Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Dropped Files | ZeroBOX

Name	f5f286ba15c9ed2b_Presto.jar Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\Presto.jar
Size	872.7KB
Processes	1116 (jushenkotak.exe)
Type	data
MD5	`67df2f052a27c7ab492009c992d4e6b5`
SHA1	`9bb00cce70db28e530460f0fdcec50f443cd5ba3`
SHA256	`f5f286ba15c9ed2bb49ea0a6996ba699343c17d040cf3211d92f91b117aa8357`
CRC32	`CFF6A5EB`
ssdeep	`12288:3pVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawV2M01:3T3E53Myyzl0hMf1tr7Caw8M01`
Yara	OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library
VirusTotal	Search for analysis

Name	cb025c4a6334a13b_ybaomnxcbb.url Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YbaOmNXcbb.url
Size	170.0B
Processes	2040 (Preme.exe.com)
Type	MS Windows 95 Internet shortcut text (URL=<"C:\Users\test22\AppData\Roaming\vdOFTyHlVi\qlBAJBigfnwU.js>), Little-endian UTF-16 Unicode text, with CRLF line terminators
MD5	`9fa4f3a5469fc57bd91f9834fa517164`
SHA1	`af46c0c5c53d91e2286a4ad481ff9e27213531f0`
SHA256	`cb025c4a6334a13b3221b19021c27427e2bc8ad3bddb5ba9385604a114c8d1af`
CRC32	`3A598A80`
ssdeep	`3:Q+2lRQuRkiglZlo14tEIduhOEjl3QlMIolCl79IytTlClQlz+1lnLWwRli:Q+2lJglZyKm/UEZglJPZ5bClQwvLWwu`
Yara	None matched
VirusTotal	Search for analysis

Name	ce0ad7b9f0399682_qlbajbigfnwu.js Submit file
Filepath	C:\Users\test22\AppData\Roaming\vdOFTyHlVi\qlBAJBigfnwU.js
Size	273.0B
Processes	2040 (Preme.exe.com)
Type	ASCII text, with no line terminators
MD5	`009d0e864b314d3cea21df8efe539680`
SHA1	`4de75687e31a391aee514b50a2e96d4e818d0924`
SHA256	`ce0ad7b9f0399682b9ab5d6074248190236f4a737a8f3ab93e1bf46b23d08e45`
CRC32	`A3F36881`
ssdeep	`6:5AThIH8CYM2h2sUS4tRZDbRXp+NI5b99DNJjNbRXp+NI5b9yoYWDbRXp+NI5b9z:5GS6R4t7vVB9JZ9VByo7vVBz`
Yara	None matched
VirusTotal	Search for analysis

Name	38ef56988cef51c2_r Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\r
Size	961.2KB
Type	ASCII text, with very long lines, with CRLF, CR, LF line terminators
MD5	`d41ac3522ba02db085d38440987a955d`
SHA1	`fb3d095739551fde9203eeb19a6ab7a0f0a09a91`
SHA256	`38ef56988cef51c21b9203945b6c6ff376726dd8f2a63ccc02712959fb389992`
CRC32	`FF2EF1B3`
ssdeep	`12288:MDNT8IoxiKaiqN9Rl9NMKnz927B9LBC7u:MD184N9RLnx2bQ7u`
Yara	NPKI_Zero - File included NPKI
VirusTotal	Search for analysis

Name	406fd617f764313d_Com.jar Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\Com.jar
Size	17.0KB
Processes	1116 (jushenkotak.exe) 2040 (Preme.exe.com)
Type	data
MD5	`6342aaca1317454f80aad11138ca98c8`
SHA1	`840fa9927228ae05812186414395a222e83b6f06`
SHA256	`406fd617f764313da3db53a39b60f7448897ba708da36331f19542786253f702`
CRC32	`56D38377`
ssdeep	`384:v7Ts26eJTkQuznRGJAy0yTyjRoAmORLxm8iRfFKrGZE3o1Si7SNc2YtL4Vy2:zwXeJYPRp5+IRoXOyRiGZycec2Ytc02`
Yara	None matched
VirusTotal	Search for analysis

Name	783758f5b90c894c_RegAsm.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\RegAsm.exe
Size	62.9KB
Type	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`53690d6dbf8e3f7bd54529131f1be127`
SHA1	`b28ab7d6a4f0fba872310d0dd60bf9bb233b5cff`
SHA256	`783758f5b90c894c7d57d6dd257683194b4f4d3bc470e0fd51b1b8c6171494d8`
CRC32	`C59F6165`
ssdeep	`768:Z+R1Viwqkh+tGi6HYDKnJzQOgFQ04mzGnvclLz3oWK6Iq8rAOzWipD6BXl:ELiwrh+tL64DKnJJAzGvchUCQFa6D6B1`
Yara	PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware Is_DotNET_EXE - (no description) IsPE32 - (no description) Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
VirusTotal	Search for analysis

Name	237d1bca6e056df5_Preme.exe.com Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\Preme.exe.com
Size	872.7KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c56b5f0201a3b3de53e561fe76912bfd`
SHA1	`2a4062e10a5de813f5688221dbeb3f3ff33eb417`
SHA256	`237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d`
CRC32	`76090EE7`
ssdeep	`12288:6pVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawV2M01:6T3E53Myyzl0hMf1tr7Caw8M01`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	faba0b32c27463e0_Perisce.jar Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\Perisce.jar
Size	486.0B
Processes	1116 (jushenkotak.exe)
Type	ASCII text, with CRLF line terminators
MD5	`500e34922e8218ed6818e0c2cd94b874`
SHA1	`2d51f8008a558deb3a8b1bde18d25e0846cee46f`
SHA256	`faba0b32c27463e0ec9bd3571f4a03374fbd6da9b2436b3010b7ff2672332c53`
CRC32	`27B55BDB`
ssdeep	`12:VpOZrimojhOyUOBFJRaQKCppQaOnTwuE2mbi5inI5n:+ZrSlBfRarCppmgk`
Yara	None matched
VirusTotal	Search for analysis