Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
07.06 06:07
build.exe
07.06 06:07
CoronaVirus.exe
07.06 06:07
RedLineStealer.exe
07.06 06:07
stealc_zov.exe
07.06 06:07
newbuild.exe
07.06 06:07
setup.exe
07.06 06:07
leva.exe
07.06 06:07
CryptoWall.exe
07.06 06:07
univ.exe
07.06 06:07
inte.exe

Latest News
07.07 12:07
USENIX Security ’23 – ...
07.06 10:07
Researchers Discover C...
07.06 10:07
New Mallox Ransomware ...
07.06 09:07
[한 주를 관통하는 보안 소식] 2024...
07.06 09:07
[퀴즈 이·보·소] 최근 벌어진 국내외 ...
07.06 08:07
김포시, 70만 김포시대 대비해 최첨단 ...
07.06 08:07
식약처, ‘체외진단의료기기 품질관리 및 ...
07.06 08:07
코레일, 정보보호의 날 맞아 ‘사이버 안...
07.06 08:07
소프트웨어 가치 보장, 발주자가 앞장선다
07.06 08:07
‘AI 과학기술 강군 육성’을 위한 발돋...

Dropped Files | ZeroBOX

Name	8baad3925ecccc5e_securityhealthservice.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\SECURITYHEALTHSERVICE.EXE
Size	7.0KB
Processes	3044 (RegAsm.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`d1f5b8c61c7d3625ac3bf399e1809454`
SHA1	`ab74fe4eea2c2305df5aff758a435b70400fb772`
SHA256	`8baad3925ecccc5e1f36ad546456daacd227cabe948742f1d4f4f6f8afd81bdc`
CRC32	`F924BD3F`
ssdeep	`192:sbLH94nFa1ON8UDhlYvvk3C7DW8cWHdq:OLH9OU1ONpzYXk3CPW8cW9q`
Yara	IsPE32 - (no description) Is_DotNET_EXE - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	1178eada4d51346c_filemanage.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\FILEMANAGE.EXE
Size	7.0KB
Processes	3044 (RegAsm.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`048f1c0ada5aea3f7d53c19f0da9fd86`
SHA1	`ec20a946d901b410a712e1ce4c37ec8f40e40c7c`
SHA256	`1178eada4d51346cb5107c593cf09a84cefbceac7fc454c9de447df7f8f8b01e`
CRC32	`B0941FA3`
ssdeep	`192:G9hjLL1bhycnUqp6B4NtUqw6gR1WMsWHdZH:G9h3LHycn/gKNt/5u1WMsW9Z`
Yara	IsPE32 - (no description) Is_DotNET_EXE - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	252dc6aa0cd74244_windowshellhost.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\WIndowShellHost\WIndowShellHost.exe
Size	177.0KB
Processes	2816 (WINDOWSHELLHOSTT.EXE)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`ce3777dbf6272e26b9fb44321900216d`
SHA1	`43d90c8b28f204c96b15c697e4d50eedde8d19d1`
SHA256	`252dc6aa0cd74244202d39b610a512e1a633b68a57377f195bb1ebba4402c4a3`
CRC32	`9DE083C6`
ssdeep	`3072:oglPLuW7866sAW4I7QjNCTXPH54CYhetnlwuJNOVD3PtbgjGWlYMqxbgdGd8Kb9L:oWjZAtvCTH543e9lwuJNOZ39sG9bH`
Yara	IsPE32 - (no description) Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT Is_DotNET_EXE - (no description) PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer
VirusTotal	Search for analysis

Name	3384b96b78193ea1_securityhealthseurvic.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\SECURITYHEALTHSEURVIC.EXE
Size	7.0KB
Processes	3044 (RegAsm.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`19e08e5c5874054097ad21d56d43a9fe`
SHA1	`267130895d1418a11ca46b8ecc8f8bc2e0bc7580`
SHA256	`3384b96b78193ea1aa7ec97302ac5b60d4885055728d1b0a6080830f304733be`
CRC32	`77146E94`
ssdeep	`192:9fO9OLFK1hKHvk3sKT8R2/XDh7rWzQgLWHdI:9fO9Yk1YPk3s2IClWzQgLW9I`
Yara	IsPE32 - (no description) Is_DotNET_EXE - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	4cdb64920137a54e_filemanager.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\FILEMANAGER.EXE
Size	7.0KB
Processes	3044 (RegAsm.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`6b09a4fb590bd045c9fb930d31348890`
SHA1	`df47a973ca61085875df25976aecd7d0b9773f4c`
SHA256	`4cdb64920137a54e4e27000908808e8218e389ea0a0763630ec8f83ed4106c12`
CRC32	`B75616EF`
ssdeep	`96:U3OT79ABfCF2e8q0Uq8068fsJAYisOvk+OujD1TIoDF/WvDe2HPWwzid3ojurl:bP9AB6FnQUq806E9YMvkg7WCuWHdr`
Yara	IsPE32 - (no description) Is_DotNET_EXE - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	b5ed3ccf6fabb4c3_windowsprotect.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\WINDOWSPROTECT.EXE
Size	7.0KB
Processes	3044 (RegAsm.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`adb48081c7bc5d3061b9929eabdbda5d`
SHA1	`c5dc3544076bd1cb840b99aa74b03005a27de550`
SHA256	`b5ed3ccf6fabb4c33bc62881bfb0cc33391fc69f501d57af5c6dfa35c50a84d5`
CRC32	`9BFFC5C5`
ssdeep	`192:eVGo9D3L1bhycwA+Cvk4T8K/mhlWlnWHdJ:eVGo9rLHycDk08WlnW9J`
Yara	IsPE32 - (no description) Is_DotNET_EXE - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	d3d3b0cffd848bdb_defenderruntimee.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\DEFENDERRUNTIMEE.EXE
Size	7.0KB
Processes	3044 (RegAsm.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`86d8c840abf82333ea4ec7a1cc581150`
SHA1	`92ed26c8382f0e0377800dcf09db7431c87bc193`
SHA256	`d3d3b0cffd848bdbcb9c24200cfb520b1f84adf65b2f0bbd941289f1edad8885`
CRC32	`4031FCB5`
ssdeep	`96:X79NlVCF2nniNISs7Wv8s/QjGujD1TIoDisIWvf9Wwzid3ojCrl:L9NKF4iNISSY8s/QjNoW39WHd1`
Yara	IsPE32 - (no description) Is_DotNET_EXE - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	44e8aa0601fffe82_V5840VLMPKJ05QASMCI7.temp Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\V5840VLMPKJ05QASMCI7.temp
Size	7.8KB
Processes	1632 (powershell.exe)
Type	data
MD5	`ee6cfd78f72f03663db2a7df0c696dd7`
SHA1	`56126e81a5f6577f8e24a890185d0c9eb600fa02`
SHA256	`44e8aa0601fffe82c494bbc7d7280aa3bc5e90effe2aee2d716d5716e1d6b568`
CRC32	`F27137C4`
ssdeep	`96:EtuCcBGCPDXBqvsqvJCwoRtuCcBGCPDXBqvsEHyqvJCworu4tDHXyGlUVul:EtCgXoRtCgbHnorBTyY`
Yara	Generic_Malware_Zero - Generic Malware Antivirus - Contains references to security software
VirusTotal	Search for analysis

Name	368d0f0242ee42d8_windowsdefendersmart.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\WINDOWSDEFENDERSMART.EXE
Size	7.0KB
Processes	3044 (RegAsm.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`c7a739caf480fe864aecc21cb8de6562`
SHA1	`eab9f0aa7ad7b7027c7ca358108a8f70fa359a55`
SHA256	`368d0f0242ee42d89f338cff26a61223400fd1902e5a49a0f905495070c69e9d`
CRC32	`6AC5EC1D`
ssdeep	`192:FvSqWf9IXkF0EUqMvrOC2YYvkh8gnWuCWHdX:vWf9BqE/UaC2YAkh9WuCW9X`
Yara	IsPE32 - (no description) Is_DotNET_EXE - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	a9bbf2e85599d354_redlinesecurity.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\REDLINESECURITY.EXE
Size	7.0KB
Processes	3044 (RegAsm.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`84ae88fb820d78a96482ecf5ff8225e3`
SHA1	`a16f95e7dc3583b2d5e953a6882d683a324bd3ca`
SHA256	`a9bbf2e85599d354e29ca797e090526118a60ba0aed7974f5b24a31337765d6e`
CRC32	`AB628571`
ssdeep	`96:SU279xFaCF2jbtjUvk+qxitKNtUqMr9xujD1TIoDCWvAwPWwzid3ojprl:G9jBFCbmvkLwMNtUqMr9IEWIgWHd4`
Yara	IsPE32 - (no description) Is_DotNET_EXE - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	04c636ffdc6b27cf_s500ubnan.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\S500UBNAN.EXE
Size	7.0KB
Processes	3044 (RegAsm.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`5e7d4fe880e2e06a96a861cdddded2b0`
SHA1	`0ab268b44f0786585db5314b71b9298215c7ac9d`
SHA256	`04c636ffdc6b27cf22e986188225c0d76a35f9d51197e9cc4f53da9d2242f76e`
CRC32	`2E56A89D`
ssdeep	`96:krL79apOCF2gdpK5Uq0HOy8n/eosKXujD1TIoDroWvx7PWwzid3ojtrl:kr39apdF5qUq0t8n/eQOVoWJDWHdS`
Yara	IsPE32 - (no description) Is_DotNET_EXE - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	94b87d71c676b470_redlinesecurty.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\REDLINESECURTY.EXE
Size	7.0KB
Processes	3044 (RegAsm.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`9e75f2c3d21646bd2e6c2a2df7ea294d`
SHA1	`2532d6ecbb308a5be45591ee2846e50fe4226d11`
SHA256	`94b87d71c676b470f2fd87c8a68e9f2b7a4e25416145b2dd18fcee3fd8d8ed6c`
CRC32	`66443264`
ssdeep	`96:FJotgKp79TSZCF2965dQeUqh958SAYVsUvk+uujD1TIoDDWvrhWwzid3oj0rl:LjA9TSoFp0eUqh9SfYHvkkdWDhWHdV`
Yara	IsPE32 - (no description) Is_DotNET_EXE - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	bb38563f30154213_defenderruntime.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\DEFENDERRUNTIME.EXE
Size	7.0KB
Processes	3044 (RegAsm.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`d410fc60a0465460f930f09232468e60`
SHA1	`7803d0e6a152614f5f9e3a864d5abf7f3b914436`
SHA256	`bb38563f30154213f91e72911b474eeded401a5460a88c334365f8700df9d698`
CRC32	`F0E0A750`
ssdeep	`96:qXlNa79lDlBCF2z3bOtQsvk+OAciLtmNtUqMYJujD1TIoDfWvwwPWwzid3ojPrl:Z9xuFsLOjvkJAceINtUqMYwRWogWHdQ`
Yara	IsPE32 - (no description) Is_DotNET_EXE - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	b7c225ef3cc3e875_d93f411851d7c929.customdestinations-ms Submit file
Filepath	c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size	7.8KB
Processes	2884 (powershell.exe)
Type	data
MD5	`81ca4510272caf505e8091e9a28cb716`
SHA1	`71414aeec9f1e4a6f5a461b01700cc9cc992cd9e`
SHA256	`b7c225ef3cc3e87506150eb140e7b9cc127a3469c50a808854acac71a53d98bf`
CRC32	`FC31E90F`
ssdeep	`96:EtuCcBGCPDXBqvsqvJCwoRtuCcBGCPDXBqvsEHyqvJCwor/47HwxGlUVul:EtCgXoRtCgbHnorLxY`
Yara	Generic_Malware_Zero - Generic Malware Antivirus - Contains references to security software
VirusTotal	Search for analysis

Name	2ec859bd9abeaf5d_securityhost.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\SECURITYHOST.EXE
Size	7.0KB
Processes	3044 (RegAsm.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`3f8043b495753e0f1454a283b4fb0056`
SHA1	`d08b786ba7fefbf0522a6b619be79c11a5b12660`
SHA256	`2ec859bd9abeaf5d77d8095b22228d7ee0f1ad72f348e09b791abd0f1d4e0375`
CRC32	`316C4890`
ssdeep	`96:d79XWL1bhycIUNA9D6J9AYksDvk+eXujD1TIoDjAWvf9Wwzid3ojarl:19XWL1bhycRNA9DgeY7vkm6W39WHd5`
Yara	IsPE32 - (no description) Is_DotNET_EXE - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	d6bed796b2f927fc_hypervisor.sln Submit file
Filepath	C:\Users\test22\AppData\Roaming\HYPERVISOR.SLN
Size	2.7KB
Processes	2732 (RegAsm.exe)
Type	UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`233e420492175acc2b43b92ad8af33db`
SHA1	`6b25efde5f7414a566d2682ba59ecf76e778e50b`
SHA256	`d6bed796b2f927fcd511dc180f7a5fdc573988e18aa9465192ebfd45a6298f19`
CRC32	`FB304BB7`
ssdeep	`48:pPNrjAz/VM8qslOgSxCqcNuuHhtuHNuHkoheozCocC64cs5sw+K6z6gL6Hjc:pVsznPlO7xC3NuSszXB2/ReHZe6g4`
Yara	None matched
VirusTotal	Search for analysis