Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.18 02:11
DOCTOR FIRM ORDER FORM...
11.18 09:11
babababa.exe
11.18 09:11
Jagtfalkenes.vbs
11.18 09:11
windows_update.dll
11.18 09:11
nicko.exe
11.18 09:11
GHO%E9%95%9C%E5%83%8F%...
11.18 09:11
stories.exe
11.17 10:11
wwbizsrvs.exe
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe

Latest News
11.18 05:11
Strela: A newcomer in ...
11.18 05:11
A week in security (No...
11.18 05:11
A week in security (No...
11.18 04:11
카페 어니언과 함께하는 2025 코리아브...
11.18 04:11
Singapore Oil Tycoon O...
11.18 04:11
Exploit attempts for u...
11.18 04:11
NSO Group Exploited Wh...
11.18 03:11
대한민국 전통가마 연구소 ‘태고사’ 20...
11.18 03:11
더 청담, '2024 전통문화혁신사업 수...
11.18 03:11
동방이기제작소, '2024 전통문화혁신사...

Dropped Files | ZeroBOX

Name	89a70443d2aeaa18_poxuipluspoxui.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\poxuipluspoxui.exe
Size	128.0MB
Processes	2052 (setup.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`97590f445912a8777a6b7a6870fad578`
SHA1	`a4cabd2ea10a031f35464e8e0bf77dd3f4c3c6fb`
SHA256	`a9c082d7cc1a75ae0428d2c94443fcdb383adcb72f924d6b7b46db90604b3459`
CRC32	`810A5436`
ssdeep	`12288:3tkXzyzv1qQV4BtnsdTv6mRLaf61FuqIVC:SXzyzv1K7sc2af6/4C`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT IsPE32 - (no description) PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library
VirusTotal	Search for analysis

Name	b9dfbd3e668ea309_cock123123444.bat Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\cock123123444.bat
Size	53.0B
Processes	2052 (setup.exe)
Type	ASCII text, with CRLF line terminators
MD5	`2a48b826a710b2c47581fbcfef047333`
SHA1	`47a76dcf11f5447099f6fbe05948b9f28b68d8d1`
SHA256	`b9dfbd3e668ea3099a88d65d8d3a6dc03396ceca1a0e4535ef4f23a597727744`
CRC32	`C1A79034`
ssdeep	`3:k1AIDGXUWL6vdGOAh2J:k1AI8UWYdG5+`
Yara	None matched
VirusTotal	Search for analysis

Name	b172729a55801539_outputwvlma2pdke.txt Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\outputWvlMA2pdKe.txt
Size	1.2KB
Processes	2972 (poxuipluspoxui.exe) 2804 (animecool.exe)
Type	ASCII text, with CRLF line terminators
MD5	`2fc1b96d4efa374323688ccd6876afdf`
SHA1	`65e9908430271b2904cbac58b543a2711a3ea3d3`
SHA256	`b172729a5580153904431aa48e90aeb12fc3822edce6e5634cfae2df07b297f1`
CRC32	`3F8A1602`
ssdeep	`24:xl6TXB6uRZscWGmK2z8xMo1m3bS9Y8TuP0+sVXmEcc+o3Y:xhymK2AxbmN8T5Ko3Y`
Yara	None matched
VirusTotal	Search for analysis

Name	230967379b9bdeed_nig1r21312312.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nig1r21312312.exe
Size	128.0MB
Processes	2052 (setup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`474688236b8b08b27aeb67f248879bd8`
SHA1	`d2fe3001638e7d8fadec353738b7455f7dfe4994`
SHA256	`2d228c5474721d2bd164622d3ca95aa6c76b690f87498d9721c0e0aad81421f8`
CRC32	`95157D9C`
ssdeep	`768:UDR7drWxRrYJAgERvFAREX5DyzaccyOkVDIBF9K/phcanwUaajMIWCW2jsV0:2A3cJAgmSRC5DcLxIBLGwUgIW2sV0`
Yara	UPX_Zero - UPX packed file IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	1c2eac4863b51371_sdfsfs3wefdsfsdfsd.bat Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\sdfsfs3wefdsfsdfsd.bat
Size	87.0B
Processes	2052 (setup.exe)
Type	ASCII text, with CRLF line terminators
MD5	`1da7fac267bc777990be9cfe816dabad`
SHA1	`76956769fd1c1cccf9a830b76415319f1960122c`
SHA256	`1c2eac4863b51371c56606c5d6fa449c863920dd1d60184e1dc43b2ddc72d5e7`
CRC32	`A86042B9`
ssdeep	`3:k1At2bJ6d5tPZbJ6d5tdG/W3tYn:k1Atjd54d5F3+n`
Yara	None matched
VirusTotal	Search for analysis

Name	988bf35e06ed737c_fds333333333333333.bat Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\fds333333333333333.bat
Size	55.0B
Processes	2052 (setup.exe)
Type	ASCII text, with CRLF line terminators
MD5	`78d34993a3f671785ab9ad1097e6620e`
SHA1	`ff600ffda2d8661cba3f1352b6df9eeff39c3b10`
SHA256	`988bf35e06ed737cff745ce0b33df976634072586148fba37f8056b294c0404c`
CRC32	`B7875DC1`
ssdeep	`3:k1AwALvVF9wGvBwTRMQzdA:k1AwALNFSGuA`
Yara	None matched
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14___tmp_rar_sfx_access_check_34915390 Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\__tmp_rar_sfx_access_check_34915390
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	95442004a12f5877_misakamikoto213213.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\MisakaMikoto213213.exe
Size	128.0MB
Processes	2052 (setup.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`d1267f2b97b24958594ff2dff4f14bc5`
SHA1	`df1acc6714d8c3bc9eee6eed2254971f435f3bec`
SHA256	`6ca658f9856d4b5657d00fc0f80382ff2dcd870fce9840ac749a4b37c4c6f5d3`
CRC32	`597C7EEF`
ssdeep	`12288:i7hOtDAOviRs76x4uRyafRpHzY0PzGtFDdKsPHUbD6CF9KQzEBgk:i7hmAOKH2uRyafrHzY0P9sPdYKQzEv`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT IsPE32 - (no description) PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library
VirusTotal	Search for analysis

Name	2dd956b770de14ca_animecool.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\animecool.exe
Size	1.8MB
Processes	2052 (setup.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`96289e39f5ebfe7268735134d6ff1b98`
SHA1	`a84ea4b2f4ac506ccc1ab6d576c398685acc2a84`
SHA256	`2dd956b770de14caca1852de96886e69650cb22ca001cf3b8aa2362d9b40aa8c`
CRC32	`4E9BF21D`
ssdeep	`24576:NNKor7znjTL+k2CELv8hgX76h+Rv0ZnmRofOgMIH3VT0GTe3HmKD8KE4yQ4+oQUw:4A+X3hDXInEl`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT IsPE32 - (no description) PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library
VirusTotal	Search for analysis

Name	0c79bc65a0f5689f_animecool2.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\animecool2.exe
Size	128.0MB
Processes	2052 (setup.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`5c27caa7b63231e9c11451b9db22d625`
SHA1	`44edc0d49b78886ed6cecb7c54cbf69d0d295e4a`
SHA256	`ccc1f8b85bad7654be10ebe7b0b49a01e6898c0c86414a26f2023bb1535619bb`
CRC32	`503207F7`
ssdeep	`24576:Z7k81D5idk4ccnLitLTJBiVA5HoAySADxyeCTVK4NALYsIGkoW1v+zSMonAITtOZ:o99EiVA5BVEIPH79a`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description) PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library
VirusTotal	Search for analysis

Name	6bd5ff73cf964b3d_outputron2m9kqhw.txt Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\outputROn2m9KqhW.txt
Size	1.2KB
Processes	2916 (MisakaMikoto213213.exe)
Type	ASCII text, with CRLF line terminators
MD5	`bcae21a8cfd0cc87bbc02b5c2facf1b6`
SHA1	`670b454c617e7a79c3129866eb241090a19464fb`
SHA256	`6bd5ff73cf964b3d51b1ac8b5aa99a68d9e15458610ac50b5929e393d7c80b9b`
CRC32	`9F70DABA`
ssdeep	`24:lnLOxCiD+ahgn6E7h8iQcalPdeTHmrkurEGCPhjk3jiHEMnQXHdZ:lnwT+WC6E7h8mCdekkul01aWNQXHP`
Yara	None matched
VirusTotal	Search for analysis

Name	4cab9b91745224c8_govno312321412412.bat Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\govno312321412412.bat
Size	64.0B
Processes	2052 (setup.exe)
Type	ASCII text, with CRLF line terminators
MD5	`d930ae56d269e8cbf42a884838a1940f`
SHA1	`86b54cc38ea58a602a8418c256deac72ef7bda95`
SHA256	`4cab9b91745224c84bf43bd0702d6754f311f0a0c62669311d05038c3fc06d32`
CRC32	`6AD8D4D0`
ssdeep	`3:k1At2bJ6d5tuRR+4:k1Atjd5K3`
Yara	None matched
VirusTotal	Search for analysis

Name	619d5eac499a6c0a_output.txt Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\output.txt
Size	1.2KB
Processes	2804 (animecool.exe) 2972 (poxuipluspoxui.exe) 3036 (cmd.exe) 2916 (MisakaMikoto213213.exe)
Type	ASCII text, with CRLF line terminators
MD5	`464835117cdf3c8db1c1478d60ec77f3`
SHA1	`91f3217b94be07098951d53a53f8c670a30419be`
SHA256	`619d5eac499a6c0a394468df06f9a940a8466704334d5dbf76e3b8b81f22eeae`
CRC32	`8E63C132`
ssdeep	`24:7ln6ozUYGOHR5qirzO6pecRxrO1nctnZwnJdIZpgOJn7aUeL7SsQti:1NQYGOx5qir/gcHrO1cMnJaZv7HeUti`
Yara	None matched
VirusTotal	Search for analysis

Name	fc6d3077b4780208_cockcreator.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\cockcreator.exe
Size	44.9MB
Processes	2052 (setup.exe)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`433606640a3dec7ee81313c07b49a952`
SHA1	`2cbc542fe3a338d9c22c81c93ee65c092c434e85`
SHA256	`fc6d3077b478020805b27c365bf550514235d5c31939ed87c2d302b41a1e35e0`
CRC32	`01721E32`
ssdeep	`393216:d76L6otUitqtH7wHtXq2pt2jbOCacCFIK0fpP9HF4VW8yftnVQx4urYsANulL7N/:d0LoCOn+2ts4urYDNulLBiuL1mksND3c`
Yara	UPX_Zero - UPX packed file Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen OS_Processor_Check_Zero - OS Processor Check IsPE64 - (no description) Malicious_Packer_Zero - Malicious Packer Javascript_Blob - Suspicious obfuscation blob script PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis