popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name e3b0c44298fc1c14_7zS2D7C.tmp
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\7zS2D7C.tmp
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name 79dd688046ef9f26_deffff.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\deffff.exe
Size 118.8KB
Processes 5540 (InstallUtil.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 04a666d7cf692764645f28189bdb2e70
SHA1 0f374e5e670e83856a3e184c4e41ef17fb0f68fa
SHA256 79dd688046ef9f26ed0cf633cab305f18b46ce7affaa396813a9587ac2918bb0
CRC32 AD4098D6
ssdeep 3072:X8FHdppuOf+wMSHjnywM0vY9t8Qkh+nXeuS:MFPMOf+wMAywM0EJksnXJS
Yara
  • PE_Header_Zero - PE File Signature Zero
  • win_files_operation - Affect private profile
  • IsPE32 - (no description)
  • IsWindowsGUI - (no description)
  • HasOverlay - Overlay Check
  • HasRichSignature - Rich Signature Check
VirusTotal Search for analysis
Name 2d88db4098a72cd9_puttty.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\puttty.exe
Size 152.5KB
Processes 5540 (InstallUtil.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 f690fa242d8200f27e71e11d469b584d
SHA1 f14f8a0ee542b6db79c52266450c5fe0412a0d62
SHA256 2d88db4098a72cd9cb58a760e6a019f6e1587b7b03d4f074c979e776ce110403
CRC32 A0226F69
ssdeep 3072:vUXR14Jm/0mnr7izR/jzO3pVeRx68Y0d8Cl:cXz9jnrqap4EK
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature Zero
  • Trojan_Win32_Glupteba_1_Zero - Trojan Win32 Glupteba
  • win_mutex - Create or check mutex
  • win_files_operation - Affect private profile
  • IsPE32 - (no description)
  • IsWindowsGUI - (no description)
  • HasDebugData - DebugData Check
  • HasRichSignature - Rich Signature Check
VirusTotal Search for analysis
Name 0416c54d6a7f0b87_Disable Window Defender.bat
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\7zS2D7C.tmp\Disable Window Defender.bat
Size 4.1KB
Processes 8104 (deffff.exe)
Type ASCII text, with CRLF line terminators
MD5 a2926b3b696a58595da5fc20b16f0fbb
SHA1 126fc88cafbf0e275bb6a4c59669704687ac5637
SHA256 0416c54d6a7f0b878dcf70c3e322303db8cb316e9adb7fd770cf62da9f62dbc6
CRC32 55E499AB
ssdeep 96:TolF+QCdqsnKYb6Xn9RSRMcl5z/wwKKlnHl7AHNrVCeYFZ:UPN1u
Yara None matched
VirusTotal Search for analysis