popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name f45b2691ced478f2_4me71g_z.out
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\4me71g_z.out
Size 598.0B
Processes 2988 (powershell.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5 08ff011589af9adeca822d49d706fe39
SHA1 21ce03a06711fbba79541a8d320ec4c63f31183f
SHA256 f45b2691ced478f23f704d9efe199a9e81de07a3e88cadac27d2e959013d2b4b
CRC32 10F8CAF2
ssdeep 12:K4X/NzR37LvXOLMInPAE2xOLMvUKai31bIKIMBj6I5BFR5y:KyNzd3BInIE2nvUKai31bIKIMl6I5Dvy
Yara None matched
VirusTotal Search for analysis
Name 99b662e8e9eb15b2_4me71g_z.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\4me71g_z.dll
Size 3.5KB
Processes 2316 (csc.exe) 2988 (powershell.exe)
Type PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 32f0f92afe7405984773223ebfb4324c
SHA1 4dc9ccfc8ccf786c56fbb8f369d1fbefbca12762
SHA256 99b662e8e9eb15b240ce2e2f8690b3042375026a4ff2e1baba4ad27cd4ad4bd0
CRC32 AE6B43BD
ssdeep 24:etGSVsda2SEw17Lq/3RkHNU5gUUbdPtkZfMfcw0x1LRQmI+ycuZhNQakS8PNnq:6V35h/GWUMuJMEw0xpRb1ulQa3sq
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • Network_Downloader - File Downloader
  • IsPE32 - (no description)
  • Is_DotNET_DLL - (no description)
VirusTotal Search for analysis
Name d686fe69fb853bcf_RESAF18.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\RESAF18.tmp
Size 1.2KB
Processes 2460 (cvtres.exe) 2316 (csc.exe)
Type Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5 bf271b40f787815848d7cdcb1a0ec61c
SHA1 0af8f6c23d59db2c11a493bdc2e2d4c12f6ed3ad
SHA256 d686fe69fb853bcfe44c670cbd34f3ca457bcfb559e707c3c58e8b0ccec335d8
CRC32 7CBD7CA0
ssdeep 24:HxJ9YernCuR3imHFTUnhKLI+ycuZhNQakS8PNnqjtd:mern7FimqnhKL1ulQa3sqjH
Yara None matched
VirusTotal Search for analysis
Name 44e8aa0601fffe82_590aee7bdd69b59b.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\590aee7bdd69b59b.customdestinations-ms
Size 7.8KB
Processes 2988 (powershell.exe)
Type data
MD5 ee6cfd78f72f03663db2a7df0c696dd7
SHA1 56126e81a5f6577f8e24a890185d0c9eb600fa02
SHA256 44e8aa0601fffe82c494bbc7d7280aa3bc5e90effe2aee2d716d5716e1d6b568
CRC32 F27137C4
ssdeep 96:EtuCcBGCPDXBqvsqvJCwoRtuCcBGCPDXBqvsEHyqvJCworu4tDHXyGlUVul:EtCgXoRtCgbHnorBTyY
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 180f33c154a93082_4me71g_z.pdb
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\4me71g_z.pdb
Size 7.5KB
Processes 2316 (csc.exe) 2988 (powershell.exe)
Type MSVC program database ver 7.00, 512*15 bytes
MD5 b83819c210bbb58c006b736bd966394c
SHA1 28747294d56bbcf518a21dda581630f4e665eee5
SHA256 180f33c154a93082292206ca13a46c1c428e8614c423b2db8ac771bdd39bf5d5
CRC32 EA77081B
ssdeep 6:zz/BamfXllNS/Eg11mllxrS/77715KZYXFCFoGggksl/3YXBGQu+e0KWEi+:zz/H1W/ZfSXS/pwpFmqRi
Yara None matched
VirusTotal Search for analysis
Name e3b0c44298fc1c14_4me71g_z.err
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\4me71g_z.err
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name 06e008373a5df2cb_4me71g_z.0.cs
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\4me71g_z.0.cs
Size 489.0B
Processes 2988 (powershell.exe)
Type C++ source, UTF-8 Unicode (with BOM) text, with very long lines
MD5 dfc6ac22f8e935bd9c86cb0623ea9d97
SHA1 fac635d8594bf1df96b369d6595bebd60816ca29
SHA256 06e008373a5df2cb9b80d97bfe49f64acaba7dd613a7113d76d2f6fee0ed9fc3
CRC32 E8BC5103
ssdeep 6:V/DsYLDS81zuneH02NkmMmtPQXReKJ8SRHy4HUo1Q3bTiwMwvFKy:V/DTLDfuneLcXfHi33iw9Ky
Yara
  • Network_Downloader - File Downloader
VirusTotal Search for analysis
Name 08ddd77b1e190d60_CSCAE9A.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\CSCAE9A.tmp
Size 652.0B
Processes 2316 (csc.exe)
Type MSVC .res
MD5 1291810d3320e5100e6bf7770da8921c
SHA1 7429cbf7260a0dfc36d18ceb45f0cc52f8e99e0e
SHA256 08ddd77b1e190d604f9221a0e58e717eba32ddd3e2b3b72f83cd2d8b4c9617d9
CRC32 D3CA027C
ssdeep 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryCgAak7Ynqq5glPN5Dlq5J:+RI+ycuZhNQakS8PNnqX
Yara None matched
VirusTotal Search for analysis
Name 86443b372b3181d4_4me71g_z.cmdline
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\4me71g_z.cmdline
Size 311.0B
Processes 2988 (powershell.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5 6af7a3ca433bdba3beb991f73826d2d2
SHA1 2286736605a65b9b3e96b5ab47247226ac7db923
SHA256 86443b372b3181d472fd0afeb2d05fe8ee1cadf5305e5c11b294dcacff27ac14
CRC32 230C17FA
ssdeep 6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23fbCvmGsSAE2NmQpcLJ23fbCcx:p37LvXOLMInPAE2xOLMvx
Yara None matched
VirusTotal Search for analysis