Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Dropped Files | ZeroBOX

Name	6e6fe23fe6726241_c4e07dbc61clwswlhlhro.lwswl Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\C4E07DBC61CLWSwlhLhrO.LWSwl
Size	5.3MB
Processes	1296 (None)
Type	Zip archive data, at least v2.0 to extract
MD5	`f6ff3006259f4fbcc4dcbca6f12c2abd`
SHA1	`26d5f90466bf2610ad5f7952ef221669755d1d49`
SHA256	`6e6fe23fe6726241ad8ce336dd9e844a0b24018c87dcf426232d2afc4f0efdec`
CRC32	`7AB7B6EB`
ssdeep	`98304:29r3MG670Xe6geJmHgHWF+0paLp1+ZOkL9PDcdJerItHNN8EoR6MjiamW7hoKvNQ:g7MG670uF+0ip1+OkLVDcdjO/R6Kbhdm`
Yara	None matched
VirusTotal	Search for analysis

Name	201c726448b89ad7_qYnjfKljhYhAhBx.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\qYnjfKljhYhAhBx.exe
Size	10.9MB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`82d526a3173aca4b9c9c978cb3281e4e`
SHA1	`3af551768cba2ecd4c0bfe2ef62514df3fc1eb60`
SHA256	`201c726448b89ad7ea68ae90b4c8fbb16262736bfabfb476b434d1ed6c3e60b3`
CRC32	`40BABDDB`
ssdeep	`196608:e2mQb8h1vVa7KSMEjSURy2Vg2Exdk7MG670uF+0ip1+OkLVDcdjO/R6KbhdPRgC:b41NSMEOURPHExSM0n1+OkLIjO/Rp9kC`
Yara	Malicious_Packer_Zero - Malicious Packer UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check Is_DotNET_EXE - (no description) Malicious_Library_Zero - Malicious_Library Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT IsPE32 - (no description) Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
VirusTotal	Search for analysis

Name	e242be04491eb968_onedrivestandaloneapimethod.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\Audio API MMS\C4E07DBC61\OneDriveStandaloneAPIMethod.exe
Size	128.0MB
Processes	2388 (None)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`c16fedfda33704a1e1183495ed98c70c`
SHA1	`f79c8973a1a0ead7ec7032698bb2000f464a20be`
SHA256	`199ed37a298782d61c004b02618aebe390a003f6ddb65475f3f4e83d9de12298`
CRC32	`7CEEC026`
ssdeep	`3145728:GM74QYVKESpxRvyg8dSyWsm14Tk9HgBKgRsoUBEGRA6VVs2q:GMUETGTX4HMsoUqD+y`
Yara	Malicious_Packer_Zero - Malicious Packer UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check Is_DotNET_EXE - (no description) Malicious_Library_Zero - Malicious_Library Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT IsPE32 - (no description) Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult NPKI_Zero - File included NPKI
VirusTotal	Search for analysis

Name	b8b12f1f6c46c903_tmp2C53.tmp.bat Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmp2C53.tmp.bat
Size	270.0B
Processes	2388 (None) 1032 (cmd.exe)
Type	DOS batch file, ASCII text, with CRLF line terminators
MD5	`03212027d0794bce65cd94e9590a51e8`
SHA1	`097e44e10eef7d66cad3b31fe55097778e78abdb`
SHA256	`b8b12f1f6c46c903fc4ae5ca1ea85993a8da8873245aa484c26a4c473044ab13`
CRC32	`D543F881`
ssdeep	`6:hu6mQpcLJaZ5E+oFfzTGOJVq+bE3aoLmQpcLJ23fJU8Hgy9DNemQpcLJ23fTzSk:kkOLAHpo4m8+gaobOLMhU8HgMDNoOLMB`
Yara	None matched
VirusTotal	Search for analysis

Name	48ef46818d17ee38_rtknguiapicpu.exe.tmp Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\C4E07DBC61C\RtkNGuiAPICPU.exe.tmp
Size	128.0MB
Processes	1296 (None)
Type	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5	`459cc4e3a8d994d20d0f5b4953797b33`
SHA1	`4ceb38038795ed0abb61a7d380addf4d19f2e577`
SHA256	`f593acc2af482927e69879734f710448a1ab791523abb05f5cdd2ba09321f0e9`
CRC32	`20AD302A`
ssdeep	`98304:RXxikOVwkpg1RefUS++pPRCJDpHz2Qqcvxr6agxDg8hub:W5VwkpxrZRC7pqcvwagxjo`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	0952ac1ed0b4631c_rtknguigpuapi.exe.tmp Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\C4E07DBC61G\RtkNGuigpuAPI.exe.tmp
Size	128.0MB
Processes	1296 (None)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`f59de78cfc7c2a689dabe1fcd5c2c2fb`
SHA1	`662fd61004f1c9e4cc8726fd37db143c23e3f1b0`
SHA256	`16f9589ac84d9c9fe97201f82c237b30de17bc98d80960220c9c1e63a3d704d1`
CRC32	`0A92F98F`
ssdeep	`98304:7hpOjgmb/arLyVlwQXiEEEsbME3rSCJ11MBqx5yN/Or:9pOjQLyIQXiEEEmME3WC7K+5yYr`
Yara	Malicious_Packer_Zero - Malicious Packer IsPE64 - (no description) PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library
VirusTotal	Search for analysis

Name	c2a3bdf046e0f6df_screen.png Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Screen.png
Size	47.9KB
Processes	2388 (None)
Type	PNG image data, 1024 x 768, 8-bit/color RGBA, non-interlaced
MD5	`1a0b2d1a3a3e94a63263b1a511a5ba33`
SHA1	`b1d0ff05b02cce5491f42ca7db6b4e0872fa3495`
SHA256	`c2a3bdf046e0f6df012fad6bce94c7f00b67fb7c32a67c1790ea343f34921359`
CRC32	`FD0A0639`
ssdeep	`768:05QVHiz/96TsBGEPNpvhh3vxKNM8T+iNonsSmsGm6HF9xfAI1:05QVHn2GQNBhh3fGLtSL6HbqI1`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	2be5d2d642bd744b_c4e07dbc61glwswlhlhro.lwswl Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\C4E07DBC61GLWSwlhLhrO.LWSwl
Size	5.3MB
Processes	1296 (None)
Type	Zip archive data, at least v2.0 to extract
MD5	`03770f9d17355e8b06f9791859694b28`
SHA1	`463d58e71ce04703baf1e42b81477afaa78e084d`
SHA256	`2be5d2d642bd744bb0e3d1a20337dcaf0acbd7f6012b7e39fbb06feee952a45a`
CRC32	`32AFD113`
ssdeep	`98304:lPSGeAkL/+5Whh8WEvzJnsmbgZ7KyVMEjrmUJP1oBqNVgTawFbxFLs:Eb8h1vVa7KSMEjSURy2Vg2Exds`
Yara	None matched
VirusTotal	Search for analysis