Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.19 07:11
4f3200e5324a333579e06e...
11.19 07:11
6e1ed6447607ab4c30b3f3...
11.19 07:11
6e1ed6447607ab4c30b3f3...
11.19 02:11
Potwierdzenie.exe
11.19 02:11
cheet.exe
11.19 02:11
chelentano.exe
11.19 02:11
12.exe
11.19 02:11
caspol.exe
11.19 02:11
gambinho.exe
11.19 02:11
Getdp.exe

Latest News
11.19 08:11
Hornetsecurity elevate...
11.19 08:11
German Defense Chief S...
11.19 08:11
Indian News Agency Sue...
11.19 08:11
Ukraine Warns India Th...
11.19 08:11
New 'Helldown' Ransomw...
11.19 07:11
Scammer Black Friday o...
11.19 07:11
How Stealer Logs Targe...
11.19 07:11
ICE Can Already Sidest...
11.19 07:11
US to Fund Chip ‘Digit...
11.19 07:11
[UPDATE] [kritisch] VM...

Dropped Files | ZeroBOX

Name	f18231ae44c3789b_nedssrcbuilder.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Treasurer\NeDSSrcBuilder.dll
Size	267.5KB
Processes	1940 (csrss.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`2760b55e73b57eded5e4a4f1d25338f8`
SHA1	`1621c5064a857b83329ba8bfaa2c92fa8736dcac`
SHA256	`f18231ae44c3789b4c7f3797e2ec24170288b1e8e84721a923b127f771f8fe4c`
CRC32	`734AEFC3`
ssdeep	`3072:wmRWq2P/Vb7VmuDUkOTBYbdJUL1aKSQLa17g31J5ZxcQYDMlaYOvBdo0IWTj1qDA:dRWhbpQ6lo0IWP1q7w`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	6be7f6ae09d028f7_nmpluginbase.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Treasurer\NMPluginBase.dll
Size	188.0KB
Processes	1940 (csrss.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`14e48e064ed774aed4c006bad9036fb2`
SHA1	`44d45b17b97aabc2a30770d8bb61398eae137c50`
SHA256	`6be7f6ae09d028f7a2144b6050d669b8199d2ce1086a22e0b85cffdbdcfbffaa`
CRC32	`2525ACDC`
ssdeep	`3072:yO5yQgD9wY5qDX2qBOx8anxeq1NODeQMAixFZrkPlBVrixxjYpxfciyMJsaU+ByI:yOBgD9wY5qDX2qBOx8anZ4Y7rkPlBTEI`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	a9220271c0eb79e5_d93f411851d7c929.customDestinations-ms~RF1ddd735.TMP Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF1ddd735.TMP
Size	7.8KB
Type	data
MD5	`b0c9ff441742f3847ea27da9dee7f2cd`
SHA1	`c42a1eb32ba953a0ce5d8635caabf71b5b281495`
SHA256	`a9220271c0eb79e5750e0d0e62058ecac560e09cdf9e82ef61aeeabada5d48a4`
CRC32	`0BBCAB1A`
ssdeep	`96:RutuCOGCPDXBqvsqvJCwo+utuCOGCPDXBqvsEHyqvJCworSP7Hwxf2lUVul:UtvXoxtvbHnorrxQ`
Yara	Generic_Malware_Zero - Generic Malware Antivirus - Contains references to security software
VirusTotal	Search for analysis

Name	278e2ee42cc75a7d_channel-secure-symbolic.symbolic.png Submit file
Filepath	C:\Users\test22\AppData\Local\Treasurer\Submerge\Hakkebrdders\channel-secure-symbolic.symbolic.png
Size	166.0B
Processes	1940 (csrss.exe)
Type	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
MD5	`20ac041fb55648ab1ec5a4f846bd76bc`
SHA1	`cc404150da1cebc4916cd20a7246db5ef8f21516`
SHA256	`278e2ee42cc75a7de07f2e32d3d8b3fa4810d8daee051104c76ad73f6d19ee7c`
CRC32	`82A88E11`
ssdeep	`3:yionv//thPl9vt3lAnsrtxBllZM9pykkeMh5tdhusggfyGBZ3xllAG/Wdp:6v/lhPysL8pCdhplfyoZBlaoWdp`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	4f61369d126de4d6_top_hook.png Submit file
Filepath	C:\Users\test22\AppData\Local\Treasurer\Neuroticise\Rhaphe53\Nonprogressive\Biblioteksforeningens\top_hook.png
Size	100.0B
Processes	1940 (csrss.exe)
Type	PNG image data, 200 x 3, 8-bit/color RGBA, non-interlaced
MD5	`359028f017f66048a6131c5c0f268814`
SHA1	`e98e9e5325f9d0d0f46e3e55c44ef2d325a42705`
SHA256	`4f61369d126de4d6e8279c25401f488721f71fe75b4306764774b9b93a30b6fe`
CRC32	`4B1073EE`
ssdeep	`3:yionv//thPlv4l8ilrQhaLpRSOCJqpoGi2sAydp:6v/lhPeWuyaLjBCJqpBJip`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	0bf73bde4ff4e6f0_gastness35.che Submit file
Filepath	C:\Users\test22\AppData\Local\Treasurer\Gastness35.Che
Size	310.4KB
Processes	1940 (csrss.exe)
Type	data
MD5	`390f09633ed1309bd553712669ec6c54`
SHA1	`98294070e53b43c188fe9d26b753753fa4b125d2`
SHA256	`0bf73bde4ff4e6f0508eb40e21a788035c0c8cb325f912dd0e97f5b3e9c19b35`
CRC32	`49A7C997`
ssdeep	`6144:zbgx4oIF4WqWBkiKB2LxaolZfGB2mpsl1j:zbzBF4GwQ8Oj`
Yara	None matched
VirusTotal	Search for analysis

Name	fdf95d11266d23bf_telia.sty Submit file
Filepath	C:\Users\test22\AppData\Local\Treasurer\Telia.Sty
Size	22.1KB
Processes	1940 (csrss.exe)
Type	ASCII text, with very long lines, with no line terminators
MD5	`2f8d2c1c1dc6b13a73d860cf58287703`
SHA1	`0d6957c6194d6609e5c2d059bcf62dbbd03d909d`
SHA256	`fdf95d11266d23bf3ed5441cb983fc0caf5a88a57a0670416e581ec22a1cfd61`
CRC32	`14FC2B97`
ssdeep	`384:KZ1KMfaDzg53g3fjfIMo1zb0SURkNwTM/f6nnnaae3A+l99eItLy/h:KZUUa1zIM8zBUCL/ynnaae7neINy/h`
Yara	None matched
VirusTotal	Search for analysis

Name	d6431d5645fffd05_d93f411851d7c929.customDestinations-ms~RF1dddd02.TMP Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF1dddd02.TMP
Size	7.8KB
Processes	2076 (powershell.exe) 2176 (powershell.exe)
Type	data
MD5	`260d23ce04a8f8555a73b7d2dc15e911`
SHA1	`ebad746fb7de847c50f7502a44f6e35534733efd`
SHA256	`d6431d5645fffd05a23166d630253bc7ce8c099cf6e9c956f8ae5e1249ee8588`
CRC32	`11D6B213`
ssdeep	`96:ctuCeGCPDXBqvsqvJCwo5tuCeGCPDXBqvsEHyqvJCworSP7Hwxf2lUVul:ctvXo5tvbHnorrxQ`
Yara	Generic_Malware_Zero - Generic Malware Antivirus - Contains references to security software
VirusTotal	Search for analysis

Name	3418e9c859b9b11b_adventure_3.bmp Submit file
Filepath	C:\Users\test22\AppData\Local\Treasurer\Adventure_3.bmp
Size	8.4KB
Processes	1940 (csrss.exe)
Type	JPEG image data, JFIF standard 1.01, resolution (DPI), density 100x100, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=3], baseline, precision 8, 110x110, frames 3
MD5	`90e9e276d2cf7deab59048f8da79e56b`
SHA1	`36de54c14d72777af52ec828c50c5f2bc05b31d8`
SHA256	`3418e9c859b9b11b3665341b51a55217a4c488fb6beafd8d9e43029b4b542484`
CRC32	`C097FE82`
ssdeep	`192:oXR32x0bB6+J59poi0Iqzw/tMteHjbLfqwn1SHWH2C:KRG0bB6+5pR0IEEMajbLfLAM`
Yara	JPEG_Format_Zero - JPEG Format
VirusTotal	Search for analysis

Name	175b438d088c5748_preferences-color-symbolic.symbolic.png Submit file
Filepath	C:\Users\test22\AppData\Local\Treasurer\Neuroticise\Rhaphe53\Nonprogressive\Biblioteksforeningens\preferences-color-symbolic.symbolic.png
Size	329.0B
Processes	1940 (csrss.exe)
Type	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
MD5	`4da81581e1667237499274db59e78fff`
SHA1	`84cfd56f0cf9874deb46e7953fe6f2b43a3c319a`
SHA256	`175b438d088c57485f04a3c4291277a058ec1cc9e83629c0b8c645b04e5ff12c`
CRC32	`87060627`
ssdeep	`6:6v/lhPys+qje1tlOtqVwl8obV7qpU5diRXFtRDbbU/yH4PlBoH56wTl2lbp:6v/7eiWlEuwqGV+UDebbmyH4PXoCz`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	9740ab76216a3aaa_emblem-synchronizing-symbolic.svg Submit file
Filepath	C:\Users\test22\AppData\Local\Treasurer\Neuroticise\Rhaphe53\Nonprogressive\Biblioteksforeningens\emblem-synchronizing-symbolic.svg
Size	1.4KB
Processes	1940 (csrss.exe)
Type	SVG Scalable Vector Graphics image
MD5	`9baa2217763ea3d30c7cb0e838cdd0ca`
SHA1	`4e484dbde6812240ff50e1f8043c86db5df324c1`
SHA256	`9740ab76216a3aaa66e6eccffbc978a5f50a0f27d724a054e172770816e38b48`
CRC32	`7DC7D6BE`
ssdeep	`24:2dPnnxu3tlXz/EMqoq+bLgQ03trRVA82/SWjJUvR3lI/w1FvEKIN:cfnozfSTr7A8SxJwR3lmwnvEPN`
Yara	None matched
VirusTotal	Search for analysis

Name	65f9b122e0735b5e_emoji-travel-symbolic.symbolic.png Submit file
Filepath	C:\Users\test22\AppData\Local\Treasurer\Neuroticise\Rhaphe53\Nonprogressive\Biblioteksforeningens\emoji-travel-symbolic.symbolic.png
Size	245.0B
Processes	1940 (csrss.exe)
Type	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
MD5	`c5152e9074692be446a7234c15d8168d`
SHA1	`e1550aefed9917d3adabcc113318d6fa35f74260`
SHA256	`65f9b122e0735b5e18188420afe0e1d49b290636ac6feb4006dba1c616b7bd67`
CRC32	`E10FBA98`
ssdeep	`6:6v/lhPysTDJwk/rbsobd9vbRyWtQ2DF9+EGbgsup:6v/7z3n9DRyWtrukN`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_nsbC04D.tmp Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\nsbC04D.tmp
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	6c936ca2859ef121_bluetooth suite help_sk.chm Submit file
Filepath	C:\Users\test22\AppData\Local\Treasurer\Bluetooth Suite help_SK.chm
Size	47.8KB
Processes	1940 (csrss.exe)
Type	MS Windows HtmlHelp Data
MD5	`c6f7579f53729f2520dcc31a61a714b3`
SHA1	`d6922631cf0e24890b7ceee503fd5902453d9a9b`
SHA256	`6c936ca2859ef121f185709019dd6e55a541b2768347520a1b45db7ae74f3cef`
CRC32	`2CBC7999`
ssdeep	`768:HWcr8QBCXc7MtUJSUQ+J9FW1Mun28xO6jit29gxPNHDhoie1071Z1By4tw:HWcQHC1/FW1Mun2CNGzlHDve23y4tw`
Yara	chm_file_format - chm file format
VirusTotal	Search for analysis