Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.22 04:09
2.exe
09.21 02:09
random.exe
09.21 02:09
sdhsfd.exe
09.21 02:09
66edb89bc4073_crypted....
09.21 02:09
66ed33772bbe7_vdfhsjf1...
09.21 02:09
game.exe
09.21 02:09
66ebb3bf78bd6_Send.exe...
09.21 02:09
66ed33717e4c1_vfdshfda...
09.21 02:09
random.exe
09.21 02:09
66ed336eac985_vdfhssfd...

Latest News
09.22 10:09
두리코스 댕기머리, 중국인 300만 명이...
09.22 09:09
Announcing SecTemplate...
09.22 08:09
When Raw Network Socke...
09.22 08:09
Biden Administration t...
09.22 08:09
IT Sicherheitsnews tae...
09.22 07:09
September 22, 2024
09.22 06:09
Cards Against Humanity...
09.22 05:09
Linux, Now In Real Time
09.22 04:09
Was können Roboter wir...
09.22 04:09
Schluss mit Basis-Auth...

Dropped Files | ZeroBOX

Name	816cc3daaa6cb2a4_rimanete.sys Submit file
Filepath	C:\Users\test22\AppData\Roaming\XUGnyWzvizFylweeYySuMujumtetYJCSWAxQzDvzHFJJKYdtmVYluyoQHAZwTfnnRNpJGjIxJnnubDcANYErKaLRaEoTEcmailSXPHbhjDAHGear\Rimanete.sys
Size	111.3KB
Processes	7232 (vpn.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`6f3d1b5748ab15bd47ce5f1f2132617c`
SHA1	`f5121d2dbc5bf240a320ea999c685579acdc299d`
SHA256	`816cc3daaa6cb2a4606b4ad3f078fed7cd3b52eb36cf348cbae8fded9b4c5ffb`
CRC32	`062F7B16`
ssdeep	`1536:T70GOT4td+70Ezh7OE43bZ5/kNwtJbjy3C3aN0gdEDie4deubsSFl+d7OgSyxSP:oT4toYEN72fscJb+V0gdeie6bTAK`
Yara	None matched
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_nsi13C.tmp Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\nsi13C.tmp
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	2f7f8fc05dc4fd0d_UAC.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nsy14D.tmp\UAC.dll
Size	14.5KB
Processes	1836 (lv.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`adb29e6b186daa765dc750128649b63d`
SHA1	`160cbdc4cb0ac2c142d361df138c537aa7e708c9`
SHA256	`2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08`
CRC32	`1FE27A66`
ssdeep	`192:DiF6v2imI36Op/tGZGfWxdyWHD0I53vLl7WVl8e04IpDlPjs:DGVY6ClGoWxXH75T1WVl83lLs`
Yara	PE_Header_Zero - PE File Signature Zero IsPE32 - (no description) IsDLL - (no description) IsWindowsGUI - (no description) HasRichSignature - Rich Signature Check escalate_priv - Escalade priviledges win_token - Affect system token
VirusTotal	Search for analysis

Name	1e74869231cd24c4_vpn.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\New Feature\vpn.exe
Size	1.1MB
Processes	1836 (lv.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
MD5	`b251c159d9605b32bc8d447b15fb6da3`
SHA1	`d74140b86d9d7a4fb86db8345768f97e20c72d48`
SHA256	`1e74869231cd24c4e431023a0751a331e9fa13201a73a5a3dd5b791698479505`
CRC32	`7CF82DCB`
ssdeep	`24576:Tx4tQdcoDLe/gg+xjhGrrJkm0oVbZrodCjIOlb6QZKWkYBVTu:Tx4tCG/gbxjExVbZr7IwwW37K`
Yara	PE_Header_Zero - PE File Signature Zero Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) IsWindowsGUI - (no description) IsPacked - Entropy Check HasOverlay - Overlay Check HasModified_DOS_Message - DOS Message Check screenshot - Take screenshot keylogger - Run a keylogger win_files_operation - Affect private profile
VirusTotal	Search for analysis

Name	1da001c5399afa6b_4.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\New Feature\4.exe
Size	253.5KB
Processes	1836 (lv.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c752657446b90c13d30df01a9850e5db`
SHA1	`99c6f5b218c7800e70709ae87c3b1a96d3159c97`
SHA256	`1da001c5399afa6b6759a7879700b8c5a9d518412ad80294c85a17afcc709598`
CRC32	`8E3169E2`
ssdeep	`3072:4gggPflli2ctnJi4BS5ntyXWsZl5UGkwoNtcA1T73clKuP9XPmQJ1ThiRI:4gB3lk2ct/BS+AG8tHljclNXxJbiRI`
Yara	PE_Header_Zero - PE File Signature Zero OS_Processor_Check_Zero - OS Processor Check Signature Zero IsPE32 - (no description) IsWindowsGUI - (no description) IsPacked - Entropy Check HasDebugData - DebugData Check HasRichSignature - Rich Signature Check Trojan_Win32_Glupteba_1_Zero - Trojan Win32 Glupteba win_mutex - Create or check mutex win_files_operation - Affect private profile
VirusTotal	Search for analysis

Name	cf5e740d91ff738b_torno.sys Submit file
Filepath	C:\Users\test22\AppData\Roaming\XUGnyWzvizFylweeYySuMujumtetYJCSWAxQzDvzHFJJKYdtmVYluyoQHAZwTfnnRNpJGjIxJnnubDcANYErKaLRaEoTEcmailSXPHbhjDAHGear\Torno.sys
Size	921.8KB
Processes	7232 (vpn.exe)
Type	data
MD5	`2fb3ad42636203e13144a48dacfb6d4e`
SHA1	`e08ef9ac300e5646c024affb2f486853c00808fb`
SHA256	`cf5e740d91ff738b334050bc2ca6081b91b24dbe0eaa6724e5ccc08a43e21e6c`
CRC32	`222FF55F`
ssdeep	`24576:oJs7DlG83U/hcSO3UTyYPeuZtxY+8aiB8ea:oC7hGOSPT/PxebaiO`
Yara	OS_Processor_Check_Zero - OS Processor Check Signature Zero AutoIt - www.autoitscript.com/site/autoit/ inject_thread - Code injection with CreateRemoteThread in a remote process network_http - Communications over HTTP escalate_priv - Escalade priviledges screenshot - Take screenshot keylogger - Run a keylogger win_registry - Affect system registries win_token - Affect system token win_files_operation - Affect private profile Str_Win32_Winsock2_Library - Match Winsock 2 API library declaration Str_Win32_Wininet_Library - Match Windows Inet API library declaration Str_Win32_Internet_API - Match Windows Inet API call Str_Win32_Http_API - Match Windows Http API call
VirusTotal	Search for analysis

Name	80a45bd563c067d3_Conoscerla.sys Submit file
Filepath	C:\Users\test22\AppData\Roaming\XUGnyWzvizFylweeYySuMujumtetYJCSWAxQzDvzHFJJKYdtmVYluyoQHAZwTfnnRNpJGjIxJnnubDcANYErKaLRaEoTEcmailSXPHbhjDAHGear\Conoscerla.sys
Size	140.0KB
Processes	7232 (vpn.exe) 5256 (Troppe.exe.com)
Type	data
MD5	`a6b6ea7c68978ac404557c5259cc303b`
SHA1	`58d3668733534321f067c695e4be1e953ea7e80b`
SHA256	`80a45bd563c067d3be44c4b3fe063ffee8923e7b5dd8c5971a697c22eb7f5aa3`
CRC32	`DDD246FE`
ssdeep	`3072:VG57dd2Qi7gbavfdDtQO+4hiCJUTwoMqM18xTacyELFE52FC1uYGsCON6AIad:w57r2XMIOUi8UTc18NPJo264sBNzd`
Yara	None matched
VirusTotal	Search for analysis

Name	5496322b505da18b_u Submit file
Filepath	C:\Users\test22\AppData\Roaming\XUGnyWzvizFylweeYySuMujumtetYJCSWAxQzDvzHFJJKYdtmVYluyoQHAZwTfnnRNpJGjIxJnnubDcANYErKaLRaEoTEcmailSXPHbhjDAHGear\u
Size	667.7KB
Type	ASCII text, with very long lines, with CRLF, CR, LF line terminators
MD5	`e80bb31298a3d3f36a652a3196c01be5`
SHA1	`6e6fa850d061d50664ee7f42ee37c99269dc6168`
SHA256	`5496322b505da18b9689166a1af659ce571cc4d32d838a5a22b998b488d34c62`
CRC32	`D0741965`
ssdeep	`6144:+OKdh+e/jK88w+zwK9GMOZv2cd+JHy8MPqm+A+P4bqehWcmAkJbyl74TSM7rEpJ:q3d+klJRPi4bbwcm1N874OW+`
Yara	None matched
VirusTotal	Search for analysis