Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe
11.13 02:11
nb.exe
11.13 02:11
svcyr.exe
11.13 02:11
Ghost_1.5.11.5.exe
11.13 02:11
PowderGpl.exe
11.13 02:11
goodlabel%E6%89%93%E5%...

Latest News
11.14 01:11
Bengal cat lovers in A...
11.14 12:11
RCE intrusions likely ...
11.14 12:11
Permiso releases 3 ope...
11.14 12:11
Impersonation attacks ...
11.14 12:11
Half a dozen HPE Aruba...
11.14 12:11
Broadcom unveils priva...
11.14 12:11
Broadcom introduces Ve...
11.14 12:11
Tesla Recalls Cybertru...
11.14 12:11
Altman-Backed Oklo Ink...
11.14 12:11
Amazon Aims at Temu Wi...

Dropped Files | ZeroBOX

Name	288100583f65a2b7_nsExec.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nsr7C8C.tmp\nsExec.dll
Size	6.5KB
Processes	2100 (b.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`b5a1f9dc73e2944a388a61411bdd8c70`
SHA1	`dc9b20df3f3810c2e81a0c54dea385704ba8bef7`
SHA256	`288100583f65a2b7acfc0c7e231c0e268c58d3067675543f627c01e82f6fd884`
CRC32	`E835AD1F`
ssdeep	`96:p7GUxNkO6GR0t9GKKr1Zd8NHYVVHp4dEeY3kRnHdMqqyVgNQ3e:lXhHR0aTQN4gRHdMqJVgNH`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	119dd05047dcba8a_parameters.ini Submit file
Filepath	C:\Windows\parameters.ini
Size	295.0B
Processes	2100 (b.exe)
Type	ASCII text, with CRLF line terminators
MD5	`6b41e08bf4fdf76812d2466c628dcd2f`
SHA1	`c6c054121cbd6283124d19644d55072b4b25af06`
SHA256	`119dd05047dcba8a30161a33531ceb9115eb7e683870a89b26918f9637540831`
CRC32	`7F1FB461`
ssdeep	`6:Gx3hR1JyIIIy7jmZAIt1EWK+PHJKyMNjYnEWNjNLRdbSm2yW3Ddd83k:yH2Iq7jmvnEWl/JzMhYnEWPlJjtWzddx`
Yara	None matched
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_nsc7C7C.tmp Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\nsc7C7C.tmp
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	95fe9d92512ff231_nsProcess.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nsr7C8C.tmp\nsProcess.dll
Size	4.0KB
Processes	2100 (b.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`05450face243b3a7472407b999b03a72`
SHA1	`ffd88af2e338ae606c444390f7eaaf5f4aef2cd9`
SHA256	`95fe9d92512ff2318cc2520311ef9145b2cee01209ab0e1b6e45c7ce1d4d0e89`
CRC32	`7F5B79E7`
ssdeep	`48:SKgfJzwtr95f5wiXnfkm4ZixVWmWDYWWDYvt6ENGAa4GW6ENcuHdtjq6vo:hZ9Htnfd/xVJ3W3V6aQ4GW6azdtj`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	419cf2586798e1b9_splwin.exe Submit file
Filepath	C:\Windows\splwin.exe
Size	5.0MB
Processes	2100 (b.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`f831bb0681b2e13f0e7ac1298682741c`
SHA1	`e31616fa4eb8abe26c60d95d11faaf7766dff290`
SHA256	`419cf2586798e1b9c2695531192e63d9e40074d73cf77691de6f597103af0b0f`
CRC32	`177407E4`
ssdeep	`49152:oBBQjKMKYi1LDtASHcstH9PTqndeq0FspbfN1pTh6m1UMaGoSJTuYYY+jnCh:ojv6Bn+spbfbiPMaGoP`
Yara	PE_Header_Zero - PE File Signature Admin_Tool_IN_Zero - Admin Tool Sysinternals OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) Malicious_Packer_Zero - Malicious Packer
VirusTotal	Search for analysis