Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.18 09:11
babababa.exe
11.18 09:11
Jagtfalkenes.vbs
11.18 09:11
windows_update.dll
11.18 09:11
nicko.exe
11.18 09:11
GHO%E9%95%9C%E5%83%8F%...
11.18 09:11
stories.exe
11.17 10:11
wwbizsrvs.exe
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe
11.15 01:11
msf.exe

Latest News
11.18 09:11
[AIS 2024 영상] 윤두식 이로운앤...
11.18 09:11
Samsung Jumps as Surpr...
11.18 09:11
한국장학진흥원, 반려동물장례지도사 자격증...
11.18 09:11
키르시 블렌딩 X 마인드어데이, 콜라보레...
11.18 09:11
글로벌 포장 용기 제조기업 수창티피에스,...
11.18 09:11
Hackaday Links: Novemb...
11.18 09:11
Nvidia Faces New Chip ...
11.18 09:11
아이케미스트, '2024 창업 경진대회'...
11.18 09:11
[AIS 2024 영상] 정일옥 이글루코...
11.18 09:11
[AIS 2024 영상] 이승훈 퓨쳐시스...

Dropped Files | ZeroBOX

Name	5b2476bb2b907f5c_sihost32.exe Submit file
Filepath	C:\Windows\System32\Microsoft\Telemetry\sihost32.exe
Size	8.0KB
Processes	1172 (svchost32.exe)
Type	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5	`9eae8476aa2169308cf0cbb90e7e295c`
SHA1	`e5daac73bce3b0abca50853fc7ab5c3ea58afc0c`
SHA256	`5b2476bb2b907f5c3aaa4554a8a493971c8c92b5566acf4db0888f2b4ec4d3ac`
CRC32	`9E94F959`
ssdeep	`192:pq/aCAj492+j6Zw5HjDHFX2/8udWLWTaY:p0zA092+mZwxjD4/l4LWTaY`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
VirusTotal	Search for analysis

Name	7366603786022206_d93f411851d7c929.customDestinations-ms~RF2d2a41.TMP Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF2d2a41.TMP
Size	7.8KB
Processes	808 (powershell.exe) 2756 (powershell.exe)
Type	data
MD5	`0d8b1d7c3d51432d56dce8d67345c448`
SHA1	`dfa1f0646a8426d1a1cf797140af12ed84c59240`
SHA256	`73666037860222064a94258df37da2604681b0f5c5be9bd64c773be576209432`
CRC32	`B3206F20`
ssdeep	`96:YtuCaGCPDXBqvsqvJCwo9tuCaGCPDXBqvsEHyqvJCworg7HwxSlUVul:YtzXo9tzbHnorrx0`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	8d9e42a474bb4672_590aee7bdd69b59b.customDestinations-ms~RF2e51c9.TMP Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF2e51c9.TMP
Size	7.8KB
Processes	2292 (powershell.exe) 1280 (powershell.exe)
Type	data
MD5	`44f3d4ce81665576d224ef28491e3467`
SHA1	`35a43c1bd068d54aefd18f4025fc15190d4371fb`
SHA256	`8d9e42a474bb46724a9b3e52c9b479357afbde506433035c039b530415725c9a`
CRC32	`06628F86`
ssdeep	`96:YtuCaGCPDXBqvsqvJCwo9tuCaGCPDXBqvsEHyqvJCworntDHXySlUVul:YtzXo9tzbHnortTy0`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	907e4bb6f5a6c3e2_590aee7bdd69b59b.customDestinations-ms~RF2dd084.TMP Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF2dd084.TMP
Size	7.8KB
Processes	836 (powershell.exe) 972 (powershell.exe)
Type	data
MD5	`39a264e68519090ead8b4b8f2bc8be24`
SHA1	`04f5eab079c20284a8f2f13a7521601fbb523eb4`
SHA256	`907e4bb6f5a6c3e24c1d12cdf139c23d5fb9faf327ee4dffd2d7527e97bf0955`
CRC32	`BD60B1EB`
ssdeep	`96:YtuCaGCPDXBqvsqvJCwo9tuCaGCPDXBqvsEHyqvJCworLtDHXySlUVul:YtzXo9tzbHnorRTy0`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	8f434e6fab0124a0_svchost32.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\svchost32.exe
Size	1.9MB
Processes	2324 (itstartup.exe) 2792 (cmd.exe)
Type	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5	`72248b0c365e99698a3513070530d342`
SHA1	`07fa06fe80c1ce24ae5b5f283d7bdedfdf687e50`
SHA256	`8f434e6fab0124a0388301c5407dfb0b0cc768d38c54a7f1969222acf23fd18f`
CRC32	`F027DF07`
ssdeep	`49152:lqtWBRz1tCnKlOUvFFgihtckeGHesY7XCBJkNYpAUhGVKOz:UKz1tCnKlOULvhtZHesA+JkNYp38UOz`
Yara	Malicious_Packer_Zero - Malicious Packer IsPE64 - (no description) PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
VirusTotal	Search for analysis

Name	c882282abe9b1bb5_itstartup.exe Submit file
Filepath	C:\Windows\itstartup.exe
Size	1.9MB
Processes	1196 (5.exe)
Type	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5	`cb3f6c0527f6eae9d8e5561e65080e20`
SHA1	`6c4506a90ffd593039b7b82ce78d7f4f04c919d8`
SHA256	`c882282abe9b1bb5349e4d9ff9752ab27e4499289311e3544a3a1409c76c848f`
CRC32	`28D79147`
ssdeep	`24576:4Y6K89yws3tS+uTeoxMlQEhQEL9Ha6CuT7k9Y5IlhwM6MjbJOW5eOF6foRpKjQ9h:n9I+oeuM3tHku89fJAdfoRpKjHDeG1`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
VirusTotal	Search for analysis