Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
01.03 06:01
random.exe
01.03 06:01
vnc.exe
01.03 05:01
cici.exe
01.03 05:01
2.exe
01.03 05:01
qidong.exe
01.03 05:01
mcgen.exe
01.03 05:01
Java32.exe
01.02 10:01
Bootxr.exe
01.02 10:01
diskutil.exe
01.02 10:01
install.msi

Latest News
01.03 09:01
EC2 Grouper Attack
01.03 09:01
김주상, 독일 유학 준비생을 위한 '독일...
01.03 09:01
GenAI cybersecurity RO...
01.03 09:01
Apple to settle claims...
01.03 09:01
아로셀, 5주년 맞아 전 제품 최대 52...
01.03 09:01
패션 브랜딩 컴퍼니 그래비티 서울, 신진...
01.03 09:01
재팬세일, 일본직구로 스노우 스포츠 기획...
01.03 09:01
용인이강기숙학원, 2026학년도 재수생 ...
01.03 09:01
식판세척업체 클린앤키즈, 아동복지기관 신...
01.03 09:01
NS홈쇼핑, 디지털 콘텐츠 버추얼 프로덕...

Dropped Files | ZeroBOX

Name	efaf87da4c55ab7b_wwi.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\wwi.exe
Size	2.8MB
Processes	2472 (CurrenyCalculatorInst.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`8a33634964add1181f84249377c1b316`
SHA1	`696a03c0071daca980506ba21385abb45dae6f05`
SHA256	`efaf87da4c55ab7b0783a5f95103dedde720716c36b5173724252ed45c255fbe`
CRC32	`56B40EA5`
ssdeep	`49152:Uj5/WujigEl2yFrhNdeUPobFPxg7fe6vVgVbuKoS1uovA9JVXtJ1+Hu7WX:q5+uulJrhNdeUsxg7W6eEJbPNsHu7WX`
Yara	PE_Header_Zero - PE File Signature anti_vm_detect - Possibly employs anti-virtualization techniques Is_DotNET_EXE - (no description) themida_packer - themida packer IsPE32 - (no description)
VirusTotal	Search for analysis

Name	88f9dc0b9a633e43_tmpAC84.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmpAC84.tmp
Size	512.0KB
Type	SQLite 3.x database, user version 11, last written using SQLite version 3031001
MD5	`dd47ebe6866ad2ab59d0caa1de28d09e`
SHA1	`afdf6eb7a01bb7ef4c9d768b65abbbeae5ba2663`
SHA256	`88f9dc0b9a633e43c6d2c6fae136e782c15aa38c1601dcff948987f1c2a391c3`
CRC32	`8DEE9EEA`
ssdeep	`24:DQHtJl32mNVpP965hKN0MG/lZpNjCKRIaU5BnCMOkC0JCpL3FYay:DQfrbWTTTqtStLm`
Yara	None matched
VirusTotal	Search for analysis

Name	9e6e4772050998a5_tmpA67A.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmpA67A.tmp
Size	10.0B
Type	ASCII text, with no line terminators
MD5	`eb6b6c90251ab33cee784713c451e6d8`
SHA1	`451685e9efac4a6dc1fee73ec53ffb6b2c4c38b5`
SHA256	`9e6e4772050998a5c0dc3c61acf3dab0a7e594566171fa5746d6b62f9598efb6`
CRC32	`22598B08`
ssdeep	`3:IS:7`
Yara	None matched
VirusTotal	Search for analysis

Name	824fae3331b95e2f_tmpABA1.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmpABA1.tmp
Size	40.0KB
Type	SQLite 3.x database, last written using SQLite version 3033000
MD5	`41c19a9e8541fcb934c13c075bf47721`
SHA1	`648a7622d533d79b9a0bb31dc370134ec3a75ed7`
SHA256	`824fae3331b95e2f88ca60c87a6c9569086906ec76fc1db8d6dee9adddc4e80c`
CRC32	`560F7642`
ssdeep	`48:+35TqYzDGF/8LKBwUf9KfWfkMUEilGc7xBM6vu3f+fmyJqhU:Ulce7mlcwilGc7Ha3f+u`
Yara	None matched
VirusTotal	Search for analysis

Name	377e20a354fd825b_favicon[2].ico Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\favicon[2].ico
Size	16.1KB
Type	MS Windows icon resource - 1 icon, 64x64, 32 bits/pixel
MD5	`dd345aee82d34847e8abd2a695302336`
SHA1	`87e2444681a0c4d9127b5328740ec8957d7972d1`
SHA256	`377e20a354fd825b9763c87836482bb7b79d2794e6d25ed693376ca33eac990a`
CRC32	`4CF50320`
ssdeep	`192:GyrOOOOOOOOOOOOTOOOOOOOOOOOOOOOOOOOOlOOOOOOOOOOOOOOOOOOOOOOCOOOm:N3wUorF4JNM3gpxjzre9`
Yara	None matched
VirusTotal	Search for analysis

Name	cbb522d7b7f127ad_f59a01a8b782d93ea6991bc172ceffb1 Submit file
Filepath	C:\Users\test22\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1
Size	867.0B
Processes	1772 (wwi.exe)
Type	data
MD5	`c5dfb849ca051355ee2dba1ac33eb028`
SHA1	`d69b561148f01c77c54578c10926df5b856976ad`
SHA256	`cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b`
CRC32	`56B6BCC7`
ssdeep	`24:N0OmyOe7rCstRMIkbrUtPqxQWYcmcYS6dpAi3:N0OmyOO2UKxbQ0JYcmcY1B3`
Yara	None matched
VirusTotal	Search for analysis

Name	cb3a95d8b2db47f9_f59a01a8b782d93ea6991bc172ceffb1 Submit file
Filepath	C:\Users\test22\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1
Size	242.0B
Processes	1772 (wwi.exe)
Type	data
MD5	`767db5eed2a22c7ef56217f83cf1e2de`
SHA1	`d09bf3d7f2acb375c28318ebd144974600a329a6`
SHA256	`cb3a95d8b2db47f956a904bd93f8eae1db5db3fd4b890c9d8061675a453605e0`
CRC32	`CE9A0AA4`
ssdeep	`3:kkFkl7ocVXfllXlE/e0g1klJlz//5lRBGoMmJwHelJlWlLltUKlGalXliXQkSlbg:kKdg1klp1GhipWhliK8al0ApzO+WB`
Yara	None matched
VirusTotal	Search for analysis

Name	a813316ad589fd95_tmpA67C.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmpA67C.tmp
Size	140.0KB
Type	data
MD5	`b62e9e01c278707b6308a9fa7d229772`
SHA1	`92e4f3ae8e1e1ec8a3d65c26370d4c8b07100823`
SHA256	`a813316ad589fd95928996f6e1c16a5e30b12dc671110977b252aff448e9c0b3`
CRC32	`C2B54259`
ssdeep	`3072:hI9FazIWbZIJegistTe2RlpcFXHAyG+nGmBkb+i/cbJKeLKGz9zKgqbcsJSOp:y9gcW6egJta2R7cFA8GmBUV/MgOVUt/7`
Yara	None matched
VirusTotal	Search for analysis

Name	64771543c37b6203_recoverystore.{f09a194f-18ea-11ec-9d79-94de278c3274}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F09A194F-18EA-11EC-9D79-94DE278C3274}.dat
Size	4.5KB
Processes	1580 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`3592d55da911b210b2caa23681c4d863`
SHA1	`e6b80c45d18662476433bfa3468075937336d894`
SHA256	`64771543c37b62034725c1a234482746bcc3f80740be836d2d4dd7cd0bcc28ee`
CRC32	`CB254708`
ssdeep	`12:rlfF29rEg5+IaCrI0F7+F2IrEg5+IaCrI0F7ugQNlTqbaxC86081g8XNlTqbaxCe:rq95/1I5/3QNlWlcdKNlWlcNg`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	49c4a85bce2fb8cb_d93f411851d7c929.customdestinations-ms Submit file
Filepath	c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size	7.8KB
Processes	508 (powershell.exe)
Type	data
MD5	`4eba3b6a4f05a26106a2d772c79da044`
SHA1	`45ae375ea2f305e4409aabc22803cd1471f0983e`
SHA256	`49c4a85bce2fb8cb6db4279591d0966cbd2fb84bc43f252ee5ad14d3d615b2b5`
CRC32	`2DF7F691`
ssdeep	`96:YtuCaGCPDXBqvsqvJCwo9tuCaGCPDXBqvsEHyqvJCworM7HwxWlUVul:YtzXo9tzbHnornxo`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_nsf7C4D.tmp Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\nsf7C4D.tmp
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	0a13352cbe53cea9_vss.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\vss.exe
Size	1.3MB
Processes	1772 (wwi.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, RAR self-extracting archive
MD5	`904b66229f5d7a3f7e55099b973416b6`
SHA1	`c03f6195d4b3bff6f04cab19afb713a04da30dc5`
SHA256	`0a13352cbe53cea924ab9b7e2b694b8022332b451431ca05f0793c99deb5203d`
CRC32	`9D0E22E5`
ssdeep	`24576:o20gPgFKWW0wZPHNpg3K6vGW2me6HPftnUeZbbDI8iw1Uosf95b:5KNwXpg3xx22HtUe1bDlimUN`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	f6ce25396a6e0cb5_gbmh.ye Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\GBmH.ye
Size	1.1MB
Processes	2532 (W7sP3hTJPToEEt.exE)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`1b82ea43fea5c3384398641b64b0b6ae`
SHA1	`1dc4b245a981f3a5cbfaa7100d018287b47d367e`
SHA256	`f6ce25396a6e0cb5d187e9198cf9ae83036ac61fc3a430e26faad6c6f02c224e`
CRC32	`2DFBCB89`
ssdeep	`24576:LB6xzZrnW4LE9FscIpukzQhllUXfAamPH:LAIEP8hllUXfo`
Yara	UPX_Zero - UPX packed file Admin_Tool_IN_Zero - Admin Tool Sysinternals PE_Header_Zero - PE File Signature IsDLL - (no description) Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	d408379d7478adf0_tmpA69E.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmpA69E.tmp
Size	913.8KB
Type	data
MD5	`8f3d755fd71d9e4640c34980814e6c85`
SHA1	`38be6760c64420a8ffb1c2e13511dc008d9e050e`
SHA256	`d408379d7478adf0f5beeffe8c5f993ff5965d6410874f995b9404e089538139`
CRC32	`6E41CB6B`
ssdeep	`24576:VaW4YfWNfiujq5ghqRo69nipAzVorS2qQW+uQvo6J13dhps:wYfsfiIq5NoIxVyn7vzTs`
Yara	None matched
VirusTotal	Search for analysis

Name	6de598428c334097_IE9CompatViewList[1].xml Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\IE9CompatViewList[1].xml
Size	141.7KB
Type	XML 1.0 document, ASCII text, with CRLF line terminators
MD5	`c236e316e1b9ac60ce15dac7bcb8b2de`
SHA1	`1e240ed5f7cbc3dc8cd2397c7151a0d7e5f173c2`
SHA256	`6de598428c334097a21eb2dd5963c190fc5f80a6289bce205ded0466393745a4`
CRC32	`8B345ADA`
ssdeep	`3072:toSMrEDL1FwhdFFaz6l8vHG+TbFPAzepobjyG7I1K1IB2+Tir8v1IG9aIedyPcFC:mSMrEDL1FwhdFFaz6l8vHG+TbFPAzepR`
Yara	None matched
VirusTotal	Search for analysis

Name	870fca1ec4bfd83a_wwl.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\wwl.exe
Size	2.5MB
Processes	2472 (CurrenyCalculatorInst.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`ae5e9419a7be38c8e8a540f154f44e07`
SHA1	`1162b66246d2c6b6ec2ddd3f87732dd73647d78e`
SHA256	`870fca1ec4bfd83a616fd016818228413103c4e51aaa0827371e6f20de594243`
CRC32	`14B31386`
ssdeep	`49152:bIhi/Wil9s7U+fXZVCp53/n5i2EA73mstL4lc5qJx2jNHS:bYiOiTsJVCp5PLE0ptLoeqJxgNHS`
Yara	PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware Is_DotNET_EXE - (no description) Malicious_Library_Zero - Malicious_Library themida_packer - themida packer IsPE32 - (no description)
VirusTotal	Search for analysis

Name	bdbffc2d7893ba54_rzbm8l5r.txt Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Cookies\RZBM8L5R.txt
Size	88.0B
Processes	876 (iexplore.exe)
Type	ASCII text
MD5	`86d75ba8d52d9654e314f3e1426c592d`
SHA1	`4578865c825be50e37f7b628e5f503d453e7bbc3`
SHA256	`bdbffc2d7893ba54a7428a0a8e6f21de122cf6d57beec1fbb64acbcdaec05edd`
CRC32	`B291E4A6`
ssdeep	`3:gW9NDjLXQQqDvKvYTvXeTQtdRkXvhmFWziX:33XQQeSvYTvXbTRwHiX`
Yara	None matched
VirusTotal	Search for analysis

Name	079473a1752fb5e1_tmpAC0B.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmpAC0B.tmp
Size	80.0KB
Type	SQLite 3.x database, last written using SQLite version 3033000
MD5	`5f98cfac1d9c02587e0db4a6e5a20739`
SHA1	`be4f97d8544c22d01a1b941fe835d91ffc8a5efd`
SHA256	`079473a1752fb5e18f755627476b14192bb76894459f1430888e6ae3d07bd763`
CRC32	`B01FA20E`
ssdeep	`96:JBc7fYLKYZCIdE8XwUWaPdUDg738Hsa/NhuK0l0q8oc5PyWTJereWb3lxzasq9ul:JBPOUNlCTJMb3rEDFA867/`
Yara	None matched
VirusTotal	Search for analysis

Name	0b4bbb4d58d32192_{f09a1950-18ea-11ec-9d79-94de278c3274}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F09A1950-18EA-11EC-9D79-94DE278C3274}.dat
Size	4.5KB
Processes	1580 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`88a9317bb5f0a9179d21815bac8ad53e`
SHA1	`886a0e0e400c019aeaa2093c672928ad38847bfe`
SHA256	`0b4bbb4d58d32192f03c5deb9577766953618f7cafccb7c606f99e2697b6cf74`
CRC32	`56667D28`
ssdeep	`12:rl0ZGFprEgmfB06FbDrEgmfh0qgNNlTVbaxLNlz9baxzyZ:rdGjGmNNlp+Nlhi6`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	f5b067bbc938ae5b_tmpA69D.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmpA69D.tmp
Size	315.5KB
Type	data
MD5	`c20e357792c446053e5117f26b756f2e`
SHA1	`f8c55db6381aabf443a30a5c65d177e06cb64469`
SHA256	`f5b067bbc938ae5b200dd3560a6a286d00270e023c0e620a9e4c146b277b703a`
CRC32	`51C7F4EB`
ssdeep	`6144:iVwYDdXsmGG00P9SIyipO9gWuctyGot+fq6k6tiekUWjsrGUQ/h1:iWUX8y9SgPWucJwUIekUm/dZ1`
Yara	None matched
VirusTotal	Search for analysis

Name	e5c7931e871678ae_tmpABE6.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmpABE6.tmp
Size	36.0KB
Type	SQLite 3.x database, last written using SQLite version 3033000
MD5	`8e36f9cfbb4e98a1ea4cb31b1dfd18ba`
SHA1	`271e10b8bb5623e6552f2be568b01ae93b3e5a3a`
SHA256	`e5c7931e871678ae9bf44ed496a03ba8524a3d7600a44b29a60847ddda90eb86`
CRC32	`C73EAD8F`
ssdeep	`24:TLea0RlPbXaFpEO5bNmISHdL6UwcOxvyUU3Z:TYLOpEO5J/KdGU1EyU2Z`
Yara	None matched
VirusTotal	Search for analysis

Name	49b7477db8dd22f8_6LVZM.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nsq7D29.tmp\6LVZM.dll
Size	6.5KB
Processes	2472 (CurrenyCalculatorInst.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`293165db1e46070410b4209519e67494`
SHA1	`777b96a4f74b6c34d43a4e7c7e656757d1c97f01`
SHA256	`49b7477db8dd22f8cf2d41ee2d79ce57797f02e8c7b9e799951a6c710384349a`
CRC32	`A8874D27`
ssdeep	`96:4BNbUVOFvfcxEAxxxJzxLp+eELeoMEskzYzeHd0+uoyVeNSsX4:EUVOFvf9ABJFHE+FkEad0PLVeN`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis