Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
01.18 04:01
svc.exe
01.18 04:01
RemittanceForms.exe
01.18 04:01
Aristois-Free.jar
01.18 10:01
setup641.msi
01.18 10:01
Needle_Setup.exe
01.18 10:01
8734_5737.exe
01.18 10:01
CondoGenerator.exe
01.18 10:01
QGFQTHIU.exe
01.18 10:01
4909_7122.exe
01.18 10:01
Updater.exe

Latest News
01.19 03:01
Putting Cheap Motorcyc...
01.19 03:01
Trump Will ‘Most Likel...
01.19 01:01
DOJ confirms arrested ...
01.19 12:01
Sicher und günstig: Sc...
01.19 12:01
Learn New Tools, or Ho...
01.18 10:01
Deutschland auf Platz ...
01.18 10:01
Suchmaschine: Google-S...
01.18 10:01
24H2: Microsoft drängt...
01.18 09:01
FBI Warned Agents It B...
01.18 09:01
JTAG & SWD Debuggi...

Dropped Files | ZeroBOX

Name	a9220271c0eb79e5_d93f411851d7c929.customdestinations-ms Submit file
Filepath	c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size	7.8KB
Processes	2712 (powershell.exe)
Type	data
MD5	`b0c9ff441742f3847ea27da9dee7f2cd`
SHA1	`c42a1eb32ba953a0ce5d8635caabf71b5b281495`
SHA256	`a9220271c0eb79e5750e0d0e62058ecac560e09cdf9e82ef61aeeabada5d48a4`
CRC32	`0BBCAB1A`
ssdeep	`96:RutuCOGCPDXBqvsqvJCwo+utuCOGCPDXBqvsEHyqvJCworSP7Hwxf2lUVul:UtvXoxtvbHnorrxQ`
Yara	Generic_Malware_Zero - Generic Malware Antivirus - Contains references to security software
VirusTotal	Search for analysis

Name	400e0cc5157e5335_msiexec2.exe Submit file
Filepath	C:\Roamiing\msiexec2.exe
Size	14.0KB
Processes	2324 (final00.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`ec42538e067cb691ed4737e1869b3ae6`
SHA1	`dc5edfaf918fc1780653f7318776614f7f620160`
SHA256	`400e0cc5157e533563258637753adcff43cef210384d5b15470b4270008ca26b`
CRC32	`0CC432D7`
ssdeep	`384:zQlIb8NIwrh5a5SV2vHq7WhLjWPptYcFmVc03K:0lIC0jwtYcFmVc6K`
Yara	IsPE32 - (no description) UPX_Zero - UPX packed file Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description)
VirusTotal	Search for analysis

Name	d733b1d6db79ff95_securityhealthservice.exe Submit file
Filepath	C:\Roamiing\SecurityHealthService.exe
Size	377.3KB
Processes	2324 (final00.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`88c6797cc408a3e51449a009d5cfdc24`
SHA1	`dadad8c3c3a054e3215fcf009ca96948f1cdaca4`
SHA256	`d733b1d6db79ff95e78817b5ee12e31516974fbce52ade8e91d68717f2593d45`
CRC32	`9848F55F`
ssdeep	`6144:gC7SKMM5aZsDST4iUTvisdYvdWGp8qgVOhFCiaxrq4HPxW/8p4/vaYPd+UAtAxGF:gASKNgZwSJ2KsdYFnp8uCiaxrq4HPQmD`
Yara	IsPE32 - (no description) Generic_Malware_Zero - Generic Malware Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description)
VirusTotal	Search for analysis

Name	cebeaddd8bf2b4a3_tmp31aa.tmp.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmp31AA.tmp.exe
Size	4.0MB
Processes	2632 (msiexec2.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`8be2acb42cf8929bf0575df2654aafe4`
SHA1	`c509d4ab3be1ed47308c7d8e5eb4fa85e9ad63f1`
SHA256	`cebeaddd8bf2b4a349fa1fa7b80842268660b983eebab57b546feded0e535192`
CRC32	`50F738AF`
ssdeep	`49152:FBtJgZgzgi/xMQg3Q3cX5C/wnvdAlPjcmYzMQsiS:FBHtzgi/Qsb`
Yara	IsPE32 - (no description) Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description)
VirusTotal	Search for analysis

Name	52c474d38018c2c1_windowssystemguardruntime.exe Submit file
Filepath	C:\Roamiing\WindowsSystemGuardRuntime.exe
Size	87.0KB
Processes	2324 (final00.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`4a9d4abfb8223cd093de8feaaac74023`
SHA1	`5b6137e6f3fb19119d6012a8a85a70374ba4a294`
SHA256	`52c474d38018c2c1f6db350b60013533861419f419bd15dbefad50069717c591`
CRC32	`8E9947ED`
ssdeep	`1536:Dughq0kHnDeKiy9mWrhVfPXHcpPkm9pyvbgDFpBT2dJqx9:Cg4UDy9Jr7/SkmgbgDFpBToJqz`
Yara	IsPE32 - (no description) Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description) Malicious_Packer_Zero - Malicious Packer
VirusTotal	Search for analysis

Name	fd69be5655eee6d8_dataencod.exe Submit file
Filepath	C:\Roamiing\dataencod.exe
Size	748.3KB
Processes	2324 (final00.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`1c44718d56ab94d84afb92cc36e5b216`
SHA1	`3ffeb5aad0a9b445efb42b05d54dfaaf41a52e11`
SHA256	`fd69be5655eee6d895c1dddecd37e0e84a99561ef761a5144fd61e240ef5d996`
CRC32	`AEF69A35`
ssdeep	`12288:8OrbqnXYlhe/IAK2cKjTeQv9b9kDGaLnr0bnxeEOmF:8OrbKyheQV2cKjTeqbGDGOr0VMmF`
Yara	IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description)
VirusTotal	Search for analysis