Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.18 02:11
DOCTOR FIRM ORDER FORM...
11.18 09:11
babababa.exe
11.18 09:11
Jagtfalkenes.vbs
11.18 09:11
windows_update.dll
11.18 09:11
nicko.exe
11.18 09:11
GHO%E9%95%9C%E5%83%8F%...
11.18 09:11
stories.exe
11.17 10:11
wwbizsrvs.exe
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe

Latest News
11.18 05:11
Strela: A newcomer in ...
11.18 05:11
A week in security (No...
11.18 05:11
A week in security (No...
11.18 04:11
카페 어니언과 함께하는 2025 코리아브...
11.18 04:11
Singapore Oil Tycoon O...
11.18 04:11
Exploit attempts for u...
11.18 04:11
NSO Group Exploited Wh...
11.18 03:11
대한민국 전통가마 연구소 ‘태고사’ 20...
11.18 03:11
더 청담, '2024 전통문화혁신사업 수...
11.18 03:11
동방이기제작소, '2024 전통문화혁신사...

Dropped Files | ZeroBOX

Name	340c8464c2007ce3_cred64.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\a091ec0a6e2227\cred64.dll
Size	162.0B
Processes	2360 (oneetx.exe)
Type	HTML document, ASCII text, with CRLF line terminators
MD5	`1b7c22a214949975556626d7217e9a39`
SHA1	`d01c97e2944166ed23e47e4a62ff471ab8fa031f`
SHA256	`340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87`
CRC32	`CC58D737`
ssdeep	`3:qVoB3tURObOb0qHXboAcMBXqWrKb0GklIVLLPROZ/eIwcWWGu:q43tIkObRHXiMIWObtklI5LPROeIpfGu`
Yara	None matched
VirusTotal	Search for analysis

Name	4959d54796fe546e_cc.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000005001\cc.exe
Size	373.5KB
Processes	2360 (oneetx.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`147402ef889308ce27faaeb9053e1b68`
SHA1	`bf9aa0fe0ede39d7fc2b3d97579a2e619b3f5d39`
SHA256	`4959d54796fe546e0b57aae0be269718aa80e1d58c4e4e2f69152291e0f570ac`
CRC32	`073F0968`
ssdeep	`6144:5XKQuCRFsQ8LTSeSgoa8EL/9UF0d95FFqTrmDDsS:5XK8RztO7TL/WWLpqvI`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	13b4b17671c12fd3_oneetx.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\5cb6818d6c\oneetx.exe
Size	229.0KB
Processes	2536 (y51qo75.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`3308051ded87b1863a8d92925202c4b3`
SHA1	`7834ddc23e7976b07118fb580ae38234466dbdfb`
SHA256	`13b4b17671c12fd3f9db5491efb7fb389601b57ac7f89fd78638625c1ef201e4`
CRC32	`F6B5E8D1`
ssdeep	`6144:mKVNIG75NpcElElt/DgK1yuFShFBr2D+:/5KE6LguFS7BB`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library OS_Processor_Check_Zero - OS Processor Check Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_build123456789.exe Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\1000009001\build123456789.exe
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	f336fa91d52edf1a_clip64.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\a091ec0a6e2227\clip64.dll
Size	89.0KB
Processes	2360 (oneetx.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`73df88d68a4f5e066784d462788cf695`
SHA1	`e4bfed336848d0b622fa464d40cf4bd9222aab3f`
SHA256	`f336fa91d52edf1a977a5b8510c1a7b0b22dd6d51576765e10a1fc98fb38109f`
CRC32	`37F5B727`
ssdeep	`1536:fo4NPCKLbqoYkbpplW9YoUsxXzbcouNhj2ZszsWuKcdJUA6WaB89p:foUCWbBNpplToUs1uNhj25LJUAZaB89p`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE32 - (no description) Admin_Tool_IN_Zero - Admin Tool Sysinternals PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis