popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name a4445ea66dbe2692_xclient.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\XClient.exe
Size 80.5KB
Processes 940 (8e22440b-0bf6-4a02-bfa9-d9f1fd71f8c5.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 d8fe231c408f6f0d75d4d77fc07ea43a
SHA1 1854ed77354c5272f933fb3641f3373804127864
SHA256 a4445ea66dbe2692b2470bded3f4d036312ba80308a86c1698166ec5b0407072
CRC32 4240AFAD
ssdeep 1536:1VTdhLyBYzs4Matjo8x+EZrRQ+b5k/Kt6wQ4nsAZ613Y6O55BH:fJhOKzGarx+EZrRQ+b5qwpko6O55h
Yara
  • PE_Header_Zero - PE File Signature
  • Antivirus - Contains references to security software
  • Is_DotNET_EXE - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 0918d8ab2237368a_MSI1756.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\MSI1756.tmp
Size 1.0MB
Processes 2328 (msiexec.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
MD5 8a8767f589ea2f2c7496b63d8ccc2552
SHA1 cc5de8dd18e7117d8f2520a51edb1d165cae64b0
SHA256 0918d8ab2237368a5cec8ce99261fb07a1a1beeda20464c0f91af0fe3349636b
CRC32 843406AE
ssdeep 24576:QUUGGHn+rUGemcPe9MpKL4Plb2sZWV+tLv0QYu5OPthT+gd:jGHpRPqMpvlqs0O4iO2k
Yara
  • PE_Header_Zero - PE File Signature
  • CAB_file_format - CAB archive file
  • IsDLL - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 64adb568ceb1d4ab_ex.msi
Submit file
Filepath C:\Users\test22\AppData\Roaming\ex.msi
Size 12.7MB
Processes 940 (8e22440b-0bf6-4a02-bfa9-d9f1fd71f8c5.exe)
Type Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Default, Author: ScreenConnect Software, Keywords: Default, Comments: Default, Template: Intel;1033, Revision Number: {5DB4AB1A-07F1-053A-3398-B9E647E40642}, Create Time/Date: Mon Oct 28 17:43:52 2024, Last Saved Time/Date: Mon Oct 28 17:43:52 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.0.1701), Security: 2
MD5 e615a410d9da98046b3632fd93621ba4
SHA1 767b3cd592f458d0ce41e1f72d004556a0bb37db
SHA256 64adb568ceb1d4abb36113bde0ca9bffa423be366262f8a4ec75b1e23aef50ad
CRC32 50997001
ssdeep 196608:nWh0cGwuWh0cGxWh0cGcWh0cGrWh0cGYWh0cGrWh0cGJ:nWacQWac4WacnWacMWacNWacgWack
Yara
  • CAB_file_format - CAB archive file
  • Malicious_Library_Zero - Malicious_Library
  • Microsoft_Office_File_Zero - Microsoft Office File
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis