popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name e0a79c44444d7c5f_alg.exe
Submit file
Filepath C:\Windows\System32\alg.exe
Size 1.3MB
Processes 2552 (Zoom.ClientSetup_v0564.exe)
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 df338e04f8aa77765a16f81561809c89
SHA1 dffbab335ccd80f7c286e2e5d3874079f80deaaa
SHA256 e0a79c44444d7c5f116f777227d6c36a55740130e97a4f558dd60e2907d9e375
CRC32 D1EA98E8
ssdeep 12288:9LWfXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:9LWfsqjnhMgeiCl7G0nehbGZpbD
Yara
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE64 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 7d271ca5a17ee688_dllhost.exe
Submit file
Filepath C:\Windows\System32\dllhost.exe
Size 1.2MB
Processes 2552 (Zoom.ClientSetup_v0564.exe)
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 ccb4bfb27cf7e75a977fd8f9a67a6cc5
SHA1 4fd925ff5727884a892facde37f0d9875d0b6655
SHA256 7d271ca5a17ee688551934023d4a2cb602fd9f3e2d6832d916de7374a8dd7991
CRC32 89F32916
ssdeep 12288:NXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:NsqjnhMgeiCl7G0nehbGZpbD
Yara
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE64 - (no description)
VirusTotal Search for analysis
Name e141ab533f594101_mscorsvw.exe
Submit file
Filepath C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
Size 1.3MB
Processes 2552 (Zoom.ClientSetup_v0564.exe)
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 60549c1069a4e9d267602375b4f8b674
SHA1 748cb127af025bf19f2a7f5317c2c2bbb7fd8ad7
SHA256 e141ab533f5941014e3990b1bfe6b376b3c01373f3e558056721d82161a84376
CRC32 CC4AC2A1
ssdeep 12288:kkz2DWU+Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:7z2DWLsqjnhMgeiCl7G0nehbGZpbD
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 9125aa85f0348223_googleupdate.exe
Submit file
Filepath C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Size 1.3MB
Processes 2552 (Zoom.ClientSetup_v0564.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 9a554219db60cee05be18e8142844a39
SHA1 58f8dd5c57fdaeb29a0c7f8d62c434e1d63086d7
SHA256 9125aa85f0348223f015318895c8ef455509044d71d5bfa8ae2f9901a2a06a7b
CRC32 B3A9AF9F
ssdeep 12288:qVRB+067tXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:qVRBG7tsqjnhMgeiCl7G0nehbGZpbD
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 709de972dda4fbe0_mscorsvw.exe
Submit file
Filepath C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
Size 1.2MB
Processes 2552 (Zoom.ClientSetup_v0564.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 66e970b4ed9604115013d53fede75e4c
SHA1 e1a9863a53b1e7089ae47347cbf0eb16fc90ab50
SHA256 709de972dda4fbe0282856e9b6abef4d5d1b94ec823792fbe565bf4a83ea4c0e
CRC32 FB167063
ssdeep 12288:MJ7Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:+7sqjnhMgeiCl7G0nehbGZpbD
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • IsPE32 - (no description)
  • ASPack_Zero - ASPack packed file
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 0946c5bdab2248b1_7c6024adc8289363.bin
Submit file
Filepath C:\Users\test22\AppData\Roaming\7c6024adc8289363.bin
Size 12.0KB
Processes 2552 (Zoom.ClientSetup_v0564.exe)
Type data
MD5 a8962a4bc1394034d5894e5f806a91b4
SHA1 38b0e84e6e55b1fa9feec5f6a1e299fa10233b72
SHA256 0946c5bdab2248b1e5aa0e0c9f1cd51e86f213c6186d40773a80b00ba87d3fbf
CRC32 507C7EDA
ssdeep 192:9eB796zob4X2Y4zX/orfe/5AI6AGLCDocpC1Cpd/T1HvXBqk21R:Q7zFjzX8SmCViCpLREn
Yara None matched
VirusTotal Search for analysis
Name 364608f6d174c0e6_aspnet_state.exe
Submit file
Filepath C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
Size 1.2MB
Processes 2552 (Zoom.ClientSetup_v0564.exe)
Type PE32+ executable (console) x86-64, for MS Windows
MD5 033e5e546d89141d02bd4df9dd512c19
SHA1 042a423838118e51a36cc0c3a52bd0802359fab8
SHA256 364608f6d174c0e665328670aa18291c2b5151f98ae3e2524b420d5518a830e2
CRC32 76E95273
ssdeep 12288:UXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:UsqjnhMgeiCl7G0nehbGZpbD
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name a22cb899523ffdb9_grooveauditservice.exe
Submit file
Filepath C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
Size 1.2MB
Processes 2552 (Zoom.ClientSetup_v0564.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 3d599451f06bf11efb66732dad8baa89
SHA1 b7a03b8b7333be5612ea3df97f6b30651ba0b43d
SHA256 a22cb899523ffdb9aa5269751363bfcde5ca3db0069af2a844cc44c9c8a3ea9b
CRC32 B6BE2753
ssdeep 12288:7mZyJUXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:7/UsqjnhMgeiCl7G0nehbGZpbD
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 4ee689332e766b5e_maintenanceservice.exe
Submit file
Filepath C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
Size 1.4MB
Processes 2552 (Zoom.ClientSetup_v0564.exe)
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 1c3afa2f568a9807bcb9cee39dec9fd1
SHA1 4b91a41369139132a2b41a55b720d1ddbe0885bf
SHA256 4ee689332e766b5eba92f41592f4b7471805b3919682007ce09316d549b1dd5b
CRC32 5BB67B8D
ssdeep 12288:jCpP9Q/JjuRLXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDtL:4PsJjuRLsqjnhMgeiCl7G0nehbGZpbD
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 199e7333f896cdef_mscorsvw.exe
Submit file
Filepath C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
Size 1.3MB
Processes 2552 (Zoom.ClientSetup_v0564.exe)
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 5117d204e2b549a04f1a8a02e2d94b04
SHA1 949e0547e065200e9cb721b332c412e1e7036280
SHA256 199e7333f896cdef66fde4459a71205d9065b65cb27036b1a150a1da3e294f6d
CRC32 1A24D300
ssdeep 12288:NxGdFiw9Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:TcFiw9sqjnhMgeiCl7G0nehbGZpbD
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name da18dd03bfc35553_fxssvc.exe
Submit file
Filepath C:\Windows\System32\FXSSVC.exe
Size 1.2MB
Processes 2552 (Zoom.ClientSetup_v0564.exe)
Type PE32+ executable (console) x86-64, for MS Windows
MD5 9d432f930ba10b4e7bee0a5ad964faea
SHA1 c7037c367ea9b536bddf67b4098794caca83c69c
SHA256 da18dd03bfc35553f0eb9dad9d4a4c5783b7fb9f0f6d6602dc7af249ebe07d67
CRC32 5C69B6AD
ssdeep 24576:ylv3yIUPE1Bubmq3nT6j3QsqjnhMgeiCl7G0nehbGZpbD:ylfyIUPE1BuB3ujcDmg27RnWGj
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE64 - (no description)
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 977fd3bc3c02f5dd_mscorsvw.exe
Submit file
Filepath C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Size 1.3MB
Processes 2552 (Zoom.ClientSetup_v0564.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 dc13ac99461fa83b085a8063c56f63f5
SHA1 85ed497b88eaa146984946be9e7e19a19dc13462
SHA256 977fd3bc3c02f5dd29d0d73c033ab288184dfdaf099e826e0e85286f97bcda73
CRC32 394762EF
ssdeep 12288:qWDXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:qWDsqjnhMgeiCl7G0nehbGZpbD
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 4ab02abb7738cefc_flashplayerupdateservice.exe
Submit file
Filepath C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Size 1.4MB
Processes 2552 (Zoom.ClientSetup_v0564.exe)
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 aadb3f1a937abc9c452a6fd0667fc814
SHA1 f93da19275b39e4dac8db02c2e6f9468df546e18
SHA256 4ab02abb7738cefcbf479cd0181a4b734832db1961d83cb8bc7d665899109d7a
CRC32 97740A70
ssdeep 24576:uuLWG8L3EeAKnL1sqjnhMgeiCl7G0nehbGZpbD:uuaGi3EeAKnLpDmg27RnWGj
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis