Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
04.27 08:04
main-292e27553c8f5cb8....
04.27 08:04
6814.91bf0d11abffee40....
04.27 08:04
polyfills-c67a75d1b6f9...
04.27 08:04
framework-ca706bf673a1...
04.27 08:04
ee8b1517-cc4d7300db272...
04.27 08:04
_app-8a13ca4ac05f979e....
04.27 08:04
webpack-6751726d88b2d8...
04.27 08:04
gtm.js.pobrane
04.27 08:04
290-f42c07d7b35e4d71.j...
04.27 08:04
75fc9c18-02b28d24f737c...

Latest News
04.27 09:04
Apple Begins Breaking ...
04.27 08:04
Save Cells from the La...
04.27 07:04
Golang backdoor with a...
04.27 07:04
IronHusky updates the ...
04.27 07:04
Linux goes PDF: Wie ei...
04.27 07:04
Digitale Überwachung f...
04.27 06:04
PIF’s Sanabil Backs Mi...
04.27 05:04
Deep Dive on Panel Making
04.27 02:04
Storm-1977 Hits Educat...
04.27 02:04
Creating An Electronic...

Dropped Files | ZeroBOX

Name	cece90a462cb4e52_success.potm Submit file
Filepath	c:\users\test22\appdata\local\temp\kak1dt10.3sz\success.potm
Size	1.3MB
Processes	2536 (umciavi64.exe) 1268 (Engine.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`367790830e22f0cf78f38270a6110ef7`
SHA1	`0befe0bd418d9c3808e3b8529d42006974517bc4`
SHA256	`cece90a462cb4e5204381ee13b7902f559b31ab7be44367da440cc68f96a1d6d`
CRC32	`17E277B9`
ssdeep	`12288:mGH56LfLZLajsY+eGVEXsWTIBdGaS9MeVfhkDB3TvhVu47v9y470OKiAZCa:mGflIBlSBfhkD15jzQ4aiO`
Yara	None matched
VirusTotal	Search for analysis

Name	d6431d5645fffd05_d93f411851d7c929.customdestinations-ms Submit file
Filepath	c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size	7.8KB
Processes	3008 (powershell.exe)
Type	data
MD5	`260d23ce04a8f8555a73b7d2dc15e911`
SHA1	`ebad746fb7de847c50f7502a44f6e35534733efd`
SHA256	`d6431d5645fffd05a23166d630253bc7ce8c099cf6e9c956f8ae5e1249ee8588`
CRC32	`11D6B213`
ssdeep	`96:ctuCeGCPDXBqvsqvJCwo5tuCeGCPDXBqvsEHyqvJCworSP7Hwxf2lUVul:ctvXo5tvbHnorrxQ`
Yara	Generic_Malware_Zero - Generic Malware Antivirus - Contains references to security software
VirusTotal	Search for analysis

Name	821784f00f563c34_umciavi32.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\1000021000\umciavi32.exe
Size	7.2MB
Processes	1488 (gntuud.exe)
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`19d3006a093ae7f7dddd0f0fb812bbc3`
SHA1	`63ee22b95501be1aaf3a404eeb3deba9c29e5fa1`
SHA256	`821784f00f563c345d56b28f5ac31321e3d63fa193fcaeaa24ff1c5f5799938e`
CRC32	`9EE687EB`
ssdeep	`196608:KCC0/Okh6p9cl7V6fiHMwwilE/G3icjzThvk:Kb0/LvpIi9wilMG3icz`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE64 - (no description) Malicious_Packer_Zero - Malicious Packer
VirusTotal	Search for analysis

Name	1c6d0bd2db233634_fireplace.potm Submit file
Filepath	c:\users\test22\appdata\local\temp\kak1dt10.3sz\fireplace.potm
Size	10.7KB
Processes	2536 (umciavi64.exe) 1268 (Engine.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`e62381efe9492ad801bf3f4136661602`
SHA1	`3e04945f9b839470a9f715381b25cb50b25a5908`
SHA256	`1c6d0bd2db23363441749190db5805c7ec92e2950eee5e1e9a9e04acd4cabdef`
CRC32	`25F6EDA0`
ssdeep	`192:wADEqYNI9N459eqR5upWgpNNTIDopPIimriy+8+q/24gTIqIPLoSyp7y+j+q/24s:SqY69NqbSpWgpNNUDopAihy+8+q/24g4`
Yara	None matched
VirusTotal	Search for analysis

Name	ead2c5aaf92fe07d_syncfiles.dll Submit file
Filepath	C:\Users\test22\1000019012\syncfiles.dll
Size	7.2MB
Processes	1488 (gntuud.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`0d079a931e42f554016db36476e55ba7`
SHA1	`d5f1ab52221019c746f1cc59a45ce18d0b817496`
SHA256	`ead2c5aaf92fe07db45b99587f586c7a45f92c67220cd8113a5d2e7bcb320798`
CRC32	`D50FB079`
ssdeep	`196608:l3ksPqmzcl+LG314Hujb7KgkYCbGNBmHTER:lUON+2HBb8`
Yara	IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library IsDLL - (no description) PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	e6e73497e85e9ece_Engine.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\SETUP_30094\Engine.exe
Size	392.1KB
Processes	2536 (umciavi64.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`a7a99a201774531d761f6aac2651a9df`
SHA1	`b122ae368c4bf103e959a6ebb54ddb310117ab96`
SHA256	`e6e73497e85e9ece4c92ac7d49e07b9d55e932ba2d9e5789b94b95a9841ee524`
CRC32	`DC1CEA99`
ssdeep	`6144:Tgd35+AOWFZS0wrZroj3i++7aqxAlMGucDaz24+k7VcqOOf+0WV7K9Bn8UVaoSd:Tgd3wABNwNomG8Ty4+k7VBBWVOYJoSd`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	291f550290806fd8_832866432405 Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\832866432405
Size	85.0KB
Processes	1488 (gntuud.exe)
Type	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1024x768, frames 3
MD5	`058a9b72adf5214fe3a0d45ad61f0ec7`
SHA1	`b496964f78938400cdcf06ec4aa861285bf85636`
SHA256	`291f550290806fd80d490ae3b682d482d4833d1e5462eb2a400db09bb4bd2922`
CRC32	`A7B4CA92`
ssdeep	`1536:08qQRlKOtginlqeQf4gq7W9r8Wa8+3vMqHILIIsw/jUrBtOB:NRlk8lqjQg/N8WA0qoLhd/jUFtw`
Yara	JPEG_Format_Zero - JPEG Format
VirusTotal	Search for analysis

Name	38381a42975028b1_avicapn32.exe Submit file
Filepath	C:\Users\test22\1000018002\avicapn32.exe
Size	12.1MB
Processes	1488 (gntuud.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`0f6ef96c5e687631ef27f1dcd1afe7b4`
SHA1	`ea8aeee11c243e3eacfa6753f708c20cbba39aac`
SHA256	`38381a42975028b181430a80d6009988d0d0cfa42493d3efbbfb72d3abe97648`
CRC32	`275EDD80`
ssdeep	`196608:dwT9pIuAU3qr4DZDZWHvmwIHEQWiXkOSsCYSwD8Qtwi85lW:wv6YDWHvm3HznXk+C12t45lW`
Yara	IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	a42de73b194a17d6_umciavi64.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\1000020000\umciavi64.exe
Size	1.6MB
Processes	1488 (gntuud.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`8a73fd48a76dc20dd01a855a165a59d4`
SHA1	`d9d60948bdf710fb4bf05bfc5b55f3667a4cbeef`
SHA256	`a42de73b194a17d69823b294a8c823876d6a54dd19e1cbe9eee720e3a2b4db41`
CRC32	`A86FA122`
ssdeep	`24576:PL2WmAFJkmr8Idt9McpyPpbMXaFKgtDUP10oFzetQldldx3CnIewHz1L:xrZdRpwpbMqFKBltetQ/JZHN`
Yara	Generic_Malware_Zero - Generic Malware IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	7a5d14d64ef24cdf_Modern_Setup.bmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\SETUP_30094\Modern_Setup.bmp
Size	149.2KB
Processes	2536 (umciavi64.exe)
Type	PC bitmap, Windows 3.x format, 162 x 313 x 24
MD5	`ded1d8db477cc655b17e16c6fe989707`
SHA1	`e48613ed98876b022460f629971c941ad3100f78`
SHA256	`7a5d14d64ef24cdf895f947700f6e8444940c3cf5b23e868f2b3a14f0fe14206`
CRC32	`D53A10BC`
ssdeep	`192:GGqEFgk1kZTLevOPrKSchF61/LVsATuD4diuuq9uCXHCN/KCaOwO3GsC9+6Un:7`
Yara	bmp_file_format - bmp file format
VirusTotal	Search for analysis

Name	8c46c2af1cb25bfa_cred64.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\c33e9ad058e5d3\cred64.dll
Size	7.3MB
Processes	1488 (gntuud.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`2b62e02b3581980ee5a1dda42fa4f3fe`
SHA1	`5c36bfa4a4973e8f694d5c077e7312b1c991aedf`
SHA256	`8c46c2af1cb25bfa8fbbf9d683d72d30ddb2e5d0ecc6bba997b24714cf2b8c91`
CRC32	`6D358B13`
ssdeep	`196608:ZQoqS56OZEssxxpKIIue41Cf7sgZz6kmAZQ/9RWB0:dMOevKiB1CfQgplmz/9a0`
Yara	IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library IsDLL - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	b5dad33ceb6eb1ac_Modern_Icon.bmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\SETUP_30094\Modern_Icon.bmp
Size	8.0KB
Processes	2536 (umciavi64.exe)
Type	PC bitmap, Windows 3.x format, 52 x 52 x 24
MD5	`1dd88f67f029710d5c5858a6293a93f1`
SHA1	`3e5ef66613415fe9467b2a24ccc27d8f997e7df6`
SHA256	`b5dad33ceb6eb1ac2a05fbda76e29a73038403939218a88367925c3a20c05532`
CRC32	`2D27053A`
ssdeep	`192:kuOEpgk1kZvHePyPreScVF+1/LVgoTuDsdimu61uOXfSd/aOeO0O3a8yZKq0l:j`
Yara	bmp_file_format - bmp file format
VirusTotal	Search for analysis

Name	b34b7258d6bf88c9_Setup.txt Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\SETUP_30094\Setup.txt
Size	2.8KB
Processes	2536 (umciavi64.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`c78743f01ef363da50cb7c2dd2d1fe9d`
SHA1	`9b9177f659648af388be8080f41d3cedfe1e77ad`
SHA256	`b34b7258d6bf88c94362d92d75fd3475b267c391125049777ea15855a6fb3370`
CRC32	`3E508D71`
ssdeep	`48:3R/WKoMtFkCoPO7gyK3exRfe11TpIIIID6H011SCIIIDAx:3RbSPagQQ6HxZAx`
Yara	None matched
VirusTotal	Search for analysis

Name	8da2234acb90ca29_1.qsp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\SETUP_30094\1.qsp
Size	6.9KB
Processes	2536 (umciavi64.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`b0e015531db9a870631628edee8c3bfa`
SHA1	`5b7c4e0d7a28c14795b412fdabe2c26a972e868f`
SHA256	`8da2234acb90ca29ad601747c824315039529ac559748f915aadac6b0649adb1`
CRC32	`9375973C`
ssdeep	`192:FhUEuuBO8dLgottSEn5e6Y1RoDuDvXO+99SAvdZi43c/lAiSg5vtCQXuGR:j7n5e6YrvBv356hkk`
Yara	None matched
VirusTotal	Search for analysis

Name	5eb7b2fd13264f06_emit64.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000017001\Emit64.exe
Size	9.9MB
Processes	1488 (gntuud.exe)
Type	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5	`7a5155b804e592d83f8319cbdb27e164`
SHA1	`da63718377b9086ef7f6db6b8b88e45062f31749`
SHA256	`5eb7b2fd13264f066b10946539eff6be750647de246cf791e57ca4c17b0b9c31`
CRC32	`9E3641D4`
ssdeep	`196608:Y6khIBSOhjcHmRfm+kXHqxafG8Sc+5jECye/4MqG2naCGI/:Y6khXw8yf9kXEaOG+4Cf4MqG2najI`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE64 - (no description)
VirusTotal	Search for analysis

Name	bb48fa3219cad65e_wikipedia.potm Submit file
Filepath	c:\users\test22\appdata\local\temp\kak1dt10.3sz\wikipedia.potm
Size	872.7KB
Processes	2536 (umciavi64.exe) 1268 (Engine.exe)
Type	data
MD5	`705abbdcdc7c1ae563fff2041b8bfd78`
SHA1	`7683ffe68e8e13e9672f9e61e5b8988ffdc4b919`
SHA256	`bb48fa3219cad65e811576e8ab8c02e4a58808e5f495610ff448926699a1a54d`
CRC32	`2C6CD5A8`
ssdeep	`12288:VpVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawV2M01:VT3E53Myyzl0hMf1tr7Caw8M01`
Yara	OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library
VirusTotal	Search for analysis

Name	a9220271c0eb79e5_d93f411851d7c929.customDestinations-ms~RF14fc02.TMP Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF14fc02.TMP
Size	7.8KB
Type	data
MD5	`b0c9ff441742f3847ea27da9dee7f2cd`
SHA1	`c42a1eb32ba953a0ce5d8635caabf71b5b281495`
SHA256	`a9220271c0eb79e5750e0d0e62058ecac560e09cdf9e82ef61aeeabada5d48a4`
CRC32	`0BBCAB1A`
ssdeep	`96:RutuCOGCPDXBqvsqvJCwo+utuCOGCPDXBqvsEHyqvJCworSP7Hwxf2lUVul:UtvXoxtvbHnorrxQ`
Yara	Generic_Malware_Zero - Generic Malware Antivirus - Contains references to security software
VirusTotal	Search for analysis