Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Dropped Files | ZeroBOX

Name	288100583f65a2b7_nsExec.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nsq6471.tmp\nsExec.dll
Size	6.5KB
Processes	2648 (b.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`b5a1f9dc73e2944a388a61411bdd8c70`
SHA1	`dc9b20df3f3810c2e81a0c54dea385704ba8bef7`
SHA256	`288100583f65a2b7acfc0c7e231c0e268c58d3067675543f627c01e82f6fd884`
CRC32	`E835AD1F`
ssdeep	`96:p7GUxNkO6GR0t9GKKr1Zd8NHYVVHp4dEeY3kRnHdMqqyVgNQ3e:lXhHR0aTQN4gRHdMqJVgNH`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	b91a8d72b35a2f44_parameters.ini Submit file
Filepath	C:\Windows\parameters.ini
Size	326.0B
Processes	2648 (b.exe)
Type	ASCII text, with CRLF line terminators
MD5	`ecb52bc73d5aeed6613572fa4db302bd`
SHA1	`21269bf6db846c9e7a0ab2d4997e3ede1920e772`
SHA256	`b91a8d72b35a2f442d33b7a7238f41eafdc923ab4b9180c4f5236c077941b217`
CRC32	`A49DBD21`
ssdeep	`6:Gx3hR1JyIW8VZ7jmmgXMAIt/hfDyrBBu1EWKGLGoPHh2yW3Dd5grA:yH2ItZ7jmZXSyiEW1jhtWzd5gs`
Yara	None matched
VirusTotal	Search for analysis

Name	948a93862d75f77f_winspl.exe Submit file
Filepath	C:\Windows\winspl.exe
Size	5.2MB
Processes	2648 (b.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`f299ad95edb44942f8cc7b527b7c8746`
SHA1	`62a8bc6bfe242ee266c54dc6e0bbcdca10e28f9e`
SHA256	`948a93862d75f77f84149a35d8ea8bd8550f8d620e36847414d4897b3a9ce55b`
CRC32	`32162B77`
ssdeep	`49152:mTmT62I34XcZ+SjIQc93mwgbJLfpQO8EGNt8ceQ/uQ14kCTKe3VMaFh:mamB34XRUwqpQOst8c/94koMa`
Yara	Malicious_Packer_Zero - Malicious Packer UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_nsa6460.tmp Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\nsa6460.tmp
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	95fe9d92512ff231_nsProcess.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nsq6471.tmp\nsProcess.dll
Size	4.0KB
Processes	2648 (b.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`05450face243b3a7472407b999b03a72`
SHA1	`ffd88af2e338ae606c444390f7eaaf5f4aef2cd9`
SHA256	`95fe9d92512ff2318cc2520311ef9145b2cee01209ab0e1b6e45c7ce1d4d0e89`
CRC32	`7F5B79E7`
ssdeep	`48:SKgfJzwtr95f5wiXnfkm4ZixVWmWDYWWDYvt6ENGAa4GW6ENcuHdtjq6vo:hZ9Htnfd/xVJ3W3V6aQ4GW6azdtj`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis