popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name e4d1b1cd0bfdfaf4_gqqctndm.pdb
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\gqqctndm.pdb
Size 7.5KB
Processes 2344 (csc.exe) 2976 (powershell.exe)
Type MSVC program database ver 7.00, 512*15 bytes
MD5 0d28d18b34c9c76ee107d837577f620a
SHA1 45ef7a2f0e290d4decba1056538eeb37be5166aa
SHA256 e4d1b1cd0bfdfaf4e6ce58989fd5a8c78129227204be0471029feb76206ca5c5
CRC32 29E3E594
ssdeep 6:zz/BamfXllNS/VCElSXZl31mllxrS/77715KZYX4CElSXr3oGggksl/3YXBGQu++:zz/H1W/VCvJfSXS/pw1Cvb3mqRi
Yara None matched
VirusTotal Search for analysis
Name 28c6a8518443823d_RESB1D7.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\RESB1D7.tmp
Size 1.2KB
Processes 2352 (cvtres.exe) 2344 (csc.exe)
Type Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5 6b5bfce34fb9a006c48ae0cdcf682406
SHA1 de54d03f7b85bf351b6aaaad121c053b8cbe0b1a
SHA256 28c6a8518443823d5ee10e186ac84ed6289d02069fe02f99d12d19425393c82f
CRC32 6D47C59B
ssdeep 24:HNMJ9YernNLOwmHjuwUnhKLI+ycuZhNBjakS+sPNnqjtd:t9ernNPmabnhKL1ulBja3+8qjH
Yara None matched
VirusTotal Search for analysis
Name cd7a461a7aa25f2a_CSCB159.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\CSCB159.tmp
Size 652.0B
Processes 2344 (csc.exe)
Type MSVC .res
MD5 43ef3e1a117d8cc512e22700c34218c4
SHA1 a249eb1807804ef35a403ea6a3208734258863d6
SHA256 cd7a461a7aa25f2ad39a81cc515beef5ba9abc26fbb172c1e2dd6e7b8333c8a1
CRC32 D82BFFC8
ssdeep 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gry7Xjak7YnqqwXsPN5Dlq5J:+RI+ycuZhNBjakS+sPNnqX
Yara None matched
VirusTotal Search for analysis
Name 8e7a8b4d63025157_gqqctndm.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\gqqctndm.dll
Size 3.5KB
Processes 2344 (csc.exe) 2976 (powershell.exe)
Type PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 a3e7d63563e561f31a4683c93a0b2f19
SHA1 74aa22dcfaef8c5b06e3ace1a7db85ed788a3dbb
SHA256 8e7a8b4d63025157e169e6d4003e89b9e32a5ebf02ed1c3d13e46413ad66cac0
CRC32 AFC77FF2
ssdeep 24:etGS0da2SEw17t7xjukmdeVroXUbdPtkZfD6/k9hh81ee0YwmI+ycuZhNBjakS+F:6P5ZK4UXMuJD6k84e0o1ulBja3+8q
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • Network_Downloader - File Downloader
  • IsPE32 - (no description)
  • Is_DotNET_DLL - (no description)
VirusTotal Search for analysis
Name fae21212c0a1065e_gqqctndm.0.cs
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\gqqctndm.0.cs
Size 496.0B
Processes 2976 (powershell.exe)
Type C++ source, UTF-8 Unicode (with BOM) text, with very long lines
MD5 3d8decb3a8e82d77e61acefaa8ef906d
SHA1 7e807649eccaeade15472b0ced4121b1d82736ea
SHA256 fae21212c0a1065e452e8e5b84e1f37bb892518c05b6eb3b5c954bf2356b5123
CRC32 9A1B298E
ssdeep 6:V/DsYLDS81zuXeFMmFfBQXReKJ8SRHy4Hfb7JOor3zcDWdKy:V/DTLDfuuDuXfHzAovJdKy
Yara
  • Network_Downloader - File Downloader
VirusTotal Search for analysis
Name 44e8aa0601fffe82_590aee7bdd69b59b.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\590aee7bdd69b59b.customdestinations-ms
Size 7.8KB
Processes 2976 (powershell.exe)
Type data
MD5 ee6cfd78f72f03663db2a7df0c696dd7
SHA1 56126e81a5f6577f8e24a890185d0c9eb600fa02
SHA256 44e8aa0601fffe82c494bbc7d7280aa3bc5e90effe2aee2d716d5716e1d6b568
CRC32 F27137C4
ssdeep 96:EtuCcBGCPDXBqvsqvJCwoRtuCcBGCPDXBqvsEHyqvJCworu4tDHXyGlUVul:EtCgXoRtCgbHnorBTyY
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 77705654ff2859fe_gqqctndm.cmdline
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\gqqctndm.cmdline
Size 311.0B
Processes 2976 (powershell.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5 b80eedf1657d7c1648b88e72fa08f081
SHA1 c9565546d2ef30a168c4ce52cda38d38355dd9fc
SHA256 77705654ff2859fe31442892bc990a2c3c35267f194316eaba8f996932dc2145
CRC32 3EA5FE33
ssdeep 6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23fQRJQmGsSAE2NmQpcLJ23fQpH:p37LvXOLMYRenPAE2xOLMYpH
Yara None matched
VirusTotal Search for analysis
Name e3b0c44298fc1c14_gqqctndm.err
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\gqqctndm.err
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name 63fb2ffa8167f680_gqqctndm.out
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\gqqctndm.out
Size 598.0B
Processes 2976 (powershell.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5 1e5a1bc989563dad6ae77ebfb009fd18
SHA1 6499e94f241008d1e8f7f531d22399d21a4931d9
SHA256 63fb2ffa8167f680adf0c1d082aa67021540d1adc5b6d313fac8b53524173ce4
CRC32 7B05EA49
ssdeep 12:K4X/NzR37LvXOLMYRenPAE2xOLMYpOKai31bIKIMBj6I5BFR5y:KyNzd3BYRenIE2nYsKai31bIKIMl6I5G
Yara None matched
VirusTotal Search for analysis