Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.18 02:11
DOCTOR FIRM ORDER FORM...
11.18 09:11
babababa.exe
11.18 09:11
Jagtfalkenes.vbs
11.18 09:11
windows_update.dll
11.18 09:11
nicko.exe
11.18 09:11
GHO%E9%95%9C%E5%83%8F%...
11.18 09:11
stories.exe
11.17 10:11
wwbizsrvs.exe
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe

Latest News
11.18 05:11
Strela: A newcomer in ...
11.18 05:11
A week in security (No...
11.18 05:11
A week in security (No...
11.18 04:11
카페 어니언과 함께하는 2025 코리아브...
11.18 04:11
Singapore Oil Tycoon O...
11.18 04:11
Exploit attempts for u...
11.18 04:11
NSO Group Exploited Wh...
11.18 03:11
대한민국 전통가마 연구소 ‘태고사’ 20...
11.18 03:11
더 청담, '2024 전통문화혁신사업 수...
11.18 03:11
동방이기제작소, '2024 전통문화혁신사...

Dropped Files | ZeroBOX

Name	ec1d411e10b3c9d0_2420759.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\2420759.exe
Size	2.6MB
Processes	2236 (DownFlSetup166.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`77ab60dd0b0ba8002c7ca33fe0b992bb`
SHA1	`ff7a7f3369d386c04086d689e91d9f80ca60281b`
SHA256	`ec1d411e10b3c9d06f1fc5b0868ed2fc719daa415b0dc961c0c56783127fb817`
CRC32	`7B2F4DE8`
ssdeep	`49152:s/7LtL8zahukZcG0VSexQzMel1YJt2MJLFw0:kCahukZ5DexA+Wcy0`
Yara	Admin_Tool_IN_Zero - Admin Tool Sysinternals PE_Header_Zero - PE File Signature IsPE32 - (no description) anti_vm_detect - Possibly employs anti-virtualization techniques Is_DotNET_EXE - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file themida_packer - themida packer
VirusTotal	Search for analysis

Name	a2ce3a0fa7d2a833_e0f5c59f9fa661f6f4c50b87fef3a15a Submit file
Filepath	C:\Users\test22\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
Size	893.0B
Processes	2332 (2751895.exe)
Type	data
MD5	`d4ae187b4574036c2d76b6df8a8c1a30`
SHA1	`b06f409fa14bab33cbaf4a37811b8740b624d9e5`
SHA256	`a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7`
CRC32	`1C31685D`
ssdeep	`24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x`
Yara	None matched
VirusTotal	Search for analysis

Name	fb7f72d4ccc106c8_2751895.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\2751895.exe
Size	2.8MB
Processes	2236 (DownFlSetup166.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`7f837a0e9f257bbd1f2ba6a3bc9ee1b0`
SHA1	`9c7e01d329eb8fc63429ddaa23f459f00f085bcd`
SHA256	`fb7f72d4ccc106c8035931c4ce52a4ca152c33130a02854c165dfd40fe2712dd`
CRC32	`8847C29F`
ssdeep	`49152:ZzXuyYhn4T25AVcwSaCfDq/UXqOJtlVtN6mfB5RUW4/0yes/8U:leyYTAiWCfSUXhBVtgORVaJ8U`
Yara	PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware IsPE32 - (no description) anti_vm_detect - Possibly employs anti-virtualization techniques Is_DotNET_EXE - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file themida_packer - themida packer
VirusTotal	Search for analysis

Name	b84c3a2272c10f1c_e0f5c59f9fa661f6f4c50b87fef3a15a Submit file
Filepath	C:\Users\test22\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
Size	252.0B
Processes	2332 (2751895.exe)
Type	data
MD5	`2a0a7769d433eb864ff9f307b53a93d6`
SHA1	`cd478770f88f303ac02fb3bb0061649d75633a31`
SHA256	`b84c3a2272c10f1c257384af26036996a299878c7c3c88ee5a67dc611c50cb9a`
CRC32	`4D952C05`
ssdeep	`3:kkFklBvfllXlE/Gm3zllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB1yHdglIOt:kKZ3LliBAIdQZV7Q9gD`
Yara	None matched
VirusTotal	Search for analysis

Name	079473a1752fb5e1_tmp9060.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmp9060.tmp
Size	80.0KB
Type	SQLite 3.x database, last written using SQLite version 3033000
MD5	`5f98cfac1d9c02587e0db4a6e5a20739`
SHA1	`be4f97d8544c22d01a1b941fe835d91ffc8a5efd`
SHA256	`079473a1752fb5e18f755627476b14192bb76894459f1430888e6ae3d07bd763`
CRC32	`B01FA20E`
ssdeep	`96:JBc7fYLKYZCIdE8XwUWaPdUDg738Hsa/NhuK0l0q8oc5PyWTJereWb3lxzasq9ul:JBPOUNlCTJMb3rEDFA867/`
Yara	None matched
VirusTotal	Search for analysis

Name	63c36c790a531134_3816668.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\3816668.exe
Size	268.5KB
Processes	2236 (DownFlSetup166.exe)
Type	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`7ac47daf80d3ddd9488474142938d6f7`
SHA1	`40af79ed2c730d24a26ea575c42f60d9e0539e22`
SHA256	`63c36c790a53113451a48de8bc58b0cd750856efbef204965af0f202bb7ff619`
CRC32	`81729BDB`
ssdeep	`6144:XzzVki6rsgWd2CY1rPr3Chp67PR9oZ5pudNK:Dh56DWd2CqDr3C/67PfwrudN`
Yara	PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware IsPE32 - (no description) Is_DotNET_EXE - (no description)
VirusTotal	Search for analysis

Name	e5c7931e871678ae_tmp902B.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmp902B.tmp
Size	36.0KB
Type	SQLite 3.x database, last written using SQLite version 3033000
MD5	`8e36f9cfbb4e98a1ea4cb31b1dfd18ba`
SHA1	`271e10b8bb5623e6552f2be568b01ae93b3e5a3a`
SHA256	`e5c7931e871678ae9bf44ed496a03ba8524a3d7600a44b29a60847ddda90eb86`
CRC32	`C73EAD8F`
ssdeep	`24:TLea0RlPbXaFpEO5bNmISHdL6UwcOxvyUU3Z:TYLOpEO5J/KdGU1EyU2Z`
Yara	None matched
VirusTotal	Search for analysis

Name	7752bd0b0b002d13_4837120.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\4837120.exe
Size	265.0KB
Processes	2236 (DownFlSetup166.exe)
Type	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`7871063d2952b448be8200b109abcb4e`
SHA1	`46772c1cac03a1fcd07e63dd2a5f9c21c0c3ed11`
SHA256	`7752bd0b0b002d133b0985c318200e66ef099ababaf15da8ffd0d6a7fca8b888`
CRC32	`1C0AA404`
ssdeep	`6144:YQCS8M0bAlHuucHomxGRd2KX4Kq0G4aYhci8SV:B53lHuuUxEPX4f0aYKi8SV`
Yara	PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware IsPE32 - (no description) Is_DotNET_EXE - (no description)
VirusTotal	Search for analysis

Name	824fae3331b95e2f_tmp8FC7.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmp8FC7.tmp
Size	40.0KB
Type	SQLite 3.x database, last written using SQLite version 3033000
MD5	`41c19a9e8541fcb934c13c075bf47721`
SHA1	`648a7622d533d79b9a0bb31dc370134ec3a75ed7`
SHA256	`824fae3331b95e2f88ca60c87a6c9569086906ec76fc1db8d6dee9adddc4e80c`
CRC32	`560F7642`
ssdeep	`48:+35TqYzDGF/8LKBwUf9KfWfkMUEilGc7xBM6vu3f+fmyJqhU:Ulce7mlcwilGc7Ha3f+u`
Yara	None matched
VirusTotal	Search for analysis

Name	9e6e4772050998a5_tmp8A09.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmp8A09.tmp
Size	10.0B
Type	ASCII text, with no line terminators
MD5	`eb6b6c90251ab33cee784713c451e6d8`
SHA1	`451685e9efac4a6dc1fee73ec53ffb6b2c4c38b5`
SHA256	`9e6e4772050998a5c0dc3c61acf3dab0a7e594566171fa5746d6b62f9598efb6`
CRC32	`22598B08`
ssdeep	`3:IS:7`
Yara	None matched
VirusTotal	Search for analysis

Name	80db68b4b0216a53_2979248.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\2979248.exe
Size	67.0KB
Processes	2236 (DownFlSetup166.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`9ec6ecf38cb040515dd99edc3e964c10`
SHA1	`96013003c9055983f9e9411613364d6c29169738`
SHA256	`80db68b4b0216a5371497f59d688d88108efe0bbf3d3fea1b969cde9ce8d4168`
CRC32	`34A9B30C`
ssdeep	`1536:4j0pmn2hl/P7r+5WVUj8ljpHkxw3AXWh:A0A8P7r+5YUqFBh`
Yara	PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware IsPE32 - (no description) Is_DotNET_EXE - (no description) Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
VirusTotal	Search for analysis