Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Dropped Files | ZeroBOX

Name	9f2cd4acf23d565b_gpt.ini Submit file
Filepath	C:\Windows\System32\GroupPolicy\gpt.ini
Size	268.0B
Processes	1772 (Install.exe)
Type	ASCII text
MD5	`a62ce44a33f1c05fc2d340ea0ca118a4`
SHA1	`1f03eb4716015528f3de7f7674532c1345b2717d`
SHA256	`9f2cd4acf23d565bc8498c989fccccf59fd207ef8925111dc63e78649735404a`
CRC32	`25DA65CC`
ssdeep	`6:1QnMzYHxbnPonn3dXsMzYHxbnn/JIAuNhUHdhJg+5Rnn3dzC:1QM0HxbnIV0Hxbn/JnumuuzC`
Yara	None matched
VirusTotal	Search for analysis

Name	b65690af94888dd2_bvmcjejduxhooxizsk.job Submit file
Filepath	C:\Windows\Tasks\bvmcjEjDUxHOOxIZsK.job
Size	500.0B
Processes	572 (schtasks.exe)
Type	VAX-order 68k Blit mpx/mux executable
MD5	`6a81cbf074088807ef6849d24a3c4069`
SHA1	`434712d4e8b6f3fd3a55fbfb304b2d9a1fbf7721`
SHA256	`b65690af94888dd2672bdb521ddb65f8c0ae0b3dfc0feabc4acff24f2128ab44`
CRC32	`315D1318`
ssdeep	`12:olEXc/Q1yDZpc2JRdWSd/Q1yDZpc2I4Vi:9L0A2lzy0A2I`
Yara	None matched
VirusTotal	Search for analysis

Name	5b9e0b2f84df7986_install.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7zS7D18.tmp\Install.exe
Size	6.6MB
Processes	3068 (Install.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`1974434738cb39f639e84abce4eac613`
SHA1	`fc918330e3c1a67570af1cbb64d441eb404b29cf`
SHA256	`5b9e0b2f84df7986a95c4990f2fc33cd5a7727552dbdf858b97c1723d2b45c53`
CRC32	`0450AC18`
ssdeep	`98304:Tjfj5XXTkJaP9EGGLG3YbKUwmHERnEuZedxQhDWULORWWdtgSoIRciorkCEfYRg1:XfjB4qiOlEEZDWUKYWkri+g5b1dbmF0`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	49c4a85bce2fb8cb_d93f411851d7c929.customdestinations-ms Submit file
Filepath	c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size	7.8KB
Processes	2328 (powershell.exe)
Type	data
MD5	`4eba3b6a4f05a26106a2d772c79da044`
SHA1	`45ae375ea2f305e4409aabc22803cd1471f0983e`
SHA256	`49c4a85bce2fb8cb6db4279591d0966cbd2fb84bc43f252ee5ad14d3d615b2b5`
CRC32	`2DF7F691`
ssdeep	`96:YtuCaGCPDXBqvsqvJCwo9tuCaGCPDXBqvsEHyqvJCworM7HwxWlUVul:YtzXo9tzbHnornxo`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	e84c1f55eb34fec7_config.txt Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7zS7A69.tmp\__data__\config.txt
Size	977.5KB
Processes	1960 (installer_394347.exe)
Type	data
MD5	`c8a1166b667d653db006bdab72fd11ec`
SHA1	`feb8292dd66d9a779039f3a3a2857469c210911d`
SHA256	`e84c1f55eb34fec71ce5d856e0c81f6bb3321f50fea6084e6a38eca13c09e8f1`
CRC32	`9B61B8CD`
ssdeep	`24576:4iG5lcpFunxWxEphO4mcCPjoJ9zAc0EyxW4BxSXUi1yjqL+R:a5++hDOTFPjm9zAcR5oAki12s6`
Yara	None matched
VirusTotal	Search for analysis

Name	74228dc2a61f161b_install.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7zS7A69.tmp\Install.exe
Size	6.1MB
Processes	1960 (installer_394347.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c9e8fa59377613e1d48486292bf69a66`
SHA1	`97c89d41377f988f82562363b32635e511dde006`
SHA256	`74228dc2a61f161b6563c80eed1129ebeb453844c49952a2c32ca81f523461c5`
CRC32	`2A900048`
ssdeep	`98304:91OVifpsM4Ypm43obrDKnCfOlYY098mpKWRqXIL0b2P9E2zhrONWor:91OGSWB/2ieWmpBRIIeo9Hz9ONWu`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis