popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 64bb6aaca4c1ba6b_this.exe
Submit file
Filepath C:\ProgramData\NetWork\This.exe
Size 909.5KB
Processes 2648 (this.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 c49dd8107b3624f824efe4f88cb3f792
SHA1 e195f4e8cba7bbb7096f165abd6564fb184c838b
SHA256 64bb6aaca4c1ba6b5d4cfe771985587158a453288ef1da1c7cb084b90c3e7cc5
CRC32 B9522724
ssdeep 24576:SAHnh+eWsN3skA4RV1Hom2KXMmHacfmG5:Vh+ZkldoPK8Yacr
Yara
  • IsPE32 - (no description)
  • IsWindowsGUI - (no description)
  • HasDebugData - DebugData Check
  • HasRichSignature - Rich Signature Check
  • AutoIt - www.autoitscript.com/site/autoit/
  • CryptGenKey_Zero - CryptGenKey Zero
  • FindFirstVolume_Zero - FindFirstVolume Zero
  • inject_thread - Code injection with CreateRemoteThread in a remote process
  • network_http - Communications over HTTP
  • escalate_priv - Escalade priviledges
  • screenshot - Take screenshot
  • keylogger - Run a keylogger
  • win_registry - Affect system registries
  • win_token - Affect system token
  • win_files_operation - Affect private profile
  • Str_Win32_Winsock2_Library - Match Winsock 2 API library declaration
  • Str_Win32_Wininet_Library - Match Windows Inet API library declaration
  • Str_Win32_Internet_API - Match Windows Inet API call
  • Str_Win32_Http_API - Match Windows Http API call
  • Process_Snapshot_Kill_Zero - Process Kill Zero
  • PE_Header_Zero - PE File Signature Zero
  • OS_Processor_Check_Zero - OS Processor Check Signature Zero
  • Device_Check_Zero - Device Check Zero
VirusTotal Search for analysis
Name cf407f08781291b9_phoenixminer.exe
Submit file
Filepath C:\ProgramData\NetWork\PhoenixMiner.exe
Size 7.6MB
Processes 2648 (this.exe)
Type PE32+ executable (console) x86-64, for MS Windows
MD5 5038518141ebf317a75d61cb9b5030db
SHA1 4dbf14aaa259ab2fd99b7c544397e5b1c4c037e3
SHA256 cf407f08781291b9470743ddee1a4136a3470efa388ea617c487cce75c0f2a5e
CRC32 8E5EC5D0
ssdeep 98304:4Dqif72Rv0KNeL0g9Jwd+myxf9OwRw3nIJVVZ6l5qRAL7t:EV0eL0gwd+55Y3IPFI7t
Yara
  • IsPE64 - (no description)
  • IsConsole - (no description)
  • IsPacked - Entropy Check
  • HasDebugData - DebugData Check
  • HasRichSignature - Rich Signature Check
  • network_tcp_listen - Listen for incoming communication
  • network_tcp_socket - Communications over RAW socket
  • network_dns - Communications use DNS
  • win_mutex - Create or check mutex
  • win_registry - Affect system registries
  • win_files_operation - Affect private profile
  • Str_Win32_Winsock2_Library - Match Winsock 2 API library declaration
  • PE_Header_Zero - PE File Signature Zero
  • OS_Processor_Check_Zero - OS Processor Check Signature Zero
VirusTotal Search for analysis