Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.11 10:11
bxn.exe
11.11 10:11
glued.hta
11.11 10:11
MONDAYconstraints.vbs
11.11 10:11
tartarises.vbs
11.11 10:11
xwo.exe
11.11 10:11
comehomeconstraints.vbs
11.11 10:11
hello.exe
11.11 10:11
chrome_130.exe
11.11 10:11
s.exe
11.11 10:11
Citatfusk.vbe

Latest News
11.13 10:11
세일포인트, "기업 약 41%, 아이덴티...
11.13 10:11
컴퓨터 수리 전문 브랜드 ‘컴닥터119’...
11.13 10:11
DirecTV Plans to Cance...
11.13 10:11
[사전규격공개] 2025년 기관 홍보 콘...
11.13 10:11
로그인 정보를 훔치는것 으로 추정 되는 ...
11.13 10:11
유니닥스, AI 기반 주얼리 검색 시스템...
11.13 10:11
퓨어피크, ‘솔리드 라인’ 초도 물량 완...
11.13 10:11
커버낫 우먼, ‘호빵 X 클로버하트’ 카...
11.13 09:11
(주)아삭·(주)유독컴퍼니, 소상공인 및...
11.13 09:11
Weekly Detection Rule ...

Dropped Files | ZeroBOX

Name	6096f1f8d150bd76_mydownloader.spider.dll Submit file
Filepath	c:\program files (x86)\idownload\mydownloader.spider.dll
Size	28.0KB
Processes	1824 (IDownload.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`be79b8ee6414665c147abdb1acdec5c1`
SHA1	`8c9fee7d96d587739a4d862a5fa6452067e11af5`
SHA256	`6096f1f8d150bd769042e177efb6658a288c3b6f1f04f805c578507090dec5cb`
CRC32	`DE6CDBE6`
ssdeep	`768:IMzo1UzOndSAwVWPgsCUqrTkm07FlUzkt:LXm5GzGF2ot`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) Is_DotNET_DLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	f3f2783bc00d7035_idownload.lnk Submit file
Filepath	C:\Users\Public\Desktop\IDownload.lnk
Size	1.0KB
Processes	1824 (IDownload.tmp)
Type	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Mon Jun 14 16:58:50 2021, mtime=Mon Jun 14 16:58:50 2021, atime=Sun May 23 07:43:28 2021, length=997888, window=hide
MD5	`d440d5a32b13857c80cbe1f728449f29`
SHA1	`4e6c9078497a328e9f0c80bde3b505f989fb53d8`
SHA256	`f3f2783bc00d7035dbfe534cf418738703abd4b5cfdcc09e9e99c3455eb9b582`
CRC32	`E406A1DC`
ssdeep	`12:8muTdAZGdp8DCDyk03vGTma/5yjEjA1vp7bdpYnGFzbdpYnnBNU94t2YLEPKzlXH:8muzdOEg3CMQA1ddXdeUPPy/08`
Yara	Lnk_Format_Zero - LNK Format
VirusTotal	Search for analysis

Name	b0d38afb1e3e3112_t4ntj2_m.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\t4ntj2_m.dll
Size	15.0KB
Processes	2100 (csc.exe) 2664 (IDownload.App.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`4083b0b851107b53b5f2bff0203c31b9`
SHA1	`43d1a3acb6979d233f3e5d03e9d2b86ddac85c3d`
SHA256	`b0d38afb1e3e31124818adb3bfdbd2500d479d059e7b6edfad878aecb3c0c4fd`
CRC32	`911ECB21`
ssdeep	`384:gh1KcAufIPInfr8UY6LYD9/yTY9/vL5gDOE5jT1pgVl0PJZJyl8W:sM7CtgT0xH/W`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) Is_DotNET_DLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	eb761d2328ac24cb_unins000.exe Submit file
Filepath	c:\program files (x86)\idownload\unins000.exe
Size	1.0MB
Processes	1824 (IDownload.tmp)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`816495ff2bc868bf6e2820b752d93e67`
SHA1	`3fd5f80d81a74115c4abbc0b3a06ed79ec217842`
SHA256	`eb761d2328ac24cb1f8c370a2628474bf31b2f12deb2fc13e579bce2f0c584d0`
CRC32	`3ED1F62F`
ssdeep	`24576:7QYh1yLmSKrPD37zzH2A6QD/IpqggE2CfNafoRh3cZHjWgMACHwyx9il:F02rPD37zzH2A6SBIfNafoRh3c0gMACq`
Yara	Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description)
VirusTotal	Search for analysis

Name	b7a6a52af8f7a668_t4ntj2_m.0.cs Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\t4ntj2_m.0.cs
Size	37.1KB
Processes	2664 (IDownload.App.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`afe68fa9340c6687ddeb37fd945e4c7f`
SHA1	`dde637f0e3fec9310a9440b8f108f329d786ca4d`
SHA256	`b7a6a52af8f7a668570adbc625c3368fe2e8f380f535a02d3c12ec352bd38082`
CRC32	`41BB27EC`
ssdeep	`384:1nSOpz1QD/kT1uc4faKM/XkhI472u16Ie4DhUoceB8PBqp48+Rzc8+:1nrQDsTlQaOau16IxUn1E`
Yara	None matched
VirusTotal	Search for analysis

Name	47bb6b103ba4b548_idownload.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-PM62N.tmp\IDownload.tmp
Size	1.0MB
Processes	2416 (IDownload.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`dda89e44fee7e651d888806caa5b2f73`
SHA1	`e89aea955165e7417524f4a26d22426ffe47f834`
SHA256	`47bb6b103ba4b548fe700afe78a7fbf0aec443618d2e1a60f7309bbbf3fd4252`
CRC32	`38FBD6D2`
ssdeep	`24576:DQYh1yLmSKrPD37zzH2A6QD/IpqggE2CfNafoRh3cZHjWgMACHwyx9ii:t02rPD37zzH2A6SBIfNafoRh3c0gMACj`
Yara	Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description)
VirusTotal	Search for analysis

Name	b4cba17e11233333_icsharpcode.sharpziplib.dll Submit file
Filepath	c:\program files (x86)\idownload\icsharpcode.sharpziplib.dll
Size	184.0KB
Processes	1824 (IDownload.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`70ecb43c490ed5b16dafaff662bf7653`
SHA1	`7306f3b64daf3cb0c4b96df281f0189af81c73f8`
SHA256	`b4cba17e1123333356bf7e80a20e3adffd8ec335c14da1a249d1b10f3d7cfd0b`
CRC32	`4F79E381`
ssdeep	`3072:rJ613DnPspO8dsZ4olHTfEVFU6Vuu0tzbCwzayDwVqSrgIN4fICG:RO8d6ljEV+6Vu/dW`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) Is_DotNET_DLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	4317c0b6a21f0c10_idownload.app.exe.config Submit file
Filepath	c:\program files (x86)\idownload\idownload.app.exe.config
Size	4.8KB
Processes	1824 (IDownload.tmp)
Type	XML 1.0 document, ASCII text, with CRLF line terminators
MD5	`3325c6f37afede3c30305c9548d17671`
SHA1	`fa1b69cce1af09237426e323079bc707fe0e505d`
SHA256	`4317c0b6a21f0c10f50b0bede72bddff413ac959a5365b90e97e28bf4ed1428c`
CRC32	`85AAB698`
ssdeep	`96:vrnIcIyYIuBIusIugINptfmgfmFfXP5s9YsvNAs8VeutP1tA18ulvAsu9xQtxiBP:vrnPSryKepUjXFNbh`
Yara	None matched
VirusTotal	Search for analysis

Name	4fd977be212117fa_mydownloader.core.dll Submit file
Filepath	c:\program files (x86)\idownload\mydownloader.core.dll
Size	42.0KB
Processes	1824 (IDownload.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`d1f85695d26ff62b06733b021ae53ead`
SHA1	`122f78cb6fe4f4df3727f28b87972fa9117d76a1`
SHA256	`4fd977be212117faf70b33e98cfc7118026fc4af28def38194fa1906eb473dbf`
CRC32	`496472B5`
ssdeep	`768:ja9MWdbBwuLWARlgusVvaUGYZLcZmMqnximcwgIqIot:kdLH45GYZIZmnBcwgpIot`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) Is_DotNET_DLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	9884e9d1b4f8a873__shfoldr.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-JRIHA.tmp\_isetup\_shfoldr.dll
Size	22.8KB
Processes	1824 (IDownload.tmp)
Type	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`92dc6ef532fbb4a5c3201469a5b5eb63`
SHA1	`3e89ff837147c16b4e41c30d6c796374e0b8e62c`
SHA256	`9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87`
CRC32	`AE2C3EC2`
ssdeep	`384:+Vm08QoKkiWZ76UJuP71W55iWHHoSHigH2euwsHTGHVb+VHHmnH+aHjHqLHxmoq1:2m08QotiCjJuPGw4`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	fadecea0ef0d9d5f_tabstrip.dll Submit file
Filepath	c:\program files (x86)\idownload\tabstrip.dll
Size	44.0KB
Processes	1824 (IDownload.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`cf0efd91bacc917b6d17439aadcc8149`
SHA1	`df938440e3f713ae417502950b7510eca7983d02`
SHA256	`fadecea0ef0d9d5fa4e85ce7544d99259fd6a5ec45638d6387dd2195a223c284`
CRC32	`43181BEA`
ssdeep	`768:GEcnCP5sP3lJ1dKHNCug+cWqkKYJobz/BKT8TKdqX:GEcCBClJiNCulEkKbzkT8TKdqX`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) Is_DotNET_DLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	4f7cd51d67337adb_mydownloader.extension.dll Submit file
Filepath	c:\program files (x86)\idownload\mydownloader.extension.dll
Size	147.0KB
Processes	1824 (IDownload.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`e47cca170b3f4937c9b99d9962dda83d`
SHA1	`cf51657c848302e55de512e08eec20ba18bf2cbb`
SHA256	`4f7cd51d67337adb798f9ac38475e8c4851099883fa80a7485b68e8af2b7825c`
CRC32	`F2E57298`
ssdeep	`3072:h5CU5BGxLy2eYyzbVw2DQ66H8In+Wy/6EAH0DfVHszb0:7r4osqyH8In+Wy/6EAH0Dfyzb`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) Is_DotNET_DLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	1577ece79185bec7_RESE009.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RESE009.tmp
Size	1.2KB
Processes	2288 (cvtres.exe) 2100 (csc.exe)
Type	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5	`0455937a92cfaf3aab1064cb9e9a4946`
SHA1	`2e908d43e5d0180a22e318a6c7c80666d84b7fba`
SHA256	`1577ece79185bec764270af49123c7f5423b60a04f9ebbbffdc7d222457b7b01`
CRC32	`B24D0E71`
ssdeep	`24:H8J9YerncMJmHAcUnhKLo+ycuZhNDakSEPN8qGtd:ternjJmgXnhKLVulDa3EFGH`
Yara	None matched
VirusTotal	Search for analysis

Name	d45f7b546ab58843_mydownloader.core.dll.config Submit file
Filepath	c:\program files (x86)\idownload\mydownloader.core.dll.config
Size	1.4KB
Processes	1824 (IDownload.tmp)
Type	XML 1.0 document, ASCII text, with CRLF line terminators
MD5	`c5bf1d53a940c23c71b44ebe31d25d60`
SHA1	`21ca02244e51f3ae0bddc4cf51500d3b4f1bbab0`
SHA256	`d45f7b546ab58843b691ab568ab911fc35582cafc4fd4d09dcc9acfbc94f48ab`
CRC32	`179E7121`
ssdeep	`24:2diIK0m4491K14Ev+XMyvZ1Vva1nv3Bvsg1nvVHxDv1:cjrNK1NqXyBni1n/B0g1nlxD9`
Yara	None matched
VirusTotal	Search for analysis

Name	bc17836f1f64afb3_t4ntj2_m.out Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\t4ntj2_m.out
Size	1.3KB
Processes	2664 (IDownload.App.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`d0685ef038eb0b8786db1d0341e97e6d`
SHA1	`884586454288293885aa68e0d8c81de7b2d7a845`
SHA256	`bc17836f1f64afb3a2b04c56a8b5fa5e51616e6327d7e56ada974771030d8ea3`
CRC32	`D010BA62`
ssdeep	`24:T4NzdX2fckN8fAD+W1cQAKai31bIKIMl6I5Dv1n3s16ln1plt1gU51Rj:T4b2fckWfADz1vAKb31UKxl6I5D1816l`
Yara	None matched
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_t4ntj2_m.tmp Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\t4ntj2_m.tmp
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	50d0ee2816503e46_downloads.xml Submit file
Filepath	c:\program files (x86)\idownload\downloads.xml
Size	145.0B
Processes	1824 (IDownload.tmp)
Type	XML 1.0 document, ASCII text, with CRLF line terminators
MD5	`e152bf93000256b629b0ebd284ec7f59`
SHA1	`7bd78dd47b8cdd1d4ca58d3e67147f1d9cc3eacc`
SHA256	`50d0ee2816503e4673802e4ed200b67233ac1493ed8eea1b759d22f6dc73d320`
CRC32	`A3C06D2C`
ssdeep	`3:vFWWMNHUze1q9JoEaRijViJS4RKbuviyiFdy6tViJS4RKbumKb:TMV0eg9JZrVic4subinPic4srKb`
Yara	None matched
VirusTotal	Search for analysis

Name	666accbfcfa494f0_t4ntj2_m.cmdline Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\t4ntj2_m.cmdline
Size	476.0B
Processes	2664 (IDownload.App.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`7f9e60ac0cf3bd4c5a93fc5faae85507`
SHA1	`31d9283346f78a3d260c70648a3d109df46e70c7`
SHA256	`666accbfcfa494f088279cb647e13d583a11fd9b58bafce46028de3e893649a0`
CRC32	`E3AD1667`
ssdeep	`12:p3rz5YfvCNkNoT7fvoNOLMorHc9ow16PuOLMl:VX2fckN8fAD+W1cQl`
Yara	None matched
VirusTotal	Search for analysis

Name	4527f4ba8a7c8731_mydownloader.extension.dll.config Submit file
Filepath	c:\program files (x86)\idownload\mydownloader.extension.dll.config
Size	6.1KB
Processes	1824 (IDownload.tmp)
Type	XML 1.0 document, ASCII text, with CRLF line terminators
MD5	`241c075870d2d7f87f105e68d4bdd7f2`
SHA1	`842fbc1fd75864b4f4916dea12f43e6059fdd97e`
SHA256	`4527f4ba8a7c8731ce13bceb4cccc164f4b4f9fd879c9f6c25376b05a9daafdd`
CRC32	`966CBE4D`
ssdeep	`96:grCmI39I3RI3gI3sI3XIuYIuBINrAvEa9vGAvTXFAvEBw2emsKu6nsF+Nul4An9R:grLq0HDw2r9wb5`
Yara	None matched
VirusTotal	Search for analysis

Name	cce61846c07f1ce0_idownload.app.exe Submit file
Filepath	c:\program files (x86)\idownload\idownload.app.exe
Size	974.5KB
Processes	1824 (IDownload.tmp)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`3f42998371aa869e0493ede8c21733c5`
SHA1	`5a319590495840b89c2d181948a3e435371c466c`
SHA256	`cce61846c07f1ce0ccf6476d0351d41317371fc4b0f7bf88c410962fe83ee6f5`
CRC32	`52962574`
ssdeep	`24576:jGh3cZHj8gMACHVe1IWtoZ2ph3cZHjugMkpH:jGh3cGgMACHVejI2ph3cQgMkpH`
Yara	PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	e3ea5265ea62ed64_unins000.dat Submit file
Filepath	C:\Program Files (x86)\IDownload\unins000.dat
Size	1.8KB
Processes	1824 (IDownload.tmp)
Type	data
MD5	`22b954c8dca4b6b6abed99d7115d6e89`
SHA1	`0198a846f695867a80d6a0d1d546990f21698886`
SHA256	`e3ea5265ea62ed6447a9d6d3693fd4e2b26693247de48950727864b23067f7b5`
CRC32	`17D285CE`
ssdeep	`24:rOrxlXEb8XVM+ExSMYwvP3eLQfcA1LADEv5hVMphVM8e9e4VJM:rONNE4X4xSMYwv/sQfcARADEv3uiI`
Yara	None matched
VirusTotal	Search for analysis

Name	388a796580234efc__setup64.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-JRIHA.tmp\_isetup\_setup64.tmp
Size	6.0KB
Processes	1824 (IDownload.tmp)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`e4211d6d009757c078a9fac7ff4f03d4`
SHA1	`019cd56ba687d39d12d4b13991c9a42ea6ba03da`
SHA256	`388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95`
CRC32	`2CDCC338`
ssdeep	`96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description)
VirusTotal	Search for analysis

Name	b6e3e6e31a39a930_idownload.lnk Submit file
Filepath	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDownload.lnk
Size	1.0KB
Processes	1824 (IDownload.tmp)
Type	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Mon Jun 14 16:58:50 2021, mtime=Mon Jun 14 16:58:50 2021, atime=Sun May 23 07:43:28 2021, length=997888, window=hide
MD5	`f7e0dc385f4a4dc83f7504c70d9b22d7`
SHA1	`aa663720dc47bda18913b02b246ac7992910d299`
SHA256	`b6e3e6e31a39a930c7c72756e9ec1edbf1a360761a041a91f127a8269a9c1af5`
CRC32	`D992A7A3`
ssdeep	`12:8muTdAZGdp8DCDyk03vGTma/5yjEjA1vp9bdpYnGFzbdpYnnBNU94t2YLEPKzlXH:8muzdOEg3CMQA1LdXdeUPPy/08`
Yara	Lnk_Format_Zero - LNK Format
VirusTotal	Search for analysis

Name	9c692fb0dbd33384_CSCDFF9.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\CSCDFF9.tmp
Size	652.0B
Processes	2100 (csc.exe)
Type	MSVC .res
MD5	`e0ecbfeaa00af905572db6098711f0cf`
SHA1	`bd491b7a48455e8ae782cf560edf96914b09e2c0`
SHA256	`9c692fb0dbd33384503108b84681c40290ed8c5945c25bf225b2b3d68cd7c101`
CRC32	`0B4FCFB3`
ssdeep	`12:DXt4Ii3n6E+AHia5YA49aUGiqMZAiN5rryqFak7Ynqq5qPN5alq5e:+Ro+ycuZhNDakSEPN8qM`
Yara	None matched
VirusTotal	Search for analysis