Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.20 09:11
mainbas.bat
11.20 09:11
dll007.dll
11.20 09:11
exe004.exe
11.20 09:11
exe010.exe
11.20 09:11
blecher.exe
11.20 09:11
GetAdapterInfo.exe
11.20 09:11
dll004.dll
11.20 09:11
dll008.dll
11.20 09:11
bestthingsalwaysgetbes...
11.20 09:11
DKM-9067291.pdf.lnk

Latest News
11.20 08:11
Threat Assessment: Ign...
11.20 08:11
Inside the Booming ‘AI...
11.20 08:11
Deep in the Jungle, Vi...
11.20 08:11
[NEU] [mittel] lxml: S...
11.20 08:11
[NEU] [mittel] Rancher...
11.20 08:11
[NEU] [mittel] Arista ...
11.20 08:11
So schützen Sie sich b...
11.20 08:11
Microsoft KI und Cloud...
11.20 08:11
Ihre Daten sind unter ...
11.20 08:11
Cybersecurity mit KI: ...

Dropped Files | ZeroBOX

Name	96bbab0cc623f478_iospecial.ini Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nsuE55F.tmp\ioSpecial.ini
Size	776.0B
Processes	2788 (yjghost_gw.exe)
Type	ISO-8859 text, with very long lines, with CRLF line terminators
MD5	`de2131aae272fceec1101db9c0d6ca94`
SHA1	`ff0237ab7abfbc783b3df0e8e4958d5ac43ab187`
SHA256	`96bbab0cc623f478b812bbf0048541caa6ac5c9caca3dc91b153dd8ed4294573`
CRC32	`40A89B81`
ssdeep	`12:lOu8dfAgQRvAPOLM7hk4gNhJ2+0shp4gNDiOmE7+ZpQlmccAJe4GmHynw8sn:6kRvAZ7hk1Nz7z1ZKE71dM8HyWn`
Yara	None matched
VirusTotal	Search for analysis

Name	9eb652c8be321c5c_nsisplugin.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nsuE55F.tmp\NsisPlugin.dll
Size	178.5KB
Processes	2788 (yjghost_gw.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`320f6ddb5f1e837cca91f9dc9ea3fa7a`
SHA1	`35749d49555ac7d08fc472233a09a56afc5625d1`
SHA256	`9eb652c8be321c5c925f437f0710e169c71fd6390fe69171b6f0942956ce71ec`
CRC32	`6B1EBC0C`
ssdeep	`3072:QQJp1SzSXr0cVT0Cr91emHQxWRfyBUhH4liyGKkNlDeXCu4og:QQJpYz9cVT0Cr9sHiqSHkiT9Eeo`
Yara	Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description) IsDLL - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	cc29b47a2cf92483_ser.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nsuE55F.tmp\ser.dll
Size	1.1MB
Processes	2788 (yjghost_gw.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`f199d14497aef655a20df000e006fda3`
SHA1	`1a118b2d8265eab1eba16f466580dbacc6e5e717`
SHA256	`cc29b47a2cf924833e3e78a5985955801235556dd3b489ec9aca8665bcc32355`
CRC32	`92957550`
ssdeep	`24576:Ehl5ZIfKQr28gM5//3XFEKjjBnY5MpqL56Q0gux:EhTogM/FEKZpqL5X0gux`
Yara	Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description) IsDLL - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_nskE520.tmp Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\nskE520.tmp
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	29dbfde0ab20f31d_bcdedit.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nsuE55F.tmp\bcdedit.exe
Size	338.0KB
Processes	2788 (yjghost_gw.exe)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`67a57a47eb806e1064a81a9b2291bd7a`
SHA1	`b1dfa5421ec035e197b0d989dcc4a1587db00fa0`
SHA256	`29dbfde0ab20f31de72b8a9b50f9843ae7cafb62933f4f306e7168d4acf33947`
CRC32	`8EDD9352`
ssdeep	`3072:EjJZxKP7bfONZov4ygwimJ4Y82YbqEySOL2ISTxxO/ctOrUxq4RhdNV/ysXo34D0:6S7DONZovngxmJn822qEB0Rb0O`
Yara	Malicious_Packer_Zero - Malicious Packer IsPE64 - (no description) PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
VirusTotal	Search for analysis

Name	fcef6727dd7405ca_path.ini Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nsuE55F.tmp\path.ini
Size	564.0B
Processes	2788 (yjghost_gw.exe)
Type	ISO-8859 text, with CRLF line terminators
MD5	`e372c566b01d802bf792b90856eb7cc3`
SHA1	`d06267ab71b842dff59105ed04e4bdf27656a0b4`
SHA256	`fcef6727dd7405cad874cddebd81c596f88181ab1ebf3013677f05a53cb1bee8`
CRC32	`0EC1DA43`
ssdeep	`12:lNHZqOj42WQDeuQ+jwX1loT8txqH2978t9XlwSYy4IG4SYyn:tqOjM1MjwO8tsW978tU/yRG4/yn`
Yara	None matched
VirusTotal	Search for analysis

Name	03bc4e353a9fde23_killproc.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nsuE55F.tmp\KillProc.dll
Size	58.4KB
Processes	2788 (yjghost_gw.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`9a955539e920df4a137d78338d2743cb`
SHA1	`3e6a81093c59abd42a7c477bc64fffcc989f07cf`
SHA256	`03bc4e353a9fde23adebd4b9a6b57489311fd94792eee3642f2fae7c4ae07fca`
CRC32	`A7983A97`
ssdeep	`768:sf7uDRya/fjAYHVipkbAuQl/tFesrhyjnWLMXsl8Zn2DEDdHIKavcBJ+EREE:k6DcD4QkSl1l9yDC/lcjHIKDgEmE`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description) IsDLL - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	f203a8ba71e38d64_installoptions.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nsuE55F.tmp\InstallOptions.dll
Size	19.7KB
Processes	2788 (yjghost_gw.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`50754923436c7a05ab65d18ff3bd0bdc`
SHA1	`88221e68391c68edc8e00cda8aa2e71c2eb3966a`
SHA256	`f203a8ba71e38d643fc75196ee2174e06196b9bf478817e5a21c628fa863dabf`
CRC32	`70125C67`
ssdeep	`384:A6UdHXcIiY535zBt2jw+BEnbo1d5GdPy0exPhqkW8tYU:LU5coPz/200EnbopGixWA`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) IsDLL - (no description)
VirusTotal	Search for analysis

Name	69c2f91ac8528d2f_modern-wizard.bmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nsuE55F.tmp\modern-wizard.bmp
Size	185.8KB
Processes	2788 (yjghost_gw.exe)
Type	PC bitmap, Windows 3.x format, 159 x 299 x 32
MD5	`587c7150571550bb51b75e623c368983`
SHA1	`03c87704e4271be53757cc32f26de8dd41c231a9`
SHA256	`69c2f91ac8528d2fbfd03d7c704e7a2c65289a7d35f9636f2df397b218e61f12`
CRC32	`FEBEDD1E`
ssdeep	`3072:SVCpXAyJJoJn9ngWKnDt+88QBeonwfgIonjwbir1i6lw4eKpJ45P0iVISrZHlR9c:I9ngWKnZ+88geonygIonjwbirFKhOJ8c`
Yara	None matched
VirusTotal	Search for analysis

Name	0d4cdde81623a53e_speed_set.ini Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nsuE55F.tmp\speed_set.ini
Size	382.0B
Processes	2788 (yjghost_gw.exe)
Type	ISO-8859 text, with CRLF line terminators
MD5	`d0db55cc16707fd3b0101b4ef2bda379`
SHA1	`6d80e23677fee53ffc7c7bbc9cfa5ee87f548f3e`
SHA256	`0d4cdde81623a53e5554bc1148365d432c4c9e0ee26d98e3b1c9de430a4912b8`
CRC32	`3B0CE75E`
ssdeep	`6:lNSG8zolpoOKJw783QPTzvKfuuNaiKKF23Q+EDzvdZMCuuNaie:lNJlDexQLzvKfoi7F2Q+EXvd1oie`
Yara	None matched
VirusTotal	Search for analysis

Name	860a8fede48d583d_system.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nsuE55F.tmp\System.dll
Size	24.1KB
Processes	2788 (yjghost_gw.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`fdc888db455821417cbcc2cf73bd5a57`
SHA1	`1aab624e8b98417d06e4fa6ba52405f2f452ae69`
SHA256	`860a8fede48d583d67a3a1084369073c073136ffb0f7d19d0b5e452b8a19711e`
CRC32	`25B01024`
ssdeep	`384:LViJrtFRdbmXK8+PCw4bnYPLk1eMLzV4MG2+JNY1cAhhV5p:LVafbmXKXqwwjL9cocAhL`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) IsDLL - (no description)
VirusTotal	Search for analysis

Name	76e4f2bc010069cc_licence.ini Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nsuE55F.tmp\licence.ini
Size	316.0B
Processes	2788 (yjghost_gw.exe)
Type	ISO-8859 text, with CRLF line terminators
MD5	`57f0efe40361f82087b480553e22b9e1`
SHA1	`87c835cd0583cf0c1d5ea1de1c30b0df765a026b`
SHA256	`76e4f2bc010069cce2245306cafa0736a273ea0db1dcfa5b6bd48bc1205f86db`
CRC32	`C837DFE1`
ssdeep	`6:lNSqnzoToOKSyZ783QEn4UAF23Q6Jon4J6:lNNEl3y2Q9UAF2Q6J5J6`
Yara	None matched
VirusTotal	Search for analysis