Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe
11.13 02:11
nb.exe
11.13 02:11
svcyr.exe
11.13 02:11
Ghost_1.5.11.5.exe
11.13 02:11
PowderGpl.exe
11.13 02:11
goodlabel%E6%89%93%E5%...

Latest News
11.15 12:11
Nebraskan Farmers Were...
11.15 12:11
휘틀, 4L 대용량 음식물처리기 ‘더슬림...
11.15 12:11
깨끗한나라 '디어스킨' 올리브영 관악타운...
11.15 12:11
모카시스템, '2024 도시·지역혁신대상...
11.15 12:11
전략 RPG ‘리메멘토–하얀 그림자’ C...
11.15 12:11
케이스티파이(CASETiFY), 5층 규...
11.15 11:11
2024-11-14 - Raspberry...
11.15 11:11
하눌주택, 오는 30일 오픈하우스 진행
11.15 11:11
Semperis HIP conferenc...
11.15 10:11
양평물맑은시장, 건강·문화·경영 아우르는...

Dropped Files | ZeroBOX

Name	b97c1dd9df85c291_dfctrl1_9.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\DFCTRL1_9.exe
Size	71.5KB
Processes	2936 (dC_v13_Scrypt.exe)
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`a8da0531fa636e24c50e2522f201efdd`
SHA1	`ed65625d88373866b38c6b1d3bb9df63520fd461`
SHA256	`b97c1dd9df85c2919e45cf3923e1fce5b7ba697af98769e58c25e3e7eea2139d`
CRC32	`DC061F5B`
ssdeep	`1536:ERbGqZFpX2/DI0EimRkN8hwkbWjNdGz7h9Zcu:ERb0/DI/tRkN8GtpdG/h9h`
Yara	IsPE64 - (no description) UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14___tmp_rar_sfx_access_check_35352062 Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\__tmp_rar_sfx_access_check_35352062
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	2a367885ca9f9316_nsudolc.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\NSudo\NSudoLC.exe
Size	91.0KB
Processes	2936 (dC_v13_Scrypt.exe)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`1216cf6407ae7f66483eddc00f1de627`
SHA1	`1ab5fdecd7cd3750aca59818e598256dd5f48899`
SHA256	`2a367885ca9f9316ee5365e6784954fe08868b645ccfbc5df1e156d25b31e060`
CRC32	`A80F2121`
ssdeep	`1536:NuCvpYqScwTK0LwtiznMC7sRb8UnZJJb6IAsw3h:ICxZScKKUwt2nR6b8v3h`
Yara	IsPE64 - (no description) OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	938e3b34fac3677a_nsudolg.pdb Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\NSudo\NSudoLG.pdb
Size	3.5MB
Processes	2936 (dC_v13_Scrypt.exe)
Type	MSVC program database ver 7.00, 4096*899 bytes
MD5	`9f67082b885fb4c4106aa6fad6a442de`
SHA1	`9e809635d69e3d1fa215df9d24271438ec62c3cf`
SHA256	`938e3b34fac3677aa1368592c4da410d721087b61bf1f0b184a15fde6ab832a3`
CRC32	`8BF3CFFF`
ssdeep	`49152:EDtdC8eHzFM0tNUhvAZsw1wYwHuRmHNPqG8Z2twIwGw3uPevu8D+4sXgKX8YUr0j:CdMHzFM08hvAZQHNkvu8DPr8r`
Yara	OS_Processor_Check_Zero - OS Processor Check Generic_Malware_Zero - Generic Malware Malicious_Library_Zero - Malicious_Library
VirusTotal	Search for analysis

Name	3d4b427446954dc6_update.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Update.exe
Size	71.5KB
Processes	2232 (WUpdate.exe)
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`6161b3bca381f1460ac8a95cb9dfbaec`
SHA1	`6f460f4f1f4936a29458850ee79289a167d1d8ee`
SHA256	`3d4b427446954dc6fa776f12ca3ad1a681aaef93425faf200dcedbd08ab413c0`
CRC32	`C4EC49EB`
ssdeep	`1536:kRbGqZFpX2/DI0EimRkN8hwkbWjNdGz7h9EcY:kRb0/DI/tRkN8GtpdG/h9m`
Yara	IsPE64 - (no description) UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	6606d759667fbdfa_dcontrol.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\DFCTRL1_9\dControl.exe
Size	763.9KB
Processes	2936 (dC_v13_Scrypt.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`0a50081a6cd37aea0945c91de91c5d97`
SHA1	`755309c6d9fa4cd13b6c867cde01cc1e0d415d00`
SHA256	`6606d759667fbdfaa46241db7ffb4839d2c47b88a20120446f41e916cad77d0b`
CRC32	`42468708`
ssdeep	`12288:baWzgMg7v3qnCiOErQohh0F49CJ8lnyzQpJ2KNP3A8wnqqF:uaHMv6Carj1nyzQpJ2KNPw/`
Yara	IsPE32 - (no description) OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	ef342bcc3c938c2f_fhwxfgq Submit file
Filepath	C:\Windows\Temp\fhwxfgq
Size	108.6KB
Processes	2288 (dControl.exe)
Type	ASCII text, with very long lines, with no line terminators
MD5	`07232b64be72593980cd952e8f85017e`
SHA1	`61dba57cc51f4501ace3520e2cf559d8e42e04d7`
SHA256	`ef342bcc3c938c2fa9b38bc84019d8dce94d018372f7d9c29a8ee7ff3f0fc3a8`
CRC32	`23E99F9C`
ssdeep	`1536:TslilqlsRlxvb6luCjvL8vtUaJyypeljWeOl3ltIlHqaPlFA07VtzgLzbIGC7lzS:FmgHMGp`
Yara	PowerShell_Script_MZ_Zero - PowerShell Script MZ [Zero]
VirusTotal	Search for analysis

Name	254beac232a7bb20_nsudo.json Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\NSudo\NSudo.json
Size	211.0B
Processes	2936 (dC_v13_Scrypt.exe)
Type	UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`922322fab45a284dbb248760125dfb1c`
SHA1	`120e77b90baa85287b2ee5bc63ff7dcd149767b5`
SHA256	`254beac232a7bb20289b0608db5a0ccc69789fb8befe2bf3c76fa09953eea6f5`
CRC32	`6D1C4933`
ssdeep	`6:boq3NgMePHJLecMiYeHVKB0Xbgx8HeoOf:MFDleriYeHgBc0xWyf`
Yara	None matched
VirusTotal	Search for analysis

Name	4d25cfdb1f1be086_dcontrol.ini Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\DFCTRL1_9\dControl.ini
Size	64.1KB
Processes	2936 (dC_v13_Scrypt.exe)
Type	Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
MD5	`639c3a286bb103e9b2ae9ecd9da525cd`
SHA1	`b15c17b3b26b168a7e56779bcab19331160bc5d7`
SHA256	`4d25cfdb1f1be086fc55c1b32e8cfa45111f3ba6dc751b63a7ad5a808fcb4005`
CRC32	`02F76281`
ssdeep	`384:UwHxfg5Mikw2jkW9NxOrEm18g3U1jULTOeR5O5qVvGLRLqEgLM8oypBlN0iC+AEr:UwamLwukuUBUVULTOeiFqp4oC+AEbNt`
Yara	None matched
VirusTotal	Search for analysis

Name	28ef766146f78228_registry.pol Submit file
Filepath	C:\Windows\System32\GroupPolicy\Machine\Registry.pol
Size	4.5KB
Processes	2288 (dControl.exe)
Type	data
MD5	`7e15fb09d71c52d26fc87aff66d1b2f4`
SHA1	`7edf3494fe4df190a4a795b1aa779c3c463b7406`
SHA256	`28ef766146f78228c0c522e2043fc41a516e8915f5747812b5bf8774b2ea315c`
CRC32	`25F07B78`
ssdeep	`96:6Qlw2wuwtPDfdP74nhvQUelh5KZVnNsNtCFfLH/Y067CcAzoioRoSJ:FlRRCDN74hvoD5KL0+fLfYT7CcAzXEPJ`
Yara	None matched
VirusTotal	Search for analysis

Name	7357fa01981be9c2_dc_v13_scrypt.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\dC_v13_Scrypt.exe
Size	1.7MB
Processes	2232 (WUpdate.exe)
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`ed31c545a2592221cc1cb7506ed7a2be`
SHA1	`f9a115289eafdc007a635afeffcb8d4c1c7a9bb9`
SHA256	`7357fa01981be9c2c79f043be0fe2f008ac422e3098d717d9b7bf3f07052976b`
CRC32	`AF15D27B`
ssdeep	`49152:L+clb1BRntmeSKUY3SsErc2pM7EHD+cUFWz:hmhY3SWB7EHD+hs`
Yara	IsPE64 - (no description) OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	dd9f84e1f4f9cded_nsudolg.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\NSudo\NSudoLG.exe
Size	105.0KB
Processes	2936 (dC_v13_Scrypt.exe)
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`47594f7be488fbaa2f5480221398bf95`
SHA1	`1da843569d13e3a681a43aa99da0cc6716758fbd`
SHA256	`dd9f84e1f4f9cded336b3c794b5c1e873f69b3a859a6901ac5e4e994fa7a290e`
CRC32	`02A76AA0`
ssdeep	`1536:RLruqsnxg+G4lA+lciRr6cKPL0wY5niATnbsJ5Ci38UnZJJb6IAsw3h:RLruPBSWciRJKD0wY5lTnQ38v3h`
Yara	IsPE64 - (no description) OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	439ae48c55d932ee_nsudolc.pdb Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\NSudo\NSudoLC.pdb
Size	1.6MB
Processes	2936 (dC_v13_Scrypt.exe)
Type	MSVC program database ver 7.00, 4096*399 bytes
MD5	`7a5edb76839505381543d7032678da5a`
SHA1	`8159e9e5405fc9d023a2bfae5404dacf2fdb2951`
SHA256	`439ae48c55d932eed6decc96b9a404a7d1f1460dc5a04d291d8d3a503c4166e1`
CRC32	`E74833C5`
ssdeep	`49152:c8Qa08PjzjSkSGuzu0dDwlwSw+u+Feqe8IXWw4w2wOuIyZrhwug5b5f4:yaHjzjSkWzu0dMFOZrht`
Yara	OS_Processor_Check_Zero - OS Processor Check Generic_Malware_Zero - Generic Malware Malicious_Library_Zero - Malicious_Library
VirusTotal	Search for analysis

Name	8fc7f52ccf4f070c_Update.bat Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\944A.tmp\Update.bat
Size	71.0B
Processes	584 (Update.exe)
Type	ASCII text, with CRLF line terminators
MD5	`74c6f63046c46dfd0458d4e0f8440b6b`
SHA1	`2d16887d09930532e35095281857cd208d99137a`
SHA256	`8fc7f52ccf4f070c1555d709893d8d4de837ced5a91921601e57d47d06fac5a6`
CRC32	`C30663AF`
ssdeep	`3:NNgV67EM4dHqynwxog9z+oNv:NIoEM49qzr+oNv`
Yara	None matched
VirusTotal	Search for analysis

Name	dace58fa3cc9e42a_aut1292.tmp Submit file
Filepath	C:\Windows\Temp\aut1292.tmp
Size	32.6KB
Processes	2288 (dControl.exe)
Type	data
MD5	`8d480a0fd29840481c0c9deb3953a57a`
SHA1	`99dd329ed5685befab39476d72cf53f0a6dd28b5`
SHA256	`dace58fa3cc9e42adb073afeae10712529a4ef7e4af6e2053439f1007ed76ae8`
CRC32	`23028A49`
ssdeep	`768:QTW/Y6Qior+nFu1KZqKNIHqB71OihILtKlqyZYUVccLalkxmwSP/DTd:l/8r+IKZqhHqBNILtKcGfalWmR31`
Yara	None matched
VirusTotal	Search for analysis

Name	727f3de3028650a6_DFCTRL1_9.bat Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\E94F.tmp\DFCTRL1_9.bat
Size	168.0B
Processes	2716 (DFCTRL1_9.exe)
Type	ASCII text, with CRLF line terminators
MD5	`a95ec3fb2f46cb8490f892ddb5aeea20`
SHA1	`150be60bae30487448c23be26ced9edb7569b6a6`
SHA256	`727f3de3028650a62a1ffa160e1c88fb42272d1e0063fb61ecbbf253869202af`
CRC32	`188E17B9`
ssdeep	`3:NNgMzB3bdAb/yBSwAgWSW0I63P+dfHyyz86bdAb/yBSwAghaMPmQdTZAdM2Hyn:NjBrdAb/yBSwATSW0I6GdfHr1dAb/yBf`
Yara	None matched
VirusTotal	Search for analysis