Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
10.03 05:10
cliloc_fix.exe
10.02 02:10
66fbfccd837ac_vadggdsa...
10.02 02:10
66fc5c187ba75_lyla343.exe
10.02 02:10
66fbfcc301a31_swws.exe
10.02 02:10
66fbd9a4db4c9_Governme...
10.02 02:10
66fb2538369cb_EdgeUpda...
10.02 02:10
cc.js
10.02 02:10
kixx.js
10.02 02:10
66f55533ca7d6_RDPWInst...
10.02 02:10
SPOOF.exe

Latest News
10.03 08:10
Social Influencers Say...
10.03 08:10
Amazon Is Hiring 250,0...
10.03 08:10
„Alptraum“: Daten alle...
10.03 08:10
Smart Glasses: Smarte ...
10.03 08:10
Verbraucherzentrale wa...
10.03 08:10
Cybersecurity Is Every...
10.03 08:10
Threat actor believed ...
10.03 08:10
Pi Zero Power Optimiza...
10.03 08:10
License Plate Readers ...
10.03 08:10
INTERPOL Arrests 8 in ...

Dropped Files | ZeroBOX

Name	e3b0c44298fc1c14_nszCBFB.tmp Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\nszCBFB.tmp
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	8e04409bf9092979_libpangoft2-1.0-0.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\FastStoneSoft\libpangoft2-1.0-0.dll
Size	87.5KB
Processes	2552 (update.exe)
Type	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
MD5	`bb03a889f0c4875d7565139145b775ac`
SHA1	`eec6e2a8c57af0822384cd92d05662d37219ecb5`
SHA256	`8e04409bf9092979474f8d7ae6872c089b7e8e0a1b574da04d285d49a70b6694`
CRC32	`16E4CCD8`
ssdeep	`1536:gwB0LwBwK4pm5ME0K1MkBVDtKlottbSWaPL0Z/XjSEzT17xe:gwBw7KpvdyC9t0ottebLYPjSEzT17xe`
Yara	PE_Header_Zero - PE File Signature Zero IsPE64 - (no description) IsDLL - (no description) IsConsole - (no description) HasOverlay - Overlay Check
VirusTotal	Search for analysis

Name	cccdc7c91a6ad01d_libogg-0.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\FastStoneSoft\libogg-0.dll
Size	82.6KB
Processes	2552 (update.exe)
Type	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
MD5	`87a4e5bc51a9c2533ac5308f3343a76b`
SHA1	`3427c4cd2f63ddb6787fbc3ee736b3b2433f0b91`
SHA256	`cccdc7c91a6ad01d2e1af8555fbde94787bf5ee39a61703008d0c2ed7f9e6ebe`
CRC32	`5A40ECA5`
ssdeep	`768:RIBmX6tFu4kYOvBHwDFHs0YZqCC3m1/z0BDtZH5zhG4tZtVnDPo1SndQzJdn1W:KBmX6S4kYOvJGMRZABDflIQiMnAJd1W`
Yara	PE_Header_Zero - PE File Signature Zero IsPE64 - (no description) IsDLL - (no description) IsConsole - (no description) HasOverlay - Overlay Check MinGW_1 - (no description)
VirusTotal	Search for analysis

Name	e16fc0acfdfda9f9_libgcc_s_sjlj-1.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\FastStoneSoft\libgcc_s_sjlj-1.dll
Size	93.0KB
Processes	2552 (update.exe)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`8059776aa7b83e8fe95bc14eff4c86ed`
SHA1	`7592f51b4f8ad574ea4921e30d2b69d10a2088df`
SHA256	`e16fc0acfdfda9f9b36e276affac85010d8f23bf33e8260c0c55e00e4df90e40`
CRC32	`E1C4ED3D`
ssdeep	`1536:bFtiwEXujykF9/c8lRoDHYDUA9P/icagLTd+vsWlSkxNf:bFtiwEeOkFp5Ro7YAWP6cagLx/WlS8Nf`
Yara	PE_Header_Zero - PE File Signature Zero IsPE32 - (no description) IsDLL - (no description) IsConsole - (no description)
VirusTotal	Search for analysis

Name	3ef3a1613f4224ae_config.xml Submit file
Filepath	C:\Users\test22\AppData\Roaming\FastStoneSoft\config.xml
Size	793.4KB
Processes	2552 (update.exe)
Type	data
MD5	`045c656138fb2c2c562128d99c430824`
SHA1	`99b6434e2d5b533b56977ec0dbd6f8b861094e0f`
SHA256	`3ef3a1613f4224ae95b86a50dd04497bb6cc5af6ca020e0ea2365cb1bef5e237`
CRC32	`3ABDF111`
ssdeep	`6144:5f2RJepY7bCbPER79aRRvL0lF22+B/cJ0T8rm2hMc:5fla7kPER7YXIq/BvKm2V`
Yara	None matched
VirusTotal	Search for analysis

Name	193b8f5ad2b61b58_zlib.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\FastStoneSoft\zlib.dll
Size	83.0KB
Processes	2552 (update.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`f433b1aab2d8f62edfa2fd2e3686e5f0`
SHA1	`c06891308b99388554c745fb80e359330d8fbced`
SHA256	`193b8f5ad2b61b5850753ea83df27ef776c5e43e041a6a984fb551ca8140a33a`
CRC32	`E7BA737E`
ssdeep	`1536:hoEz8+iLbyuv7MBe0HQOsgGu5myOT94vnToIff5IOcIOY3kNFoU4Pao:Jz8zLbyG7MBeD1YOT6TBfrSYUFotx`
Yara	PE_Header_Zero - PE File Signature Zero OS_Processor_Check_Zero - OS Processor Check Signature Zero IsPE64 - (no description) IsDLL - (no description) IsWindowsGUI - (no description) HasDebugData - DebugData Check HasRichSignature - Rich Signature Check
VirusTotal	Search for analysis

Name	719469cfcb287360_libbonjour.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\FastStoneSoft\libbonjour.dll
Size	90.9KB
Processes	2552 (update.exe)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`5c6b63f9a45f63d1b26f00f2318e6400`
SHA1	`cab3cc96dc62f894ae53d5495adaacf6935eae04`
SHA256	`719469cfcb287360b5774b1a7a4b2185091b51234396f2957d64ab14eb730471`
CRC32	`1615880E`
ssdeep	`1536:J+SpaLAt8yiufTVgX95DEu/VdmQHxG2uOmMN/vOOoDNRYpsK1Snv/DAlDeAFzXmB:jaLaiQ6XTDtmWxGJMFOOoDNRYpsK1SnR`
Yara	PE_Header_Zero - PE File Signature Zero IsPE32 - (no description) IsDLL - (no description) IsConsole - (no description) HasOverlay - Overlay Check MinGW_1 - (no description) network_tcp_listen - Listen for incoming communication network_tcp_socket - Communications over RAW socket network_dns - Communications use DNS Str_Win32_Winsock2_Library - Match Winsock 2 API library declaration
VirusTotal	Search for analysis

Name	6e03ce90c8c66ff1_libegl.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\FastStoneSoft\libEGL.dll
Size	91.9KB
Processes	2552 (update.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`30ce873ee99c1edac7c54f47305c85d5`
SHA1	`d2237a7437db56e4e8c172b3c21a69d497361afc`
SHA256	`6e03ce90c8c66ff160f96e37d733be332137435da5af20231b38df961113700e`
CRC32	`1D2369B9`
ssdeep	`1536:fbv1dR/kQcH8KoLvSv54rS7VQfqJpTKsWGzacdm44U+vahJxnKemMY4:z9duRYAJV7mXU7xKBZ4`
Yara	PE_Header_Zero - PE File Signature Zero OS_Processor_Check_Zero - OS Processor Check Signature Zero Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen IsPE32 - (no description) IsDLL - (no description) IsConsole - (no description) HasOverlay - Overlay Check HasDigitalSignature - DigitalSignature Check HasDebugData - DebugData Check HasRichSignature - Rich Signature Check win_files_operation - Affect private profile
VirusTotal	Search for analysis

Name	0480f09c6101ade0_libxml4.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\FastStoneSoft\libxml4.dll
Size	572.5KB
Processes	2552 (update.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`851bf2c03a702901b20b72d8d9231d00`
SHA1	`483b80f6baed9c4ca08a15a30e8051526d520950`
SHA256	`0480f09c6101ade051d374faf9db8b15bf949efd23056671b52f8cdb175f1441`
CRC32	`F448E2A9`
ssdeep	`12288:/1Sjsd4Hd2kR6vk9YE0quvI1bi1TpD1BQwz9554Ya8Th7cRCnik:i956vk9YE0qwUwz934Ya8ThQRCik`
Yara	PE_Header_Zero - PE File Signature Zero OS_Processor_Check_Zero - OS Processor Check Signature Zero Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen IsPE32 - (no description) IsDLL - (no description) IsWindowsGUI - (no description) HasDebugData - DebugData Check HasRichSignature - Rich Signature Check win_files_operation - Affect private profile
VirusTotal	Search for analysis

Name	20ac9e9024e8211d_libgraph31.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\FastStoneSoft\libgraph31.dll
Size	71.0KB
Processes	2552 (update.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`268ee3eebc4fcd282cc09edfb93ee478`
SHA1	`ce9d1a284558b48f61ea3025d28ee15bfb986457`
SHA256	`20ac9e9024e8211db49b522a79556d75b08331980189c257686ea4cfbff9bf50`
CRC32	`16EE427B`
ssdeep	`1536:Rlv6q1ZwQpNmwLsBHvahLdYZPLdsWVcdyvWADttnY:nZZDNTsBHvS+VYyvWAJtnY`
Yara	PE_Header_Zero - PE File Signature Zero OS_Processor_Check_Zero - OS Processor Check Signature Zero IsPE32 - (no description) IsDLL - (no description) IsWindowsGUI - (no description) HasDebugData - DebugData Check HasRichSignature - Rich Signature Check win_files_operation - Affect private profile
VirusTotal	Search for analysis

Name	05489477d2152d2c_build.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\build.exe
Size	610.0KB
Processes	2636 (FastStoneImageViewer.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`413a3afdb3c8d249a1c44555e1111a86`
SHA1	`286d96c680877aedb31d15ff768f410046770a3f`
SHA256	`05489477d2152d2c6854707d7eb96ef2178b0d7c83321f42a03588ffe2dfb21d`
CRC32	`14AD48E2`
ssdeep	`12288:jOqFgk6zbrjnsut4KfCGGuVmiXpFYPB7MsZjkWfXz9ovXKlQ:jXFpmbrjnsutjqGGuVdFYPBdjkcXSvXI`
Yara	PE_Header_Zero - PE File Signature Zero OS_Processor_Check_Zero - OS Processor Check Signature Zero IsPE32 - (no description) IsWindowsGUI - (no description) IsPacked - Entropy Check win_files_operation - Affect private profile Library_Malware_Zero - Library Malware
VirusTotal	Search for analysis

Name	8dcff89d52aa29ca_faststoneimageviewer.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\FastStoneSoft\FastStoneImageViewer.exe
Size	3.3MB
Processes	2552 (update.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`cec6160102e986b6af80957100a26011`
SHA1	`864d26ff4af44143c105f50e721baf0316ffec5e`
SHA256	`8dcff89d52aa29ca533980addb562e821fa2d5d0140e723ae28111d9d1b1f9b9`
CRC32	`F7A351A4`
ssdeep	`49152:scl1Pn4Uh0VsLDCXyO2DJZMsq8q0ouYrQr0jxe0eZMTCMxyfFI5/9Wf:siXLLDcX4JZtq8QlAfFI5/9W`
Yara	PE_Header_Zero - PE File Signature Zero OS_Processor_Check_Zero - OS Processor Check Signature Zero Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen IsPE32 - (no description) IsWindowsGUI - (no description) HasDebugData - DebugData Check HasRichSignature - Rich Signature Check win_mutex - Create or check mutex win_files_operation - Affect private profile
VirusTotal	Search for analysis