Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
04.28 09:04
Men.exe
04.28 09:04
competive.exe
04.28 09:04
chisel.exe
04.28 09:04
applyreplace.exe
04.28 09:04
msf.exe
04.28 09:04
client.exe
04.28 09:04
beacon.bin
04.28 09:04
ckuh.exe
04.28 09:04
VisualCode.exe
04.28 09:04
1.exe

Latest News
04.28 09:04
Update: oledump.py Ver...
04.28 09:04
오르테, ‘스팀 에어프라이어 오븐’ 전격 출시
04.28 09:04
노르딕슬립, 배우 이진욱과 함께 썸머 쿨...
04.28 09:04
VDI 솔루션 전문 기업 제노솔루션, 고...
04.28 09:04
물리보안 교육과정 개발 및 시범교육 운영
04.28 09:04
IT Sicherheitsnews tae...
04.28 09:04
IT Sicherheitsnews woc...
04.28 09:04
IT Sicherheitsnews tae...
04.28 08:04
한국공공기관연구원, '경영평가 특별 세미...
04.28 08:04
Hackaday Links: April ...

Dropped Files | ZeroBOX

Name	60ee8dbf1ed96982_install.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\install.dat
Size	546.9KB
Processes	2888 (jingzhang.exe) 1884 (rundll32.exe)
Type	data
MD5	`e2f2838e65bd2777ba0e61ce60b1cb54`
SHA1	`17d525f74820f9605d3867806d252f9bae4b4415`
SHA256	`60ee8dbf1ed96982dd234f593547d50d79c402e27d28d08715f5c4c209bee8e6`
CRC32	`05038001`
ssdeep	`12288:hmTeZHykHZQbjaItpcHuLI/KfPvBlNXXrGoCBQF40jkWkGLDfCOA:rHy2sjv7myfXrNXbjFveqqd`
Yara	None matched
VirusTotal	Search for analysis

Name	70d1bfb908eab666_file4.exe Submit file
Filepath	C:\Program Files (x86)\Company\NewProduct\file4.exe
Size	160.0KB
Processes	2444 (Setup2.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`02580709c0e95aba9fdd1fbdf7c348e9`
SHA1	`c39c2f4039262345121ecee1ea62cc4a124a0347`
SHA256	`70d1bfb908eab66681a858d85bb910b822cc76377010abd6a77fd5a78904ea15`
CRC32	`B6A5F871`
ssdeep	`3072:CaY0LwJiwqkCPyIrxC55W4NfrZL5P1yxRrh485qC96QnoSe:C7Ylvx83L5aRl4Isp3`
Yara	PE_Header_Zero - PE File Signature Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen IsPE32 - (no description) Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet
VirusTotal	Search for analysis

Name	a45317c374d54e32_jfiag3g_gg.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\jfiag3g_gg.exe
Size	184.0KB
Processes	2256 (jooyu.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`7fee8223d6e4f82d6cd115a28f0b6d58`
SHA1	`1b89c25f25253df23426bd9ff6c9208f1202f58b`
SHA256	`a45317c374d54e322153afd73f0e90f1486638d77b7fd85746d091071bbecd59`
CRC32	`A2E6C04C`
ssdeep	`3072:Wqpy/Qpjny+xdr+xG1IJQqv5Os/8+lD0y40rIyTZGnq7gUT+uX2uR:M/Ejn0ai5j/8+lDtTZGnql6n`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet
VirusTotal	Search for analysis

Name	a32e0a83001d2c5d_2.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\$inst\2.tmp
Size	36.0B
Processes	2444 (Setup2.exe)
Type	Microsoft Cabinet archive data, 36 bytes
MD5	`8708699d2c73bed30a0a08d80f96d6d7`
SHA1	`684cb9d317146553e8c5269c8afb1539565f4f78`
SHA256	`a32e0a83001d2c5d41649063217923dac167809cab50ec5784078e41c9ec0f0f`
CRC32	`EAB67334`
ssdeep	`3:wDl:wDl`
Yara	None matched
VirusTotal	Search for analysis

Name	288376e11301c8ca_md8_8eus.exe Submit file
Filepath	C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe
Size	715.0KB
Processes	2444 (Setup2.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`7a151db96e506bd887e3ffa5ab81b1a5`
SHA1	`1133065fce3b06bd483b05cca09e519b53f71447`
SHA256	`288376e11301c8ca3eb52871d09133f0199b911a33b9658579929ef6bac8ea6c`
CRC32	`C3B4B421`
ssdeep	`12288:Q2VU2WB3OzCPZuv6YBsKYwLqVApHgdrGIV/LqBW9G9DCSK1n+jF9nMrcf94IilAS:rG2qezCPZa6HfwiAoiTBWsRCSWnS5f9U`
Yara	PE_Header_Zero - PE File Signature VMProtect_Zero - VMProtect packed file IsPE32 - (no description)
VirusTotal	Search for analysis

Name	2f158fe98389b164_jingzhang.exe Submit file
Filepath	C:\Program Files (x86)\Company\NewProduct\jingzhang.exe
Size	1.1MB
Processes	2444 (Setup2.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`a4c547cfac944ad816edf7c54bb58c5c`
SHA1	`b1d3662d12a400ada141e24bc014c256f5083eb0`
SHA256	`2f158fe98389b164103a1c3aac49e10520dfd332559d64a546b65af7ef00cd5f`
CRC32	`D6FBA36B`
ssdeep	`24576:TGgoe5Q0nyofLPeHy2sjv7myfXrNXbjFveqqb:KwQ0nyoz3tvHLleBb`
Yara	Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware IsPE32 - (no description)
VirusTotal	Search for analysis

Name	9a9a50f91b2ae885_install.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\install.dll
Size	24.0KB
Processes	2888 (jingzhang.exe) 1884 (rundll32.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`957460132c11b2b5ea57964138453b00`
SHA1	`12e46d4c46feff30071bf8b0b6e13eabba22237f`
SHA256	`9a9a50f91b2ae885d01b95069442f1e220c2a2a8d01e8f7c9747378b4a8f5cfc`
CRC32	`79648CAD`
ssdeep	`48:qy7bpLXqRSvKjbauEDIKuoqx75+Jl/8zXtJgeR/ZiVqF35bXlhhp:3ftlvKj4IKv+7ojUxJguVtj`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	8b581869bf8944a8_jfiag3g_gg.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\jfiag3g_gg.exe
Size	61.5KB
Processes	2256 (jooyu.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`a6279ec92ff948760ce53bba817d6a77`
SHA1	`5345505e12f9e4c6d569a226d50e71b5a572dce2`
SHA256	`8b581869bf8944a8e0aa169adea2a4afe47434123da477132880aff6a5032181`
CRC32	`4FB6B99A`
ssdeep	`1536:kFqVH99TlY1Gsae6hiQ0OghNUenX7snouy8/JVz5:79TlY1Gsae6hKhNUaX7sout/JJ5`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	0edfac6be11732dd_newtonsoft.json.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Newtonsoft.Json.dll
Size	490.5KB
Processes	2888 (jingzhang.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`cbd6029abaa8e977d3b7435c6f70dd0e`
SHA1	`ebb89d4d7659ef77b658a86ad00dba0ead869f4c`
SHA256	`0edfac6be11732ddd99db66821ee47408c2dc1e9bed68e5ef9a8e130c565b79b`
CRC32	`2BAB75B6`
ssdeep	`6144:EUjGZDUI+aj1pJcggovoff4dCWycRrMikC7qEACBdr0tqngai0p7eofLPsT:xz8Dbvon4dnkKd7Q0nyofLP`
Yara	Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT PE_Header_Zero - PE File Signature IsDLL - (no description) Is_DotNET_DLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	096021eb5950ee16_jooyu.exe Submit file
Filepath	C:\Program Files (x86)\Company\NewProduct\jooyu.exe
Size	971.5KB
Processes	2444 (Setup2.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`aed57d50123897b0012c35ef5dec4184`
SHA1	`568571b12ca44a585df589dc810bf53adf5e8050`
SHA256	`096021eb5950ee16b7ec51756abe05f90c3530206e16286e7610b8a5a544a85e`
CRC32	`70E98DC3`
ssdeep	`24576:6dWdWjFMYKO1ZcqlHrorVCkTNkdBAnlXG6+Z1mbXEC:FSMYKO1ZcmHsrVCokUlXF+Z1IUC`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen IsPE32 - (no description) Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet
VirusTotal	Search for analysis

Name	9f068a8928562aca_install.dll.lnk Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\install.dll.lnk
Size	788.0B
Processes	2888 (jingzhang.exe)
Type	MS Windows shortcut, Item id list present, Has Relative path, Has command line arguments, ctime=Sun Dec 31 15:32:08 1600, mtime=Sun Dec 31 15:32:08 1600, atime=Sun Dec 31 15:32:08 1600, length=0, window=hide
MD5	`c72a9af453e882e4029a45c1e54b8f6a`
SHA1	`980529fb0a1aaa0db52e42a10db6bb68ecd458b6`
SHA256	`9f068a8928562acab992ccec6ccd80bd00d62aa191fa96af7cff9b5568a1584e`
CRC32	`41A12030`
ssdeep	`12:8AlXEbC3pQVe/4V3lrW+filk/Q1cOcDmNz4t2YLEPKzlX8:8A7pQQClK+filDtBPy`
Yara	Lnk_Format_Zero - LNK Format
VirusTotal	Search for analysis

Name	fe9e28ff0b652e22_fj4ghga23_fsa.txt Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\fj4ghga23_fsa.txt
Size	31.0B
Processes	2540 (jfiag3g_gg.exe) 2256 (jooyu.exe)
Type	Netscape cookie, ASCII text, with CRLF line terminators
MD5	`b7161c0845a64ff6d7345b67ff97f3b0`
SHA1	`d223f855da541fe8e4c1d5c50cb26da0a1deb5fc`
SHA256	`fe9e28ff0b652e22a124b0a05382bc1ac48cbd9c7c76ca647b0c9f8542888f66`
CRC32	`03997E72`
ssdeep	`3:SIWG8Advn:SIB8uv`
Yara	None matched
VirusTotal	Search for analysis

Name	b3a3c03a2b140d4f_uninstall.exe Submit file
Filepath	C:\Program Files (x86)\Company\NewProduct\Uninstall.exe
Size	97.6KB
Processes	2444 (Setup2.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`56b3225c7b1d6f05b4ba4ba7b4ce2202`
SHA1	`27c0ed1a6d25a68a48950a7ede29d87e1f2b1461`
SHA256	`b3a3c03a2b140d4fbe9bac4416866210d014da4c64355b395715f2d4c2506c46`
CRC32	`6DE3DA1A`
ssdeep	`1536:zO/z6hPABUjO/Zd1716EoLiL4l1HdIaqQPDm0xK8i6f0Zn9PRVW8sW45o75M:kzgjO/Zd1RePDmZ8tf05iW4u1M`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet
VirusTotal	Search for analysis

Name	0910f416e9ccc682_uninstall.ini Submit file
Filepath	C:\Program Files (x86)\Company\NewProduct\Uninstall.ini
Size	2.6KB
Processes	2444 (Setup2.exe)
Type	ISO-8859 text, with CRLF line terminators
MD5	`556d97a08e908cf0b3371d4bc025a6cb`
SHA1	`d840d4f69280aba86c514f87e957fb38efa6d423`
SHA256	`0910f416e9ccc68263ff27b6c6acbdda8c343250c73fd8d5caa7984cadef09d1`
CRC32	`A3191F9F`
ssdeep	`48:RNaZAkj9z39zH9394989zC9r9x9399L9f9/9u9G9G17eHdGVydsJWM0qK1PYDh:7CxBNW6AxzN9RFloBxNVJJWqwPy`
Yara	None matched
VirusTotal	Search for analysis

Name	10b8acf7fed92cac_temp_0.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\$inst\temp_0.tmp
Size	2.1MB
Processes	2444 (Setup2.exe)
Type	Microsoft Cabinet archive data, 2243908 bytes, 5 files
MD5	`83bc25cd48c17736f09acad1ddbf715d`
SHA1	`763d964e6a99279ad5c804014806e9c0e68937cd`
SHA256	`10b8acf7fed92cac44d628dd9ecd2b96cd10e450d60abfef19f282db85a72c39`
CRC32	`8A0AFEB1`
ssdeep	`49152:CzdauN9Z8SIZf3YgMcUZyU6fL/6vwTyMWaCMPfvyU:adauN9sZf3YgRUQTIwTyMWaJfvyU`
Yara	None matched
VirusTotal	Search for analysis