Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Dropped Files | ZeroBOX

Name	728f6771a46f716c_server.exe Submit file
Filepath	C:\Windows\Temp\server.exe
Size	192.0KB
Processes	2312 (Selap.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`7bef09c57eb8bf80b087c8c3db4e3dcb`
SHA1	`57b27ed1743be7e3532fbf78d6579944a414ae73`
SHA256	`728f6771a46f716c6f8183cfea703c34333f8f743a95aca2be9e24d4e6e92a22`
CRC32	`0BBA196C`
ssdeep	`3072:V8B9tMfP9ZGFwgvRLLCzOYFDq+UdnIPPlMzcsofIw+KaX0LcHLkMIIRu:V6M96wgvRHCzOYtqlGyzcsX3KA0LQIQg`
Yara	PE_Header_Zero - PE File Signature Win_Backdoor_GhostRAT_Zero - Win Backdoor GhostRAT IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library
VirusTotal	Search for analysis

Name	941974b349d806cb_8848diao.exe Submit file
Filepath	C:\Windows\Temp\8848Diao.exe
Size	4.7MB
Processes	2444 (Cacrk.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`12fcd76bd094905072ec94f3ede64122`
SHA1	`254c6afaf40c87d82f19862c817a313bcbe89982`
SHA256	`941974b349d806cb905a01b088dcb5d73863639d054f9b91baba198c3f8d2392`
CRC32	`8D5A62E0`
ssdeep	`98304:eH8J9bw7npeOTQLjHYkANSBYnUSsIqkGJH7bWB5GWYDxXKvyorvE9i1jo6AEOavR:eH89bwteOuj4kARBsI0JHnZQbvfOavie`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	21b111cbfe6e8fca_e3539977 Submit file
Filepath	C:\Windows\SysWOW64\E3539977
Size	7.0B
Processes	2408 (server.exe)
Type	ASCII text, with no line terminators
MD5	`7a1920d61156abc05a60135aefe8bc67`
SHA1	`808d7dca8a74d84af27a2d6602c3d786de45fe1e`
SHA256	`21b111cbfe6e8fca2d181c43f53ad548b22e38aca955b9824706a504b0a07a2d`
CRC32	`2CE33943`
ssdeep	`3:qR:qR`
Yara	None matched
VirusTotal	Search for analysis

Name	4def25bfde1457ef_cacrk.exe Submit file
Filepath	C:\Windows\Temp\Cacrk.exe
Size	28.0KB
Processes	2312 (Selap.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`ca1d49f98c9521e443f5163fcf17310b`
SHA1	`1adb42029997c8351df9d5760e4ad41563d64a13`
SHA256	`4def25bfde1457ef315ebfcf6523021223bbcf31fdfc3da68aba1d164818322f`
CRC32	`5C873873`
ssdeep	`384:VA5Nojv0WqFkPfNq7A1Sm8yWBVjHzzdU:VQob0WOkC6P8lzm`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	d9a0c45892a88bed_cacrk.dll Submit file
Filepath	C:\Program Files\Cacrk\Cacrk.dll
Size	212.5KB
Processes	2444 (Cacrk.exe)
Type	data
MD5	`75b8457886150ae96f2e9a1b4790c2c4`
SHA1	`5312547a52cb3db3bdd11ac49eedd9902d7feea1`
SHA256	`d9a0c45892a88bed77145053740b6224b20bafeeed0f7cda3bacbf3f4cc4ac2d`
CRC32	`7023235B`
ssdeep	`3072:QJpgQGC1S4VjVWAqdk0A0WXLQ0zJmryBS2ZIXYoZ5I158+U49mEuuG4ZF7:SnV1HjV3qS0r0zJy2GIoZ5K++zuuG47`
Yara	None matched
VirusTotal	Search for analysis