Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe
11.15 01:11
msf.exe
11.15 01:11
lum250.exe
11.15 01:11
msf443.exe
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe

Latest News
11.17 03:11
[일본 애니메이션]世界最高の暗殺者、異世界...
11.17 03:11
Playing Chess Against ...
11.17 03:11
IT Sicherheitsnews tae...
11.17 03:11
IT Sicherheitsnews tae...
11.17 01:11
IT Sicherheitsnews tae...
11.17 01:11
IT Sicherheitsnews tae...
11.17 01:11
TikTok Parent ByteDanc...
11.17 12:11
Hackers, Patents, and ...
11.17 12:11
IT Sicherheitsnews tae...
11.17 12:11
Umweltfreundlicher Wha...

Dropped Files | ZeroBOX

Name	73c019e0926ebb5c_lcstxenjhc.lnk Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lcSTXENJHc.lnk
Size	1.1KB
Processes	2768 (vbc.exe)
Type	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Sat Sep 4 14:53:02 2021, mtime=Sat Sep 4 14:53:02 2021, atime=Sat Sep 4 14:53:02 2021, length=250, window=hide
MD5	`a500ecc1b75a0d6e900b3c60c24f17a6`
SHA1	`8e48dfd691e657f3b795f123b860102886697d85`
SHA256	`73c019e0926ebb5c76cbef10a7294de19ce0f343176832f60c195fbda99a3a37`
CRC32	`75BF9811`
ssdeep	`12:8g6Gk4cZCrR8EvSWcg6R+/iNXewi8vZEvL7lJ2izCCOLMR14EmVlJowua4t2YLE2:80sERdw7R5VO8YLzNRRoPy6Py/08`
Yara	Lnk_Format_Zero - LNK Format
VirusTotal	Search for analysis

Name	aeda3e45e8eab880_run.dat Submit file
Filepath	C:\Users\test22\AppData\Roaming\017BD04F-B3BF-45B6-8167-9E8F41FF87BF\run.dat
Size	8.0B
Processes	1632 (RegAsm.exe)
Type	data
MD5	`23effcd348d74a61c2fbc84070388c7c`
SHA1	`b31b7d60abe47eb527a0dd40f358037c242b1e69`
SHA256	`aeda3e45e8eab8805ed105c60664f82cf691e5843c125512bb690b5cc20ba7d6`
CRC32	`939ED3A9`
ssdeep	`3:Oq:9`
Yara	None matched
VirusTotal	Search for analysis

Name	df982e10764d21fc_catalog.dat Submit file
Filepath	C:\Users\test22\AppData\Roaming\017BD04F-B3BF-45B6-8167-9E8F41FF87BF\catalog.dat
Size	232.0B
Processes	1632 (RegAsm.exe)
Type	data
MD5	`cf55df705b79f961ed069d8e84d2af1c`
SHA1	`574cdf36753cf356a25872bccaa3cc6ffcd5d23f`
SHA256	`df982e10764d21fcb1469eb6ea1175ac69544c68900b0dd8c79a0fe8a8f300f5`
CRC32	`F79FDAF1`
ssdeep	`6:X4LDAnybgCFcpJSQwP4d7V9Nhyleajl0fuONKcpMe5i:X4LEnybgCFCtvd7V9NYRj+GONKaMv`
Yara	None matched
VirusTotal	Search for analysis

Name	1cc9dd8d1026db9a_coyocucsii.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nsx60E6.tmp\coyocucsii.dll
Size	233.5KB
Processes	2768 (vbc.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`95abe8981f99fe40fa7efb8ff0025ac9`
SHA1	`4b35b2119a59f79158eb728bd138df613f99eecd`
SHA256	`1cc9dd8d1026db9a9e7f5d763efb65a1e98ce5dd30723e1e129374f1fe3d3254`
CRC32	`D85E676E`
ssdeep	`6144:/dPPuhRXGvYpVN2q3zl+knNbhV9FwB5bJAzP4qxG9ZsyD:hPURXGvYrN2q3zlnxhVIB5mr4v99`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	f8098a6290118f29_settings.bin Submit file
Filepath	C:\Users\test22\AppData\Roaming\017BD04F-B3BF-45B6-8167-9E8F41FF87BF\settings.bin
Size	40.0B
Processes	1632 (RegAsm.exe)
Type	data
MD5	`4e5e92e2369688041cc82ef9650eded2`
SHA1	`15e44f2f3194ee232b44e9684163b6f66472c862`
SHA256	`f8098a6290118f2944b9e7c842bd014377d45844379f863b00d54515a8a64b48`
CRC32	`C6B6460B`
ssdeep	`3:9bzY6oRDT6P2bfVn1:RzWDT621`
Yara	None matched
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_nsi60D6.tmp Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\nsi60D6.tmp
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	ba23130e5fe99c9d_fytanhkwue.vbs Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\YJUnVNqlhy\FYtAnHKwuE.vbs
Size	250.0B
Processes	2768 (vbc.exe)
Type	data
MD5	`0ac4bafff0b78cc4769e44dd3a256061`
SHA1	`3d6a941f305d366f632f5e15eb950d9a67701d3d`
SHA256	`ba23130e5fe99c9d6a995b7c8062e5db3fac931641699b8f8df7a23fc8205679`
CRC32	`371AF098`
ssdeep	`6:DsX1AKlfm3OOQd+1A2lxd/UEZ+lX1YE7g7nFC:DEHO+vybL/Q1YVDFC`
Yara	None matched
VirusTotal	Search for analysis

Name	bca2a00f79388bf4_storage.dat Submit file
Filepath	C:\Users\test22\AppData\Roaming\017BD04F-B3BF-45B6-8167-9E8F41FF87BF\storage.dat
Size	406.1KB
Processes	1632 (RegAsm.exe)
Type	data
MD5	`6d06a8c3afd19319ea69337fc225f778`
SHA1	`30de9c8786cf8f2b02addaf7372d481d807d33e5`
SHA256	`bca2a00f79388bf421b684494e9b8ac8b287c20378551664f57e25edf6a0e8bf`
CRC32	`9F0EC6B7`
ssdeep	`12288:OF30dVaG4159Tdy6f1Y9TIdxTpUTWotG/fcfNO:c32aL9Tdy6G9TI/fyG/fcfA`
Yara	None matched
VirusTotal	Search for analysis

Name	d5c7a93296ccb0dd_vbc.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\vbc.exe
Size	272.9KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`cd6fb772e30b73bae310c242e03bf8ba`
SHA1	`a4a98d91037bf2fbe18c913d39ccf13838171c56`
SHA256	`d5c7a93296ccb0dd1d2186107015ee20b14e1e1800a55ae0a5dd2df6e38234d5`
CRC32	`B31BEC4A`
ssdeep	`6144:E9X0G8uH3tWq3zl+knPbhV9xwB5rJAzPaqxG9bwj8:q0LuHoq3zlnDhVAB5Wrav98j8`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis