popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 49b220983e6f0333_65EDB51284023538805469.zip
Submit file
Filepath C:\ProgramData\65EDB51284023538805469.zip
Size 82.4KB
Processes 1208 (svcstealer.exe)
Type Zip archive data, at least v2.0 to extract
MD5 636e4d079401ba111a214238d1d2c143
SHA1 a9fb55b6797d98a5021313cba726b631c52a2b4b
SHA256 49b220983e6f0333aa5a57bd2a306560a7754920d4a61973ed922d91de0e5bf2
CRC32 68053EAA
ssdeep 1536:BuoMFPaIH07+GiIwT3McWEu39E3UWUQGRYFYn3qWwM:oPlaZ7YIii9EkQGRYFYnaWwM
Yara
  • zip_file_format - ZIP file format
VirusTotal Search for analysis
Name 2ff35120ec8cbaf1_Screenshot.jpg
Submit file
Filepath C:\ProgramData\65EDB51284023538805469\Screenshot.jpg
Size 83.5KB
Processes 1208 (svcstealer.exe)
Type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1024x768, frames 3
MD5 488f153425429a368039d486afda2f6f
SHA1 40f8cc0ec3991efefe0796137f99187e52da9f5c
SHA256 2ff35120ec8cbaf135e1a845f915c3eef107596d7424cd0a818693e243137f10
CRC32 788D98BA
ssdeep 1536:0EIYyl0cdEJXh1MEn1a2hi4umUiLwXuHu22jqSxLyuOpXyJUeS9Oxttv2arlZjqU:Dy01NAhm3Lel2Ky8S0jDlZjqZCF5T
Yara
  • JPEG_Format_Zero - JPEG Format
VirusTotal Search for analysis
Name e3b0c44298fc1c14_Chrome_Downloads.txt
Empty file or file not found
Filepath C:\ProgramData\65EDB51284023538805469\Browsers\Chrome_Downloads.txt
Size 0.0B
Processes 1208 (svcstealer.exe)
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name 4681949984a7c75a_temp_16958.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\temp_16958.exe
Size 252.0KB
Processes 1208 (svcstealer.exe)
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 5e064fc01e895ce732c9ce357ef96910
SHA1 19cf6be6ec0d58194b601ea4aabc1b5dbfd3c5d1
SHA256 4681949984a7c75a843b9b4e4ae733941880e58ec264f7f68519949644936889
CRC32 A509B226
ssdeep 3072:1QIUA2/r2Zl9Yrb4fAj/6tXn/atD0cm53jVnw31fzXom6oxsHFM8CLX5kDsxfmbU:1NBoj/6tX/atQJ53jVn2pj0M8CLs
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 9e6e4772050998a5_readme.txt
Submit file
Filepath C:\ProgramData\65EDB51284023538805469\FileGrabber\readme.txt
Size 10.0B
Type ASCII text, with no line terminators
MD5 eb6b6c90251ab33cee784713c451e6d8
SHA1 451685e9efac4a6dc1fee73ec53ffb6b2c4c38b5
SHA256 9e6e4772050998a5c0dc3c61acf3dab0a7e594566171fa5746d6b62f9598efb6
CRC32 22598B08
ssdeep 3:IS:7
Yara None matched
VirusTotal Search for analysis
Name 072155532c11b43d_Software_Info.txt
Submit file
Filepath C:\ProgramData\65EDB51284023538805469\Software_Info.txt
Size 5.5KB
Processes 1208 (svcstealer.exe)
Type ISO-8859 text, with CRLF line terminators
MD5 20c2136f37a89419f23c571507394af7
SHA1 b95e6f4850a8d82289a469926fe0e2d1b98386b5
SHA256 072155532c11b43d7bf0ee856aeed094121af064469c36c1e196dcc11de1cfd7
CRC32 6AE967E6
ssdeep 96:oNbTwS8ZIELUy2OU9DgWcEX/E8swfHGOrZsiZgvpwZGEBY4:K3cEvTrLGS
Yara None matched
VirusTotal Search for analysis
Name 5f0129558e6a67d6_debug.txt
Submit file
Filepath C:\ProgramData\65EDB51284023538805469\Browsers\debug.txt
Size 1.1KB
Processes 1208 (svcstealer.exe)
Type ASCII text
MD5 540e6eedbe9f6e1aefd0bff5ea9b7b22
SHA1 0d2c66a6352f9db969f411fe018a834a766e8b69
SHA256 5f0129558e6a67d6be0d2e5a375c86a42ebeec0631d965d302d22a213473defe
CRC32 0DF458A9
ssdeep 24:ox/8VW/8uDWD29/8VW/8ud0/8VW/8uP29/8VW/8v/8uDWD29/8v/8uYeb29/8v/p:ox5fDWD295fi5fP295efDWD29efDb29o
Yara
  • infoStealer_browser_b_Zero - browser info stealer
VirusTotal Search for analysis
Name 69eb1943bbd1ec4a_Windows_Info.txt
Submit file
Filepath C:\ProgramData\65EDB51284023538805469\Windows_Info.txt
Size 5.0KB
Processes 1208 (svcstealer.exe)
Type ASCII text, with CRLF line terminators
MD5 0e42b4b48e837dffa808eb80b5a5be6d
SHA1 75c4be6715f8d964ffc0a2d52aa133ecf8677dcc
SHA256 69eb1943bbd1ec4a0fed2eb36349eb876ad7b99dc36aeb7dc3ab6f4aa61894ef
CRC32 333934AC
ssdeep 96:6KYO0Meh9+aW48Y/EY0y0r0g0D0a0oyObMbeBkzQyLZhhHdMzhlHbUGtTSItpDDJ:6KYO0Meh9+aW48Y/EY0y0r0g0D0a0oyU
Yara None matched
VirusTotal Search for analysis
Name 02a7e9d2ab4d7c11_System_info.txt
Submit file
Filepath C:\ProgramData\65EDB51284023538805469\System_info.txt
Size 1.4KB
Processes 1208 (svcstealer.exe)
Type ASCII text, with CRLF line terminators
MD5 fb6682a9a0c99841190d1085c47ce218
SHA1 9e3ce06a163a3419e0a83665ac7f3056aaac88f7
SHA256 02a7e9d2ab4d7c11e90641d02933c71d8345a9aaefb9c4084a6d8d3f062c0dae
CRC32 32C07E50
ssdeep 24:8+CKTO0ucRzouZnet31A5ITy0TiDki90Ti+TiYrsTNxoy6pTw50UnziCwDAq5CNv:4KTO7c5o2n8lA5B9v+mYdymuPPLg0SE
Yara None matched
VirusTotal Search for analysis
Name 2013cfcd26e087ed_screenshot.jpg
Submit file
Filepath C:\Users\test22\AppData\Roaming\Screenshot.jpg
Size 83.4KB
Processes 1208 (svcstealer.exe)
Type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1024x768, frames 3
MD5 a46c64ca264b4b5f0fb4972c59524a30
SHA1 a779e6ce0033fb0d17310d159923abc12f350ab4
SHA256 2013cfcd26e087ed4825f403d16cbb1ba476b97a95f641772ec1a355d6d7d821
CRC32 6E91C97B
ssdeep 1536:0EIYyl0cdEJXh1MEn1a2hi4umUiLwXuHu22jqSxLyuOpXyJUeS9Oxttv2arlZjq2:Dy01NAhm3Lel2Ky8S0jDlZjqZCFR
Yara
  • JPEG_Format_Zero - JPEG Format
VirusTotal Search for analysis