popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name e3b0c44298fc1c14_pkvbaqiu.err
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\pkvbaqiu.err
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name cb919a827155af03_pkvbaqiu.cmdline
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\pkvbaqiu.cmdline
Size 311.0B
Processes 3032 (powershell.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5 01ce9d6d40ca2a20438da322e331ac06
SHA1 cc0e22845c28ca74c49bc1ed6083afb3f4d809b3
SHA256 cb919a827155af03e329529cbbcc3ae869a247934244a5c39457985f7da36966
CRC32 6C6E8AF2
ssdeep 6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23f/LmGsSAE2NmQpcLJ23f/Mn:p37LvXOLMLnPAE2xOLMMn
Yara None matched
VirusTotal Search for analysis
Name 56632f6278e0e497_newthingsonhereforgetrockgain.js
Submit file
Filepath C:\Users\test22\AppData\Roaming\newthingsonhereforgetrockgain.js
Size 1.5KB
Processes 3032 (powershell.exe)
Type UTF-8 Unicode text, with very long lines, with CRLF line terminators
MD5 7f45bae1ad6a7e884b9fccd8806be046
SHA1 707db80c715111ceb56245bbcbcb0df181c90074
SHA256 56632f6278e0e497ca6bc0d87197f4af21a7d280363a7e3742a62c12403b48e4
CRC32 16550B75
ssdeep 48:ZON/+mbQeeqtEb1b1qjteHIHHb1Ob1q0uvgqKA1l:Fdsm+v
Yara None matched
VirusTotal Search for analysis
Name 3bd9941866c972b5_pkvbaqiu.out
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\pkvbaqiu.out
Size 598.0B
Processes 3032 (powershell.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5 d279515c85e29477a7368ae2a216c13f
SHA1 893e735e690f2d57a0d9004c72b5151f881b8a8f
SHA256 3bd9941866c972b505f3222d30ff4ff37883802613c25bb104b66988e3d1c1bd
CRC32 BECFBD2A
ssdeep 12:K4X/NzR37LvXOLMLnPAE2xOLMMuKai31bIKIMBj6I5BFR5y:KyNzd3BLnIE2n5Kai31bIKIMl6I5Dvy
Yara None matched
VirusTotal Search for analysis
Name 44e8aa0601fffe82_590aee7bdd69b59b.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\590aee7bdd69b59b.customdestinations-ms
Size 7.8KB
Processes 3032 (powershell.exe)
Type data
MD5 ee6cfd78f72f03663db2a7df0c696dd7
SHA1 56126e81a5f6577f8e24a890185d0c9eb600fa02
SHA256 44e8aa0601fffe82c494bbc7d7280aa3bc5e90effe2aee2d716d5716e1d6b568
CRC32 F27137C4
ssdeep 96:EtuCcBGCPDXBqvsqvJCwoRtuCcBGCPDXBqvsEHyqvJCworu4tDHXyGlUVul:EtCgXoRtCgbHnorBTyY
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 800e75e2ca9000fc_pkvbaqiu.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\pkvbaqiu.dll
Size 3.5KB
Processes 2456 (csc.exe) 3032 (powershell.exe)
Type PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 38f5638cc46b3a68f5b64858d7085065
SHA1 ba7635bc393f213dfd5d44c25ed9488556570de7
SHA256 800e75e2ca9000fc17ad25aeb20481a95aa3530a96d78d8b5ff2e55b16229778
CRC32 1DE78CB2
ssdeep 24:etGSvJNOHGuEw+75tOk7Naqq5RUbdPtkZfzU5y1JJmI+ycuZhN5akS3PNnq:6SmVwLMuJzU5yH81ul5a3lq
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • Network_Downloader - File Downloader
  • IsPE32 - (no description)
  • Is_DotNET_DLL - (no description)
VirusTotal Search for analysis
Name fcb48fe10a0babe9_pkvbaqiu.0.cs
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\pkvbaqiu.0.cs
Size 478.0B
Processes 3032 (powershell.exe)
Type C++ source, UTF-8 Unicode (with BOM) text, with very long lines
MD5 a145e76547f2853d0812de69081c96a3
SHA1 ae93c31abe6292c55dcb849a410d78c4641d2247
SHA256 fcb48fe10a0babe9c63367e47c7d488b1dd8967a9dd758ba6c536905c95e6adb
CRC32 2AD6161D
ssdeep 6:V/DsYLDS81zuovev8toPMuhJplQXReKJ8SRHy4HcLb/XKmDRF/gM0Iy:V/DTLDfuNvAWQXfHYXvRxhy
Yara
  • Network_Downloader - File Downloader
VirusTotal Search for analysis
Name 49c55518463e7984_RESC475.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\RESC475.tmp
Size 1.2KB
Processes 2588 (cvtres.exe) 2456 (csc.exe)
Type Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5 2cc700473333e3af5f9d96e1a9a4aecd
SHA1 e2a57fdb6f212863a9f50b67fa99ac10e5444e97
SHA256 49c55518463e79848028d82fd818b2a2d200146b526d158174034223f8945b9f
CRC32 45779B6C
ssdeep 24:HiJ9YernRsmH5oUnhKLI+ycuZhN5akS3PNnqjtd:XernmmxnhKL1ul5a3lqjH
Yara None matched
VirusTotal Search for analysis
Name 1cc966ef566fe4dc_pkvbaqiu.pdb
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\pkvbaqiu.pdb
Size 7.5KB
Processes 2456 (csc.exe) 3032 (powershell.exe)
Type MSVC program database ver 7.00, 512*15 bytes
MD5 9bd519a1dc9ae90fed3211c8d54f0e86
SHA1 8628cffe3b2ab0c0d37e108504192dc971fe61cf
SHA256 1cc966ef566fe4dce7419b613d7ffdf0e01be894d9f55d3089e1e3aaae976a6a
CRC32 F6FE7D78
ssdeep 6:zz/BamfXllNS/01mllxrS/77715KZYXB/foGggksl/3YXBGQu+e0KWEi+:zz/H1W/cSXS/pwsmqRi
Yara None matched
VirusTotal Search for analysis
Name 34d9ef492c01f04e_CSCC416.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\CSCC416.tmp
Size 652.0B
Processes 2456 (csc.exe)
Type MSVC .res
MD5 3ab11a55be9a0355d63c6a49ad3db272
SHA1 0e0e1a05032013da3ecd7a7fbc50d93eda93b9f1
SHA256 34d9ef492c01f04e70ec966078a171b1db260fdcee88a9a155d0aeb796e121ef
CRC32 928EE081
ssdeep 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryRNak7YnqqSCPN5Dlq5J:+RI+ycuZhN5akS3PNnqX
Yara None matched
VirusTotal Search for analysis