Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.17 02:09
setup2.exe
09.17 02:09
66e5f96b41510_GageEpa....
09.17 02:09
ueu7.exe
09.17 02:09
Ghost_0x000263826B9A9B...
09.17 02:09
66c62b70f281e_tz4j.exe
09.17 02:09
Client_protected.exe
09.17 02:09
install_lodop32.exe
09.17 02:09
hq8.exe
09.17 02:09
66df1acad4359_res_out.exe
09.17 02:09
yqy2.exe

Latest News
09.18 05:09
KKR-Backed Livspace Ne...
09.18 05:09
BlackRock, Microsoft A...
09.18 05:09
FCC opens applications...
09.18 05:09
Latest PiEEG Shield No...
09.18 05:09
Sony Joins a Crypto Pu...
09.18 04:09
Back to the office, Vo...
09.18 04:09
AT&T agrees to $13...
09.18 04:09
Russia-backed disinfo ...
09.18 04:09
Tracing Stack Usage an...
09.18 04:09
Russian threat groups ...

Dropped Files | ZeroBOX

Name	0457810cacb7a543_~DF74AC1ACFCA42B869.TMP Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\~DF74AC1ACFCA42B869.TMP
Size	5.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`61fc86745d70799ae64eb6560371a497`
SHA1	`859a422b82bacd99eeaf057ddcad0243b77678df`
SHA256	`0457810cacb7a543f4fe0a7639a8edcb83e1a00378f0e26bfc6ef17da516158a`
CRC32	`A819A3FA`
ssdeep	`6:rl91bxbtg/Ul+CFQXua9Xblt59Xh9XR5+1lf35X:rl3b/VFQxbltD7Ovf5`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	1a165c5d6529f066_~DFB51DC87AEA6B5EF5.TMP Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\~DFB51DC87AEA6B5EF5.TMP
Size	5.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`96a47194f259c47c550d17a0f5f0f06c`
SHA1	`33798828e4e7340bf3716694803b376a86edfb65`
SHA256	`1a165c5d6529f066edcb3660b70fb3c654a73bca96392cb21e3b1e781e6abed3`
CRC32	`B09E0149`
ssdeep	`6:rl91bxbtg/Ul+CFQXqa9Xblt59Xh9XR5+1lf35X:rl3b/VFQqGbltD7Ovf5`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	1a165c5d6529f066_~DF6AFC8F8F7A0F0087.TMP Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\~DF6AFC8F8F7A0F0087.TMP
Size	5.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`96a47194f259c47c550d17a0f5f0f06c`
SHA1	`33798828e4e7340bf3716694803b376a86edfb65`
SHA256	`1a165c5d6529f066edcb3660b70fb3c654a73bca96392cb21e3b1e781e6abed3`
CRC32	`B09E0149`
ssdeep	`6:rl91bxbtg/Ul+CFQXqa9Xblt59Xh9XR5+1lf35X:rl3b/VFQqGbltD7Ovf5`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	f347806010885b84_icsys.icn.exe Submit file
Filepath	C:\Windows\Resources\Themes\icsys.icn.exe
Size	135.2KB
Processes	3532 (so2game.exe)
Type	MS-DOS executable, MZ for MS-DOS
MD5	`d136eb95b86ae021e2901dc23019013b`
SHA1	`6c7868549f23a4bb5ff28d9cb865270a110f416d`
SHA256	`f347806010885b84cc2980ec9f85a6f71efcc1b0ff862a8f4c84b46aa780ea3d`
CRC32	`5702A4F8`
ssdeep	`1536:UfsEqouTRcG/Mzvgf7xEuvnXNTRdUzwTekUOisZ1yDDajtXbVeCu7h:UVqoCl/YgjxEufVU0TbTyDDalhuh`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	b469f772cc7b6bbd_so2game.exe Submit file
Size	1.4MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`cedc42050fdc7c61c45848834a476a18`
SHA1	`381589e93fabea142ebf24a576979cf374afa909`
SHA256	`b469f772cc7b6bbdc557f83d5675ff5c905a4bdc2a1a0aa9452b2f94c7a330b7`
CRC32	`26C37715`
ssdeep	`24576:/Dnb3rDqeA6l37WdGJLG0vZQSq8PEHRxkg/48TH9xbnM8c9ITMrW:vr2f6l3pJrvZfM0gwY1AiT`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	99f87546e3844fec_svchost.exe Submit file
Filepath	C:\Windows\Resources\svchost.exe
Size	135.2KB
Processes	1160 (spoolsv.exe)
Type	MS-DOS executable, MZ for MS-DOS
MD5	`bda56be87120ce939b4ce4a059278408`
SHA1	`be3c2a09e7e8c7d611857f635066dc227d63f53c`
SHA256	`99f87546e3844fecdde7e83c922e223f3ef4bcddc889cbc6606c2b4e2bbcfb47`
CRC32	`3D3DC788`
ssdeep	`1536:UfsEqouTRcG/Mzvgf7xEuvnXNTRdUzwTekUOisZ1yDDajtXbVeCu70:UVqoCl/YgjxEufVU0TbTyDDalhu0`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	0fc430dadd549210_~DF288F14BB8D6D771B.TMP Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\~DF288F14BB8D6D771B.TMP
Size	5.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`fb8f8de4ce1dee481e168acccc67dcd2`
SHA1	`9b80c4e0a97c5de939bdc25f8ec9f6d7a8d12309`
SHA256	`0fc430dadd549210151c7bde050e644a3cb308c4028aa39f1f918eaa0028c870`
CRC32	`7F9BBF2D`
ssdeep	`6:rl91bxbtg/Ul+CFQXmK9Xblt59Xh9XR5+1lf35X:rl3b/VFQmWbltD7Ovf5`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	930309e06ba8e79c_explorer.exe Submit file
Filepath	C:\Windows\Resources\Themes\explorer.exe
Size	135.1KB
Processes	5980 (icsys.icn.exe)
Type	MS-DOS executable, MZ for MS-DOS
MD5	`f443a6b94ec64aa6e009f959beedb3d2`
SHA1	`e62b889d0836199631ded34d82bc9c09e14d87fb`
SHA256	`930309e06ba8e79c494b50ebee6a3bcebce1301ac69c658491c005c1b5caa961`
CRC32	`A4F0B79F`
ssdeep	`1536:UfsEqouTRcG/Mzvgf7xEuvnXNTRdUzwTekUOisZ1yDDajtXbVeCu7u:UVqoCl/YgjxEufVU0TbTyDDalhuu`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	5e41ca05add45afb_spoolsv.exe Submit file
Filepath	C:\Windows\Resources\spoolsv.exe
Size	135.3KB
Processes	4716 (explorer.exe)
Type	MS-DOS executable, MZ for MS-DOS
MD5	`0be7ee7ed76af1f7e51681a2118a1e22`
SHA1	`0ee3ba3cde71b264ee7b70942c637a212f42e242`
SHA256	`5e41ca05add45afb51e72768af59926d10f94f9e411f14a3b4029664bf3824a3`
CRC32	`ED92D5A9`
ssdeep	`1536:UfsEqouTRcG/Mzvgf7xEuvnXNTRdUzwTekUOisZ1yDDajtXbVeCu7D:UVqoCl/YgjxEufVU0TbTyDDalhuD`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_explorer.exe Empty file or file not found
Filepath	c:\Windows\resources\Themes\explorer.exe
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis