Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.18 02:11
DOCTOR FIRM ORDER FORM...
11.18 09:11
babababa.exe
11.18 09:11
Jagtfalkenes.vbs
11.18 09:11
windows_update.dll
11.18 09:11
nicko.exe
11.18 09:11
GHO%E9%95%9C%E5%83%8F%...
11.18 09:11
stories.exe
11.17 10:11
wwbizsrvs.exe
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe

Latest News
11.18 03:11
대한민국 전통가마 연구소 ‘태고사’ 20...
11.18 03:11
더 청담, '2024 전통문화혁신사업 수...
11.18 03:11
동방이기제작소, '2024 전통문화혁신사...
11.18 03:11
디저트39, 필리핀·미국에 이어 몽골 진출
11.18 03:11
Beyoncé to Join Netfli...
11.18 03:11
에스엠해썹, 2024 스마트공장 지원사업...
11.18 03:11
삼진벽난로, 알펜시아 에스테이트 초프리미...
11.18 03:11
Analog Shift Register ...
11.18 03:11
엠기어스, BMW 통합 호환…신제품 엠스...
11.18 02:11
상상력집단, 고양시 시니어 맞춤형 AI ...

Dropped Files | ZeroBOX

Name	9c678a631af6199f_dust Submit file
Filepath	c:\users\test22\appdata\local\temp\um0cnqvt.3xx\dust
Size	15.8KB
Processes	2552 (DZVcjxP.exe) 2668 (Engine.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`6368747daaa43225cb432de92b1e75e0`
SHA1	`9ae34593b29d849fb29f8948dc8747eba84f18be`
SHA256	`9c678a631af6199f215a2f0c2fa2bbf56803420af6e7507f64ba105564b0303e`
CRC32	`A253AA34`
ssdeep	`192:untKW19jLpuhuiXz+Fy8jdL2x4j+4tUIOG2Oag+HA+t2JlXA5eLG7Of:unj1Tu7Xz+cKL1H72nCVcm`
Yara	None matched
VirusTotal	Search for analysis

Name	f3fcb2680b937a3a_tones Submit file
Filepath	c:\users\test22\appdata\local\temp\um0cnqvt.3xx\tones
Size	5.0KB
Processes	2552 (DZVcjxP.exe) 2668 (Engine.exe)
Type	data
MD5	`c12e652f24fad9aa98a71984ef9e9e1b`
SHA1	`ed642b1faf5d1b51c41813cef85051628c86e104`
SHA256	`f3fcb2680b937a3a41cb63bcd5ea3bbcf9e5c7935ad9874008089d22ed217bdf`
CRC32	`37AF8FB8`
ssdeep	`96:y0F67T8GOI2TWfly8/0mCm+zr3M3OifeBl1Q9NlSNBPEZuyqadtBTo1+OU:y0F67z2qfFMxm+zr3GvGT6lIR2SyPT91`
Yara	None matched
VirusTotal	Search for analysis

Name	9e9f156b9dc8e174_conversion Submit file
Filepath	c:\users\test22\appdata\local\temp\um0cnqvt.3xx\conversion
Size	129.0KB
Processes	2552 (DZVcjxP.exe) 2668 (Engine.exe)
Type	data
MD5	`3b3a725cf21688a95aa356a1bb3e752b`
SHA1	`3e9e6c9653152673d7dfd2346594f2c5d6829288`
SHA256	`9e9f156b9dc8e1748cbf4121a388158de8fa3f9617d14b15191a969475ed038b`
CRC32	`F8B06B80`
ssdeep	`3072:yZFA9py+U/Kkr38QLeAg0Fuz08XvBNbSaAtaPx:yyI9DaAOz04podQ5`
Yara	None matched
VirusTotal	Search for analysis

Name	4a47f17b8cf4a975_philosophy Submit file
Filepath	c:\users\test22\appdata\local\temp\um0cnqvt.3xx\philosophy
Size	83.0KB
Processes	2552 (DZVcjxP.exe) 2668 (Engine.exe)
Type	data
MD5	`71149648ef05f85239a4cdb0d929db84`
SHA1	`5da6cbeca4b57242d099c967cb7bfab23a0f35fd`
SHA256	`4a47f17b8cf4a975c8ffe91b933f5accaf509e15613c98d1a6572091b9bbf22f`
CRC32	`9E94FD6A`
ssdeep	`1536:nj6iTcDPsMLxjgarB/YaC3EYrDWyu0uZ:j6lLxjgarB/YaCDWy4Z`
Yara	Malicious_Library_Zero - Malicious_Library
VirusTotal	Search for analysis

Name	d5bfa0a2ed10c19a_yemen Submit file
Filepath	c:\users\test22\appdata\local\temp\um0cnqvt.3xx\yemen
Size	57.0KB
Processes	2552 (DZVcjxP.exe) 2668 (Engine.exe)
Type	data
MD5	`c742c4eb2f8bdb859f87556b1a42d6e5`
SHA1	`0c178ecd3bfdfca23073fc0f69e5709cf5c507b8`
SHA256	`d5bfa0a2ed10c19a89515a548347184d778f679eacfe9e97a5a88b24c793c85e`
CRC32	`A40E944D`
ssdeep	`384:7u88888888888888888888888888888zv888888NfU84444Qnoooooooooooooo+:7/SGIAGm`
Yara	None matched
VirusTotal	Search for analysis

Name	cf769a6cf51175fe_provided Submit file
Filepath	c:\users\test22\appdata\local\temp\um0cnqvt.3xx\provided
Size	103.0KB
Processes	2552 (DZVcjxP.exe) 2668 (Engine.exe)
Type	data
MD5	`f56d5380e9b300a844baa2d718dcfe85`
SHA1	`49e999bfc9935c452e1bf9f4b865cf4bc0f58fe6`
SHA256	`cf769a6cf51175feda04b744a998ce0ba5676b42d6dfb18d44c80a39c47b5b09`
CRC32	`A4C687EF`
ssdeep	`3072:5zy9pl/VxpYjay5SzsP1zCJnIgOyK108GL3TFs:Ny9p1pX8Sz4yK1ya`
Yara	Suspicious_Obfuscation_Script_2 - Suspicious obfuscation script (e.g. executable files)
VirusTotal	Search for analysis

Name	7a5d14d64ef24cdf_Modern_Setup.bmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\SETUP_28161\Modern_Setup.bmp
Size	149.2KB
Processes	2552 (DZVcjxP.exe)
Type	PC bitmap, Windows 3.x format, 162 x 313 x 24
MD5	`ded1d8db477cc655b17e16c6fe989707`
SHA1	`e48613ed98876b022460f629971c941ad3100f78`
SHA256	`7a5d14d64ef24cdf895f947700f6e8444940c3cf5b23e868f2b3a14f0fe14206`
CRC32	`D53A10BC`
ssdeep	`192:GGqEFgk1kZTLevOPrKSchF61/LVsATuD4diuuq9uCXHCN/KCaOwO3GsC9+6Un:7`
Yara	bmp_file_format - bmp file format
VirusTotal	Search for analysis

Name	4b1d3fb9d219141a_scotia Submit file
Filepath	c:\users\test22\appdata\local\temp\um0cnqvt.3xx\scotia
Size	2.0KB
Processes	2552 (DZVcjxP.exe) 2668 (Engine.exe)
Type	data
MD5	`7426490793e9ee7d7c089d6c803e244e`
SHA1	`5ac05fdc55e850c6e4a7a69c16417f8eb9a6a5ba`
SHA256	`4b1d3fb9d219141ab3b37b5559170d88b92d4067129fa0c2a830c2ee5061fc43`
CRC32	`B376C9D2`
ssdeep	`48:rs0inTY3X/jna2hZr+I3bcupeG/vdG/B17FoC6Mtn:EGvjna2hZJbcw9q5ogn`
Yara	None matched
VirusTotal	Search for analysis

Name	b5dad33ceb6eb1ac_Modern_Icon.bmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\SETUP_28161\Modern_Icon.bmp
Size	8.0KB
Processes	2552 (DZVcjxP.exe)
Type	PC bitmap, Windows 3.x format, 52 x 52 x 24
MD5	`1dd88f67f029710d5c5858a6293a93f1`
SHA1	`3e5ef66613415fe9467b2a24ccc27d8f997e7df6`
SHA256	`b5dad33ceb6eb1ac2a05fbda76e29a73038403939218a88367925c3a20c05532`
CRC32	`2D27053A`
ssdeep	`192:kuOEpgk1kZvHePyPreScVF+1/LVgoTuDsdimu61uOXfSd/aOeO0O3a8yZKq0l:j`
Yara	bmp_file_format - bmp file format
VirusTotal	Search for analysis

Name	bb998a1e5e162c30_Engine.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\SETUP_28161\Engine.exe
Size	1.3MB
Processes	2552 (DZVcjxP.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`e4656c54b03a03f816ab33101a324cdc`
SHA1	`48cd8d9c5a20d36362214d727e184fe4e0075d4f`
SHA256	`bb998a1e5e162c305a942ade944230c62b0e3bfe347a2a30c33af497109467ba`
CRC32	`B44E37DD`
ssdeep	`24576:QYFITZ5yA0/4uWmAFSgSTwhl66ZMHUkT1b0/z:QY/ATekm0Nz`
Yara	UPX_Zero - UPX packed file Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen OS_Processor_Check_Zero - OS Processor Check mzp_file_format - MZP(Delphi) file format Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) Malicious_Packer_Zero - Malicious Packer
VirusTotal	Search for analysis

Name	9d56c382f4e7b7a5_Setup.txt Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\SETUP_28161\Setup.txt
Size	2.9KB
Processes	2552 (DZVcjxP.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`6f815c342d2e4cc3eaa255ba40a1f01c`
SHA1	`e48bc2bd17e0cd97c27c344b40c7530b9b477041`
SHA256	`9d56c382f4e7b7a50b1a2009965a59fd8a640a91959b1fc17b15ead252b0efaf`
CRC32	`8F259FC2`
ssdeep	`48:6+R/PKoMtFROPvlLUCtIO7gyK3exp5fe11TpIIIIIL011SCIIIIdcx:rRoROnlLPIag61Lx2dcx`
Yara	None matched
VirusTotal	Search for analysis

Name	e71b9db0c3b3c731_understand Submit file
Filepath	c:\users\test22\appdata\local\temp\um0cnqvt.3xx\understand
Size	57.2KB
Processes	2552 (DZVcjxP.exe) 2668 (Engine.exe)
Type	data
MD5	`2e262fea15b1c2b6928897b2965c7242`
SHA1	`dfd2530505c373202c277db8afb5ab0cb28ae26e`
SHA256	`e71b9db0c3b3c7312ab61d14de848047fd5c5700176d3a5413883666424fbe78`
CRC32	`22B6D310`
ssdeep	`768:yr2+9BQINqAcGo7ItSRE1myvGwBS86IvF23kou9NpODXH6Z4LVatiV1VaXLkjy:q2+9BQINSqN1vGSDvc3koulBZY/P0z`
Yara	None matched
VirusTotal	Search for analysis

Name	8905b4a654da04d7_clarke Submit file
Filepath	c:\users\test22\appdata\local\temp\um0cnqvt.3xx\clarke
Size	70.0KB
Processes	2552 (DZVcjxP.exe) 2668 (Engine.exe)
Type	data
MD5	`e5f8586146285a3ac6109e4e46caa027`
SHA1	`1befeb3a59ed10ee7f23d56158eb0d569f81091e`
SHA256	`8905b4a654da04d7039d3eae475175589d80939e2940ed74a9b91c7836f16e54`
CRC32	`30CACBB6`
ssdeep	`1536:naYs3m7ko8v8YtGGxQPxv5PnzU/2CO1M4bOeFIqvoeeTPbyT6WUx3v66:af7z835PzpOXeFIqvhGGsC6`
Yara	None matched
VirusTotal	Search for analysis

Name	64784e9b1a3742e9_seek Submit file
Filepath	c:\users\test22\appdata\local\temp\um0cnqvt.3xx\seek
Size	113.0KB
Processes	2552 (DZVcjxP.exe) 2668 (Engine.exe)
Type	data
MD5	`08690e68c8ed78288dd5ae3495780345`
SHA1	`a74ec3fad4231f74dc3bcd52d881ba1f67b2e250`
SHA256	`64784e9b1a3742e92d7e56f8a2e2f18fcdc65acb4c36d54bb56b9ddb3d7b4ff5`
CRC32	`9A9096F4`
ssdeep	`3072:+9xris9kMmZiQrds/gNGhFcU+IbXCyZJXXxmJ2sL+gYUUOpT:eBis9kMINGhF0yVmJZYUUOpT`
Yara	None matched
VirusTotal	Search for analysis

Name	b7c225ef3cc3e875_d93f411851d7c929.customdestinations-ms Submit file
Filepath	c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size	7.8KB
Processes	2824 (powershell.exe)
Type	data
MD5	`81ca4510272caf505e8091e9a28cb716`
SHA1	`71414aeec9f1e4a6f5a461b01700cc9cc992cd9e`
SHA256	`b7c225ef3cc3e87506150eb140e7b9cc127a3469c50a808854acac71a53d98bf`
CRC32	`FC31E90F`
ssdeep	`96:EtuCcBGCPDXBqvsqvJCwoRtuCcBGCPDXBqvsEHyqvJCwor/47HwxGlUVul:EtCgXoRtCgbHnorLxY`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	01cb0f68e1550ff1_lone Submit file
Filepath	c:\users\test22\appdata\local\temp\um0cnqvt.3xx\lone
Size	1.0MB
Processes	2552 (DZVcjxP.exe) 2668 (Engine.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`21546d35ec7754dfa676895e2c4796cb`
SHA1	`c504616ad03f861105cb656d6756983bee9b3e31`
SHA256	`01cb0f68e1550ff1baf5d958c9890413304d3d87d0cac375f61e10112f8cd18b`
CRC32	`80E29283`
ssdeep	`6144:uN016L0NOVOnlsXs+e65flwEjXNgESBmYvcfJOd5gQ1Ee6QdwGBuVKMV8CP4S9Qk:DJQ9s+ewfCEO300mJeg+Ee6yaIMeS9Qk`
Yara	anti_vm_detect - Possibly employs anti-virtualization techniques Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	d8b433ac1d278a45_Extension.qsp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\SETUP_28161\Extension.qsp
Size	7.3KB
Processes	2552 (DZVcjxP.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`f1784b448a29c1edee7254062246a984`
SHA1	`272d0a41c4283382cddde69476b2ca70708630e5`
SHA256	`d8b433ac1d278a451a24cdcbea10b4b3702d3152fe7ba542aedb9c23332436c9`
CRC32	`3F6AA45C`
ssdeep	`192:FhUEuEBO8dLgottSEnde6Y11oDuDvXO+99SAvdZi43cTlAiSg5yWGB1CzXte:j9nde6YDvBv35c1GDF`
Yara	None matched
VirusTotal	Search for analysis

Name	3f293ef8d2fb3d72_hacker Submit file
Filepath	c:\users\test22\appdata\local\temp\um0cnqvt.3xx\hacker
Size	116.0KB
Processes	2552 (DZVcjxP.exe) 2668 (Engine.exe)
Type	data
MD5	`b3da0a95a716520b98c34092c8a7bba3`
SHA1	`e173002e823e30ff34450cbafe1159af202edce8`
SHA256	`3f293ef8d2fb3d725e8d22b41f11fbe4fcbae5722a9ba5fe644cff8ed5388880`
CRC32	`69916D13`
ssdeep	`3072:EZM3Pjqdv+Z/2UDjpNvatQaw10UZhO6EZZyvs6Dn:iM3PGdv+Z/fDldZhO6wyvs6b`
Yara	None matched
VirusTotal	Search for analysis

Name	19b82306a76f0d0e_payment Submit file
Filepath	c:\users\test22\appdata\local\temp\um0cnqvt.3xx\payment
Size	186.0KB
Processes	2552 (DZVcjxP.exe) 2668 (Engine.exe)
Type	data
MD5	`7f36761ffcaadaf4ffd3704c87d965db`
SHA1	`0b97d8e350653fd619b26c22fafd333c79b8b80b`
SHA256	`19b82306a76f0d0e4bd8188be845c356fd567ba485b6d64ba1094abce0b17197`
CRC32	`CE6506C6`
ssdeep	`3072:2OJUDylSgpRuDJXmuN/ebIj5Z6bH4GLHatgOTBE/VDKC7YORv+j6+3xtAmHQ8PE:28L8gnuDJXUbIj7KxL6tgOK/VDyO1+jg`
Yara	None matched
VirusTotal	Search for analysis

Name	4df9e9ba602f5303_architecture Submit file
Filepath	c:\users\test22\appdata\local\temp\um0cnqvt.3xx\architecture
Size	4.0KB
Processes	2552 (DZVcjxP.exe) 2668 (Engine.exe)
Type	data
MD5	`08c9f01680a222770c33ffdb9b28bfb9`
SHA1	`f082150113191548d11a549bcc5354501e20bc56`
SHA256	`4df9e9ba602f53034434c2473348f9bd42569ede8344efffb235f12ae80bc2c6`
CRC32	`DAE19DB6`
ssdeep	`96:du33scoiic+VJR+PR5F1kMDoz99kLPXl38XVX:du33f+vR+Jmhz99ulsXJ`
Yara	None matched
VirusTotal	Search for analysis