Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Dropped Files | ZeroBOX

Name	687c85aada37664c_360diao.exe Submit file
Filepath	C:\Windows\Temp\360diao.exe
Size	4.8MB
Processes	2428 (Sec.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`1973e37ebcef7d29735098244afe84c7`
SHA1	`ac8dea31a97ff115a943b3fe97dc020ee506de22`
SHA256	`687c85aada37664caacfa6d2330edc7ebdbce56b06caf969b42b47764a9a7841`
CRC32	`226314EE`
ssdeep	`98304:XSU/vG+nw6AOXu57bC4RqlrjAe8VhhSEYEniZqgE2NFE6Wq+Pw1rhWixOU2tlOo/:LuuWO+57bC8CAe8TMjNHN+PI9xLoMPs7`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description)
VirusTotal	Search for analysis

Name	96ac9787fa13484e_sec.exe Submit file
Filepath	C:\Windows\Temp\Sec.exe
Size	32.0KB
Processes	2776 (run.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`b64630855d8f6560d180710285a82ae4`
SHA1	`6297e7a184da4dbdfef1a94c8f7adc911d774702`
SHA256	`96ac9787fa13484e75ff3af08cd84747eff6b38fd50dc739a502c5a6839114dd`
CRC32	`6D2F6DB7`
ssdeep	`384:pA5Nojv0WqFkPfNq7A1Sm2hyWIjHzACNlSvQIWaUS:pQob0WOkC6P8Y2yS`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	21b111cbfe6e8fca_5b07e7d0 Submit file
Filepath	C:\Windows\SysWOW64\5B07E7D0
Size	7.0B
Processes	1836 (Ser.exe)
Type	ASCII text, with no line terminators
MD5	`7a1920d61156abc05a60135aefe8bc67`
SHA1	`808d7dca8a74d84af27a2d6602c3d786de45fe1e`
SHA256	`21b111cbfe6e8fca2d181c43f53ad548b22e38aca955b9824706a504b0a07a2d`
CRC32	`2CE33943`
ssdeep	`3:qR:qR`
Yara	None matched
VirusTotal	Search for analysis

Name	d9a0c45892a88bed_cacrk.dll Submit file
Filepath	C:\Program Files\Cacrk\Cacrk.dll
Size	212.5KB
Processes	2428 (Sec.exe)
Type	data
MD5	`75b8457886150ae96f2e9a1b4790c2c4`
SHA1	`5312547a52cb3db3bdd11ac49eedd9902d7feea1`
SHA256	`d9a0c45892a88bed77145053740b6224b20bafeeed0f7cda3bacbf3f4cc4ac2d`
CRC32	`7023235B`
ssdeep	`3072:QJpgQGC1S4VjVWAqdk0A0WXLQ0zJmryBS2ZIXYoZ5I158+U49mEuuG4ZF7:SnV1HjV3qS0r0zJy2GIoZ5K++zuuG47`
Yara	None matched
VirusTotal	Search for analysis

Name	f80ead1156308c42_ser.exe Submit file
Filepath	C:\Windows\Temp\Ser.exe
Size	192.0KB
Processes	2776 (run.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`254fe2e041fcf4c60dfb78553319c983`
SHA1	`8a875f074f80c162349a8e5218b5ec79ca26fcc1`
SHA256	`f80ead1156308c42e18f81d62b45b20aa41cb714bc1c684d7d6402be44932852`
CRC32	`A27530BD`
ssdeep	`3072:l8B9tMfP9ZGFwgvRLLCzOYFDq+UdnIPPlMzcsofIw+KaX0LcHLkMIIRI:l6M96wgvRHCzOYtqlGyzcsX3KA0LQIQW`
Yara	PE_Header_Zero - PE File Signature Win_Backdoor_GhostRAT_Zero - Win Backdoor GhostRAT IsPE32 - (no description)
VirusTotal	Search for analysis