Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.20 09:11
mainbas.bat
11.20 09:11
dll007.dll
11.20 09:11
exe004.exe
11.20 09:11
exe010.exe
11.20 09:11
blecher.exe
11.20 09:11
GetAdapterInfo.exe
11.20 09:11
dll004.dll
11.20 09:11
dll008.dll
11.20 09:11
bestthingsalwaysgetbes...
11.20 09:11
DKM-9067291.pdf.lnk

Latest News
11.20 08:11
Threat Assessment: Ign...
11.20 08:11
Inside the Booming ‘AI...
11.20 08:11
Deep in the Jungle, Vi...
11.20 08:11
[NEU] [mittel] lxml: S...
11.20 08:11
[NEU] [mittel] Rancher...
11.20 08:11
[NEU] [mittel] Arista ...
11.20 08:11
So schützen Sie sich b...
11.20 08:11
Microsoft KI und Cloud...
11.20 08:11
Ihre Daten sind unter ...
11.20 08:11
Cybersecurity mit KI: ...

Dropped Files | ZeroBOX

Name	8dbe3743d544e973_win32evtlog.pyd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI23362\win32evtlog.pyd
Size	67.0KB
Processes	2336 (%e9%87%8d%e8%a6%81%e9%80%9a%e7%9f%a5%e9%99%84%e4%bb%b6-%e6%96%87%e4%bb%b6%e9%98%b2%e6%b3%84%e5%af%86%e8%87%aa%e6%9f%a5%e6%89%8b%e5%86%8c.doc.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`2025300005385e007b02d4b5f39234c2`
SHA1	`80006318d8c0e55a324de58a6347c198d455f5ff`
SHA256	`8dbe3743d544e973cf122a05ee59cc40782e1854786446a5e39ec90c36f86429`
CRC32	`959D6C11`
ssdeep	`1536:6Jk9JlBxuNzjmNe9/OK8UPmGwICQIiGOl3SLeR5M:6Jk9JlBxU9WK8qmNICTiGOl3S6R5M`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	a75aa54781de3c97__socket.pyd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI23362\_socket.pyd
Size	50.0KB
Processes	2336 (%e9%87%8d%e8%a6%81%e9%80%9a%e7%9f%a5%e9%99%84%e4%bb%b6-%e6%96%87%e4%bb%b6%e9%98%b2%e6%b3%84%e5%af%86%e8%87%aa%e6%9f%a5%e6%89%8b%e5%86%8c.doc.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`f28dc3a4451c29fea272d7ae063425c5`
SHA1	`ece376146a7115cd5b1ad141a59fff25b6da6a5d`
SHA256	`a75aa54781de3c97f5b4c2e0389d5ad39602cda6fcd5a3810667a4cf24f4286a`
CRC32	`7E41E741`
ssdeep	`768:txzhmVR45ePaPwfrGe50ehXfnDMUWYVyzWGzH1P/FbsN7us1e9FTOyW:txzqR45ePIwqeDhXfn0HV/FbC7febr`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description)
VirusTotal	Search for analysis

Name	985902e081356498_bz2.pyd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI23362\bz2.pyd
Size	90.5KB
Processes	2336 (%e9%87%8d%e8%a6%81%e9%80%9a%e7%9f%a5%e9%99%84%e4%bb%b6-%e6%96%87%e4%bb%b6%e9%98%b2%e6%b3%84%e5%af%86%e8%87%aa%e6%9f%a5%e6%89%8b%e5%86%8c.doc.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`51fdb7790e680a394e9936498d3a73fa`
SHA1	`fab9f97feee68fbd9225de051349ac3258920fa2`
SHA256	`985902e0813564981059c2f57282614f5a907dc3df0273ba7bef2ad64123c921`
CRC32	`91FD243F`
ssdeep	`1536:y2swYRURXPj3/W3yd/nVu26F3RjrEOxZhuhiDOou9vquMpY62e84+f/PPgTt/:iwYRUR7/W3yd/npS3BE8uhiDO3vquGYa`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description)
VirusTotal	Search for analysis

Name	cdf44ce54415aba1_pywintypes27.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI23362\pywintypes27.dll
Size	135.5KB
Processes	2336 (%e9%87%8d%e8%a6%81%e9%80%9a%e7%9f%a5%e9%99%84%e4%bb%b6-%e6%96%87%e4%bb%b6%e9%98%b2%e6%b3%84%e5%af%86%e8%87%aa%e6%9f%a5%e6%89%8b%e5%86%8c.doc.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`9db2c540bcad7b91a6bc09d3d5e71204`
SHA1	`a9213bec75751f3fc6ea7993f0c3432286e732a7`
SHA256	`cdf44ce54415aba1fad74eecbbee716372ce8e8d75b9ea9559103f2794a4b325`
CRC32	`5DFD894F`
ssdeep	`3072:ULrNY9ZL8JVdkZnbQ2YrrC0z5m91Hu01EOlmUlCIMy:UPNYDIruxbQ2YrrC0tm9Vu2EOlmUlCI`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	417ecb5fe0caf271_select.pyd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI23362\select.pyd
Size	11.5KB
Processes	2336 (%e9%87%8d%e8%a6%81%e9%80%9a%e7%9f%a5%e9%99%84%e4%bb%b6-%e6%96%87%e4%bb%b6%e9%98%b2%e6%b3%84%e5%af%86%e8%87%aa%e6%9f%a5%e6%89%8b%e5%86%8c.doc.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`c76ccf3e7883917832c3b2fa2b980aa1`
SHA1	`f35f0424522f3986f5917725b8c0b515bd80bf46`
SHA256	`417ecb5fe0caf271ae53fd9132f4a6d50cb5304d586548f964a546cd5858f347`
CRC32	`710B0195`
ssdeep	`192:MAwvSWlNmvru6GuAdTdZXaGI3X+Mw69c1U5dz2R:M0WlNmTu6AdTdZXX4869uA`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description)
VirusTotal	Search for analysis

Name	e88299ea1a140ff7_msvcr90.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI23362\msvcr90.dll
Size	629.4KB
Processes	2336 (%e9%87%8d%e8%a6%81%e9%80%9a%e7%9f%a5%e9%99%84%e4%bb%b6-%e6%96%87%e4%bb%b6%e9%98%b2%e6%b3%84%e5%af%86%e8%87%aa%e6%9f%a5%e6%89%8b%e5%86%8c.doc.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`552cf56353af11ce8e0d10ee12fdcd85`
SHA1	`6ab062b709f851a9576685fe0410ff9f1a4af670`
SHA256	`e88299ea1a140ff758163dfff179fff3bc5e90e7cfbbd178d0c886dbad184012`
CRC32	`799FF6C1`
ssdeep	`12288:BD6NCL00fQwUX9iOv2ME0cbejlzKaswsmqy7oh41oZ:l2CLFffUNiK20yejFsZmqy7ohOW`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen IsDLL - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
VirusTotal	Search for analysis

Name	30e4ba7862154d99_uuid_loader1.exe.manifest Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI23362\uuid_loader1.exe.manifest
Size	1.3KB
Processes	2336 (%e9%87%8d%e8%a6%81%e9%80%9a%e7%9f%a5%e9%99%84%e4%bb%b6-%e6%96%87%e4%bb%b6%e9%98%b2%e6%b3%84%e5%af%86%e8%87%aa%e6%9f%a5%e6%89%8b%e5%86%8c.doc.exe)
Type	XML 1.0 document, ASCII text, with CRLF line terminators
MD5	`5dd7dcf8cf647908b20a69a2f1a9fe15`
SHA1	`818308c2d53cfd95b4882909e13643852550afca`
SHA256	`30e4ba7862154d9917f8bfb40c0b752eb74e1b62e2d5b78f21fca794f50987ca`
CRC32	`E627F0EC`
ssdeep	`24:2dtn3ZngPN2v+zg6nEN4Xvomc0+bLgmNRme5rcb3S:ch3RgF2+zgx0vomJ+bLguRmemS`
Yara	None matched
VirusTotal	Search for analysis

Name	eb1d362015f2a200_win32api.pyd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI23362\win32api.pyd
Size	127.5KB
Processes	2336 (%e9%87%8d%e8%a6%81%e9%80%9a%e7%9f%a5%e9%99%84%e4%bb%b6-%e6%96%87%e4%bb%b6%e9%98%b2%e6%b3%84%e5%af%86%e8%87%aa%e6%9f%a5%e6%89%8b%e5%86%8c.doc.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`3f889f9a8a4f8cc29b517eaeb9053cca`
SHA1	`778a65edd208e6dcccc27b33a8b09a298f59d42d`
SHA256	`eb1d362015f2a200377f9e8efdc42b72d9f70a71f98e96bc6b990920e817af32`
CRC32	`2F8FA8DA`
ssdeep	`3072:L+HxcQYjAaYLl2j+ahLaBBoX9GsfvB1KDM2p61z6h7KDqb:L+HxGjA1l2CZsfvB1yMtz6hm`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	cda9a6478417629c__hashlib.pyd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI23362\_hashlib.pyd
Size	1.6MB
Processes	2336 (%e9%87%8d%e8%a6%81%e9%80%9a%e7%9f%a5%e9%99%84%e4%bb%b6-%e6%96%87%e4%bb%b6%e9%98%b2%e6%b3%84%e5%af%86%e8%87%aa%e6%9f%a5%e6%89%8b%e5%86%8c.doc.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`6f784c403e2097d11331f8778f6d9d2c`
SHA1	`64ecd6ee875f89a88204e673acae9547992fd085`
SHA256	`cda9a6478417629cb40809aad57bd5a884f183333506d00008d16e47368fd633`
CRC32	`0B22E7EF`
ssdeep	`24576:/k4G5BcjSnTFZ+4zM7CuqXzdx6HyPfKGtlq/VwASOJHpyN0c:/3GBcjSnxzPpWyXKGtlq/VwASOJHpy`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description)
VirusTotal	Search for analysis

Name	45edce458a292465_unicodedata.pyd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI23362\unicodedata.pyd
Size	676.0KB
Processes	2336 (%e9%87%8d%e8%a6%81%e9%80%9a%e7%9f%a5%e9%99%84%e4%bb%b6-%e6%96%87%e4%bb%b6%e9%98%b2%e6%b3%84%e5%af%86%e8%87%aa%e6%9f%a5%e6%89%8b%e5%86%8c.doc.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`6c38211cc951d7800cb961f4bb16716c`
SHA1	`fe49ce52862fa87fc6c2ae8731a3c22b69dcd3ba`
SHA256	`45edce458a292465d784e07a3ffd46580aab0a4f925c40704bc45a60325e7537`
CRC32	`D61927FC`
ssdeep	`12288:ivXY3AxoMPBt8FpQsVdFiI5mZMPXubUxktwd:EX+RM8XQsVdXSPAxLd`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description)
VirusTotal	Search for analysis

Name	8b34761f3f4d3453_msvcm90.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI23362\msvcm90.dll
Size	240.0KB
Processes	2336 (%e9%87%8d%e8%a6%81%e9%80%9a%e7%9f%a5%e9%99%84%e4%bb%b6-%e6%96%87%e4%bb%b6%e9%98%b2%e6%b3%84%e5%af%86%e8%87%aa%e6%9f%a5%e6%89%8b%e5%86%8c.doc.exe)
Type	PE32+ executable (DLL) (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5	`747612bb509b4f71291732e2f2d8a1e6`
SHA1	`9f0963deed530fb7b48aec9fa3bb02aefb3e1d42`
SHA256	`8b34761f3f4d345359660fd05f288d94e871f2819efe639b93eb9416e92106fb`
CRC32	`B4639D22`
ssdeep	`3072:QiN/Dv33XymC2cD/uqll+m2aztQMVQDreh55svwSRm3SrYOpctRZ:QOD3ATcaztFVQ/eh556RmirYOpk`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware Is_DotNET_DLL - (no description) IsDLL - (no description) UPX_Zero - UPX packed file Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
VirusTotal	Search for analysis

Name	a2dbf5a7efa1c12d_microsoft.vc90.crt.manifest Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI23362\microsoft.vc90.crt.manifest
Size	1.0KB
Processes	2336 (%e9%87%8d%e8%a6%81%e9%80%9a%e7%9f%a5%e9%99%84%e4%bb%b6-%e6%96%87%e4%bb%b6%e9%98%b2%e6%b3%84%e5%af%86%e8%87%aa%e6%9f%a5%e6%89%8b%e5%86%8c.doc.exe)
Type	XML 1.0 document, ASCII text, with CRLF line terminators
MD5	`40e0e83698f7adae975d9d850a02f1dd`
SHA1	`4d0b06b84c23f8d7588c21da8a27e32584b5501c`
SHA256	`a2dbf5a7efa1c12d778b7aef0df678bd0e4221bfdb22612817801d4e9c99b559`
CRC32	`81B1BE68`
ssdeep	`24:2dtn3mGv+zg6nEN4XviO2MsAIWV5rcb3S:ch35+zgx0vjmS`
Yara	None matched
VirusTotal	Search for analysis

Name	2c4cb4459c37a215__ssl.pyd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI23362\_ssl.pyd
Size	2.0MB
Processes	2336 (%e9%87%8d%e8%a6%81%e9%80%9a%e7%9f%a5%e9%99%84%e4%bb%b6-%e6%96%87%e4%bb%b6%e9%98%b2%e6%b3%84%e5%af%86%e8%87%aa%e6%9f%a5%e6%89%8b%e5%86%8c.doc.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`9c6d526768f8395aecff0af0d27f0063`
SHA1	`a580e2782c31ffb9365ea31dce8b337aae9eee07`
SHA256	`2c4cb4459c37a2152698e19f27350a7dbf56c51509689b1d7a65c60fb5a75751`
CRC32	`6523BF44`
ssdeep	`49152:rQ59wWjSi7o2NjGAGtlqQOgVwASO4oSp/W:rtAsYx`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description)
VirusTotal	Search for analysis

Name	a93e3bfe62afa506__ctypes.pyd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI23362\_ctypes.pyd
Size	119.5KB
Processes	2336 (%e9%87%8d%e8%a6%81%e9%80%9a%e7%9f%a5%e9%99%84%e4%bb%b6-%e6%96%87%e4%bb%b6%e9%98%b2%e6%b3%84%e5%af%86%e8%87%aa%e6%9f%a5%e6%89%8b%e5%86%8c.doc.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`28e5d05ab42adb1e7ada35f1eef1b32b`
SHA1	`0792867716c8a933305455a2c7f39d30807dad65`
SHA256	`a93e3bfe62afa5062c6257a7f347d715af346ac3aec7999b8d86a9f2580ec176`
CRC32	`A6A90C0B`
ssdeep	`3072:XqD02aM374N+3EbbLrLyOLsWyR4jfJyPZmMAh5J7SYi:tU74N+3EbbLrLNLhJjfJRMAbJpi`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description)
VirusTotal	Search for analysis

Name	2ae1f70a99a8f760_python27.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI23362\python27.dll
Size	3.3MB
Processes	2336 (%e9%87%8d%e8%a6%81%e9%80%9a%e7%9f%a5%e9%99%84%e4%bb%b6-%e6%96%87%e4%bb%b6%e9%98%b2%e6%b3%84%e5%af%86%e8%87%aa%e6%9f%a5%e6%89%8b%e5%86%8c.doc.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`4fc438493188550ea7dfb0cc153b4983`
SHA1	`2e7e79cee5ca14a584c49d7222cecd4a53beac41`
SHA256	`2ae1f70a99a8f760d3883258f0f69ae759b48270b07036e41b1e887add0c3cfc`
CRC32	`46B175B9`
ssdeep	`49152:rFYYSank9NCKMFj7PqPibNkc3CfPfnRM0gHQN1IDTP4j+yH3T5:FkPuuBvRMNHiaEpj5`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware IsDLL - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	575179b8976b180e_msvcp90.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI23362\msvcp90.dll
Size	836.4KB
Processes	2336 (%e9%87%8d%e8%a6%81%e9%80%9a%e7%9f%a5%e9%99%84%e4%bb%b6-%e6%96%87%e4%bb%b6%e9%98%b2%e6%b3%84%e5%af%86%e8%87%aa%e6%9f%a5%e6%89%8b%e5%86%8c.doc.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`140cd9886169c7b1ce811b3a1205f990`
SHA1	`cfb0a886448155fd97a4c2ecd69248e52c64b67b`
SHA256	`575179b8976b180e5db22f43a5168e4ffe863964e957e44fe3e91929acd1ff6c`
CRC32	`A21306F0`
ssdeep	`24576:Yg5ni6keQ77yaNSroZM8JNKDEKZm+hWodEEFU:Ysn3SoI`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis