Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.17 10:11
wwbizsrvs.exe
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe
11.15 01:11
msf.exe
11.15 01:11
lum250.exe
11.15 01:11
msf443.exe
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll

Latest News
11.18 08:11
IT Sicherheitsnews woc...
11.18 08:11
IT Sicherheitsnews tae...
11.18 08:11
IT Sicherheitsnews stü...
11.18 08:11
[AIS 2024 영상] 최광희 세종 고...
11.18 08:11
Asia’s Richest Man Joi...
11.18 07:11
[AIS 2024 영상] 김기홍 샌즈랩 ...
11.18 07:11
Wall Street Bankers Sp...
11.18 07:11
Vor 40 Jahren: der Btx...
11.18 07:11
IT Sicherheitsnews stü...
11.18 06:11
US’s UFO-Hunting Aeria...

Dropped Files | ZeroBOX

Name	c6fa242b88805720_FireFoxExtension.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-S15H0.tmp\FireFoxExtension.tmp
Size	3.0MB
Processes	1220 (FireFoxExtension.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`266673b16ab08a498deb528139dc7213`
SHA1	`f4f91f8056dbedc155b3965f19eeac7d185f1c9c`
SHA256	`c6fa242b88805720daf185db905717ff44f23086bb89f3409f100d4f80d95d3f`
CRC32	`CE855B4E`
ssdeep	`49152:qEA9P+bz2cHPcUb6HSb4SOEMkBeH7nQckO6bAGx7jXTV+333TY:692bz2Eb6pd7B6bAGx7s333T`
Yara	Malicious_Packer_Zero - Malicious Packer UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	5686e45ed19be935_bfexec.txt Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-L90BT.tmp\bfexec.txt
Size	54.0B
Processes	1644 (FireFoxExtension.tmp)
Type	ASCII text, with no line terminators
MD5	`a357bfa782c0384a4f69fb0d329b364b`
SHA1	`bbf5251b3bf1974c6850cb47fa6feb4c59e0141d`
SHA256	`5686e45ed19be9357b84d53e4b129733efbfeeecf7306823a739127993cc487e`
CRC32	`C2464F10`
ssdeep	`3:N8XdUW4LKvcUsjn:2aBLKfEn`
Yara	None matched
VirusTotal	Search for analysis

Name	0e6be3a2873bba8a_express.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-L90BT.tmp\express.dll
Size	701.0KB
Processes	1644 (FireFoxExtension.tmp)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`b28030547470704a3a16c5407bfb28bb`
SHA1	`0f5bff72f324bae9e693c06d00180e9da52e7689`
SHA256	`0e6be3a2873bba8a71da4158785b5b249863d4c1bc469ab7da0d43c8c06e2922`
CRC32	`47F3DE57`
ssdeep	`6144:5Zpn4iS3mEc3AzK5fURccY8y5uO23fX642tqFk/v4zPUpsiFiHwMl9M8Ys0XDWd:5nnx53Azu8Rc1l5u1vXgv4zP9Os0XD`
Yara	Malicious_Packer_Zero - Malicious Packer UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
VirusTotal	Search for analysis

Name	0160889c87cb5bef_abyas.bin Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-L90BT.tmp\abyas.bin
Size	36.8KB
Processes	1644 (FireFoxExtension.tmp)
Type	data
MD5	`0cccbe67a89513ec9072ae43ccf0ca36`
SHA1	`f32eba60b3f60388c38f819fd47a6b4327f98592`
SHA256	`0160889c87cb5bef893a2d0fd1a1ae22ee09610cf05e1f488e9ed390660ec9d5`
CRC32	`A15EAFCE`
ssdeep	`768:wlJZHnyGNfWCHDhZCiFWOlld3bMjh83nwdk7/3fOuM:mDMaVcOzlrbMjG3nwdaPfA`
Yara	None matched
VirusTotal	Search for analysis

Name	590f3b1a9b87254f_rosefull.txt Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-L90BT.tmp\rosefull.txt
Size	31.0B
Processes	1644 (FireFoxExtension.tmp)
Type	ASCII text, with no line terminators
MD5	`88b5cec46371b4715dbcc9e1d9a26567`
SHA1	`95fca7f67a32212ce7282280e1bb09feabb420b6`
SHA256	`590f3b1a9b87254fbf0fd65f9c802d6ff0d453572c1427c050f0f74e705878b1`
CRC32	`48331254`
ssdeep	`3:N8RYiGxwh2n:21Gg2n`
Yara	None matched
VirusTotal	Search for analysis

Name	388a796580234efc__setup64.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-L90BT.tmp\_isetup\_setup64.tmp
Size	6.0KB
Processes	1644 (FireFoxExtension.tmp)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`e4211d6d009757c078a9fac7ff4f03d4`
SHA1	`019cd56ba687d39d12d4b13991c9a42ea6ba03da`
SHA256	`388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95`
CRC32	`2CDCC338`
ssdeep	`96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	4ea90ef6db17221b_googlesystem.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-L90BT.tmp\googlesystem.exe
Size	264.0KB
Processes	1644 (FireFoxExtension.tmp)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`8c545f6f1ba83c15b8b02ee4aa62ff11`
SHA1	`61bc86addcc641dc79cf84072fc04fa738d0596d`
SHA256	`4ea90ef6db17221b9e74f9bd390f65e9877eac59a39fccd900dccad7d986a1ad`
CRC32	`A78C92FF`
ssdeep	`6144:X7h5Yo/kHYx6uFz2LJGRg4kLNnei36cwr:X7TYSk4HFCdUcW`
Yara	Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen IsPE32 - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
VirusTotal	Search for analysis