Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.21 02:09
l6E.exe
09.20 01:09
setup.exe
09.20 11:09
3uTools.exe
09.20 11:09
66ecb4573225b_vsbhfdg1...
09.20 10:09
66ecb452ba19c_sfbdsgfd...
09.20 10:09
66ecb44c35444_vfdhsgdf...
09.20 10:09
66ec0e61998bf_setup30.exe
09.20 10:09
66ebf725efe38_lyla.exe
09.20 10:09
Desktop_Explorer.exe
09.20 10:09
66ec3528901bb_winupdat...

Latest News
09.21 02:09
Google Faces EU Ultima...
09.21 02:09
This New Video Game Is...
09.21 02:09
FTC finds social media...
09.21 02:09
FTC finds social media...
09.21 01:09
Automate detection and...
09.21 01:09
Hackaday Podcast Episo...
09.21 01:09
The Russian Bot Army T...
09.21 01:09
Australia’s Labor Part...
09.21 12:09
Inviting the Public to...
09.21 12:09
How Ransomhub Ransomwa...

Dropped Files | ZeroBOX

Name	e3b0c44298fc1c14_nsg6356.tmp Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\nsg6356.tmp
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	b2ed2f368eea237c_pop.png Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\pop.png
Size	317.6KB
Processes	2216 (VNPhone.exe)
Type	PNG image data, 920 x 505, 8-bit colormap, non-interlaced
MD5	`d6ed5f29c360cf2891ec2feabefc0bbb`
SHA1	`90615cb01807ab739a957df989514d65414c9459`
SHA256	`b2ed2f368eea237cd4da1b2dbd3d5fe6716acb917b02415d0a0b3b49e720a873`
CRC32	`E8C1EAF9`
ssdeep	`6144:DCDnoopL6DkLgeoqznLXzP5Oyk7sSyriwO4XdsenQjndNsTIoEcq2Hn7WC7EDtHq:DsoopL6QLgzsnLXlOyS/nJ6OenQbdjpe`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	7eb1c61d88e39db2_mob_7.png Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\mob_7.png
Size	19.0KB
Processes	2216 (VNPhone.exe)
Type	data
MD5	`dbaf93b7b8c7bbbfdd40e4d3654e8d13`
SHA1	`d936c7a30d3e6d80c3f684df3531fe0457ba15fc`
SHA256	`7eb1c61d88e39db2b15a85fa272971e6d54101f921dd8fa9d131fac163ca421f`
CRC32	`7C7FA0F2`
ssdeep	`384:wytciwQfVyOhuIaACBuEuC8qgmoO6gMMCHKRO0bKRdX7F2Tal3Z0uPMx:niKdEuC7gjgMv+eRV7XhPC`
Yara	None matched
VirusTotal	Search for analysis

Name	6950991102462d84_system.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nsg63A6.tmp\System.dll
Size	12.0KB
Processes	2216 (VNPhone.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`8cf2ac271d7679b1d68eefc1ae0c5618`
SHA1	`7cc1caaa747ee16dc894a600a4256f64fa65a9b8`
SHA256	`6950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba`
CRC32	`11F0AF4A`
ssdeep	`192:BenY0qWTlt70IAj/lQ0sEWc/wtYbBH2aDybC7y+XB9IwL:B8+Qlt70Fj/lQRY/9VjjlL`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) IsDLL - (no description)
VirusTotal	Search for analysis

Name	c20353fd8e3d6800_mobilesrv.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MobileSrv.exe
Size	745.4KB
Processes	2216 (VNPhone.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`fca673821522a3329ad3ab6308cf9692`
SHA1	`201529f61b22b5389a80d0e60dee16d208dea363`
SHA256	`c20353fd8e3d6800be5f2b174bcf3dd9f7bbccb9d87c6bb6df6c9925e54fc18f`
CRC32	`BA49E631`
ssdeep	`12288:4n+8d+rUFWI6vpibC077cVTano0T2FOuTKa:4+8dVFW5ibLcuyOuma`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file
VirusTotal	Search for analysis