Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Dropped Files | ZeroBOX

Name	7bf16a22ac10e1dc_md8_8eus.exe Submit file
Filepath	C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe
Size	924.0KB
Processes	620 (Setup2.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, PECompact2 compressed
MD5	`68737ab1a037878a37f0b3e114edaaf8`
SHA1	`0ba735d99c77cb69937f8fcf89c6a9e3bc495512`
SHA256	`7bf16a22ac10e1dc50dc302c7d1c196dff361ee5c8e830ddb0cec90b548b483a`
CRC32	`6D62E87D`
ssdeep	`12288:1lDoa5bSeB0h3G9IexavreJk/cA36eo2WYZZ3WomAoYiZqJLqr57F9iv6r8N1tEC:nbjE6avreJkUA36eoIzmhqE97F9U6ez`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	354c569cc500b17d_uninstall.ini Submit file
Filepath	C:\Program Files (x86)\Company\NewProduct\Uninstall.ini
Size	2.7KB
Processes	620 (Setup2.exe)
Type	ISO-8859 text, with CRLF line terminators
MD5	`d506a368dea387b871bdd599995f9cc4`
SHA1	`97e1f9d36b920e8a82817e77ad6b4918b02f8287`
SHA256	`354c569cc500b17d20816df2320938b80b8d9e1406ece46491b1e0ac88482428`
CRC32	`154C0442`
ssdeep	`48:RvY7usej9z39zH9394989zC9r9R98929F995959Z9Y9G9G17eHdGVydsJWM0qK1L:qExBNW6AxT6g39LLr2BxNVJJWqwPD`
Yara	None matched
VirusTotal	Search for analysis

Name	3b046d30dc2e6021_d Submit file
Filepath	C:\Program Files (x86)\Company\NewProduct\d
Size	36.0KB
Processes	2072 (md8_8eus.exe)
Type	SQLite 3.x database, last written using SQLite version 3021000
MD5	`e185515780e9dcb21c3262899c206308`
SHA1	`230714474693919d93949ab5a291f7ec02fd286f`
SHA256	`3b046d30dc2e6021be55d1bd47c2a92970856526c021df5de6e4ea3c4144659b`
CRC32	`25EF2A64`
ssdeep	`24:TLNg/5UcJOyTGVZTPaFpEvg3obNmCFk6Uwcc85fBvlllYu:TC/ecVTgPOpEveoJZFrU1cQBvlllY`
Yara	None matched
VirusTotal	Search for analysis

Name	a32e0a83001d2c5d_2.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\$inst\2.tmp
Size	36.0B
Processes	620 (Setup2.exe)
Type	Microsoft Cabinet archive data, 36 bytes
MD5	`8708699d2c73bed30a0a08d80f96d6d7`
SHA1	`684cb9d317146553e8c5269c8afb1539565f4f78`
SHA256	`a32e0a83001d2c5d41649063217923dac167809cab50ec5784078e41c9ec0f0f`
CRC32	`EAB67334`
ssdeep	`3:wDl:wDl`
Yara	None matched
VirusTotal	Search for analysis

Name	d5855e6292d04c6a_inst1.exe Submit file
Filepath	C:\Program Files (x86)\Company\NewProduct\inst1.exe
Size	257.0KB
Processes	620 (Setup2.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c06d807e7287add5d460530e3d87648c`
SHA1	`d288550f1e35ba9406886906920f1afe7c965f71`
SHA256	`d5855e6292d04c6ab247c1b550168cde3d4a73831ed792cf15c1d0c650137e3d`
CRC32	`5FFB8380`
ssdeep	`6144:bajSf7oQiNDh3K8UBO4N6dH6oc+m7OymiPs5qg6D:bajSBYRGqda0EJE5`
Yara	PE_Header_Zero - PE File Signature Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	ce50219e767685c2_temp_0.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\$inst\temp_0.tmp
Size	1.4MB
Processes	620 (Setup2.exe)
Type	Microsoft Cabinet archive data, 1446020 bytes, 4 files
MD5	`b0d50ee8a709a97d33082db111d425fa`
SHA1	`05f411ce87b1f72b67035182e39bd5ef357db347`
SHA256	`ce50219e767685c2658718af4ea7838d7f766eb9b693a79100471594eb5c071e`
CRC32	`70C04D8B`
ssdeep	`24576:rxuiBQZ0pzvtIej9zXs3a/reJkSA3ZeoI5fiq3DMR9HC+QKHHIVqPJ7eVJDEI:rV22RjuK/YtLeJQ4IVqPJ7uN`
Yara	None matched
VirusTotal	Search for analysis

Name	435badbad2fc1382_cutm3.exe Submit file
Filepath	C:\Program Files (x86)\Company\NewProduct\cutm3.exe
Size	900.5KB
Processes	620 (Setup2.exe)
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`7714deedb24c3dcfa81dc660dd383492`
SHA1	`56fae3ab1186009430e175c73b914c77ed714cc0`
SHA256	`435badbad2fc138245a4771a74ebb9075658e294d1bcfcf191ccea466eea825c`
CRC32	`0E0D48D7`
ssdeep	`12288:jx1vJUpzeLkTqhqeEmC7QOZGafeei7fqiHf:H2zIkTgqeEVQO5fess`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen Malicious_Packer_Zero - Malicious Packer Malicious_Library_Zero - Malicious_Library ASPack_Zero - ASPack packed file Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
VirusTotal	Search for analysis

Name	b3a3c03a2b140d4f_uninstall.exe Submit file
Filepath	C:\Program Files (x86)\Company\NewProduct\Uninstall.exe
Size	97.6KB
Processes	620 (Setup2.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`56b3225c7b1d6f05b4ba4ba7b4ce2202`
SHA1	`27c0ed1a6d25a68a48950a7ede29d87e1f2b1461`
SHA256	`b3a3c03a2b140d4fbe9bac4416866210d014da4c64355b395715f2d4c2506c46`
CRC32	`6DE3DA1A`
ssdeep	`1536:zO/z6hPABUjO/Zd1716EoLiL4l1HdIaqQPDm0xK8i6f0Zn9PRVW8sW45o75M:kzgjO/Zd1RePDmZ8tf05iW4u1M`
Yara	PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis