Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Dropped Files | ZeroBOX

Name	9621928edc2e66f2_duixh.exe Submit file
Filepath	C:\SIS64\klenerfray\duixh.exe
Size	1.6MB
Processes	2532 (frg2345.exe) 2032 (cmd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`7757f92fe39a06da104ccd608f92a00f`
SHA1	`95f0dc896629a5c298eff1201b09aee8364b2e6a`
SHA256	`9621928edc2e66f2a5c85d8e608e4c7c758e9f820f0d7c5d958da7f59d253d70`
CRC32	`B2110176`
ssdeep	`12288:+6lycIBT8MNzJMuUXWjNiLOuiAI82rErA1TPk5l:+6ly5t8azJMuUeE6xErUTs3`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	1fdec2c3f7e41671_nzt.rar Submit file
Filepath	C:\SIS64\klenerfray\nzt.rar
Size	319.7KB
Processes	2488 (file.exe) 1612 (cmd.exe)
Type	RAR archive data, flags: EncryptedBlockHeader
MD5	`b2171b9f27811de6bde43110fd207b6b`
SHA1	`79fc6cfbcda3481aace743f33db0fd3a37356aef`
SHA256	`1fdec2c3f7e416710850578b3da52947d75c5b8d875dea1fe47d75f30f1f0c02`
CRC32	`A49E1FB9`
ssdeep	`6144:0MhfMO7bYbEqTUgHpSyt33Tr6T1n8fDpt99mc3qGBpXvvc:zhfMkbYblTUgJnt3Hoq5aGBtvvc`
Yara	None matched
VirusTotal	Search for analysis

Name	824fae3331b95e2f_tmpE1AF.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmpE1AF.tmp
Size	40.0KB
Type	SQLite 3.x database, last written using SQLite version 3033000
MD5	`41c19a9e8541fcb934c13c075bf47721`
SHA1	`648a7622d533d79b9a0bb31dc370134ec3a75ed7`
SHA256	`824fae3331b95e2f88ca60c87a6c9569086906ec76fc1db8d6dee9adddc4e80c`
CRC32	`560F7642`
ssdeep	`48:+35TqYzDGF/8LKBwUf9KfWfkMUEilGc7xBM6vu3f+fmyJqhU:Ulce7mlcwilGc7Ha3f+u`
Yara	None matched
VirusTotal	Search for analysis

Name	079473a1752fb5e1_tmpE209.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmpE209.tmp
Size	80.0KB
Type	SQLite 3.x database, last written using SQLite version 3033000
MD5	`5f98cfac1d9c02587e0db4a6e5a20739`
SHA1	`be4f97d8544c22d01a1b941fe835d91ffc8a5efd`
SHA256	`079473a1752fb5e18f755627476b14192bb76894459f1430888e6ae3d07bd763`
CRC32	`B01FA20E`
ssdeep	`96:JBc7fYLKYZCIdE8XwUWaPdUDg738Hsa/NhuK0l0q8oc5PyWTJereWb3lxzasq9ul:JBPOUNlCTJMb3rEDFA867/`
Yara	None matched
VirusTotal	Search for analysis

Name	d6188c984e2c6999_cc47.bat Submit file
Filepath	C:\SIS64\klenerfray\cc47.bat
Size	417.0B
Processes	2488 (file.exe) 1612 (cmd.exe)
Type	ASCII text, with CRLF line terminators
MD5	`0e5eee4a7fe94363c951500447418ab5`
SHA1	`c22d866294ba471b895c7c583f34e43dd2dfccce`
SHA256	`d6188c984e2c69991635e3e4e1791bf179765a19f988956b0978eec702dfde2f`
CRC32	`7FBA6011`
ssdeep	`6:pKuoTIkv5axlqdok4TXRQA3jchQXLYE+mpJZI78jtM2yE18mXSBsFvERSXv:podGcOXRQA3xrjpXdMWF4SXv`
Yara	None matched
VirusTotal	Search for analysis

Name	e1c22723ae36b57d_2two45.vbs Submit file
Filepath	C:\SIS64\klenerfray\2two45.vbs
Size	104.0B
Processes	2532 (frg2345.exe) 2032 (cmd.exe)
Type	ASCII text, with CRLF line terminators
MD5	`c7f10c04f129f215252a99ec2ca76df7`
SHA1	`93752432c0a639c08bda958f708459313c505136`
SHA256	`e1c22723ae36b57dc8c2bf3ee1faab67bc9610aeaff1da6ca31e10dfe1db4eeb`
CRC32	`783274FE`
ssdeep	`3:jaPFEm8nhwvyGqQB/XdQO0gvuLkhJFj5gW9n:j6NqhTG1/dx0gDIW9n`
Yara	None matched
VirusTotal	Search for analysis

Name	0cd87bca88ac7540_77x.bat Submit file
Filepath	C:\SIS64\klenerfray\77x.bat
Size	718.0B
Processes	2532 (frg2345.exe) 2032 (cmd.exe)
Type	ASCII text, with CRLF line terminators
MD5	`8bc9677e2d059eb7047fb477328bf281`
SHA1	`b5c0522ae96336e2addebbc65b47926bd3141080`
SHA256	`0cd87bca88ac75405147dddd550c37706e33e1be0e237c2a91350adc1440b41c`
CRC32	`DBF3B50F`
ssdeep	`12:vJgy8zl2QLNKlCZWgmWgimAuQyOhkjm+2og+L/o32Xv:vCy8lDL8CZQsmAuQdom3x+Le2Xv`
Yara	None matched
VirusTotal	Search for analysis

Name	242ac5cf6aa78d9a_zider.vbs Submit file
Filepath	C:\SIS64\klenerfray\zider.vbs
Size	90.0B
Processes	2488 (file.exe) 2032 (cmd.exe)
Type	ASCII text, with CRLF line terminators
MD5	`35d29d8f811b3af81243d19e929fba2c`
SHA1	`1b34d560da0ca07e186ddf49428dc3e5484016ee`
SHA256	`242ac5cf6aa78d9a6688bf8166c27c67b1bf014e60b9e6626e79e3c97a7813bf`
CRC32	`4C5E9414`
ssdeep	`3:jaPFEm8nB7KqQBRRKERpFj5gW9n:j6NqdK1RRKERpIW9n`
Yara	None matched
VirusTotal	Search for analysis

Name	160e0f4432211c9c_tmpE94E.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmpE94E.tmp
Size	88.1KB
Type	data
MD5	`ea6b9760e6fe4ee3c775f0c7230c32d1`
SHA1	`71d31046bf3dca47fbb9641d3c3a0366e4687bfb`
SHA256	`160e0f4432211c9ccdfd34ff6b6b14a7f14729547191d70421615362e3a10d28`
CRC32	`C43D176B`
ssdeep	`1536:IK+GdtBCXQfMjxOEUe5zCctGZLKImMggEl9YMK2Sko/kRQXYk9Hw5fMIABeStLdI:qGJCAK4Le08QKImLl6MDa/kug5/AB/f4`
Yara	None matched
VirusTotal	Search for analysis

Name	e5c7931e871678ae_tmpE1E4.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmpE1E4.tmp
Size	36.0KB
Type	SQLite 3.x database, last written using SQLite version 3033000
MD5	`8e36f9cfbb4e98a1ea4cb31b1dfd18ba`
SHA1	`271e10b8bb5623e6552f2be568b01ae93b3e5a3a`
SHA256	`e5c7931e871678ae9bf44ed496a03ba8524a3d7600a44b29a60847ddda90eb86`
CRC32	`C73EAD8F`
ssdeep	`24:TLea0RlPbXaFpEO5bNmISHdL6UwcOxvyUU3Z:TYLOpEO5J/KdGU1EyU2Z`
Yara	None matched
VirusTotal	Search for analysis

Name	c1fe457f69fbcef8_tmpE950.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmpE950.tmp
Size	354.7KB
Type	data
MD5	`76e8ece0e936797949f4cc8baf445e3a`
SHA1	`df85456754bb3db63197fec4b025311f8f9e65fb`
SHA256	`c1fe457f69fbcef82e42343cd11a925c8b41d5abaf65743eccb790b3dc1b3e59`
CRC32	`0966C392`
ssdeep	`6144:R4ZTtPVEsH593jMLZsoluOMRBgfYgqRB7mLQJZkyoh1JkITFalCkIR0/sFGXx1K/:RETtdl59cs2uTusKQJ3wJrTFalpkFsxY`
Yara	None matched
VirusTotal	Search for analysis

Name	34dfe4869b0a524c_frg2345.exe Submit file
Filepath	C:\SIS64\klenerfray\frg2345.exe
Size	551.7KB
Processes	2488 (file.exe) 2032 (cmd.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`061f64173293969577916832be29b90d`
SHA1	`b05b80385de20463a80b6c9c39bd1d53123aab9b`
SHA256	`34dfe4869b0a524c63cc4696fafe30c83a22dc5fe4b994b9fe777f2c986733ce`
CRC32	`AF21EEA8`
ssdeep	`6144:lEFCsTIKlyUvQLPSvsN6UeLrfeH9Kv526R7mO/ak/QXcBgWxJiT40/abdBZAuO8U:SsDKl7omvhpr10Oj3xgTh/arNnaGcF`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14___tmp_rar_sfx_access_check_10157515 Empty file or file not found
Filepath	C:\SIS64\klenerfray\__tmp_rar_sfx_access_check_10157515
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	e798f84e8ff7c8c1_tmpE94C.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmpE94C.tmp
Size	12.4KB
Type	data
MD5	`5bec0b403948706255e92a4f6b83e449`
SHA1	`034e410cd1fd446dc92f8efc483054111c8f72f9`
SHA256	`e798f84e8ff7c8c1a85e3f4138caf20a109701a1f528b5b53e92bd202c2ddb47`
CRC32	`7A47ADA3`
ssdeep	`384:EpCf1RODFjAk8Dzy+JOZZUWQc1oTgfc/ee1DTV2qAzCes:TIjP0zy4rWQc1o8c/tDTwies`
Yara	None matched
VirusTotal	Search for analysis

Name	9e6e4772050998a5_tmpE93A.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmpE93A.tmp
Size	10.0B
Type	ASCII text, with no line terminators
MD5	`eb6b6c90251ab33cee784713c451e6d8`
SHA1	`451685e9efac4a6dc1fee73ec53ffb6b2c4c38b5`
SHA256	`9e6e4772050998a5c0dc3c61acf3dab0a7e594566171fa5746d6b62f9598efb6`
CRC32	`22598B08`
ssdeep	`3:IS:7`
Yara	None matched
VirusTotal	Search for analysis

Name	88f9dc0b9a633e43_tmpE263.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmpE263.tmp
Size	512.0KB
Type	SQLite 3.x database, user version 11, last written using SQLite version 3031001
MD5	`dd47ebe6866ad2ab59d0caa1de28d09e`
SHA1	`afdf6eb7a01bb7ef4c9d768b65abbbeae5ba2663`
SHA256	`88f9dc0b9a633e43c6d2c6fae136e782c15aa38c1601dcff948987f1c2a391c3`
CRC32	`8DEE9EEA`
ssdeep	`24:DQHtJl32mNVpP965hKN0MG/lZpNjCKRIaU5BnCMOkC0JCpL3FYay:DQfrbWTTTqtStLm`
Yara	None matched
VirusTotal	Search for analysis

Name	46b841ef2bcf6010_tmpE93B.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmpE93B.tmp
Size	187.5KB
Type	data
MD5	`00795e2d64325b3400a9049d638dc119`
SHA1	`0c1218043eae5bfd3481ea4e9f6c808a30f9be55`
SHA256	`46b841ef2bcf6010da5f45dab63cc72e03f90dbf8c1f05184694186f3fda53c1`
CRC32	`2B1D1556`
ssdeep	`3072:2cg0crGTZB1jWdUaB89R9EByZZMePe6GeiuIEA+QcnU2U3KcP+aBIosRX:5c61nWdUb9HOyZvPoeiup/UTL+dX`
Yara	None matched
VirusTotal	Search for analysis