Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.18 02:11
DOCTOR FIRM ORDER FORM...
11.18 09:11
babababa.exe
11.18 09:11
Jagtfalkenes.vbs
11.18 09:11
windows_update.dll
11.18 09:11
nicko.exe
11.18 09:11
GHO%E9%95%9C%E5%83%8F%...
11.18 09:11
stories.exe
11.17 10:11
wwbizsrvs.exe
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe

Latest News
11.18 03:11
대한민국 전통가마 연구소 ‘태고사’ 20...
11.18 03:11
더 청담, '2024 전통문화혁신사업 수...
11.18 03:11
동방이기제작소, '2024 전통문화혁신사...
11.18 03:11
디저트39, 필리핀·미국에 이어 몽골 진출
11.18 03:11
Beyoncé to Join Netfli...
11.18 03:11
에스엠해썹, 2024 스마트공장 지원사업...
11.18 03:11
삼진벽난로, 알펜시아 에스테이트 초프리미...
11.18 03:11
Analog Shift Register ...
11.18 03:11
엠기어스, BMW 통합 호환…신제품 엠스...
11.18 02:11
상상력집단, 고양시 시니어 맞춤형 AI ...

Dropped Files | ZeroBOX

Name	1ac4b12db489fff5_situation Submit file
Filepath	c:\users\test22\appdata\local\temp\ekibzctf.2tc\situation
Size	189.0KB
Processes	2552 (koIWDRc.exe) 2660 (Engine.exe)
Type	data
MD5	`b8f8c5737dac827904279491409f28d7`
SHA1	`7eb6074ea606227812dc6f4b99596bb3f437367a`
SHA256	`1ac4b12db489fff5e049e91972d8658709cfa9f8e97a3d5999c0a9d49677ce0b`
CRC32	`1D4C3B31`
ssdeep	`3072:K9pl/VxpYjay5SzsP1zCJnIgOyK108GL3TFJ7f7z835PzpOXeFIqvhGGsC4c83/8:K9p1pX8Sz4yK1yrf7w3hpOXeio1L8/8Z`
Yara	None matched
VirusTotal	Search for analysis

Name	585975f9b62794a2_browse Submit file
Filepath	c:\users\test22\appdata\local\temp\ekibzctf.2tc\browse
Size	64.0KB
Processes	2552 (koIWDRc.exe) 2660 (Engine.exe)
Type	data
MD5	`f7a9ae39362c33aa572330ab7a64db18`
SHA1	`6a38ef8c7ec43c8439b9c743b422405d54729e05`
SHA256	`585975f9b62794a2b47ff740cf2941a886e48a3520b5380e54a645dfe9aebd10`
CRC32	`63376EE5`
ssdeep	`1536:NCisHdjgfSXmteH82ozZLf6Ojr/dsg5821NGhBjv0U+IbXCBIg6:cis9kMmZiQrds/gNGhFcU+IbXCyn`
Yara	None matched
VirusTotal	Search for analysis

Name	5ca41f0983cd5690_lat Submit file
Filepath	c:\users\test22\appdata\local\temp\ekibzctf.2tc\lat
Size	15.0KB
Processes	2552 (koIWDRc.exe) 2660 (Engine.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`bfd1496ab5276f3116064a58620cfd75`
SHA1	`c338a28a6a44e58a2e0e981d9ae8404610f329e2`
SHA256	`5ca41f0983cd5690da1d1d3b89bd0235a4f7976a5a8dbb856a07558e0e8ce6ed`
CRC32	`FEFDF7D7`
ssdeep	`192:35UQh9wzCMxVjrqyChDyw/pMLQzqZYO/P4gyDUWSf4gyDUr9teSwWJTw8/4e0of2:JUY9avrE6EGmWmCtwowuw0wvwbwd`
Yara	None matched
VirusTotal	Search for analysis

Name	03358c9f684f4a6f_Headquarters.qsp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\SETUP_28160\Headquarters.qsp
Size	7.3KB
Processes	2552 (koIWDRc.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`f461892e3f5b562a2e8e1852ed785039`
SHA1	`6710f451885c416e3753be349c2010db07776068`
SHA256	`03358c9f684f4a6f842ceb33f3f51b63a9feaaeaa2787f108a293018ac01f714`
CRC32	`F01D69DA`
ssdeep	`192:FhUEuRBO8dLgottSEnde6Y1RoDuDvXO+99SAvdZi43cTlAiSg5lfFC+XAU:jGnde6YzvBv35cbCU`
Yara	None matched
VirusTotal	Search for analysis

Name	df84ab8103317fc1_player Submit file
Filepath	c:\users\test22\appdata\local\temp\ekibzctf.2tc\player
Size	63.0KB
Processes	2552 (koIWDRc.exe) 2660 (Engine.exe)
Type	data
MD5	`9a92075305686d039981c1e0f13224a3`
SHA1	`9045c1c5c54a5e1dd8b07bea4404faa880e91698`
SHA256	`df84ab8103317fc1c84d57813bbc8de4beb071bba53d9c569b257c88d7d15a5a`
CRC32	`68A0F9E0`
ssdeep	`1536:RmU1wp+jkeFA9pOp++QIoSK5+OGuVGHj1vtK7ibD8aE:8UOp+ZFA9py+U/Kkr38z`
Yara	None matched
VirusTotal	Search for analysis

Name	5cddcafc39b79a95_invalid Submit file
Filepath	c:\users\test22\appdata\local\temp\ekibzctf.2tc\invalid
Size	126.0KB
Processes	2552 (koIWDRc.exe) 2660 (Engine.exe)
Type	data
MD5	`b73e654a89898b8b293ec7af4396625c`
SHA1	`2bb7eaca43c83aa89543eafe6bbdd785f57bae4c`
SHA256	`5cddcafc39b79a95bee31bb47a406660e54efcb4aaf96b771f33d2420656a9a7`
CRC32	`1FA79167`
ssdeep	`3072:R3Pjqdv+Z/2UDjpNvatQaw10UZhO6EZZyvs6Df9xq:R3PGdv+Z/fDldZhO6wyvs6R4`
Yara	None matched
VirusTotal	Search for analysis

Name	7a5d14d64ef24cdf_Modern_Setup.bmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\SETUP_28160\Modern_Setup.bmp
Size	149.2KB
Processes	2552 (koIWDRc.exe)
Type	PC bitmap, Windows 3.x format, 162 x 313 x 24
MD5	`ded1d8db477cc655b17e16c6fe989707`
SHA1	`e48613ed98876b022460f629971c941ad3100f78`
SHA256	`7a5d14d64ef24cdf895f947700f6e8444940c3cf5b23e868f2b3a14f0fe14206`
CRC32	`D53A10BC`
ssdeep	`192:GGqEFgk1kZTLevOPrKSchF61/LVsATuD4diuuq9uCXHCN/KCaOwO3GsC9+6Un:7`
Yara	bmp_file_format - bmp file format
VirusTotal	Search for analysis

Name	2554cf3094a1ca84_hopkins Submit file
Filepath	c:\users\test22\appdata\local\temp\ekibzctf.2tc\hopkins
Size	24.0KB
Processes	2552 (koIWDRc.exe) 2660 (Engine.exe)
Type	data
MD5	`637ac58f1537e25d0c0940f9670f4383`
SHA1	`25c4f855664d496001e6ebcac426d49f3a0a1eba`
SHA256	`2554cf3094a1ca84fc60c8553854227b7e81c43c23a32825bbb1948c4acf2407`
CRC32	`8E86303A`
ssdeep	`384:BfFfkm1Ju/aJZBMeJ9rCJHxOXVUsu9MMGGIHcgWRLVqHYR1KNMivseiVaIEefUDD:BhkmJu/aJZBMeJ9GbCVUsu9tGxyRLVcz`
Yara	None matched
VirusTotal	Search for analysis

Name	012709f39facaa0f_father Submit file
Filepath	c:\users\test22\appdata\local\temp\ekibzctf.2tc\father
Size	52.0KB
Processes	2552 (koIWDRc.exe) 2660 (Engine.exe)
Type	data
MD5	`c8ae7645f163cf2231db26d06f7abcc4`
SHA1	`5a19945a7c53efb56e6bf8c0ce514abeb15f3fe1`
SHA256	`012709f39facaa0fa399a726f8b93e1503b727f7867703017389e441cdf83956`
CRC32	`83DA4C8F`
ssdeep	`768:dwz5wcN0K9npIVXnQkdFLIvdJrbSDmRtim0YKXUhskXQlNQ1BVgoWu+IsQ/c3XFQ:dIhp0yzrb5yYpTXuiiuOQ/cnFdny`
Yara	None matched
VirusTotal	Search for analysis

Name	65be37ed070ff35f_li Submit file
Filepath	c:\users\test22\appdata\local\temp\ekibzctf.2tc\li
Size	128.0KB
Processes	2552 (koIWDRc.exe) 2660 (Engine.exe)
Type	data
MD5	`4456c87c0c3e9b4e69b63ffa93e31746`
SHA1	`cd68d3378699c039aa3bafb5efe17adc4acac592`
SHA256	`65be37ed070ff35fd86ca0a32ca123bb3631f3768344b1bf1aa205445db269f8`
CRC32	`2A5DEEE1`
ssdeep	`1536:8HsWccd0vtmgMbFuz08QuklMBNIi9uLaAwuaPdI:8LeAg0Fuz08XvBNbSaAtaPm`
Yara	None matched
VirusTotal	Search for analysis

Name	ff01a3699c829ff5_christ Submit file
Filepath	c:\users\test22\appdata\local\temp\ekibzctf.2tc\christ
Size	1.4MB
Processes	2552 (koIWDRc.exe) 2660 (Engine.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`8c7a53d039c1cea89fa6f7696f95db45`
SHA1	`6d8a20455d21543ffe8d64505a2f1bbd5a1cad61`
SHA256	`ff01a3699c829ff59d2518428c69b1e387d98dce6bd35a4e59e3dabc19d7b3c2`
CRC32	`28F19846`
ssdeep	`12288:AUSxByGCPekg9yWCFV7l91fhkSlXUjWjBtVPBsks0RicGZy4VJOHHjF4VyqXii:O1CPJ1O8UYBthCUicG8jDFmZ`
Yara	OS_Processor_Check_Zero - OS Processor Check anti_vm_detect - Possibly employs anti-virtualization techniques
VirusTotal	Search for analysis

Name	b5dad33ceb6eb1ac_Modern_Icon.bmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\SETUP_28160\Modern_Icon.bmp
Size	8.0KB
Processes	2552 (koIWDRc.exe)
Type	PC bitmap, Windows 3.x format, 52 x 52 x 24
MD5	`1dd88f67f029710d5c5858a6293a93f1`
SHA1	`3e5ef66613415fe9467b2a24ccc27d8f997e7df6`
SHA256	`b5dad33ceb6eb1ac2a05fbda76e29a73038403939218a88367925c3a20c05532`
CRC32	`2D27053A`
ssdeep	`192:kuOEpgk1kZvHePyPreScVF+1/LVgoTuDsdimu61uOXfSd/aOeO0O3a8yZKq0l:j`
Yara	bmp_file_format - bmp file format
VirusTotal	Search for analysis

Name	5b2ffc56ed6d2c54_vc Submit file
Filepath	c:\users\test22\appdata\local\temp\ekibzctf.2tc\vc
Size	112.0KB
Processes	2552 (koIWDRc.exe) 2660 (Engine.exe)
Type	data
MD5	`b5c6501e75590436c242154cc03bb733`
SHA1	`9c60a35c4658ac9ad116fb42ebd40a43640dc441`
SHA256	`5b2ffc56ed6d2c545f95e4292da690c8d1e4a73255e22b4cfcb00602e3b059a7`
CRC32	`7F9D0A0F`
ssdeep	`3072:lj5Z6bH4GLHatgOTBE/VDKC7YORv+j6+3xtAmHQ8PXZK:lj7KxL6tgOK/VDyO1+j6+hyoK`
Yara	None matched
VirusTotal	Search for analysis

Name	422367fe26d1d9fe_implementation Submit file
Filepath	c:\users\test22\appdata\local\temp\ekibzctf.2tc\implementation
Size	49.2KB
Processes	2552 (koIWDRc.exe) 2660 (Engine.exe)
Type	data
MD5	`89a582ae58a258629819607c5fec3b31`
SHA1	`3fbf950521a8454ff25e357207526f3095187e77`
SHA256	`422367fe26d1d9fe346cfaed87a846a9c47cb2052f51b548e4b25e3d1be59963`
CRC32	`C452262E`
ssdeep	`768:e+9BQINqAcGo7ItSRE1myvGwBS86IvF23kou9NpODXH6Z4LVatiV1VaXLkjy:e+9BQINSqN1vGSDvc3koulBZY/P0z`
Yara	None matched
VirusTotal	Search for analysis

Name	b7c225ef3cc3e875_d93f411851d7c929.customdestinations-ms Submit file
Filepath	c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size	7.8KB
Processes	2824 (powershell.exe)
Type	data
MD5	`81ca4510272caf505e8091e9a28cb716`
SHA1	`71414aeec9f1e4a6f5a461b01700cc9cc992cd9e`
SHA256	`b7c225ef3cc3e87506150eb140e7b9cc127a3469c50a808854acac71a53d98bf`
CRC32	`FC31E90F`
ssdeep	`96:EtuCcBGCPDXBqvsqvJCwoRtuCcBGCPDXBqvsEHyqvJCwor/47HwxGlUVul:EtCgXoRtCgbHnorLxY`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	c6a14c09c475ea65_Engine.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\SETUP_28160\Engine.exe
Size	592.1KB
Processes	2552 (koIWDRc.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`6d2afb5958633dbbc79d8139c24183a8`
SHA1	`677c79facab351188a8310e150a0cfce81a8e21e`
SHA256	`c6a14c09c475ea65978d01f3caa8ab7eec03e45c4417e02c86ba205681e1e071`
CRC32	`6DC60534`
ssdeep	`12288:y/4AFPtir2jkaYICGldfE/fAAk1E0/anlb8718DC/w4dKLMOl6XtXVxuPVb7g0NC:64yPtiSAaFfE/fA5o87iOo4AG9XUpv7Q`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check mzp_file_format - MZP(Delphi) file format PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	521397c8a9d9bd76_emily Submit file
Filepath	c:\users\test22\appdata\local\temp\ekibzctf.2tc\emily
Size	97.0KB
Processes	2552 (koIWDRc.exe) 2660 (Engine.exe)
Type	data
MD5	`f13e607a0fc7964fddb808e042bd872d`
SHA1	`8b7e8410529fd71d59ceee23b74c3dbce3ff2494`
SHA256	`521397c8a9d9bd76a08ce717297dbad73d886b22bdf04f23a2d41d313e41bafa`
CRC32	`AB085403`
ssdeep	`1536:Taj6iTcDPsMLxjgarB/YaC3EYrDWyu0uZoP:e6lLxjgarB/YaCDWy4ZC`
Yara	Malicious_Library_Zero - Malicious_Library
VirusTotal	Search for analysis

Name	8d19d0f3f3c1f347_thompson Submit file
Filepath	c:\users\test22\appdata\local\temp\ekibzctf.2tc\thompson
Size	21.0KB
Processes	2552 (koIWDRc.exe) 2660 (Engine.exe)
Type	data
MD5	`446cebe3042f1b1c8010e3cda0a5f2a1`
SHA1	`dbe68e959935ec14b75c5cd881cbb61469d144d4`
SHA256	`8d19d0f3f3c1f3474dbe86515ece6493aa2e5c8730d455f50d42a5bbe38ce42d`
CRC32	`F5467BD2`
ssdeep	`384:EwI/KMGddW/0EpBJqSFEqPnWnIEygUqA0zBHM4X8cL17q+:oiXddW/PJpVEC8BlMGd`
Yara	Suspicious_Obfuscation_Script_2 - Suspicious obfuscation script (e.g. executable files)
VirusTotal	Search for analysis

Name	78b0a5149d24b134_Setup.txt Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\SETUP_28160\Setup.txt
Size	2.9KB
Processes	2552 (koIWDRc.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`4ab86b1842957549443aa8a53c12e739`
SHA1	`257d9178fa6066aeabfb3cb852471ae9f521d03d`
SHA256	`78b0a5149d24b134d38794e6cd81daab26f37ef79e13715908fdd239b3841a3b`
CRC32	`B6F80707`
ssdeep	`48:IR/po+KoMtFKwH5nC9kO7gyK3exSfe11TpIIIIYX011SCIIIY4I3x:IRRobKwHvagtlx/I3x`
Yara	None matched
VirusTotal	Search for analysis