Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe
11.15 01:11
msf.exe
11.15 01:11
lum250.exe
11.15 01:11
msf443.exe
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe

Latest News
11.16 09:11
존쿡 델리미트 외식 매장서 ‘연말맞이 다...
11.16 09:11
서울퓨처랩, 누적체험객 6만명 돌파…프로...
11.16 09:11
니지모리스튜디오 갤러리, 일본 일러스트 ...
11.16 09:11
RISC-V Pushes 400 Mill...
11.16 09:11
IT Sicherheitsnews tae...
11.16 07:11
Anduril’s Chair Consul...
11.16 07:11
Senators Call for Prob...
11.16 06:11
Microsoft Windows NTLM...
11.16 06:11
Drinking water systems...
11.16 06:11
Mögliches Destatis-Dat...

Dropped Files | ZeroBOX

Name	17586170ca6c6c87_parameters.ini Submit file
Filepath	C:\Windows\parameters.ini
Size	263.0B
Processes	1108 (jkfe.exe)
Type	ASCII text, with CRLF line terminators
MD5	`e744d370c7cb63628e1b3ca149df37b0`
SHA1	`d15b7e68c4611a6a2a5eb83910cb47a00e61f19f`
SHA256	`17586170ca6c6c873f66a9e2613bd85cc73f43ef9d4a3b44c31d0e1c4852f035`
CRC32	`61EBA5B7`
ssdeep	`6:GUThtewyIIXjmCGgXMA9aBv+F4yseRNh2yW3DddN9n:5ThtetIIXjmFgX34w139tWzddN9n`
Yara	None matched
VirusTotal	Search for analysis

Name	288100583f65a2b7_nsExec.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nss63A5.tmp\nsExec.dll
Size	6.5KB
Processes	1108 (jkfe.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`b5a1f9dc73e2944a388a61411bdd8c70`
SHA1	`dc9b20df3f3810c2e81a0c54dea385704ba8bef7`
SHA256	`288100583f65a2b7acfc0c7e231c0e268c58d3067675543f627c01e82f6fd884`
CRC32	`E835AD1F`
ssdeep	`96:p7GUxNkO6GR0t9GKKr1Zd8NHYVVHp4dEeY3kRnHdMqqyVgNQ3e:lXhHR0aTQN4gRHdMqJVgNH`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	54d0043a83f89da8_svchost.exe Submit file
Filepath	C:\Windows\svchost.exe
Size	6.4MB
Processes	1108 (jkfe.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`4f3407ba0de406c6c846db831b731fb2`
SHA1	`0478b8298de3312bb215d9b9c30116e36da6a1ec`
SHA256	`54d0043a83f89da8f3d9089be83d2981e63bb3158dd46b1fbcf5bcbbd631f230`
CRC32	`49C0500E`
ssdeep	`98304:jFpjqt0F93tI6IU1vinyHd6/jACR4z/+v0svvIKYyitL9qIQg:JpWtynIBnWd6Laz2ss4/NxjF`
Yara	PE_Header_Zero - PE File Signature VMProtect_Zero - VMProtect packed file OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_nsn6385.tmp Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\nsn6385.tmp
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	95fe9d92512ff231_nsProcess.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nss63A5.tmp\nsProcess.dll
Size	4.0KB
Processes	1108 (jkfe.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`05450face243b3a7472407b999b03a72`
SHA1	`ffd88af2e338ae606c444390f7eaaf5f4aef2cd9`
SHA256	`95fe9d92512ff2318cc2520311ef9145b2cee01209ab0e1b6e45c7ce1d4d0e89`
CRC32	`7F5B79E7`
ssdeep	`48:SKgfJzwtr95f5wiXnfkm4ZixVWmWDYWWDYvt6ENGAa4GW6ENcuHdtjq6vo:hZ9Htnfd/xVJ3W3V6aQ4GW6azdtj`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis