Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.19 07:11
4f3200e5324a333579e06e...
11.19 07:11
6e1ed6447607ab4c30b3f3...
11.19 07:11
6e1ed6447607ab4c30b3f3...
11.19 02:11
Potwierdzenie.exe
11.19 02:11
cheet.exe
11.19 02:11
chelentano.exe
11.19 02:11
12.exe
11.19 02:11
caspol.exe
11.19 02:11
gambinho.exe
11.19 02:11
Getdp.exe

Latest News
11.20 05:11
Bipartisan Senate bill...
11.20 04:11
Google DeGoogled, Hamm...
11.20 04:11
Google Chrome security...
11.20 04:11
Rail and pipeline repr...
11.20 04:11
SGS to Accelerate Grow...
11.20 04:11
New TSA cyber rules le...
11.20 04:11
Salesforce Plans Layof...
11.20 04:11
마이크로소프트, 이그나이트 2024 개최...
11.20 04:11
In cybersecurity bias ...
11.20 03:11
Important changes to C...

Dropped Files | ZeroBOX

Name	dddf2e07442927dc_chrome updater.lnk Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Chrome Updater.lnk
Size	924.0B
Processes	1676 (faintxakers-76060706313.exe)
Type	MS Windows shortcut, Item id list present, Has Relative path, ctime=Sun Dec 31 15:32:08 1600, mtime=Sun Dec 31 15:32:08 1600, atime=Sun Dec 31 15:32:08 1600, length=0, window=hide
MD5	`f34efefd49d888af926af0085c7368cb`
SHA1	`9261abeef3c783b7015c822a66ad95e5250a0e46`
SHA256	`dddf2e07442927dcf83a49dc5cceb128e2310ea0897e298785f84a32dfe9b358`
CRC32	`8FFE129C`
ssdeep	`12:8gl0URY3HV7GovHSLs/Sn1E3Leg3CNfBP/v4t2YLEPKzlX8:84+Z9MTnCbeU2ddPy`
Yara	Lnk_Format_Zero - LNK Format
VirusTotal	Search for analysis

Name	9e6e4772050998a5_readme.txt Submit file
Filepath	C:\Users\test22\AppData\Local\Cinoshi\Desktop Files\readme.txt
Size	10.0B
Type	ASCII text, with no line terminators
MD5	`eb6b6c90251ab33cee784713c451e6d8`
SHA1	`451685e9efac4a6dc1fee73ec53ffb6b2c4c38b5`
SHA256	`9e6e4772050998a5c0dc3c61acf3dab0a7e594566171fa5746d6b62f9598efb6`
CRC32	`22598B08`
ssdeep	`3:IS:7`
Yara	None matched
VirusTotal	Search for analysis

Name	0b8607fdf72f3e65_00fb17a1-6811-4a34-ae9d-c0d157359ba4 Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\00fb17a1-6811-4a34-ae9d-c0d157359ba4
Size	96.0KB
Type	SQLite 3.x database, user version 12, last written using SQLite version 3038003
MD5	`d367ddfda80fdcf578726bc3b0bc3e3c`
SHA1	`23fcd5e4e0e5e296bee7e5224a8404ecd92cf671`
SHA256	`0b8607fdf72f3e651a2a8b0ac7be171b4cb44909d76bb8d6c47393b8ea3d84a0`
CRC32	`842B3569`
ssdeep	`12:DQAwfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAwff32mNVpP965Ra8KN0MG/lO`
Yara	None matched
VirusTotal	Search for analysis

Name	22f191c47aed8fdd_Screenshot.png Submit file
Filepath	C:\Users\test22\AppData\Local\Cinoshi\Screenshot.png
Size	1.4MB
Processes	1676 (faintxakers-76060706313.exe)
Type	PNG image data, 1024 x 768, 8-bit/color RGBA, non-interlaced
MD5	`d34146de610f128b6e869c03b1b51b6c`
SHA1	`8545a0d1242d424be6ec8f2ab0373a45e57daf60`
SHA256	`22f191c47aed8fdd34083bbdf66800d4948f8fb82edbf1844de6d341e12a29bb`
CRC32	`79CC8652`
ssdeep	`24576:IqUc08ir/YMaksFx7c0VkFoVfUa2h3ikTmWKh5uaNnnylGL16inbIB0RSEtt87V:s/DYMaksFxzUoT+yaaZyl8RbtSE8`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	68ed2e06ba827f70_filec1nosh1.txt Submit file
Filepath	C:\Users\test22\AppData\Roaming\filec1nosh1.txt
Size	12.0B
Processes	1676 (faintxakers-76060706313.exe)
Type	ASCII text
MD5	`846cd411a9707d3080435bb0fea2e721`
SHA1	`092acb03b138e521a45442428cd2a5de4360eb3d`
SHA256	`68ed2e06ba827f70714679f8e5b16eca97bf02b13ede5450e93ce10340831512`
CRC32	`288FEB01`
ssdeep	`3:jHLLb:jT`
Yara	None matched
VirusTotal	Search for analysis

Name	83f332ea9535814f_sqlite.interop.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\x86\SQLite.Interop.dll
Size	1.3MB
Processes	1676 (faintxakers-76060706313.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`8be215abf1f36aa3d23555a671e7e3be`
SHA1	`547d59580b7843f90aaca238012a8a0c886330e6`
SHA256	`83f332ea9535814f18be4ee768682ecc7720794aedc30659eb165e46257a7cae`
CRC32	`EA0C49FE`
ssdeep	`24576:eiDAYMz2epP8AEXn8z7qsyb8c+gntHKuvKtBLtTvD0nsrFSK96fYlYyv:1AYMza36enEuyjpTV96A2yv`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	a960dd4d2f0f37b3_entityframework.sqlserver.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\EntityFramework.SqlServer.dll
Size	577.9KB
Processes	1676 (faintxakers-76060706313.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`af1646b1c2227ab206d855bd068535cf`
SHA1	`3cd982ad2fb00a50151d7f416e4b05f79528496e`
SHA256	`a960dd4d2f0f37b3c09ffb9567c32426b8791310d7eb935c04c819c3d46bd49e`
CRC32	`33A25B9F`
ssdeep	`6144:EcK9UcUZV25QiE0U0CxzB6zHK1HHYkIfPQG2puGeqVmjaVmnS4bfu65+:fcuV200veIJu65`
Yara	UPX_Zero - UPX packed file Is_DotNET_DLL - (no description) IsDLL - (no description) Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	82b93630a921dddf_iphone.txt Submit file
Filepath	C:\Users\test22\AppData\Roaming\Chrome Updater\iphone.txt
Size	11.0B
Processes	1676 (faintxakers-76060706313.exe)
Type	ASCII text, with no line terminators
MD5	`8c6ce9f88970b966ef9f6d873083b7bf`
SHA1	`0b7f4f96ddb108b84121df46581b815b5914306f`
SHA256	`82b93630a921dddf9537234a46a389a16a25711d2def80b8c41cc53489f4513a`
CRC32	`8239EF14`
ssdeep	`3:jHLLL:jj`
Yara	None matched
VirusTotal	Search for analysis

Name	3b3e541682e48f3f_ionic.zip.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Ionic.Zip.dll
Size	451.5KB
Processes	1676 (faintxakers-76060706313.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`6ded8fcbf5f1d9e422b327ca51625e24`
SHA1	`8a1140cebc39f6994eef7e8de4627fb7b72a2dd9`
SHA256	`3b3e541682e48f3fd2872f85a06278da2f3e7877ee956da89b90d732a1eaa0bd`
CRC32	`A55B8181`
ssdeep	`6144:leSYvQAd10GtSV41OJDsTDDVUMle6ZjxLV/rHo0Oaaz2R9IY:oJBdBS4msNUCe65frHMnz2R9`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Is_DotNET_DLL - (no description) IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	ff42bca704605e18_entityframework.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\EntityFramework.dll
Size	4.8MB
Processes	1676 (faintxakers-76060706313.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`ffdcf232d0bb2fff78721fb347641a76`
SHA1	`54c76a2fa61e6df1ae4c9df65435a38482c2cb71`
SHA256	`ff42bca704605e187abb45523868b15128d6af1c28ad40a4579d507d34a953b2`
CRC32	`DFA2B749`
ssdeep	`49152:9PrnRLX8ziolcD5jX24Y/g1YmNBayW5Ci72yEBzw9vb5:tnt8zi8o5jX24Y/fmLaZv7xt`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Is_DotNET_DLL - (no description) IsDLL - (no description) Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_00fb17a1-6811-4a34-ae9d-c0d157359ba4-wal Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\00fb17a1-6811-4a34-ae9d-c0d157359ba4-wal
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	4fa3cc89f5c3cfa0_system.data.sqlite.linq.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\System.Data.SQLite.Linq.dll
Size	196.8KB
Processes	1676 (faintxakers-76060706313.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`bbb0d3ddaaba530dc111e665a4891217`
SHA1	`cea5a71ff0305083a9add3c4755a8e54ab10f869`
SHA256	`4fa3cc89f5c3cfa0f794c1f849b0ea8d081e5c0e69d7fb2d834caed08d1140c0`
CRC32	`EF9590E6`
ssdeep	`3072:0Nh7rny2puIm199zIsd9IZ16KP8cfYLcgML3:0b7G2wbdLm6KP8cwO`
Yara	UPX_Zero - UPX packed file Is_DotNET_DLL - (no description) IsDLL - (no description) Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	5fac5a9e9b8bbdad_system.data.sqlite.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\System.Data.SQLite.dll
Size	384.3KB
Processes	1676 (faintxakers-76060706313.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`55c797383dbbbfe93c0fe3215b99b8ec`
SHA1	`1b089157f3d8ae64c62ea15cdad3d82eafa1df4b`
SHA256	`5fac5a9e9b8bbdad6cf661dbf3187e395914cd7139e34b725906efbb60122c0d`
CRC32	`A23FB380`
ssdeep	`12288:5vXCrbE724yjK3r/fFNFfcaFeFOFwcGF6cmFWc0FWc8cIcKcUFJFpcNcHc7cbchs:h8dDm3r/7`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Is_DotNET_DLL - (no description) IsDLL - (no description) Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	9309fb2a3f326d0f_sqlite.interop.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\x64\SQLite.Interop.dll
Size	1.7MB
Processes	1676 (faintxakers-76060706313.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`56a504a34d2cfbfc7eaa2b68e34af8ad`
SHA1	`426b48b0f3b691e3bb29f465aed9b936f29fc8cc`
SHA256	`9309fb2a3f326d0f2cc3f2ab837cfd02e4f8cb6b923b3b2be265591fd38f4961`
CRC32	`E9C4AD1A`
ssdeep	`24576:YPUxmkgSxPgobZPRjZ22H6edtOZzWySRO3mlE0i/Yl5P+qF+8k+ao/si6:8UxXPgo8e6WYBSJZSS5P97I`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE64 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	fe11093e72c86f69_C1NOSH1.zip Submit file
Filepath	C:\Users\test22\AppData\Local\Cinoshi\C1NOSH1.zip
Size	1.4MB
Processes	1676 (faintxakers-76060706313.exe)
Type	Zip archive data, at least v4.5 to extract
MD5	`932318cc68b49900a7b0ef21cd3a9c4e`
SHA1	`8ed689175c0be2deed0e3ae7c1aeb81986d6d1c7`
SHA256	`fe11093e72c86f69b782e31e2e0f5690c8672e703c24cbbe10832ba3818d4793`
CRC32	`20749685`
ssdeep	`24576:Go+CsR5KdDqgM2qckvh6JbpfCuxoD8p13dj9MGTHdwus8Be3r6i3RgE3:L+r7oqL6JkuxoD8pBJT+us8kX3RZ3`
Yara	zip_file_format - ZIP file format
VirusTotal	Search for analysis

Name	fd4c9fda9cd3f9ae_00fb17a1-6811-4a34-ae9d-c0d157359ba4-shm Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\00fb17a1-6811-4a34-ae9d-c0d157359ba4-shm
Size	32.0KB
Type	data
MD5	`b7c14ec6110fa820ca6b65f5aec85911`
SHA1	`608eeb7488042453c9ca40f7e1398fc1a270f3f4`
SHA256	`fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb`
CRC32	`DDC506B6`
ssdeep	`3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX`
Yara	None matched
VirusTotal	Search for analysis

Name	857a287f7f39097c_system.data.sqlite.ef6.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\System.Data.SQLite.EF6.dll
Size	196.8KB
Processes	1676 (faintxakers-76060706313.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`6f69454f7206eb6fb00b1f15d13718d9`
SHA1	`c1472ad5c91da5e729bf419b8546657b2152915c`
SHA256	`857a287f7f39097c2f70ff0ce681d35196daee60b43f255bc72b842a351208c4`
CRC32	`962C3CAD`
ssdeep	`3072:9Nh7rnOCmxzBE91M+I1X+IZ/6KP8czmLhL:9b7Zmx1E91AuQ6KP8c`
Yara	UPX_Zero - UPX packed file Is_DotNET_DLL - (no description) IsDLL - (no description) Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis