Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.19 07:11
4f3200e5324a333579e06e...
11.19 07:11
6e1ed6447607ab4c30b3f3...
11.19 07:11
6e1ed6447607ab4c30b3f3...
11.19 02:11
Potwierdzenie.exe
11.19 02:11
cheet.exe
11.19 02:11
chelentano.exe
11.19 02:11
12.exe
11.19 02:11
caspol.exe
11.19 02:11
gambinho.exe
11.19 02:11
Getdp.exe

Latest News
11.20 04:11
마이크로소프트, 이그나이트 2024 개최...
11.20 04:11
In cybersecurity bias ...
11.20 03:11
Important changes to C...
11.20 03:11
Supercon 2024 SAO Peta...
11.20 03:11
Rapid7 Recognized for ...
11.20 03:11
Microsoft Signs AI-Lea...
11.20 03:11
Empower Developers to ...
11.20 03:11
Nokia Drops After Anal...
11.20 02:11
Unraveling Raspberry R...
11.20 02:11
China’s Alibaba Market...

Dropped Files | ZeroBOX

Name	4ff1f6549a50b74c_cc.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000010001\cc.exe
Size	260.0KB
Processes	2052 (legenda.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`7f6bfec88b73f0abf079a3c90b7d48da`
SHA1	`d8b56fad700e74693ac3a293c205923de91e83d3`
SHA256	`4ff1f6549a50b74c188bb50f4bd7dd3e3acc3eab0e2179b067e218ac20b2dcda`
CRC32	`4991E89A`
ssdeep	`6144:F01u3ndntmDvJz/gGu5C9NJQIw3nLjSyBP:gu3nFMTJzNTiIw3nZP`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	a2ce3a0fa7d2a833_e0f5c59f9fa661f6f4c50b87fef3a15a Submit file
Filepath	C:\Users\test22\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
Size	893.0B
Processes	2064 (download.exe)
Type	data
MD5	`d4ae187b4574036c2d76b6df8a8c1a30`
SHA1	`b06f409fa14bab33cbaf4a37811b8740b624d9e5`
SHA256	`a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7`
CRC32	`1C31685D`
ssdeep	`24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x`
Yara	None matched
VirusTotal	Search for analysis

Name	62a9a4a09e83bc1b_installer.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000005001\Installer.exe
Size	4.3MB
Processes	2052 (legenda.exe)
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`36eed7c142e558ed187afea4f6c949c3`
SHA1	`907d03e167621f5685ad8aae482faebf9cffdd7b`
SHA256	`62a9a4a09e83bc1ba11bfd726f28324236ca3ec638c7cc46c39aff3ca8f2d9a2`
CRC32	`8EE7E6DC`
ssdeep	`98304:I6/sYnlE/5X3BsTpdKl1aDeL2QeLPb/K+EH/:4sWRHGe1GJVPTOH/`
Yara	mzp_file_format - MZP(Delphi) file format UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check IsPE64 - (no description) Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature Antivirus - Contains references to security software
VirusTotal	Search for analysis

Name	48eb3ca078da2f5e_cred64.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\a091ec0a6e2227\cred64.dll
Size	223.0B
Processes	2052 (legenda.exe)
Type	HTML document, ASCII text
MD5	`94cbeec5d4343918fd0e48760e40539c`
SHA1	`a049266c5c1131f692f306c8710d7e72586ae79d`
SHA256	`48eb3ca078da2f5e9fd581197ae1b4dfbac6d86040addbb305e305c014741279`
CRC32	`58572BA6`
ssdeep	`6:pn0+Dy9xwGObRmEr6VnetdzRx3eZ03MlTzdCezocKqD:J0+oxBeRmR9etdzRxiNlPYez1T`
Yara	None matched
VirusTotal	Search for analysis

Name	9c789262dba6c113_blueloader.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000014001\blueloader.exe
Size	606.5KB
Processes	2052 (legenda.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`bc81b04299cda5fd5785caf50260dd29`
SHA1	`fe8e0a2eb775c0fec09ea6bbb6a7d9dfa667be44`
SHA256	`9c789262dba6c11373930d9f564323c0c96e3a46ad91b7d4c6ba5c959080401c`
CRC32	`68337AAB`
ssdeep	`12288:py42JHKIC1oZ/YVglT1vVYh+BQntKoprWlO5BLgYp4D:o44g6KMvVwThp6l83p4D`
Yara	Is_DotNET_EXE - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	fc18ac544f14e2e4_download.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000015001\download.exe
Size	74.4KB
Processes	2052 (legenda.exe)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`1483275a8d760ed08ca5a1738170030e`
SHA1	`0f03278f0c904e2182ad91ee60e4555985474d8e`
SHA256	`fc18ac544f14e2e4b30e5245260b2997f66d1e6bd2065f6f6ab6906a6fb21cfa`
CRC32	`28432278`
ssdeep	`768:mnziu56Oy6zV5g3fp1rNNNNNNNNNN0jswIPxApAhce:Q6dC3+plNNNNNNNNNN0jswsOpLe`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Network_Downloader - File Downloader IsPE64 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	c0603ed73299e59d_clip64.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\a091ec0a6e2227\clip64.dll
Size	89.0KB
Processes	2052 (legenda.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`16cf28ebb6d37dbaba93f18320c6086e`
SHA1	`eae7d4b7a9636329065877aabe8d4f721a26ab25`
SHA256	`c0603ed73299e59dc890ae194c552acd9d8a2aef2e1a9e76346ca672e3b14106`
CRC32	`CD714B61`
ssdeep	`1536:io4NPCKLbqoYkbpplW9YoUsxXzbcouNhj2ZszsWuKcdJUL+aB89p:ioUCWbBNpplToUs1uNhj25LJUCaB89p`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE32 - (no description) Admin_Tool_IN_Zero - Admin Tool Sysinternals PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	477e0a5708866321_e0f5c59f9fa661f6f4c50b87fef3a15a Submit file
Filepath	C:\Users\test22\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
Size	252.0B
Processes	2064 (download.exe)
Type	data
MD5	`548c3af5b7c8479e39c14659e49014a2`
SHA1	`97291fcbf8107504eccfd1f06915d32345b49ce4`
SHA256	`477e0a5708866321d1916618086fc23aa3d0c3c319cdc68404228106e5794df9`
CRC32	`3F558001`
ssdeep	`3:kkFkl/m4fltfllXlE/Bi9llPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB15RNU2U3:kKgYiZliBAIdQZV742MN`
Yara	None matched
VirusTotal	Search for analysis