Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
04.27 05:04
1597-964bff284c640c49....
04.27 05:04
_app-8a13ca4ac05f979e....
04.27 05:04
7936-86b78f99cca7b07f....
04.27 05:04
647-b3e4f9fea21da5c1.j...
04.27 05:04
9352-d33b65bf67981d79....
04.27 05:04
5664-ba7442893ef0115b....
04.27 05:04
3513-0dd8614775ae565a....
04.27 05:04
1065-5d456de11a57794c....
04.27 05:04
1764-ea57ead3ebfa98c6....
04.27 05:04
6129-16df21e931a8122e....

Latest News
04.27 05:04
Remembering Heathkit
04.27 02:04
Quantum Random Number ...
04.27 01:04
SKT 통신사 해킹 파일 관련 dbus-...
04.27 01:04
Unsichtbare Zeichen in...
04.27 01:04
KI im Klassenzimmer: L...
04.27 01:04
Heimliches LLM-Groomin...
04.27 01:04
Datenschutz-Albtraum: ...
04.27 12:04
대만(Taiwan)을 목표로 한것으로 추...
04.26 11:04
From Good Enough to Best
04.26 10:04
North Dakota Expands D...

Dropped Files | ZeroBOX

Name	29ae7b30ed8394c5_AdvancedRun.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\a2ad8163-11d5-4f89-89e5-fc093bda31ef\AdvancedRun.exe
Size	88.9KB
Processes	2648 (ao.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`17fc12902f4769af3a9271eb4e2dacce`
SHA1	`9a4a1581cc3971579574f837e110f3bd6d529dab`
SHA256	`29ae7b30ed8394c509c561f6117ea671ec412da50d435099756bbb257fafb10b`
CRC32	`CC276C7F`
ssdeep	`1536:JW3osrWjET3tYIrrRepnbZ6ObGk2nLY2jR+utQUN+WXim:HjjET9nX0pnUOik2nXjR+utQK+g3`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	61b0bd1ab9b0a73d_scr.dll Submit file
Filepath	C:\ProgramData\1428cad52d922f\scr.dll
Size	222.0KB
Processes	2540 (blfte.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`f87e2b4e275185ab94ecaab2bcb98bb9`
SHA1	`360fa7668a31c2d1d7d8858fd582996f46a996ab`
SHA256	`61b0bd1ab9b0a73d137969f4e4c85f8eacd33fb7c19a6ee49cc91817459c4fd4`
CRC32	`AED3AC9A`
ssdeep	`6144:qJ+WK/pvT7arfwKFzDTsv5oaTh45CjBscX9TKGcO:RJpb7Y7vf5i5X9TaO`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Win_Amadey_Zero - Amadey bot
VirusTotal	Search for analysis

Name	27426aa52448e564_test.bat Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\a2ad8163-11d5-4f89-89e5-fc093bda31ef\test.bat
Size	8.2KB
Processes	2648 (ao.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`b2a5ef7d334bdf866113c6f4f9036aae`
SHA1	`f9027f2827b35840487efd04e818121b5a8541e0`
SHA256	`27426aa52448e564b5b9dff2dbe62037992ada8336a8e36560cee7a94930c45e`
CRC32	`790F1326`
ssdeep	`192:XjtIefE/Qv3puaQo8BElNisgwgxOTkre0P/XApNDQSO8wQJYbZhgEAFcH8N:xIef2Qh8BuNivdisOyj6YboVF3N`
Yara	None matched
VirusTotal	Search for analysis

Name	c46d3d2e23da7a55_152138328664.jpg Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\152138328664.jpg
Size	34.4KB
Processes	2704 (rundll32.exe)
Type	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1024x768, frames 3
MD5	`7d8969a9624ad8ec50daafc0056d1afd`
SHA1	`96cc05b7e8b91eec126c941c1c9966cd412a1a73`
SHA256	`c46d3d2e23da7a5518c0575b774eabf874174acc17fce2ca705eac478ba71f45`
CRC32	`9C48BD6F`
ssdeep	`384:RwC3mbLQn30iUD7mq68Nt6cC3vFSbuUf8AFjzjyf+VpU3FQZ+LwYSBpPoZEGmW81:qCmqkIiIvExEAFjKyi53CeLsn`
Yara	JPEG_Format_Zero - JPEG Format
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_15213832866432405321 Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\15213832866432405321
Size	0.0B
Processes	3028 (ao.exe) 2540 (blfte.exe)
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	b232ce459cc455b8_cred.dll Submit file
Filepath	C:\ProgramData\1428cad52d922f\cred.dll
Size	124.5KB
Processes	2540 (blfte.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`c0eb457df8165fbbbdeb468a1e3b1702`
SHA1	`13aa44353bfba804fb970486a6ed4e1f61c22c04`
SHA256	`b232ce459cc455b83776f73ec9d933fd03fd6797f59ea2b36190ceb1d559637f`
CRC32	`5547F8D2`
ssdeep	`3072:OeZmogDk+KPedGpqpm2pSBwkXWEfIvgpL2oAW9:OeZkghPppvhfvpS`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) Win32_PWS_Loki_Zero - Win32 PWS Loki IsPE32 - (no description)
VirusTotal	Search for analysis

Name	cf11d6b3c18d4c02_d93f411851d7c929.customDestinations-ms~RF1c0006a.TMP Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF1c0006a.TMP
Size	7.8KB
Processes	2448 (powershell.exe) 2656 (powershell.exe)
Type	data
MD5	`f2f5505600e2895c007b3ff3cfe3d4aa`
SHA1	`f0235a3c8056872d55eeef803d1bc33bac37a753`
SHA256	`cf11d6b3c18d4c02466b670bcb0394ac49382e6a87ad58d2561f2660922b586c`
CRC32	`9AF5ED3C`
ssdeep	`96:EtuCojGCPDXBqvsqvJCwoJtuCojGCPDXBqvsEHyqvJCworc7HwxGlUVul:Etu6XoJtu6bHnorXxY`
Yara	Antivirus - Contains references to security software
VirusTotal	Search for analysis

Name	87178907c9c47a38_blfte.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\9be4a78dfb\blfte.exe
Size	3.6MB
Processes	3028 (ao.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`b1d319888860b7a6400c5e5099d59e48`
SHA1	`470384569416fa2f4259f33cf372dfd4e5432358`
SHA256	`87178907c9c47a383a2a08a30481dbc5345b6c85c48142a855900d9840e6b6da`
CRC32	`FDE0930B`
ssdeep	`12288:0DRxaOwYtrsWvNL4RgjWV3ny0qxwCnLRMdgE57lU8SalS11vCmNV3nrOh5A/OYLI:v`
Yara	PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description) Admin_Tool_IN_Zero - Admin Tool Sysinternals IsPE32 - (no description)
VirusTotal	Search for analysis