Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.18 02:11
DOCTOR FIRM ORDER FORM...
11.18 09:11
babababa.exe
11.18 09:11
Jagtfalkenes.vbs
11.18 09:11
windows_update.dll
11.18 09:11
nicko.exe
11.18 09:11
GHO%E9%95%9C%E5%83%8F%...
11.18 09:11
stories.exe
11.17 10:11
wwbizsrvs.exe
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe

Latest News
11.18 05:11
Strela: A newcomer in ...
11.18 05:11
A week in security (No...
11.18 05:11
A week in security (No...
11.18 04:11
카페 어니언과 함께하는 2025 코리아브...
11.18 04:11
Singapore Oil Tycoon O...
11.18 04:11
Exploit attempts for u...
11.18 04:11
NSO Group Exploited Wh...
11.18 03:11
대한민국 전통가마 연구소 ‘태고사’ 20...
11.18 03:11
더 청담, '2024 전통문화혁신사업 수...
11.18 03:11
동방이기제작소, '2024 전통문화혁신사...

Dropped Files | ZeroBOX

Name	8829ad562d732c58_css[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\CSS[1]
Size	15.0KB
Processes	2648 (WhaleSetup.exe)
Type	ASCII text, with CRLF line terminators
MD5	`54bceffd2ad24e3e0e95e6c0136a3899`
SHA1	`c56a2ad9a512523851bda534c497e31d86e86520`
SHA256	`8829ad562d732c58bc6c0242ef12363fb574fcd681317d59abfda92ee00a61e0`
CRC32	`7BC6E839`
ssdeep	`192:WXDNtUy4XKtC4VdkeJzeAr+lfGtbpr67OYlvHrji+gZTeRA+W5:2cXKj`
Yara	None matched
VirusTotal	Search for analysis

Name	0ef623cdd973c754_css[2] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\CSS[2]
Size	1.9KB
Processes	2648 (WhaleSetup.exe)
Type	ASCII text, with CRLF line terminators
MD5	`d0f4ec15db88837123172e0fda617798`
SHA1	`8e329cbc356d418d9520acec642cbcb0683a3e91`
SHA256	`0ef623cdd973c754b7a6218b4500e2b39b9e2025d27f90c6eb9c1c57bf43b5b8`
CRC32	`4C43C277`
ssdeep	`24:eUqAcZN68To8xyzxWoh2sFYMLlzQi3O3X3qlH3X/x3mxiJ1gPTyE3PoVPNo5XIU5:Tq/ZN6yoLo+CCzQ3uH/WyW+FDqVE/G`
Yara	None matched
VirusTotal	Search for analysis

Name	d7c36643f8333e65_png[2] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\PNG[2]
Size	1.0KB
Processes	2648 (WhaleSetup.exe)
Type	PNG image data, 10 x 5, 8-bit/color RGBA, non-interlaced
MD5	`67fbdb76a156c47890249f0b5f0c4d61`
SHA1	`ae53b36a87f4912199d0c9a54b9a78f35b80e322`
SHA256	`d7c36643f8333e65c24238c8aacfc3c5a4e28f86bcaabf583cae4bf98a57ee25`
CRC32	`55018D6C`
ssdeep	`24:m1he91Wwjx82lY2T3o5VWSqcyJ3VLIHslGePI4twM1:sqQNn2q0J3ldFPptwe`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	c42241c7259e02da_148[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\148[1]
Size	16.2KB
Processes	2648 (WhaleSetup.exe)
Type	HTML document, ASCII text, with CRLF line terminators
MD5	`f056064abd4f56dfc2401203294b8680`
SHA1	`df621654e111fb590d84a4c0c4acd41df2a8daae`
SHA256	`c42241c7259e02dab6d91fa953611fa4ea51fe28061962154a61b60d9e5c4539`
CRC32	`29F96E3C`
ssdeep	`192:5Ju7Q0zCYms3g3kr9kEaA5YR+UV7m+Hwi2iAiIiS7xv0:5Juc0zjBQ3krD75YR+UVLQi2iAiIiS7m`
Yara	None matched
VirusTotal	Search for analysis

Name	6069f5d736f7af56_png[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\PNG[1]
Size	1.2KB
Processes	2648 (WhaleSetup.exe)
Type	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
MD5	`7fb0d0fbf98482e31c993fe9a8f80084`
SHA1	`388b19864702fab53e23a94f573b844429b13199`
SHA256	`6069f5d736f7af56c63a0b6e79e4e15c228bb43b7224033b7a1a00ec6bd82eb9`
CRC32	`C4E6385D`
ssdeep	`24:W1he91Wwjx82lY2T3o5VSISrcyJ3V1HsYlGjT97kZHQ/GIb9:cqQNn2qIJ300o9gZH8GIb9`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	27fb7ddde94d1026_png[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\PNG[1]
Size	1009.0B
Processes	2648 (WhaleSetup.exe)
Type	PNG image data, 11 x 11, 8-bit/color RGBA, non-interlaced
MD5	`7da9b88f67f6ffd836388db293f12e0a`
SHA1	`fbe7e39c5b7724f663626688d28527aac274634c`
SHA256	`27fb7ddde94d1026bc54ac2baab978777b94b66dcb60ab3dc6ab647e3e31f9ff`
CRC32	`CC4DB8E1`
ssdeep	`24:RAMQ1he91Wwjx82lY2T3o5VhfS8fcyJ3VTfH/flGi6:S9qQNn2qbt3J35Hdw`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	8837908005ecf68b_whalesetup.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\{E058CF37-5A13-4EAB-88B6-CA22D6D66960}\WhaleSetup.exe
Size	2.2MB
Processes	2556 (WhaleSetup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`19c567c8de788b3954e8a16e5656cc6d`
SHA1	`884816c3bf3dc195cd658a14229574a51c18b41e`
SHA256	`8837908005ecf68bc4fc4c8adb6689f3bd42eb36f2c1248dfd611ab8b366c5fb`
CRC32	`1524F07D`
ssdeep	`49152:suHkUNYObLhcau0fTDE7b2/g8FnCjKwF6qUr1FOgDyWKoB+hEFMfBZKtgSIvZ9JT:XHzmkhhumWag8FnCjKwMBFOgWWKe+hE2`
Yara	UPX_Zero - UPX packed file IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	fb455b294a62e14e_css[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\CSS[1]
Size	1.8KB
Processes	2648 (WhaleSetup.exe)
Type	ASCII text, with CRLF line terminators
MD5	`b259ab7d76235a177dc2d0f377e26fb3`
SHA1	`a1c4f59491bb4ffd7e1cf0a0c10da09904d78def`
SHA256	`fb455b294a62e14ef6befe3ba081f0812aa322ec593cbe26c32b78b889bd69b1`
CRC32	`0B1C075E`
ssdeep	`24:eUqAON68To8xyzxWoh2sFYMLlzQi3O3X3qlH3X/x3mxiJ1gPTyE3PoVPNo5XIUAm:TqHN6yoLo+CCzQ3uH/WyW+FDqVE/G`
Yara	None matched
VirusTotal	Search for analysis

Name	ca76012cc9a978da_css[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\CSS[1]
Size	14.3KB
Processes	2648 (WhaleSetup.exe)
Type	HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
MD5	`d1023190442c3e273ae8f1802623b997`
SHA1	`52040226575d03e9beabb50c097faf0403514bc3`
SHA256	`ca76012cc9a978dad8f1de1ecbefd834ebe664e97d5bf2a80984eb2b5537a2f2`
CRC32	`63682513`
ssdeep	`192:mY+IQx0K4IPVTZEspRkIZfl8Z2c+qLb7vTO1LPiTP:mtyuWszvFmZfjiRPeP`
Yara	None matched
VirusTotal	Search for analysis

Name	106b1e90ee414f41_css[2] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\CSS[2]
Size	22.9KB
Processes	2648 (WhaleSetup.exe)
Type	HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
MD5	`2baacc18bd21c353fbd7ce1890d4baed`
SHA1	`a219477ce8cb6c41f8c1c9da8d1fbef1d15f6784`
SHA256	`106b1e90ee414f41d14cb75b9fd42b021a8235bf7a009f715b544311ababe772`
CRC32	`6ED89FBD`
ssdeep	`384:6A4r9eHaORjAI/HO5qpOwvxZLidHxerI7Yj3QG7cuP:6lr9yaOVAwhpOwLidHxerI74QAcuP`
Yara	None matched
VirusTotal	Search for analysis

Name	dedab8dfbb532b37_png[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\PNG[1]
Size	3.7KB
Processes	2648 (WhaleSetup.exe)
Type	PNG image data, 206 x 56, 8-bit/color RGBA, non-interlaced
MD5	`3f3d2f051f41b95f2887b505a7ee2d3c`
SHA1	`6863799d5ff550262ab8938eff704cb1cd6b41a9`
SHA256	`dedab8dfbb532b37e0517c392df3778ac67d00181715c49b8cc40010bea222fa`
CRC32	`869F4CC0`
ssdeep	`96:GzMCppEkoY1B8yAsZycz/6smQStypTmDAz1l75f:GzM4EW3Ic76sasPf`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis