Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.18 09:11
babababa.exe
11.18 09:11
Jagtfalkenes.vbs
11.18 09:11
windows_update.dll
11.18 09:11
nicko.exe
11.18 09:11
GHO%E9%95%9C%E5%83%8F%...
11.18 09:11
stories.exe
11.17 10:11
wwbizsrvs.exe
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe
11.15 01:11
msf.exe

Latest News
11.18 11:11
Report on DDoSia Malwa...
11.18 11:11
전통 공예의 새로운 접근, 'M-ART(...
11.18 11:11
Die Schattenseiten des...
11.18 10:11
호텔식 샤브샤브 뷔페 '샤브올데이', 동...
11.18 10:11
창원 노인주간보호센터 '수주간보호센터 창...
11.18 09:11
더조인, ‘J-VMP’ 우수조달제품 지정...
11.18 09:11
기숙통, 11월 기숙학원 추천 정보 무료 제공
11.18 09:11
IT Sicherheitsnews stü...
11.18 09:11
[AIS 2024 영상] 윤두식 이로운앤...
11.18 09:11
Samsung Jumps as Surpr...

Dropped Files | ZeroBOX

Name	cbf7a8e7775c9f73_compan.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\compan.exe
Size	1.1MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`55e23e1fe5c4051b85cc6aa7c1399ac8`
SHA1	`2dd95f77ca909cb4f0a98187d39f8d86af1df39c`
SHA256	`cbf7a8e7775c9f7341819ffc7d2a2c2519bd87cd1884a527b249a60995f1fb5b`
CRC32	`231C0A1D`
ssdeep	`24576:5mJZW2wSdIHuiCyhuGaD0y13DrmmfVpd+c2ZAa7ZRaH1F+g4:5mJZW2FIOiCIuGaD0yh/zvd+c2ZAafa7`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library IsPE64 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	6b0c3b3fb8610687_tmpC65.tmp.bat Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmpC65.tmp.bat
Size	146.0B
Processes	2780 (AUhCSHCCSCABSAcFaSBcESHbKBEEKUSKaaUCHCbsAhBhCFFFBAsHAUE.exe) 2908 (cmd.exe)
Type	DOS batch file, ASCII text, with CRLF line terminators
MD5	`3cd09bb768c47a6f713a4a61f6dc85b8`
SHA1	`aeac4bff30a9e384c44c025cb0cf235eb79d38e0`
SHA256	`6b0c3b3fb8610687287ceb9efba553a2f9d6f34da8011da91c5dc586c3e535db`
CRC32	`CAF8B163`
ssdeep	`3:mKDDCMNqTtvL5mZkREqxszTVovmqRDmWxpcL4E2J5xAInTRIMTV5ZPy:hWKqTtTPZxsyvmq1mQpcLJ23fTtp5k`
Yara	None matched
VirusTotal	Search for analysis

Name	36b5383213c6e73a_qrbizuj.exe Submit file
Filepath	C:\ProgramData\AdobeVegas\QRBIZUJ.exe
Size	999.5KB
Processes	2780 (AUhCSHCCSCABSAcFaSBcESHbKBEEKUSKaaUCHCbsAhBhCFFFBAsHAUE.exe)
Type	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5	`c07e23d2c66ab780388ac5f93efecf66`
SHA1	`b2c9923d9be6b69877edfb5474335f1d9fb5eeab`
SHA256	`36b5383213c6e73af4c91735a0aa3e4ea1c0ac4e772edd45a930589100f785b1`
CRC32	`6F68E222`
ssdeep	`12288:FmYGObz+oGSxNcTH2ALpenE5QQ1Q5qmHSgmmhq+0wXmIXIQiguat4ygIqmAhj/:FmYGObx7xNcTWALpJeQ1AqmRO`
Yara	IsPE64 - (no description) Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer
VirusTotal	Search for analysis

Name	ff1c90b81be560ba_sawalow.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\sawalow.exe
Size	1.3MB
Processes	2040 (compan.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`174bb7ffa4d21fe05c30d2c8d593f6b4`
SHA1	`dd6ed1dd8558edb6ce0f7ef0ca960c4c592d51e2`
SHA256	`ff1c90b81be560ba89d5cdf7b6a419f72629ee1a1f9c3bbffe256c4b873c6fec`
CRC32	`4DB053AE`
ssdeep	`24576:769n0IcfC55MOsFPJO/tUF0uGkqQphDzih73mR+V5cpF2jzzyRT:u9n2KPMOUPJOLuHqYhDziRYi5cS3zyB`
Yara	Is_DotNET_EXE - (no description) Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	2b80d859e30f3ad8_590aee7bdd69b59b.customDestinations-ms~RF1cd03f5.TMP Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF1cd03f5.TMP
Size	7.8KB
Processes	1340 (powershell.exe) 2276 (powershell.exe)
Type	data
MD5	`c3b0f066f40a7ada0e994ed00252acea`
SHA1	`88c95e018b118a808836a05f743973bd61bdc53f`
SHA256	`2b80d859e30f3ad823bf8208d5dc9e0a787c80b891daadb3c3b76ef88f129ffa`
CRC32	`83A6CB00`
ssdeep	`96:8tuCeGCPDXBqvsqvJCwoZtuCeGCPDXBqvsEHyqvJCworDPtDHXyf2lUVul:8tvXoZtvbHnorxTyQ`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	b013a2533a5bf93c_990060708.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\990060708.exe
Size	424.0KB
Processes	2040 (compan.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`fbb809e5f6b8c414c197cdbd95f99997`
SHA1	`82686d5db53c5e1812530013a9831ea23b11fbc2`
SHA256	`b013a2533a5bf93c7e32f34f4e34565ad5d0bb5820f55159a4ee502b6e18d1e6`
CRC32	`69CA1390`
ssdeep	`6144:xeEX2SpLLA0i97DRiGXVq6xlwfDl4Ks7manyAz3PhFyn5nF+se8TSOa4:x72gHA0iSGXVHIh4Ks7XnpDP+JPJSF4`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	073ee0b6f9d25e50_1507039610.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1507039610.exe
Size	1.8MB
Processes	2040 (compan.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`4416dc1d797783b7d3b76649f06cb87e`
SHA1	`f8a14f64aa39567a6e50ddacd48670838a2ba8be`
SHA256	`073ee0b6f9d25e5023303268ebc9387224e4daed7d77db89cc373260a54060f7`
CRC32	`46D3E17F`
ssdeep	`24576:mmfWF4++6EcT8RsoEdJz1+bryE3bXRGENcw9y/WlwB4IN1ehmtOqyqcY/6ajcUlb:m5hEcoHEdJMyIXRF9yelYJeE7lx/dJX`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis