976cabe6d6b6aa6f42da32c500fa1cd47c12a40a4a6a69e
CRC32 FC1221FB
ssdeep 12:K4OLM9qR37L/6KQOLMmNTH0XOLMmN4Ka8GIKO5SBFN+y:K+9qdn6K2ScPKa2KoSDQy
Yara None matched
VirusTotal Search for analysis
Name 01858e1ed2ace6d2_CSC96A71BB23B914568A7F7AFE0A2AADC1.TMP
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\CSC96A71BB23B914568A7F7AFE0A2AADC1.TMP
Size 652.0B
Processes 2616 (csc.exe)
Type MSVC .res
MD5 949e57c05be515ed864d675bae0a6a65
SHA1 fe96e546cd19b967f16f04c9281621004560e00d
SHA256 01858e1ed2ace6d25a713f7a647a4a8b22a851cd90af2cbd32cfb70de68f5e5c
CRC32 AFB4F6EB
ssdeep 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryzak7YnqqPPN5Dlq5J:+RI+ycuZhNRakSPPNnqX
Yara None matched
VirusTotal Search for analysis
Name c348252c7409872f_3teoh03e.0.cs
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\3teoh03e.0.cs
Size 101.4KB
Processes 2548 (yr.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5 50a1442c95c346d78c5459f6387a36bc
SHA1 b3d515c95070f8f495dcd38c8406a95170d192f7
SHA256 c348252c7409872fbcbd5794fdf91bb55593e26bf58e74a2ebfce5834ccc6fb3
CRC32 E012A39D
ssdeep 1536:tWGNGxG/GXGyG4fGRwGK5/Ggo5J+42Zy9jM8NU2SldW:tWGNGxG/GXGyG2GKGK5/GCW
Yara
  • hide_executable_file - Hide executable file
VirusTotal Search for analysis
Name 22926bda02fec712_RESF201.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\RESF201.tmp
Size 1.3KB
Processes 2684 (cvtres.exe) 2616 (csc.exe)
Type Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48e, 9 symbols
MD5 9e455548360d92ad16df4b03b47bbffc
SHA1 7923610a0328347264f5bc64775e83dbc2376e39
SHA256 22926bda02fec7124a790e0312dd5fb041be8cd3ef6d2170d4f2190ef3bbdc5d
CRC32 9C55C4FD
ssdeep 24:HRFzW92aoHawrUeKnxfeI+ycuZhNRakSPPNnqw2d:lPBfKnxm1ulRa3NqwG
Yara None matched
VirusTotal Search for analysis
Name e3b0c44298fc1c14_3teoh03e.tmp
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\3teoh03e.tmp
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis