Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Dropped Files | ZeroBOX

Name	c000684a05ec18e3_jovewpm.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nshBF07.tmp\jovewpm.dll
Size	5.0KB
Processes	1680 (macilak2.1.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`ab1bd210c229e1fccc85928a9db47f87`
SHA1	`f1c0df72f4d1c6cfbcdca08f9dc700806a8107c9`
SHA256	`c000684a05ec18e3c9f7a1ba0c8af647fe22b9a63c15bee243afe9b16f776265`
CRC32	`51DD9737`
ssdeep	`48:q5DPDgKbuMS/e0ZUASDD4ASD+Cp1uGr63wrvAIz/3Z90gCr:uDluMSdmASDkASD+CruGr66vAIrz0j`
Yara	IsDLL - (no description) PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	5cbe741204069a45_wwyscyllr.amx Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\wwyscyllr.amx
Size	7.6KB
Processes	1680 (macilak2.1.exe)
Type	data
MD5	`c4d8cfaec0b719148696b3923195f028`
SHA1	`b7d2641e4e4b0c155c513c96601f815ad361616d`
SHA256	`5cbe741204069a451c26c6326c8ed3cae65dd94f818a6f1a63da0622b64549d3`
CRC32	`D1A6F7BF`
ssdeep	`96:EKZ0L8CBWEZwtKg++xroqEkXeo1uN9pHLygs+LsjC3q4n0t7I/sqXHsU2xcBBnAf:2LsBtKXtqXeo18fyFG3qu6xcL7Dn6t`
Yara	None matched
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_nsrBEF5.tmp Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\nsrBEF5.tmp
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	9e6e64943441faf5_luqajenj.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\soxtdmirbwgc\luqajenj.exe
Size	176.0KB
Processes	1680 (macilak2.1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`1923b005546de11d38b39e4d3874c045`
SHA1	`83b0ab3e7dfbf80cb515b51e4cfdca0054ed0ebc`
SHA256	`9e6e64943441faf5cdc7195644c00b4fede1e8f13a4a12edf61768ff140e7310`
CRC32	`3CC75176`
ssdeep	`3072:WfY/TU9fE9PEtuDbsVHN+FlzTs5gJsEUsYnKSu2umlOBw:AYa6RsVtmoeHQs2umN`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library NSIS_Installer - Null Soft Installer PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	8a0e610df1d85aed_zdokiudsjcw.t Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\zdokiudsjcw.t
Size	118.2KB
Processes	1680 (macilak2.1.exe)
Type	data
MD5	`37152cddb9cd250c00e67e0539472ee5`
SHA1	`cfaa9674b0581cfa21da956ec1eb3f7284c0c879`
SHA256	`8a0e610df1d85aed5f63f8b86364a11b06179f777997b3362206775cb3414539`
CRC32	`127D5084`
ssdeep	`1536:34EaJAekQia34uQ5xBhbksWJmRjUCSgwgQ0FrcszHxiAm3R25paEwoHs3UjFM:97fwc/WqjnSgRPctMpuas3UW`
Yara	None matched
VirusTotal	Search for analysis