Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.20 01:09
setup.exe
09.20 11:09
3uTools.exe
09.20 11:09
66ecb4573225b_vsbhfdg1...
09.20 10:09
66ecb452ba19c_sfbdsgfd...
09.20 10:09
66ecb44c35444_vfdhsgdf...
09.20 10:09
66ec0e61998bf_setup30.exe
09.20 10:09
66ebf725efe38_lyla.exe
09.20 10:09
Desktop_Explorer.exe
09.20 10:09
66ec3528901bb_winupdat...
09.20 10:09
Inquiry-Dubai.js

Latest News
09.21 01:09
Automate detection and...
09.21 01:09
Hackaday Podcast Episo...
09.21 01:09
The Russian Bot Army T...
09.21 01:09
Australia’s Labor Part...
09.21 12:09
Inviting the Public to...
09.21 12:09
How Ransomhub Ransomwa...
09.21 12:09
Middle East backdoored...
09.21 12:09
Updated CISA exploited...
09.21 12:09
Several orgs purported...
09.21 12:09
New CISA guidance seek...

Dropped Files | ZeroBOX

Name	c2e52809bf10f4ab_Voce.m4a Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\Voce.m4a
Size	139.0KB
Processes	6988 (vpn.exe) 1660 (Ritrovar.exe.com)
Type	data
MD5	`815e3f496b789369284658610bee1971`
SHA1	`6638181b3050149f986d2f345c53dda250dcb542`
SHA256	`c2e52809bf10f4ab12bfbd4c79646a9b41a9a97590d4b684da18501301acf9c9`
CRC32	`80B23503`
ssdeep	`3072:dq9ggsZfUlX7sOUDn56LN4JRYzYCQzzmYXj6WdouBNRM/U2YUvRVwYw1PYgoL:mggsfU17eDnELuM7QzzjXxHXRuYUvId4`
Yara	None matched
VirusTotal	Search for analysis

Name	237d1bca6e056df5_Ritrovar.exe.com Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\Ritrovar.exe.com
Size	872.7KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c56b5f0201a3b3de53e561fe76912bfd`
SHA1	`2a4062e10a5de813f5688221dbeb3f3ff33eb417`
SHA256	`237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d`
CRC32	`76090EE7`
ssdeep	`12288:6pVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawV2M01:6T3E53Myyzl0hMf1tr7Caw8M01`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description)
VirusTotal	Search for analysis

Name	2f7f8fc05dc4fd0d_UAC.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nsnFD36.tmp\UAC.dll
Size	14.5KB
Processes	5620 (lv.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`adb29e6b186daa765dc750128649b63d`
SHA1	`160cbdc4cb0ac2c142d361df138c537aa7e708c9`
SHA256	`2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08`
CRC32	`1FE27A66`
ssdeep	`192:DiF6v2imI36Op/tGZGfWxdyWHD0I53vLl7WVl8e04IpDlPjs:DGVY6ClGoWxXH75T1WVl83lLs`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	2958b3ed9609ab97_Mantenere.m4a Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\Mantenere.m4a
Size	872.8KB
Processes	6988 (vpn.exe)
Type	data
MD5	`1f1a817939929372f697093252e3d477`
SHA1	`7c6df71f139a7b1beb53a6ba09dba3431d336fba`
SHA256	`2958b3ed9609ab973bed422512cc58ac4b13d04718393a7d36eff60923c34376`
CRC32	`6730F99E`
ssdeep	`12288:4pVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawV2M01:4T3E53Myyzl0hMf1tr7Caw8M01`
Yara	OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	73c51914c0d77f24_Pietro.m4a Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\Pietro.m4a
Size	378.0B
Processes	6988 (vpn.exe)
Type	ASCII text, with CRLF line terminators
MD5	`d8f4d0e45328ab3cf47f9592c60e561d`
SHA1	`d20fd3de7f463ff6b3b742285e0f78dd43670d40`
SHA256	`73c51914c0d77f24702600955f2c62adcb5959826f451ace5c4b32878005e118`
CRC32	`B110C732`
ssdeep	`6:jvG8IBKxy+DogE+SvKHilTJgw+phhnGgjY7JsbehauiUlMkJag9JyXSLp0n:yZQPD7QK/wUxMJEehauflMX1S90n`
Yara	None matched
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_nsiFD16.tmp Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\nsiFD16.tmp
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	338287ddb5fdbf0f_adprovider.dll Submit file
Filepath	C:\Program Files (x86)\foler\olader\adprovider.dll
Size	48.5KB
Processes	5620 (lv.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`f981199c82a40cf638d313c4498ecab9`
SHA1	`9f2ba1092a90b048aaf51304d139018e13144f3b`
SHA256	`338287ddb5fdbf0f7540dac8ae8a3f02643f7b45f3b401a9dfa6447e39043049`
CRC32	`BB3860CF`
ssdeep	`768:Amge8Q4UsMhIrA1pifdlIGHmizKO6EjjKRyGlqesRtgjEDy:AG548IrA1pifdRHmizKiWRPlqPjy`
Yara	Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	98cf09e4baabd5ae_4.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\New Feature\4.exe
Size	321.0KB
Processes	5620 (lv.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`d5a1cbb145e26a49b7fc563fad0bd7b7`
SHA1	`140b4fd5f78dcea99c6f5676b3e2a030ccb53c7e`
SHA256	`98cf09e4baabd5aee987dd15c5e500e8c89d944f7b4a491ac011461a4137b008`
CRC32	`685719C2`
ssdeep	`6144:0GLyy2JeWadV7aheKVSJfDaKa7l6GVz9kdWE2pi:0GLy5JenweK2fs51Y`
Yara	PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware Malicious_Packer_Zero - Malicious Packer OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description)
VirusTotal	Search for analysis

Name	fadbd707ccdd455b_u Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\u
Size	608.1KB
Type	ASCII text, with very long lines, with CRLF, CR, LF line terminators
MD5	`fd722eed35baa4c5c49d7bcabb8a094f`
SHA1	`e8254de09702e5bde9355803d8e005e53bdd687f`
SHA256	`fadbd707ccdd455b2b5c4359d36a79ed16d26e9199162088428618c19cbadc08`
CRC32	`EE0F2F2A`
ssdeep	`12288:7gmsEBzTJuCh3OBPmnOAd6a9JFNnrW4zK:Ep+gw32T`
Yara	None matched
VirusTotal	Search for analysis

Name	727b96dca0363f7c_acledit.dll Submit file
Filepath	C:\Program Files (x86)\foler\olader\acledit.dll
Size	8.5KB
Processes	5620 (lv.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`8d96cb171b4138f43a754317be9e982c`
SHA1	`3c2975e7904486f39be0455a63afaa063064a93e`
SHA256	`727b96dca0363f7cd5767f94bf72e0655ef1d00f44b27d496deb733eb32be12b`
CRC32	`1D0A1442`
ssdeep	`192:peH8gcV+GQqYTBBBAkvyMQ0F3OWYTWPGP:YH8gcV+GQqyAMD0WYTWPq`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	548f0ba8102d675e_vpn.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\New Feature\vpn.exe
Size	1.0MB
Processes	5620 (lv.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
MD5	`e828d493f8c2d222123f87e8be894f5f`
SHA1	`05fafb9589207bcddcb1264d9a6db329f592eac3`
SHA256	`548f0ba8102d675e625cc29dc9f8fc9506bc215be88496a2026416cdb3f53c1a`
CRC32	`E1E70C7A`
ssdeep	`24576:MRQd/5NDtTkWqJdcq0P8yrLdwVMSFm4xQWRDRqgUCa3QdqXd2P:MeZ5NDtTHwQkyrREF4yJUJAU2P`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library
VirusTotal	Search for analysis

Name	949fd56c5a63d3f1_acppage.dll Submit file
Filepath	C:\Program Files (x86)\foler\olader\acppage.dll
Size	45.5KB
Processes	5620 (lv.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`290075961dd4856211078377d14942c8`
SHA1	`ad7f6dfd89a253daa70d5bbb46e819dae7eb3f61`
SHA256	`949fd56c5a63d3f1c20769bc2285ac5517c4ca84250c807f18247a2d93efc1a4`
CRC32	`9B4259D7`
ssdeep	`768:ppb1tuabwj1WVIlaFKuIJJPclXkxAc5J9UaXotuM5Uqw2mom:Uj1WelaFczPclwYtuM6qw2`
Yara	Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet PE_Header_Zero - PE File Signature IsDLL - (no description) Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen IsPE32 - (no description)
VirusTotal	Search for analysis