Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Dropped Files | ZeroBOX

Name	0295964ca9d8c3e1_rtknguiapicpu.exe.tmp Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\C4E07DBC61C\RtkNGuiAPICPU.exe.tmp
Size	128.0MB
Processes	2368 (None)
Type	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5	`459cc4e3a8d994d20d0f5b4953797b33`
SHA1	`4ceb38038795ed0abb61a7d380addf4d19f2e577`
SHA256	`f593acc2af482927e69879734f710448a1ab791523abb05f5cdd2ba09321f0e9`
CRC32	`20AD302A`
ssdeep	`98304:RXxikOVwkpg1RefUS++pPRCJDpHz2Qqcvxr6agxDg8hub:W5VwkpxrZRC7pqcvwagxjo`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	6e6fe23fe6726241_c4e07dbc61cubtlxcagzn.ubtlx Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\C4E07DBC61CUBtlxcaGzn.UBtlx
Size	5.3MB
Processes	2368 (None)
Type	Zip archive data, at least v2.0 to extract
MD5	`f6ff3006259f4fbcc4dcbca6f12c2abd`
SHA1	`26d5f90466bf2610ad5f7952ef221669755d1d49`
SHA256	`6e6fe23fe6726241ad8ce336dd9e844a0b24018c87dcf426232d2afc4f0efdec`
CRC32	`7AB7B6EB`
ssdeep	`98304:29r3MG670Xe6geJmHgHWF+0paLp1+ZOkL9PDcdJerItHNN8EoR6MjiamW7hoKvNQ:g7MG670uF+0ip1+OkLVDcdjO/R6Kbhdm`
Yara	None matched
VirusTotal	Search for analysis

Name	3e4d7b65926e0be1_rtknguiapicpu.exe.tmp Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\C4E07DBC61C\RtkNGuiAPICPU.exe.tmp
Size	128.0MB
Processes	2368 (None)
Type	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5	`459cc4e3a8d994d20d0f5b4953797b33`
SHA1	`4ceb38038795ed0abb61a7d380addf4d19f2e577`
SHA256	`f593acc2af482927e69879734f710448a1ab791523abb05f5cdd2ba09321f0e9`
CRC32	`20AD302A`
ssdeep	`98304:RXxikOVwkpg1RefUS++pPRCJDpHz2Qqcvxr6agxDg8hub:W5VwkpxrZRC7pqcvwagxjo`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	535624832e774227_test3.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\test3.exe
Size	10.9MB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`fa0c8c44a1586d075fe128e07844ef1d`
SHA1	`d62e980371b01ff67040b3b77a112777a1273217`
SHA256	`535624832e774227fd956fb64eab587486e29548620b802a0e355a6c4eae6f45`
CRC32	`AAB2F9A5`
ssdeep	`196608:Q2mkb8h1vVa7KSMEjSURy2Vg2Exdk7MG670uF+0ip1+OkLVDcdjO/R6KbhdPRgC:Z41NSMEOURPHExSM0n1+OkLIjO/Rp9kC`
Yara	Malicious_Packer_Zero - Malicious Packer UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check Is_DotNET_EXE - (no description) Malicious_Library_Zero - Malicious_Library Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT IsPE32 - (no description) Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
VirusTotal	Search for analysis

Name	2be5d2d642bd744b_C4E07DBC61GUBtlxcaGzn.UBtlx Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\C4E07DBC61GUBtlxcaGzn.UBtlx
Size	5.3MB
Processes	2368 (None)
Type	Zip archive data, at least v2.0 to extract
MD5	`03770f9d17355e8b06f9791859694b28`
SHA1	`463d58e71ce04703baf1e42b81477afaa78e084d`
SHA256	`2be5d2d642bd744bb0e3d1a20337dcaf0acbd7f6012b7e39fbb06feee952a45a`
CRC32	`32AFD113`
ssdeep	`98304:lPSGeAkL/+5Whh8WEvzJnsmbgZ7KyVMEjrmUJP1oBqNVgTawFbxFLs:Eb8h1vVa7KSMEjSURy2Vg2Exds`
Yara	None matched
VirusTotal	Search for analysis

Name	05d61f74e47a87d0_onedrivestandaloneapimethod.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\Audio API MMS\C4E07DBC61\OneDriveStandaloneAPIMethod.exe
Size	128.0MB
Processes	2648 (None)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`5985000c31e3151537d5594a48253a2f`
SHA1	`c8f3d35b30ce8ed6e7a602ca64dda5772d398fef`
SHA256	`a66601b8a5c360b98fcd26a52cba6613f4b848ab490e714f42cdbddaaa2a5e03`
CRC32	`2E93C08A`
ssdeep	`3145728:cM7svx5FaMX5gK6KT1gkwvv5IhI1qtwhLxepdr:c/5naMX5gKHT1rwvNQ6hw/r`
Yara	Malicious_Packer_Zero - Malicious Packer UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check Is_DotNET_EXE - (no description) Malicious_Library_Zero - Malicious_Library Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT IsPE32 - (no description) Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
VirusTotal	Search for analysis

Name	a1a3f74b414f1dc4_tmp2CB1.tmp.bat Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmp2CB1.tmp.bat
Size	260.0B
Processes	2648 (None) 192 (cmd.exe)
Type	DOS batch file, ASCII text, with CRLF line terminators
MD5	`3ae579aea099e32a9428a6374cc2f7e1`
SHA1	`8a0bd71e52559d477c67adae97996df1a168cf4a`
SHA256	`a1a3f74b414f1dc4c6c297e280a5844d81e6dafbaae2f0f4144e6a14f94b592d`
CRC32	`04FFE374`
ssdeep	`6:hu6mQpcLJaZ5E+oFfzTGOJVq+bE3aoLmQpcLJ23fJhDNemQpcLJ23fT7h1k:kkOLAHpo4m8+gaobOLMhhDNoOLML7h+`
Yara	None matched
VirusTotal	Search for analysis

Name	11bd2c9f9e2397c9_winring0x64.sys Submit file
Filepath	c:\users\test22\appdata\roaming\microsoft\c4e07dbc61c\winring0x64.sys
Size	14.2KB
Processes	2368 (None)
Type	PE32+ executable (native) x86-64, for MS Windows
MD5	`0c0195c48b6b8582fa6f6373032118da`
SHA1	`d25340ae8e92a6d29f599fef426a2bc1b5217299`
SHA256	`11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5`
CRC32	`6B0323EB`
ssdeep	`192:nqjKhp+GQvzj3i+5T9oGYJh1wAoxhSF6OOoe068jSJUbueq1H2PIP0:qjKL+v/y+5TWGYOf2OJ06dUb+pQ`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	0952ac1ed0b4631c_rtknguigpuapi.exe Submit file
Filepath	c:\users\test22\appdata\roaming\microsoft\c4e07dbc61g\rtknguigpuapi.exe
Size	128.0MB
Processes	2368 (None)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`f59de78cfc7c2a689dabe1fcd5c2c2fb`
SHA1	`662fd61004f1c9e4cc8726fd37db143c23e3f1b0`
SHA256	`16f9589ac84d9c9fe97201f82c237b30de17bc98d80960220c9c1e63a3d704d1`
CRC32	`0A92F98F`
ssdeep	`98304:7hpOjgmb/arLyVlwQXiEEEsbME3rSCJ11MBqx5yN/Or:9pOjQLyIQXiEEEmME3WC7K+5yYr`
Yara	Malicious_Packer_Zero - Malicious Packer IsPE64 - (no description) PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library
VirusTotal	Search for analysis

Name	5e33fd6cbb139bf0_screen.png Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Screen.png
Size	47.9KB
Processes	2648 (None)
Type	PNG image data, 1024 x 768, 8-bit/color RGBA, non-interlaced
MD5	`80a1c9537f1feb15fd85ab744294ff78`
SHA1	`a902a246f5ca86f8d1338efe2b4c55fd50ace882`
SHA256	`5e33fd6cbb139bf059725f6827da081664b07022200d0128d94062676052a7d2`
CRC32	`3DD61463`
ssdeep	`768:MLyGS7n7hO+zU5bRlt6V5ab28A7dmX56M4L786gnI9rv6D3lT:M2DbRm9X6V5k2zUwH7f/9rvuF`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	48ef46818d17ee38_rtknguiapicpu.exe Submit file
Filepath	c:\users\test22\appdata\roaming\microsoft\c4e07dbc61c\rtknguiapicpu.exe
Size	128.0MB
Processes	2368 (None)
Type	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5	`459cc4e3a8d994d20d0f5b4953797b33`
SHA1	`4ceb38038795ed0abb61a7d380addf4d19f2e577`
SHA256	`f593acc2af482927e69879734f710448a1ab791523abb05f5cdd2ba09321f0e9`
CRC32	`20AD302A`
ssdeep	`98304:RXxikOVwkpg1RefUS++pPRCJDpHz2Qqcvxr6agxDg8hub:W5VwkpxrZRC7pqcvwagxjo`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis