Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
04.27 01:04
xrgfyjiwp9jhuz.potenti...
04.26 11:04
m=el_main_css
04.26 11:04
saved_resource.html
04.26 02:04
file.exe
04.26 02:04
unindictedEb7l.ps1
04.26 02:04
32ja.exe
04.26 02:04
upx.exe
04.26 02:04
svcstealer.exe
04.26 02:04
fcc.exe
04.26 02:04
untippedhi.exe

Latest News
04.27 02:04
Quantum Random Number ...
04.27 01:04
SKT 통신사 해킹 파일 관련 dbus-...
04.27 01:04
Unsichtbare Zeichen in...
04.27 01:04
KI im Klassenzimmer: L...
04.27 01:04
Heimliches LLM-Groomin...
04.27 01:04
Datenschutz-Albtraum: ...
04.27 12:04
대만(Taiwan)을 목표로 한것으로 추...
04.26 11:04
From Good Enough to Best
04.26 10:04
North Dakota Expands D...
04.26 10:04
Gamers Beware! New Att...

Dropped Files | ZeroBOX

Name	60ee8dbf1ed96982_install.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\install.dat
Size	546.9KB
Processes	8408 (lij.exe)
Type	data
MD5	`e2f2838e65bd2777ba0e61ce60b1cb54`
SHA1	`17d525f74820f9605d3867806d252f9bae4b4415`
SHA256	`60ee8dbf1ed96982dd234f593547d50d79c402e27d28d08715f5c4c209bee8e6`
CRC32	`05038001`
ssdeep	`12288:hmTeZHykHZQbjaItpcHuLI/KfPvBlNXXrGoCBQF40jkWkGLDfCOA:rHy2sjv7myfXrNXbjFveqqd`
Yara	None matched
VirusTotal	Search for analysis

Name	70d1bfb908eab666_file4.exe Submit file
Filepath	C:\Program Files (x86)\Company\NewProduct\file4.exe
Size	77.4KB
Processes	3908 (Setup2.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`536e02fd394cf3eb3a99d9a4abfa014f`
SHA1	`2541f567e0acdd63bb4b067ba93c2ab931fccfce`
SHA256	`fbbf80bb45195cb5b536b79e282eac9b0907f5e43a01832508affebab5ad1908`
CRC32	`F396D376`
ssdeep	`1536:CaY0LwJiCGRFrA6cRC5oQ8bWFE27byIrxC5:CaY0LwJiwqkCPyIrxC5`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	a32e0a83001d2c5d_2.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\$inst\2.tmp
Size	36.0B
Processes	3908 (Setup2.exe)
Type	Microsoft Cabinet archive data, 36 bytes
MD5	`8708699d2c73bed30a0a08d80f96d6d7`
SHA1	`684cb9d317146553e8c5269c8afb1539565f4f78`
SHA256	`a32e0a83001d2c5d41649063217923dac167809cab50ec5784078e41c9ec0f0f`
CRC32	`EAB67334`
ssdeep	`3:wDl:wDl`
Yara	None matched
VirusTotal	Search for analysis

Name	030cba5d93403c75_lij.exe Submit file
Filepath	C:\Program Files (x86)\Company\NewProduct\lij.exe
Size	611.0KB
Processes	3908 (Setup2.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`d09dd010a7c2b7b9cf555bb4f5785ed3`
SHA1	`724067ff7c8eb7982ddeca530b47253b622bd6bc`
SHA256	`030cba5d93403c75ed1c9156aad112c27045a9bf9b80588329479e6d2cd4e78f`
CRC32	`717F2159`
ssdeep	`12288:/WmTeZHykHZQbjaItpcHuLI/KfPvBlNXXrGoCBQF40jkWkGLDfCOU:/aHy2sjv7myfXrNXbjFveqq5`
Yara	PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware IsPE32 - (no description)
VirusTotal	Search for analysis

Name	dc60c4c8526c7fb1_temp_0.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\$inst\temp_0.tmp
Size	1.6MB
Processes	3908 (Setup2.exe)
Type	Microsoft Cabinet archive data, 1631852 bytes, 5 files
MD5	`f2fb73ff85ef6a3429eceaeb53a57b57`
SHA1	`084108027ea8c9e24c23dfc2da2fb2f7421070ae`
SHA256	`dc60c4c8526c7fb1b8fe1422da3dc901d149546fd8622c5050dd55683e22466c`
CRC32	`56B16336`
ssdeep	`49152:54rOwdlovusbBIY+KvRGsKh7RLSIzoQnuBp9yCut:iawobBIYD87RLSIXub9yd`
Yara	None matched
VirusTotal	Search for analysis

Name	b58187d5057b20b8_install.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\install.dll
Size	24.0KB
Processes	8408 (lij.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`dad2b18979ccfd88046305e76614a57b`
SHA1	`51d95c4947937bc35b99a372ba680a9fc0c563ef`
SHA256	`b58187d5057b20b86919a26d39a8c164f34b2aae9f180bbc3232820671eb7629`
CRC32	`D73C1286`
ssdeep	`48:qyxwXGaOEizcJo2Oy2BvGW6tZMhIfmcFvW6gngQDublNMgY8uO1L:3xqMEizcJ7OJ+ZMhIfmqgRubEcu`
Yara	IsDLL - (no description) PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware IsPE32 - (no description)
VirusTotal	Search for analysis

Name	288376e11301c8ca_md8_8eus.exe Submit file
Filepath	C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe
Size	715.0KB
Processes	3908 (Setup2.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`7a151db96e506bd887e3ffa5ab81b1a5`
SHA1	`1133065fce3b06bd483b05cca09e519b53f71447`
SHA256	`288376e11301c8ca3eb52871d09133f0199b911a33b9658579929ef6bac8ea6c`
CRC32	`C3B4B421`
ssdeep	`12288:Q2VU2WB3OzCPZuv6YBsKYwLqVApHgdrGIV/LqBW9G9DCSK1n+jF9nMrcf94IilAS:rG2qezCPZa6HfwiAoiTBWsRCSWnS5f9U`
Yara	VMProtect_Zero - VMProtect packed file PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	9c3c2055efd133f7_uninstall.ini Submit file
Filepath	C:\Program Files (x86)\Company\NewProduct\Uninstall.ini
Size	2.5KB
Processes	3908 (Setup2.exe)
Type	ISO-8859 text, with CRLF line terminators
MD5	`f74dc4eee49000b2eba745022b514bea`
SHA1	`b8b2e0f8ea5ab2f1da0782ef732828239c472263`
SHA256	`9c3c2055efd133f740366cd706f5003bed78088399f7049fd9efad35d5cecedd`
CRC32	`C434DB17`
ssdeep	`48:RxNjLkj9z39zH9394989zC9r9x9399L9f9/9u9G9G17eHdGVydsJWM0qK1PYDh:9exBNW6AxzN9RFloBxNVJJWqwPy`
Yara	None matched
VirusTotal	Search for analysis

Name	6f53252710795181_install.dll.lnk Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\install.dll.lnk
Size	794.0B
Processes	8408 (lij.exe)
Type	MS Windows shortcut, Item id list present, Has Relative path, Has command line arguments, ctime=Sun Dec 31 15:32:08 1600, mtime=Sun Dec 31 15:32:08 1600, atime=Sun Dec 31 15:32:08 1600, length=0, window=hide
MD5	`07ac24f5948e483c3b0eacfe0b08a38c`
SHA1	`57a75213bfb825ae7ca8efd51aa6c110b23ce4a6`
SHA256	`6f53252710795181e5c06d97d2ca25481c94ef699e0b580a8eef18e309a5d109`
CRC32	`1A4A1475`
ssdeep	`12:8AlXEbC3pQVe/4V3lrW+filH/Q1cnDmNz4t2YLEPKzlX8:8A7pQQClK+filoLBPy`
Yara	Lnk_Format_Zero - LNK Format
VirusTotal	Search for analysis

Name	463a368c85c49254_runme.exe Submit file
Filepath	C:\Program Files (x86)\Company\NewProduct\runme.exe
Size	77.4KB
Processes	3908 (Setup2.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`bf8875e6e32ee677611c1ecba0a2bdde`
SHA1	`d6342543a0b4981bf2886e60b0f8619300dfffed`
SHA256	`7d884a797d4817e349297ede8e6d98d3cdb6f96f8d0a38f3d0c723f627832b64`
CRC32	`91556331`
ssdeep	`1536:2Y0vuAUrEeSyVF1RRyCh7kqex02vEzTn3G8QDo:gvuAUrZ/Rkq0Mz7MDo`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	b3a3c03a2b140d4f_uninstall.exe Submit file
Filepath	C:\Program Files (x86)\Company\NewProduct\Uninstall.exe
Size	97.6KB
Processes	3908 (Setup2.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`56b3225c7b1d6f05b4ba4ba7b4ce2202`
SHA1	`27c0ed1a6d25a68a48950a7ede29d87e1f2b1461`
SHA256	`b3a3c03a2b140d4fbe9bac4416866210d014da4c64355b395715f2d4c2506c46`
CRC32	`6DE3DA1A`
ssdeep	`1536:zO/z6hPABUjO/Zd1716EoLiL4l1HdIaqQPDm0xK8i6f0Zn9PRVW8sW45o75M:kzgjO/Zd1RePDmZ8tf05iW4u1M`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet
VirusTotal	Search for analysis