Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.18 02:11
DOCTOR FIRM ORDER FORM...
11.18 09:11
babababa.exe
11.18 09:11
Jagtfalkenes.vbs
11.18 09:11
windows_update.dll
11.18 09:11
nicko.exe
11.18 09:11
GHO%E9%95%9C%E5%83%8F%...
11.18 09:11
stories.exe
11.17 10:11
wwbizsrvs.exe
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe

Latest News
11.18 05:11
Strela: A newcomer in ...
11.18 05:11
A week in security (No...
11.18 05:11
A week in security (No...
11.18 04:11
카페 어니언과 함께하는 2025 코리아브...
11.18 04:11
Singapore Oil Tycoon O...
11.18 04:11
Exploit attempts for u...
11.18 04:11
NSO Group Exploited Wh...
11.18 03:11
대한민국 전통가마 연구소 ‘태고사’ 20...
11.18 03:11
더 청담, '2024 전통문화혁신사업 수...
11.18 03:11
동방이기제작소, '2024 전통문화혁신사...

Dropped Files | ZeroBOX

Name	086ddd0fa9358882_vuekvdfggd.xml Submit file
Filepath	C:\eegv\vuekvdfggd.xml
Size	739.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`f51a63a1d12665d7312704e9ef16cdc2`
SHA1	`2e62c7d776e5d693d9d69924868238cfae00425a`
SHA256	`086ddd0fa9358882c02408bab0777b9e06fe6ecaa1beacc166c6ce30aea33bd9`
CRC32	`69F6FB59`
ssdeep	`12:O2WimHocw73Fyt3ATrUSwPu9rC4ciae+/swXqio9HajRXCu84kDDkPck:OYmHq73vTrOG9Bcv/swro96j584+AD`
Yara	None matched
VirusTotal	Search for analysis

Name	ad24b5f4393488f8_oqpg.docx Submit file
Filepath	C:\eegv\oqpg.docx
Size	621.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`478bc86ea10d8813d42064e72ce78217`
SHA1	`191145e411c1025a20ad287c4eceb04c2a118dfa`
SHA256	`ad24b5f4393488f8c8589aab908ea8cc6560ad115ec7bb86f1eee7e9df8b9825`
CRC32	`66B2DA15`
ssdeep	`12:s7fiD3MOY9JgNXamxk/0Kgz673105ldh3uwJgPKPOkZf+eKh/:af9OY9JgNTxk0G73Kph3uTitZfCh/`
Yara	None matched
VirusTotal	Search for analysis

Name	cd06fe6faee5dd3d_ioasoh.txt Submit file
Filepath	C:\eegv\ioasoh.txt
Size	594.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`723dc3f7d135864061250f75cbbda9d1`
SHA1	`d1cc885fda7b1b43bef5880928dc708129c0871e`
SHA256	`cd06fe6faee5dd3d70a95284ca0b4bdbfd3e5adf378d40b7cdbb9755412c5813`
CRC32	`6B31267F`
ssdeep	`12:iErXk8hQZL7a0p3ZEqp5+XjSMP/5vW2paJv7EYEoaFNZz:DhQ9WYEqpozSOxvraRoYz6z`
Yara	None matched
VirusTotal	Search for analysis

Name	14e8a8d81f97464f_cqmorjr.docx Submit file
Filepath	C:\eegv\cqmorjr.docx
Size	684.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`2015fbe3a777f763350cd472a12bba86`
SHA1	`e4d1b4637d6dc60bb7b37e40122ceba83d6cda94`
SHA256	`14e8a8d81f97464f86a7e644982a3377791232463c312187fd20d71094c8f821`
CRC32	`68D7808C`
ssdeep	`12:WWR7ECxR+0bvo3v7mHOyd1zHNZNlqzHLRJcwVnRG4KzsO5vcS5RwwmD5G1845+ov:fR7EW03DmuybDNleHFplTKX9c4W45/`
Yara	None matched
VirusTotal	Search for analysis

Name	fcdb65b555b63492_wxfkxfkvh.dat Submit file
Filepath	C:\eegv\wxfkxfkvh.dat
Size	617.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`1f6b231ea2310b9310e80e2e8ed2bfe9`
SHA1	`5372839114b89cdd902b8c3b880dc5d78452b86b`
SHA256	`fcdb65b555b63492954b35dbc63ed041f507928cb50fb823baa1150ff684605c`
CRC32	`3EA29C8E`
ssdeep	`12:WUWifCF6drNrI2FdlTREK6IybfVERddJU6q6TmjTEBUK9gRCxd0BOhbWkM7EOUH:YcCAXrJdeIwfVCdmTBK9020obtGEOq`
Yara	None matched
VirusTotal	Search for analysis

Name	1f669c2bd90a17bf_jntniga.icm Submit file
Filepath	C:\eegv\jntniga.icm
Size	530.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`955d31d63554f079d8b42536424aff69`
SHA1	`79bf837f78734a72226352262e10caa0f5adb9d3`
SHA256	`1f669c2bd90a17bff822d9ad21c178634be98d13ba2abece362a14aaa3d46f9b`
CRC32	`8F48E106`
ssdeep	`12:Mi9q01fPs6FJprFrcGKPgyFFCZY5y2QSFy:M10RDjofPgMgeyF`
Yara	None matched
VirusTotal	Search for analysis

Name	cb0ad8aa314b7634_cfbow.xl Submit file
Filepath	C:\eegv\cfbow.xl
Size	571.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`e719adbde86929b9654430c84a87b472`
SHA1	`6a0c8ddcb6040756a1db3f01ae736f8e208d67b3`
SHA256	`cb0ad8aa314b76345c09ad5d6efcb7b4db7b1b8c9d32c7f7d4eacb27279b3555`
CRC32	`6646ECEB`
ssdeep	`12:k6I6Gkqz85nVssv2me7cybClQKIgzFhcfti7E7Zo+95XpycD7v:fqjzYeX7I02yf07kh95rv`
Yara	None matched
VirusTotal	Search for analysis

Name	7f3fe0e1bf386ad2_qwquwr.pdf Submit file
Filepath	C:\eegv\qwquwr.pdf
Size	612.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`f3d4f1492a520144750a17997251ec2f`
SHA1	`47a40fe708a17b289dca688e8211dd5b27e42cf7`
SHA256	`7f3fe0e1bf386ad2e660a290b6d39dff26f3bc50b943f7ca0d352c3dffa5d299`
CRC32	`B69199ED`
ssdeep	`12:EWqZRPFdLD20wC6zuoiWkjwXrCnJCgrFJbUWyvTmjNDmZn:EWwRPFZ2CMuoiJKrpuFJ8Tm6`
Yara	None matched
VirusTotal	Search for analysis

Name	3198f950f203d084_rhrkb.txt Submit file
Filepath	C:\eegv\rhrkb.txt
Size	759.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`1a57c05c2dc399bbbc0bdb6ffbb5a9d2`
SHA1	`f45fba3a79fcfbaac2293ead924bee261958987f`
SHA256	`3198f950f203d084a9b52b8eca8cebd9a5717faa133e3727571e2d2234db5f9d`
CRC32	`56045259`
ssdeep	`12:J5NPJFWoEhD6PLD5YaUi2vrSKZiGlID/5MgORbzjhPxoCuDb3lmU6B1gs5cBELX:nFWxwD5Ya0+KZ5adMg+fdxo/TUx4hB6`
Yara	None matched
VirusTotal	Search for analysis

Name	cdf49a60e68e69c4_nulfijae.exe Submit file
Filepath	C:\Users\test22\temp\nulfijae.exe
Size	85.0B
Processes	2908 (eepvjjf.pif)
Type	ASCII text, with CRLF line terminators
MD5	`a32fe046e3be3b596cffa6564bf3d51f`
SHA1	`8e351ef9adeae218171b82f652a4d820f1d98a08`
SHA256	`cdf49a60e68e69c43a70848b65a0de9d4f8bf074fcdb5f6e7df4b900de42ac44`
CRC32	`14755EBC`
ssdeep	`3:YRRvufoMhSl/Y9JlC9hRGdY/gRTDL0y:Avqhs/coGiiTDIy`
Yara	None matched
VirusTotal	Search for analysis

Name	b60ef00be06b77d3_ncvwgifaxh.pdf Submit file
Filepath	C:\eegv\ncvwgifaxh.pdf
Size	630.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`475d62497d5d4cca692e2b6429762adf`
SHA1	`9d76425bbe625329417e99a1fad3ac56e85fe531`
SHA256	`b60ef00be06b77d3c8f7127e79f90cd391babf637d40fd9682c6b03e2fa3e752`
CRC32	`34C3845B`
ssdeep	`12:w8mN8uTOy2ziPCXiOQG+1Ckll5LmueDTq1LcAdXsamZf74i:UBLPCXb/0Ckll5LKOL/VmZ0i`
Yara	None matched
VirusTotal	Search for analysis

Name	3cfbca3493ed0388_reujc.dll Submit file
Filepath	C:\eegv\reujc.dll
Size	646.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`2e10b91ea936ff651812382e29fd7589`
SHA1	`68f50fb09f129e7f98f7dcb947e6faab1f084fc8`
SHA256	`3cfbca3493ed03883fbbeb37e5f4261e2cb712f85d53f87e2a19848964b94507`
CRC32	`E06150D9`
ssdeep	`12:UyiIxn1fZt56jQK6n3ZbBLcbdBkOajYk+jM1WkM211iL:1RnPt56jQKWZbBLcbdyPjYLjRkB1G`
Yara	None matched
VirusTotal	Search for analysis

Name	6df78b23c34e606d_nulfijae.exe Submit file
Filepath	C:\eegv\nulfijae.exe
Size	38.0KB
Processes	2656 (Halkbank.exe)
Type	ASCII text, with CRLF line terminators
MD5	`3a996796b0c8320632b74b422705dab6`
SHA1	`46a9b49bc9e3241053a281a1bbf66299b37c17d0`
SHA256	`6df78b23c34e606d0d5271b747a3f080f7be23b727fb6112291d32b85150097d`
CRC32	`AFC01DBA`
ssdeep	`768:Qs+kxV9Q/QG+e2+lt02GhlZ942jj4Lg6hgX56atbzt40DPcpK++9vdB:5TV95R+lteTZfjj4Lg6hgX56ar40DPca`
Yara	None matched
VirusTotal	Search for analysis

Name	9cf63fa484618904_vcnpal.xml Submit file
Filepath	C:\eegv\vcnpal.xml
Size	636.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`a42f46679bb6766caf6c818deda9102e`
SHA1	`beafb09be553602c330ec157717c015cf3dcf8ee`
SHA256	`9cf63fa4846189045d8a77c19555d8fa3241b6ced5985b0c2771ff1dba66dfef`
CRC32	`C743035F`
ssdeep	`12:8dP6h16ZSHqb5HkRYNGFcRJKy68/6VKcvQvXCUq9E2RPSK+py:8diT68K5Hk+NGFwZ6VKc4Phq3SK+py`
Yara	None matched
VirusTotal	Search for analysis

Name	401b406b5a51edae_evsuni.icm Submit file
Filepath	C:\eegv\evsuni.icm
Size	685.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`d73f09aed69383027da3110fc5d320d5`
SHA1	`6a142bbc0aae58f58c9e2b04b459ece6de991ff3`
SHA256	`401b406b5a51edae08a07413d3f05a48d2651515bca00b78fa9f26024b158929`
CRC32	`2A6A5F29`
ssdeep	`12:At2yTOKKSehzj9M1fIpQMG+WnPKZ+Z/OAY9yjXkIJqhZjg5GiW90EfDR6qLB:3Kxetj9M1QpenVFZTkIGi8nV6qLB`
Yara	None matched
VirusTotal	Search for analysis

Name	e1031a367ba58d6d_offcoit.mp3 Submit file
Filepath	C:\eegv\offcoit.mp3
Size	650.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`bcc8949cb5b7fc83a5dd5eb95af8a648`
SHA1	`02c5ce919388a84f68b4c23cc6e55935b1b17cc1`
SHA256	`e1031a367ba58d6d1b8eacb2fc88952252730b8ec03f1a8d821dbb31df04f10d`
CRC32	`CCEC378C`
ssdeep	`12:Kt66e29K1pT+Th7TDcjPeoX9ukAVCTXPbTBFx3o7whg74bg55vXilZrkjR:Ktrepp6t7UqoX9NAVKXzTDxYqgggbvyi`
Yara	None matched
VirusTotal	Search for analysis

Name	af57b25d029ed2a8_vvlc.msc Submit file
Filepath	C:\eegv\vvlc.msc
Size	667.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`41ea06d3760123c29e8438659c268996`
SHA1	`b5bb60d72f5bfd78ff44cbfd56c79249aee8c8e5`
SHA256	`af57b25d029ed2a8a0faf1a1bae58ab0954f01fb09ecf34595491d6ebd146fff`
CRC32	`F53E2CE8`
ssdeep	`12:mjVDIV4iQLEz9q4GXjezVW70V6L9O+/HdRzIOj2k49dHUXhWd6:mjJrieO9/EaxGsqHvzIOj2kudH046`
Yara	None matched
VirusTotal	Search for analysis

Name	49ae6a3278dc1e2d_cwerhwtmtu.msc Submit file
Filepath	C:\eegv\cwerhwtmtu.msc
Size	551.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`504aa878a5d0dc4d89e1f46e19d018a3`
SHA1	`893a14e3f7776fa5fd9b17701122740c3434d8a4`
SHA256	`49ae6a3278dc1e2d92f61ec40aecbc79b7bcde1032181188b453449276801d7d`
CRC32	`B0D76BD8`
ssdeep	`12:jzGoOoV46dat/C7MXBApLpX2u2UiCsYE8IsmNRrJgLiTIVX1qJ:mHk0/CwBABpX2qXo8IsmHnUqJ`
Yara	None matched
VirusTotal	Search for analysis

Name	f56bb605381966bd_eepvjjf.pif Submit file
Filepath	C:\eegv\eepvjjf.pif
Size	2.8MB
Processes	2656 (Halkbank.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`a367c14c17bc7883095df68fcbdba889`
SHA1	`a3c428101ad05113af2a0f6d054ee5fb26e833fa`
SHA256	`f56bb605381966bd486e6c76e9684c52d67749030327d6c48c64831a10059249`
CRC32	`1B7F0AF0`
ssdeep	`49152:237+KSbq5e1diEnHaI6Ntojoco2xHoCkIEA7/eFGErrpV:KRnwdiEneYjk22CkIEa0vf3`
Yara	UPX_Zero - UPX packed file Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description) PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library
VirusTotal	Search for analysis

Name	18483902de74d5db_vlkwg.icm Submit file
Filepath	C:\eegv\vlkwg.icm
Size	514.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`ea3317a1eb40d7f6f0693065e4bd56ee`
SHA1	`15beecc78df95727c11ec322267f5dc8100c2d48`
SHA256	`18483902de74d5dba52788d685f962bd3e0385cc349cb7b5a82d7e0528b9c8c8`
CRC32	`BCBC671C`
ssdeep	`12:uVwG+298DMbG6fFj4SZ04WPfMNmQo2twq/+Z7P+v:F+5Gkj4I0r32Cq/2PQ`
Yara	None matched
VirusTotal	Search for analysis

Name	a270bc21b849f5d9_ugfdopc.msc Submit file
Filepath	C:\eegv\ugfdopc.msc
Size	644.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`8c714c1c5f6be60b28a4a1db197bdf2a`
SHA1	`dc06340a6494437c903a35f8c69fc5f8c3d220af`
SHA256	`a270bc21b849f5d98a6144a0992b5eee8f206ab69e975476d12cc2228f9d69c7`
CRC32	`60A0EDCC`
ssdeep	`12:I9C13/4Sp2nOhdUzYztdeezo4X0pC0M+TwrRNKkHF3i+hn7YO0b+x:GoP4SpNhdUkztdeed0zxqNF197Yzb+x`
Yara	None matched
VirusTotal	Search for analysis

Name	14cc94cc783bc8f3_guvwhtstmt.msc Submit file
Filepath	C:\eegv\guvwhtstmt.msc
Size	551.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`a091b501ad12d0a697bfd4d780d5f632`
SHA1	`84028633abb91b312ec3265874c2de486a729c90`
SHA256	`14cc94cc783bc8f3d8fc54957ab94bbd548f11a540b14c80c4c65233c97e1abc`
CRC32	`0836922F`
ssdeep	`12:rX280uVJvnhvm4EoCfYiHN19TmTdzcm3XucZLSrmsXAmHVPW:rAuVJANYm3wcm35MmnIPW`
Yara	None matched
VirusTotal	Search for analysis

Name	83f2e69cba1c25c9_dkdcvs.ini Submit file
Filepath	C:\eegv\dkdcvs.ini
Size	705.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`a741146cf7d05c8d38a8839e52bef40d`
SHA1	`bcdc864841df1deeb87ce030f02f697dfd96ca8a`
SHA256	`83f2e69cba1c25c9df48d3b3da70e221d0ce52f9f5f85c74c37e3efc2e398222`
CRC32	`C7D64AB9`
ssdeep	`12:1hgQ/QJs/AYke0PQljFvhfTItR39w+VGBbruVzUu34K0BRA0tTz12Lo+rCTsv:1GaQJs/HyPQtVZTER39w+VGBbruVz13V`
Yara	None matched
VirusTotal	Search for analysis

Name	064adc49e170d49f_qrvtfpm.icm Submit file
Filepath	C:\eegv\qrvtfpm.icm
Size	531.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`f141740ea474ac5b8b7e227e54e92a7c`
SHA1	`0cc46efc087273f6fa8e17001348687a1078ccb3`
SHA256	`064adc49e170d49f15b5e4263cdfa8d478aedc7571f804e732f56bc902754d78`
CRC32	`5D52E74E`
ssdeep	`12:2FiFR/c+GS4iOLkMUGlzR4NOKyMHe1VRoxULC6DusPRB8WKygln:2mR/gS4iEkMUK+h+1VRiULC6DucRqSC`
Yara	None matched
VirusTotal	Search for analysis

Name	4d92abee9debe1ad_kafwhfo.bin Submit file
Filepath	C:\eegv\kafwhfo.bin
Size	670.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`bca8c1adf5599c2e02764ca8aed03fe2`
SHA1	`a101f9dcebf8db117feedcb18c202b08d14d7ba6`
SHA256	`4d92abee9debe1ad0f43c5145ec59adc2c3695fcf85ae0380dacdb545271c306`
CRC32	`5C1AE30F`
ssdeep	`12:8zC1xI2HZ7eamjy1iFycWq9eBQ7O0Rlf/tkxAuX7QwxkwviGF1PeTAovn:PZsW1iFy/qE4v3qb7vmSio1PKn`
Yara	None matched
VirusTotal	Search for analysis

Name	28a5b077bf01903f_ufxxtvkwf.xml Submit file
Filepath	C:\eegv\ufxxtvkwf.xml
Size	507.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`a4070176c2d5b5517af7d8e6f8ccc87b`
SHA1	`fb5ec99e274b9b5fefb86b221c851383b36a6c1d`
SHA256	`28a5b077bf01903ffb46eea818cce9cfdbd84101ebc5c2b53549f9c6245d9d90`
CRC32	`DE97C397`
ssdeep	`12:Gem8djAcSOBPlX3GZ4eCCrjzmH771mtl2XDwVn7G9zA05zn:GSrllGyEz41muCnyX5z`
Yara	None matched
VirusTotal	Search for analysis

Name	dfb3a8f30e515529_sxatjnhixr.bin Submit file
Filepath	C:\eegv\sxatjnhixr.bin
Size	503.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`536bbf275e23601dc55052396bcea912`
SHA1	`2850ea435b6bd265d0af443cd99c0f5f9dd99c0b`
SHA256	`dfb3a8f30e515529312dbf69f8cda2f31406b6d80f03c728d4cd5ba2522572fc`
CRC32	`96726746`
ssdeep	`12:whc8YFTuCZ9Zzm2IxS/NhHMn8IQdk1IiqXTyzb1EwWIE:whsT7uVUHHC8iqDWFWz`
Yara	None matched
VirusTotal	Search for analysis

Name	b51bbabc05ff41be_pcgh.docx Submit file
Filepath	C:\eegv\pcgh.docx
Size	723.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`7f139dd0a7e5c6a4da63106fe2620033`
SHA1	`15a22b1eabd6b491f07d30f4d47b167e991cce45`
SHA256	`b51bbabc05ff41bed656690701aff4f1411821114bf34df18b40cb862d47e67b`
CRC32	`98AF9DCF`
ssdeep	`12:Tgvu+oeUqb3mVHb+krJlMFLs6K2jzjWVpjBubpm+kb48iIkQT9jFlPNj0vlpN/IC:TOu+ovqzg7+MIFLsxGaVpjkdoT9nyNHZ`
Yara	None matched
VirusTotal	Search for analysis

Name	143c80a8990a2f63_gwvkihgbth.ppt Submit file
Filepath	C:\eegv\gwvkihgbth.ppt
Size	520.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`f4be1247c74b781d4f072eeb3abc771f`
SHA1	`097cee0c7746c14b02408df2f800ae14ed40ddc0`
SHA256	`143c80a8990a2f63f6bbedd338d9855161ff8d87ee6e27b91beb2c7e793ddc8a`
CRC32	`4BF3E3FA`
ssdeep	`12:vKPHyCnNMkzXMa8fg3qTLsXTorQPYNsPhiD5HuilkIfTjbc0zXiLtHeA:vKPHykWkzXGfuqMXTorQPgOiD5pkobc9`
Yara	None matched
VirusTotal	Search for analysis

Name	002ca2c3e6653e6f_vxeodm.xls Submit file
Filepath	C:\eegv\vxeodm.xls
Size	683.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`4b0aa0904a33e57cccf3e8fcda06faf6`
SHA1	`6d9f1734081004aba3f02d50e04e370a789ffbeb`
SHA256	`002ca2c3e6653e6f618cba70ec6395221b5779886ba3957d8e697d9620ff4a17`
CRC32	`568AC82E`
ssdeep	`12:UMpOOu59V5uK1CLJcJHPAyTeYSSF/HAThY/npwv7ibRmSR/oSapXEAeO/:BQ96K1CLJchIyTeYSSF/j/pE2lR/UEdW`
Yara	None matched
VirusTotal	Search for analysis

Name	eaa00e908d13f88c_gkcwhalltb.ini Submit file
Filepath	C:\eegv\gkcwhalltb.ini
Size	613.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`ca35fac0e27f6afde87a1819e3c789a8`
SHA1	`230592304823c16901a4fcb65f79ff2f4a015773`
SHA256	`eaa00e908d13f88ccb266744b5b41c84b172c1076ae0b16e90c4d7c2ae28ae61`
CRC32	`CABE1383`
ssdeep	`12:gWRSdJ9Jx9UikQNjkkFlFb1BIDW9hlX1iYXI3L4cWhIh50SJKDOCKi8+JwyR4Eu8:uJx9Uix9kylFnr9zX1iYDw50bDOC8X5W`
Yara	None matched
VirusTotal	Search for analysis

Name	ef743986c1db1256_ntdww.ini Submit file
Filepath	C:\eegv\ntdww.ini
Size	527.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`a98d22ed9ad5f4ee5bbf602aa6dac91d`
SHA1	`5ef5493858bd8b546239fb17ca8d63ada28b04b9`
SHA256	`ef743986c1db12568907c71a4b4055512f3b8e4c6deceff98e2b10975b8b8ea9`
CRC32	`FFCA0276`
ssdeep	`12:ARa0ABAtG3y9uJC4oxAbHwm0Eld7ISWmj3IgRIz:AQ4G3y9PXAbHwm0cd81mDVRIz`
Yara	None matched
VirusTotal	Search for analysis

Name	10ea85e7680a6bbc_hixfisb.jpg Submit file
Filepath	C:\eegv\hixfisb.jpg
Size	529.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`08fa388a165a34149858091d61b430c8`
SHA1	`e833c849e2c5565301000f31fbe0dba85bacebfb`
SHA256	`10ea85e7680a6bbc6780c778e626ea954b91999c893150fb7c82289dcf8f6c85`
CRC32	`395D66F1`
ssdeep	`12:sNefhjR87ipiPrAs5RLARCAE98RyTV3fOwHSNn:pk7OErAQeCh8RyTkwyNn`
Yara	None matched
VirusTotal	Search for analysis

Name	daf1c0bdd5d48c91_update-ia.c.vbe Submit file
Filepath	C:\eegv\Update-ia.c.vbe
Size	94.8KB
Processes	2656 (Halkbank.exe)
Type	Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
MD5	`78cbc1f30c554fad2b83b8ae662df625`
SHA1	`e0294073eec5202273f3236110630b0f703db102`
SHA256	`daf1c0bdd5d48c91e548c5277415893613fdcd6514cb44b1a337667d438318de`
CRC32	`5CC21877`
ssdeep	`1536:/C1CICOCxC9CPCICtCACNCzCrC6COCRCi:aIvlcwqvgnA2u5l8i`
Yara	None matched
VirusTotal	Search for analysis

Name	71f5ca0d534c731f_pxxt.docx Submit file
Filepath	C:\eegv\pxxt.docx
Size	578.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`eefc99a9a786a535afb5b60c66f68046`
SHA1	`f033a78fd23309f4506ce62d6671627d1d70d11c`
SHA256	`71f5ca0d534c731fb0d6d2426c2084141c165f3c95f636e00c46cc3e10e79fd1`
CRC32	`223E8141`
ssdeep	`12:6Oito+XZYs8IPUKCI/0Hao18HBidsELk/v1QHrASK9/F93aiZw9Hu1CD6t9uXB:67GQ+MPqCwqB+sdmMSKxn3aowBuADOyB`
Yara	None matched
VirusTotal	Search for analysis

Name	f8b1ee9eae172bb5_bufbpfvbu.txt Submit file
Filepath	C:\eegv\bufbpfvbu.txt
Size	518.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`7d551dca1810bd48e3969328b018c67d`
SHA1	`722f0818b7e7017ff0257955a088da0d7bdebcb7`
SHA256	`f8b1ee9eae172bb5d493cb34cedf0cc6b1fdde0d641880a9f8d003b7e06ecc11`
CRC32	`5C52554B`
ssdeep	`12:ea9WEndAn+llQUQZCkK06fxlAVaR81gs5TkCZmJON0HBoKBsf:P9WqAylQ10xlAVaR+tUOQ72`
Yara	None matched
VirusTotal	Search for analysis

Name	37f725072f6f06d6_wcnortcu.exe Submit file
Filepath	C:\eegv\wcnortcu.exe
Size	554.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`57c795773503b24bbe1fe5d9d19da2cd`
SHA1	`ebe342cfdc010f94c8ab5c4e36e5ec7caafe9cc3`
SHA256	`37f725072f6f06d61a1a06a5a5dda27f56b0ee00a1565faedde52e77d7a05910`
CRC32	`615B3F6C`
ssdeep	`12:MFWJZv+sntlMfsfGQEMF9tFuO04F99jGTMbebC8:0sRPteTQNDtoO0899uMCe8`
Yara	None matched
VirusTotal	Search for analysis

Name	d95be1a45e6fefb0_fvkctce.pdf Submit file
Filepath	C:\eegv\fvkctce.pdf
Size	514.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`d055d784e5c5fcfdac574f49dfa563b7`
SHA1	`6f02661851e448c0a1293449ec2ed10da7eaf759`
SHA256	`d95be1a45e6fefb0621f192956f80e0a98dffbbefb07b6fb27cda2c082a93ef4`
CRC32	`6968D845`
ssdeep	`12:D+piKHpb38GFqwpBwdEkmSkRA8DEjGG6Fo+ARjqUA:oiwl38GUwpGtmJA8DT/o/xqUA`
Yara	None matched
VirusTotal	Search for analysis

Name	849c852dfbd0d864_vpcj.mp3 Submit file
Filepath	C:\eegv\vpcj.mp3
Size	547.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`4b67b39555476ec4c3d661270fa4c6e9`
SHA1	`9e565a24a7bfa1d44b6e8fdbee0667e5e5f2e4e3`
SHA256	`849c852dfbd0d864225ce00834cc621f24522abcd864b11a72be341739e3d74c`
CRC32	`C871B979`
ssdeep	`12:+wmoxHAjDRLnVL2A5CoggQiJdUpcKZfKWPOZTZERYFhe9ZvPYNevE:+wm0UZ9n5CtPoUpcZ2OmKe9VPYMc`
Yara	None matched
VirusTotal	Search for analysis

Name	1fe38ddd738fd082_oked.ppt Submit file
Filepath	C:\eegv\oked.ppt
Size	520.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`31e06c9690b4f7413587ab2c46e29152`
SHA1	`3a337afb91e8927edf6c88cc3ee5615e1dde8f5e`
SHA256	`1fe38ddd738fd08237db105323e02a8cb1f86428d5845cde7c54da3f3736fd01`
CRC32	`66EEAD50`
ssdeep	`12:YrjFL1Gzl07NaHP2Xv4/4RokP0Hr7kZ+et8+M4e+KYV+n:6dEzIaHOXvFoq0H48+o+KY0n`
Yara	None matched
VirusTotal	Search for analysis

Name	6481d60b012f7335_mvjxf.xls Submit file
Filepath	C:\eegv\mvjxf.xls
Size	526.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`24f34f177ad5f238b8705b7e9f6cffb9`
SHA1	`67b757ace8ba307109b4f165756c384d297e724f`
SHA256	`6481d60b012f73350b5f5d533a57344e195245dba00c40cb82cbf2028c995b94`
CRC32	`46DD9353`
ssdeep	`12:8jzlmNC/bAQHGCs+0U2DbvPg5MTx+kxoSiiiWRGJcUOn:Yl+1c6DbvmNkxiuuHO`
Yara	None matched
VirusTotal	Search for analysis

Name	082888fe56822d50_vbofctscnm.dat Submit file
Filepath	C:\eegv\vbofctscnm.dat
Size	504.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`a5a49c9a34f581b7c8b6ef1209bb0502`
SHA1	`115d4cc90744acac6301359536eb78e12850b7ff`
SHA256	`082888fe56822d50228cf2cf0f3fc7bd24c40ffcd12618580f5894ae638ded8d`
CRC32	`B1D77E34`
ssdeep	`12:SVLA6Gwwt49/qxNFOXU9lkr8Kf2L6ssPTOqLGJjpEdkbP:SyotyFIUvW2L6ssLOqLoNP`
Yara	None matched
VirusTotal	Search for analysis

Name	34eefb099d4a68cb_nshcwborp.msc Submit file
Filepath	C:\eegv\nshcwborp.msc
Size	537.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`90e2d9e720c2043129076da3da30dcca`
SHA1	`d4002b21e6a90e480664c61b9263a54fcca608e7`
SHA256	`34eefb099d4a68cbceaecf16470b04242a51f5896943fcb5a461154eb2cdd067`
CRC32	`65AF2C24`
ssdeep	`12:UWZ2PjJBHLSSz8E1Za3yA8JSls99gDnIqsR8:NZ2t9xwurA8JB99oIN8`
Yara	None matched
VirusTotal	Search for analysis

Name	eda01af0683525aa_degt.bmp Submit file
Filepath	C:\eegv\degt.bmp
Size	567.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`5f46dfc1c2407405954348b164f99150`
SHA1	`5a33202645bbea229ebbb1072686b2b8548f9607`
SHA256	`eda01af0683525aa47b0a90e252bf16aff9246915eab5a8a20ccd532b7bf59bd`
CRC32	`1C7649B8`
ssdeep	`12:8vtLrPQu375fAeAfB4K+4VNbYIBrHScD/3wnRTeC:8vRrPQu3KB4K+4bYIBrDD/3wndeC`
Yara	None matched
VirusTotal	Search for analysis

Name	99af99cde7ee5a26_hfdmlkv.xls Submit file
Filepath	C:\eegv\hfdmlkv.xls
Size	756.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`2640dd8e4549082582693796343b8263`
SHA1	`42dfe03f2e9f428ce20a08ea7329cb90edf1b953`
SHA256	`99af99cde7ee5a26225e6b575de9dedc788c2c41f4d61b3aeff0f4f95fd340fa`
CRC32	`B1C8C536`
ssdeep	`12:fqS9X7w6HRhy6aw1JR3mY7aaIe/S+SCrAxVrrYRM4o74V+3JrCL/Kxg+:y6s6HN79mQSRKoprYR/tsW+`
Yara	None matched
VirusTotal	Search for analysis

Name	27326f76f35762db_iwqml.jwl Submit file
Filepath	C:\eegv\iwqml.jwl
Size	871.2KB
Processes	2656 (Halkbank.exe)
Type	ASCII text, with very long lines, with no line terminators
MD5	`2535808224f5bb6b65ac63c36d8a1b9a`
SHA1	`6f4c6ab4db5e0de6dfb214096378e6df71f202b3`
SHA256	`27326f76f35762db953187fc5b6ac1c1d9262c24491c33bf3bfd8a9ae14c2dc2`
CRC32	`37D8BCD2`
ssdeep	`12288:ICKfqFlUapzxnyPYizeBlZOj7Ye/8lDuSNsj:YCcSnyYizZYe/8lqSNo`
Yara	None matched
VirusTotal	Search for analysis

Name	0da73f8f82f23db7_rajmf.xml Submit file
Filepath	C:\eegv\rajmf.xml
Size	670.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`bf12a80598236f16c5118b6e58f4639f`
SHA1	`766fc2b7aea8798e451b7651a4829ba833d5cd68`
SHA256	`0da73f8f82f23db74c0f8ace4b4efa563736ddc3d796eedf9a041bebc8af95b1`
CRC32	`318A6EA0`
ssdeep	`12:4spsAYXibmx2mlYEoOXo4rllIHVp0DP+gTw+WLEXXBhUhXCADVU:4fAYYMo45l8p0T9QLcmxCADC`
Yara	None matched
VirusTotal	Search for analysis

Name	27ac96bce75fd045_jaqohdsbjt.mp3 Submit file
Filepath	C:\eegv\jaqohdsbjt.mp3
Size	593.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`f042c34326b8b6c88c4942be78a90512`
SHA1	`cf071197539555749c73276e5fb81ef850883deb`
SHA256	`27ac96bce75fd045515fa769ef43aee233476a372da222338bb61d86eea73aac`
CRC32	`D439BF85`
ssdeep	`12:3S6rqYcolTp35BIjBYX6Y827zuZO+dk4QnSd3DLgy25wWAqusP8GsLRN:i6mYvlTp3fWY8/ocys2qlEXsLv`
Yara	None matched
VirusTotal	Search for analysis

Name	fcfd4ab62709bc57_cfhjd.bin Submit file
Filepath	C:\eegv\cfhjd.bin
Size	646.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`d16a4a0051f92259f30abee434dd771d`
SHA1	`375827c60013e1946abc8a5d66a76839a6bf3145`
SHA256	`fcfd4ab62709bc5701c30770e644642690d8fb660e525dc9bea8d6eac78d2ed4`
CRC32	`4951E461`
ssdeep	`12:hSBmemB+tJpifX6zBoNwBK+cQdLoPNUhT2gc55vwGNQBsEiamXnAQvtuy1IF:hSBiB+tJgfX6zBoNw0+cQdyWhoVPamXQ`
Yara	None matched
VirusTotal	Search for analysis

Name	65ecde39e216f7d2_gfxbewatej.bin Submit file
Filepath	C:\eegv\gfxbewatej.bin
Size	683.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`160e80ac600db04a6f63d3bc9ffccd78`
SHA1	`e1c216b097e3787bdaf7b199f58816db1c4421e7`
SHA256	`65ecde39e216f7d2bde685d5012f6dbe3479486fcf382470e84b650b3da2830e`
CRC32	`56A584DC`
ssdeep	`12:a/B3ePobkH2wSCwVlYUXgMWumpyDf/hLybJ3+LB/izMNEwVfEBbsHzt11Lx0Y:atePobAShVBXcyLp2lnoLfEBbsHzVLJ`
Yara	None matched
VirusTotal	Search for analysis

Name	feb1802c48b06211_dwktvnq.ppt Submit file
Filepath	C:\eegv\dwktvnq.ppt
Size	538.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`8ed958a50db740e45d922fd16768cef5`
SHA1	`f58ad1a045f70152e11d7d86a7d9f5b9e5ac25ad`
SHA256	`feb1802c48b062110047e65d22f7c0045fb7c5487faf31c1ef5cb710da1c6deb`
CRC32	`C4C5CF6E`
ssdeep	`12:ErBL4KJCkTnJEoisIenIUf+blXYvUMLBgp3Kcur42KbYdsgpceXFY:ErdNJCkTasjsuvZW3KcubDsgye1Y`
Yara	None matched
VirusTotal	Search for analysis

Name	bdb366bf90288d6b_enchikpuc.xml Submit file
Filepath	C:\eegv\enchikpuc.xml
Size	545.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`e1f5eb471cc5a7871213cbb0f373095f`
SHA1	`28f8e849f5e8157e86c9794707fd9eb16844fc36`
SHA256	`bdb366bf90288d6beaa08a6640317910dfb527b796ef0b01025ce62b779cc377`
CRC32	`648599EA`
ssdeep	`12:OtsNOFTSymUfvEmUKIoqjdi87EE4KdfnWKoU0tEqROTVT:O+NOFTSymUX8oYdBxFEg0tEqR2T`
Yara	None matched
VirusTotal	Search for analysis

Name	efeb0483d78e4bfe_gitpqumj.docx Submit file
Filepath	C:\eegv\gitpqumj.docx
Size	616.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`30c6fba45bf73c720ba0795b1c684aa4`
SHA1	`c94813c91e601e5cc834cfcf78e0c5969cfbeb7d`
SHA256	`efeb0483d78e4bfed8b0ec2a7c30691f175e6d2ddb1a389825b8e74f31c7e414`
CRC32	`B72CB815`
ssdeep	`12:uuAKkOy+EEEx/knQwD0CBd8DdywCQ+UNEZNn5I+RJtJdXHrgsgE:uu9kOyr/dkQ5CBdMHCQFNEZNn5I+RJtJ`
Yara	None matched
VirusTotal	Search for analysis

Name	220ea61bf118bc00_pbjtsup.dat Submit file
Filepath	C:\eegv\pbjtsup.dat
Size	520.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`153beddd84c8805c60b9c5370fae1187`
SHA1	`e743baa7f4b7cf1b46231176f3b3c6a650ee24e3`
SHA256	`220ea61bf118bc00ef26653f9938c8deb8af6a8514160e4a2405ccc0eb05cc41`
CRC32	`2CE0E142`
ssdeep	`12:Y/riibUBz2JTgQQAb059fpBHzw8YHlIHBuNrOjC4kv:SbmSJwHfTyHukwC4kv`
Yara	None matched
VirusTotal	Search for analysis

Name	7f36fd8bbbe68bc9_dsexnng.ini Submit file
Filepath	C:\eegv\dsexnng.ini
Size	515.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`40d81271aff274a9c20abf1c2115cf5c`
SHA1	`c0c4594c9f5ba9e2af8160122307221223a0348f`
SHA256	`7f36fd8bbbe68bc9185918ea99a25126202dfc97500d0f243448684f5976ce12`
CRC32	`E933047E`
ssdeep	`12:7cqe03zwtUrIi0P8TwHHUGbw1Y1r1JI2G+fzbpn:AloIUEZ8zGYY1r4SZn`
Yara	None matched
VirusTotal	Search for analysis

Name	a5a050a806b13dab_swiilpooum.bin Submit file
Filepath	C:\eegv\swiilpooum.bin
Size	517.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`271926e2410921b7876db8eb71568bf7`
SHA1	`c1e5675c3413deb7b2d460bf1dc8e71c764a71d2`
SHA256	`a5a050a806b13dab7edc68f28227d314afb0c71b965f6ac0b3bea47b7091c47c`
CRC32	`5CB4AF90`
ssdeep	`12:46nykTOG8fyp5pE4x1GcsWGLFYpqhMDvvqGVqPxOZcRutFGhGiZ:4CzKy5XpQYqhS3qGExutFdw`
Yara	None matched
VirusTotal	Search for analysis

Name	7ed2b6acf4df1f19_joposfdji.icm Submit file
Filepath	C:\eegv\joposfdji.icm
Size	549.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`2a4705451bc73ecdcfc782aac9092f02`
SHA1	`b00a2d8b055f04302086bc6f387d661a795ecb40`
SHA256	`7ed2b6acf4df1f19e9cc6e0e22abd380aa109966334b102043a5de572ef705a4`
CRC32	`E203039D`
ssdeep	`12:fzIJGRd7uMudMx5uHKK/Nbwezep8rONHE8gwLiTTGNe+w:cJGPw+Mq+wJHEtwLCCA`
Yara	None matched
VirusTotal	Search for analysis

Name	bdfd14980790a480_logs.dat Submit file
Filepath	C:\ProgramData\remcos\logs.dat
Size	260.0B
Processes	2980 (RegSvcs.exe)
Type	data
MD5	`fa7aff3a30511f54a7b90ca89cb7ec1c`
SHA1	`d177e1e5effab49f9283e698683935b53b37fc65`
SHA256	`bdfd14980790a480d9f9caaf1b3aa84304c9337522f536ea5821386f102625e7`
CRC32	`363355C8`
ssdeep	`6:KlvLEl55YcIeeDAlOWA4dbJWEogltmgXl1oV:KlYlhec0WNW+ltZI`
Yara	None matched
VirusTotal	Search for analysis

Name	c91931a886a2eefe_qlncd.dat Submit file
Filepath	C:\eegv\qlncd.dat
Size	600.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`6ba248c23d323a44c086674148487d4e`
SHA1	`09ff4d25616165159a8a96d2f82104982604e968`
SHA256	`c91931a886a2eefec4d70fa3ab47ea57aab067ec0bda578c6b0cd8ac8c82b4fc`
CRC32	`A7B1776A`
ssdeep	`12:lg/IRf5tMPS+ASKxptBW9FYrfxfUtRXOd65ozi/xh5n:ltMPBAxPtfUHXOdrSx3`
Yara	None matched
VirusTotal	Search for analysis

Name	fc0abadaf6f1e580_buge.exe Submit file
Filepath	C:\eegv\buge.exe
Size	114.4MB
Processes	2656 (Halkbank.exe)
Type	data
MD5	`b77eb078d7aaf248f2127e2f07b1c74d`
SHA1	`2a00aa77f1651fafb2591b90715b9188fcd86b39`
SHA256	`fc0abadaf6f1e5801693aaa3c2f85fbf38b1134f792b64dd75123491889fcab6`
CRC32	`300AE620`
ssdeep	`786432:DJY+o7dRUuXi7vTVB0Zub5tFKASRlRgFYK/H9fOrJXSbngcde3g020o0imjX5Wsz:+`
Yara	Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	43c2474fbfa85237_jolojgkvt.pdf Submit file
Filepath	C:\eegv\jolojgkvt.pdf
Size	534.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`285dbb113e8657816565613d7b9280b7`
SHA1	`d1fe7c017b85fc4c2e51e7b9f19f5897e8df211e`
SHA256	`43c2474fbfa852376b3d0d1857d90bad8aafe9bad38dadc7ae5faf13a6856adb`
CRC32	`92B044E1`
ssdeep	`12:ihYVbrzWrkAJtNYsUeS3Wg8QAzStJViaz3V53S2OycWxtw6cH59ay:iEb3WrN6syWStJkO333lF/0Hjay`
Yara	None matched
VirusTotal	Search for analysis

Name	df846b7c74515b14_wesaswarpm.xls Submit file
Filepath	C:\eegv\wesaswarpm.xls
Size	563.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`0fb6dd5cd660f3d266abdc69f2e9319e`
SHA1	`4c5d3e356258eda26445dfa775f5dfdf9de55c4b`
SHA256	`df846b7c74515b14372ac0afd5a7cc3e768e4b4f580a39f9592cd1143d5cce22`
CRC32	`4C111381`
ssdeep	`12:ISqzJ60lXa+9qxy0dSNHHL9ny+2glSOf8fAl6oyKRr8y:ISqIb8qgX5HJnykA+dl6oyG8y`
Yara	None matched
VirusTotal	Search for analysis

Name	c437456bab851c28_enhonk.ini Submit file
Filepath	C:\eegv\enhonk.ini
Size	698.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`f4bc7b7f26dec7d6b8e58308d6f7e2c7`
SHA1	`f85a1f57cd7eabcb3d3f21633a52f243ed6d9bed`
SHA256	`c437456bab851c284eb9b530a5242fea32c5addb7837c326bcebd5f4b36e6d17`
CRC32	`D2E8EFD3`
ssdeep	`12:WDWVwtZy6SOunNupMBgVWd/XLBzgxV38zfWtFxquDQnGGIZ4ZzWz9BzP25wnUpIi:GXSBNum8WRbB8V38z6fIGGs5ZP25wnUR`
Yara	None matched
VirusTotal	Search for analysis

Name	2a42fd8afd546cd2_kcuvdpkpmh.dll Submit file
Filepath	C:\eegv\kcuvdpkpmh.dll
Size	660.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`2204eb6fb2481a77aa6cc138efa5fa43`
SHA1	`46af985b2a85502239055f7dfdf2391c04c27af9`
SHA256	`2a42fd8afd546cd267bb2897562d3493aae85deb82d72de2a9425b0c7b1ba773`
CRC32	`792E5606`
ssdeep	`12:DPlUPAXG9gKaB2sNhHEYXOPlAvUfTuTjsGxMM4a0Mix+7tqeMMOtTQV:Dy6GtaB2cWDQouTjnH41MVcZ1QV`
Yara	None matched
VirusTotal	Search for analysis

Name	92292d131629d3f5_otuqlixb.xml Submit file
Filepath	C:\eegv\otuqlixb.xml
Size	636.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`912f67ba13c0f96cf5e9b96437efa15a`
SHA1	`fc235a47611293f68fcc2ac25571c08d63879050`
SHA256	`92292d131629d3f57bcf6b08741274c4f30117f98f86ec2d958dc5c547e4489d`
CRC32	`732A99F0`
ssdeep	`12:+NN2NjLAZNWFW4DXJ7E5GYJXbHlmx2d8gAQtiR6khwBu3cfgozNhlD:Gcv4+3XNXYJrHUx2dv6R6kGBhgoBhlD`
Yara	None matched
VirusTotal	Search for analysis

Name	615f23ca612be981_nbeh.icm Submit file
Filepath	C:\eegv\nbeh.icm
Size	671.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`dd663b76278bf21b700b75161ff39c8f`
SHA1	`577bc5fb67d2edc16343053d802ef6b4bc787fdd`
SHA256	`615f23ca612be981e28db5de7b1f116daa6f5f2dd620079f91fdaf82240dbfda`
CRC32	`53C0AE98`
ssdeep	`12:B1QcydlTBOvKDi5WFvzQHWzHzZtkrF0XT4fkW7FXDLxHFOlCudnj2qHS5h:QRwSDaMzdzTZCrF1fkoFXtklTaqHE`
Yara	None matched
VirusTotal	Search for analysis

Name	38acba99ca202a29_suqw.pdf Submit file
Filepath	C:\eegv\suqw.pdf
Size	514.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`3fed10a56558266fa53e7a0c0970eb83`
SHA1	`31bd0dfc03937686762c6a9d5abdab65c86e4928`
SHA256	`38acba99ca202a29803c23fb973acee5b4b358697bce8270727ce7d4170bda90`
CRC32	`DB6E12BB`
ssdeep	`12:Xh4QscTLKQAOASbVOK/qDdZa9yJRI3eI1wAY5rp/Akiy:XuKTGW5bVOyqDTGwAGpz`
Yara	None matched
VirusTotal	Search for analysis

Name	8033180a50f2ca0b_fmdx.exe Submit file
Filepath	C:\eegv\fmdx.exe
Size	702.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`de0853479eda963cf5f6e90279823d97`
SHA1	`79af3c01e2a01f2939943fb7dc2762b14ea6bec7`
SHA256	`8033180a50f2ca0bd7bc0783d54a401218fa2ef9476e962f93c929dcb7947961`
CRC32	`A9359BC9`
ssdeep	`12:uN+IeBt8Ozle9szYIe1j/V1GK/zzwa/ZwvftBlXfx+ehcjFJas2ZIv:uN+pBNYLBt1GgvwYKvftBlxijkIv`
Yara	None matched
VirusTotal	Search for analysis

Name	419b675973ca7214_hcsko.jpg Submit file
Filepath	C:\eegv\hcsko.jpg
Size	608.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`38117a891b4fbea7a2be708311eaf41c`
SHA1	`7ec2b085dab760c8ac0d74ade6c4208f7a3ce1f5`
SHA256	`419b675973ca7214e6eccf09c455461589807fee8a0b756731f47ea8f7ef341f`
CRC32	`DE560108`
ssdeep	`12:vh1pKuePuzv3CpUGDDB850pOJdRPBRcVl6d3Sbc6JL836Chi0bs1:p2ueP8vC2GDDB850hVlMCbH836d88`
Yara	None matched
VirusTotal	Search for analysis

Name	f9817151a1f9cc60_btqqprg.ini Submit file
Filepath	C:\eegv\btqqprg.ini
Size	643.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`cc7ee3cc922e7c11da8f458d023db9ac`
SHA1	`fb19978b34b3164ef6dcd8b384f04fdf03283fe1`
SHA256	`f9817151a1f9cc60f01e40253b44078810de380790da4449818562378fbca294`
CRC32	`4527D814`
ssdeep	`12:p/QKXbwp/wE6FneG3nBYh/LmCfGQHF/ADEegq5woQd2zOHqM:WKXbwyZ3CjmCeDgqQdEOKM`
Yara	None matched
VirusTotal	Search for analysis

Name	d32b982e9e2c6608_iwiatgo.msc Submit file
Filepath	C:\eegv\iwiatgo.msc
Size	547.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`69f2ac092eecd81b0ebcb969f7b9108c`
SHA1	`79995e95193adc7d01b08a5b25188ea4d1710c99`
SHA256	`d32b982e9e2c6608c80cc7f54e761c08108d18fa46f62c4509c4836a42ccc32a`
CRC32	`5B2F798A`
ssdeep	`12:y5mH1U8uPENj2wD1zZlDgG2rJ6I301bSwYJXrHTXRqh7OAnCtNvEyNK:y5mH1Bua2yNZNiJl3ZpvhfAnwvEyE`
Yara	None matched
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14___tmp_rar_sfx_access_check_27663640 Empty file or file not found
Filepath	C:\eegv\__tmp_rar_sfx_access_check_27663640
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	d045e84a67dd2c57_crupx.xls Submit file
Filepath	C:\eegv\crupx.xls
Size	563.0B
Processes	2656 (Halkbank.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`9535e3b5b758739a3ebc7c6835bd9674`
SHA1	`cdd2d12353efb0512e9068a30c08f23e1d0898ca`
SHA256	`d045e84a67dd2c57a69fb2f07d6edadc89686c5912e7e94b7930c86a9c413c99`
CRC32	`A03183FB`
ssdeep	`12:NFyb4ha7/ANLBqSiEtkX5XNjeyUW0bZzk8CCExELXW:Ndh1ZDiAiBHUL2bCUELm`
Yara	None matched
VirusTotal	Search for analysis