Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.18 02:11
DOCTOR FIRM ORDER FORM...
11.18 09:11
babababa.exe
11.18 09:11
Jagtfalkenes.vbs
11.18 09:11
windows_update.dll
11.18 09:11
nicko.exe
11.18 09:11
GHO%E9%95%9C%E5%83%8F%...
11.18 09:11
stories.exe
11.17 10:11
wwbizsrvs.exe
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe

Latest News
11.18 05:11
Strela: A newcomer in ...
11.18 05:11
A week in security (No...
11.18 05:11
A week in security (No...
11.18 04:11
카페 어니언과 함께하는 2025 코리아브...
11.18 04:11
Singapore Oil Tycoon O...
11.18 04:11
Exploit attempts for u...
11.18 04:11
NSO Group Exploited Wh...
11.18 03:11
대한민국 전통가마 연구소 ‘태고사’ 20...
11.18 03:11
더 청담, '2024 전통문화혁신사업 수...
11.18 03:11
동방이기제작소, '2024 전통문화혁신사...

Dropped Files | ZeroBOX

Name	798af20db39280f9_sqlmap.dll Submit file
Filepath	C:\Program Files\Microsoft DN1\sqlmap.dll
Size	114.0KB
Processes	2052 (migfbewnaeopmguywjfffrvgqg.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`461ade40b800ae80a40985594e1ac236`
SHA1	`b3892eef846c044a2b0785d54a432b3e93a968c8`
SHA256	`798af20db39280f90a1d35f2ac2c1d62124d1f5218a2a0fa29d87a13340bd3e4`
CRC32	`CF004A91`
ssdeep	`3072:m3zxbyHM+TstVfFyov7je9LBMMmMJDOvYYVs:oMjTiVw2ve9LBMMpJsT`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	23390dfcda60f292_rdpwrap.ini Submit file
Filepath	C:\Program Files\Microsoft DN1\rdpwrap.ini
Size	177.6KB
Processes	2052 (migfbewnaeopmguywjfffrvgqg.exe)
Type	ASCII text, with CRLF line terminators
MD5	`6bc395161b04aa555d5a4e8eb8320020`
SHA1	`f18544faa4bd067f6773a373d580e111b0c8c300`
SHA256	`23390dfcda60f292ba1e52abb5ba2f829335351f4f9b1d33a9a6ad7a9bf5e2be`
CRC32	`51F1DEC9`
ssdeep	`768:WEUfQYczxEQBLWf9PUupBdfbQnxJcRZsMFdKlax8Rr/d6gl/+f8jZ0fyL+8F7f6/:57f6GqZm0c11IvimstYUWtN/7`
Yara	None matched
VirusTotal	Search for analysis

Name	32ff81be7818fa71_rfxvmt.dll Submit file
Filepath	C:\Windows\System32\rfxvmt.dll
Size	36.5KB
Processes	2052 (migfbewnaeopmguywjfffrvgqg.exe)
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`e3e4492e2c871f65b5cea8f1a14164e2`
SHA1	`81d4ad81a92177c2116c5589609a9a08a5ccd0f2`
SHA256	`32ff81be7818fa7140817fa0bc856975ae9fcb324a081d0e0560d7b5b87efb30`
CRC32	`40B5B78C`
ssdeep	`768:2aS6Ir6sXJaE5I2IaK3knhQ0NknriB0dX5mkOpw:aDjDtKA0G0j5Opw`
Yara	Malicious_Packer_Zero - Malicious Packer IsPE64 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description)
VirusTotal	Search for analysis

Name	824fae3331b95e2f_kwc.oCk.tmp Submit file
Filepath	C:\Users\test22\AppData\Roaming\kwc.oCk.tmp
Size	40.0KB
Type	SQLite 3.x database, last written using SQLite version 3033000
MD5	`41c19a9e8541fcb934c13c075bf47721`
SHA1	`648a7622d533d79b9a0bb31dc370134ec3a75ed7`
SHA256	`824fae3331b95e2f88ca60c87a6c9569086906ec76fc1db8d6dee9adddc4e80c`
CRC32	`560F7642`
ssdeep	`48:+35TqYzDGF/8LKBwUf9KfWfkMUEilGc7xBM6vu3f+fmyJqhU:Ulce7mlcwilGc7Ha3f+u`
Yara	None matched
VirusTotal	Search for analysis

Name	faa711f56a647a33_tkwpesH.tmp Submit file
Filepath	C:\Users\test22\AppData\Roaming\tkwpesH.tmp
Size	177.5KB
Type	UTF-8 Unicode text, with very long lines, with no line terminators
MD5	`4104a0860a7f2d089998e15a35e2af42`
SHA1	`e8832b39adb456828333dc03a9763d316bc6d1e9`
SHA256	`faa711f56a647a33d32a0d54d80123eca42dfa1186c2bb15b8c1a5d5479e1270`
CRC32	`4D5FFC88`
ssdeep	`3072:OJIcSTedOb0wUJQ1PwDztZzweDWniCZPYPC+MGQ8iTVEG+D8VbnRFQ:OmT0PJNPzzWniC+q8Pi2G+D8VbnRq`
Yara	NPKI_Zero - File included NPKI
VirusTotal	Search for analysis