Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Dropped Files | ZeroBOX

Name	e3b0c44298fc1c14_nsqBE98.tmp Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\nsqBE98.tmp
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	942e0f8a60afc6f8_gxfyf.ps Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\gxfyf.ps
Size	118.0KB
Processes	1664 (swiss.exe)
Type	data
MD5	`ebe4ba143a89da1c8bbe1250ee0d61cb`
SHA1	`6a75c8bb3cdc9bed2eb69dc1d5af409713f8458f`
SHA256	`942e0f8a60afc6f849131a2c9ee88a8a5654fca03b08505d070707401f168d41`
CRC32	`EC72626A`
ssdeep	`3072:yKWxG/3P88Vted+VZhilA64UTIiQo7BU99W+sDC:yr+88iUfoAUx5B81s2`
Yara	None matched
VirusTotal	Search for analysis

Name	cbb4651ae0792498_jsoxhdmv.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\rwgclhqauen\jsoxhdmv.exe
Size	166.4KB
Processes	1664 (swiss.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`9e57567ee21222fa361798821a9571aa`
SHA1	`782ec2a1fedb901f855eac68e8788d6415f0c872`
SHA256	`cbb4651ae079249803e66087adfc5c3aca166a5f3147937069c290bdfb3b181f`
CRC32	`9F2D499F`
ssdeep	`3072:zfY/TU9fE9PEtuPbC6I8xPFSxDEJvhkYO/aXeJ/Q1cNJpn1UIDPJ:DYa61KQ92DshkYiJ/Q141UI`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library NSIS_Installer - Null Soft Installer PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	2727a82428fcf594_gluntoqblc.h Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\gluntoqblc.h
Size	8.0KB
Processes	1664 (swiss.exe)
Type	data
MD5	`e13c3910e0116434c3e634e69b0ff3e5`
SHA1	`66983f30d9dd6e6645dd1db0f936e0b3455bf399`
SHA256	`2727a82428fcf594b4c7e0b4668090432042e2429db8511d79f70e7728543abe`
CRC32	`651B8228`
ssdeep	`192:2LsBtKXtqXeo18fjmO3qipwaNHz9JUk3rV5NlPWHBRVjYZYGCsmI:/BtK9q78fCO3Fp117Uk3R1PkmbC7I`
Yara	None matched
VirusTotal	Search for analysis

Name	824fae3331b95e2f_xq.dkCF.tmp Submit file
Filepath	C:\Users\test22\AppData\Roaming\xq.dkCF.tmp
Size	40.0KB
Type	SQLite 3.x database, last written using SQLite version 3033000
MD5	`41c19a9e8541fcb934c13c075bf47721`
SHA1	`648a7622d533d79b9a0bb31dc370134ec3a75ed7`
SHA256	`824fae3331b95e2f88ca60c87a6c9569086906ec76fc1db8d6dee9adddc4e80c`
CRC32	`560F7642`
ssdeep	`48:+35TqYzDGF/8LKBwUf9KfWfkMUEilGc7xBM6vu3f+fmyJqhU:Ulce7mlcwilGc7Ha3f+u`
Yara	None matched
VirusTotal	Search for analysis

Name	790dd7046d05c7a3_ohpic.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nsfBEA9.tmp\ohpic.dll
Size	39.5KB
Processes	1664 (swiss.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`57245e2de1f81080abce169aebd07f5f`
SHA1	`d141ac900651b1f7a445b3a4ed8c9d960d359d6c`
SHA256	`790dd7046d05c7a32201512cb4eb7bba7b2e6afeac2f41bffda353c40a0febf1`
CRC32	`5E789B73`
ssdeep	`768:/AW/Fflyvh/XGgbrCN+bYSlzMLMWEf0Nfk9/tCQUWCNK3OTx:oWtSX3vCk4QUj`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library IsDLL - (no description) PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis