Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Dropped Files | ZeroBOX

Name	f0f1c47cc164b8bf_classpnp.sys Submit file
Filepath	C:\Windows\System32\drivers\classpnp.sys
Size	174.9KB
Type	PE32+ executable (native) x86-64, for MS Windows
MD5	`acfad0b512226c7a83c7cb09fd55a9ad`
SHA1	`dbe2e674184248ee0d541e9e5cb9146a5fe40528`
SHA256	`f0f1c47cc164b8bf4b99cc4e9c0d34d603051cd01ed369acb9a781ec9cca56aa`
CRC32	`B353B924`
ssdeep	`3072:y9CXu2G6E+2fkL4qwH+olAwkCnO1w3ZWKwt/W6GH73WRtRfxFRT:y9KhG6E+2fklweEC6WKCs73WbRp/T`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	bd07aad9e20ceaf9_cdrom.sys Submit file
Filepath	C:\Windows\System32\drivers\cdrom.sys
Size	144.0KB
Type	PE32+ executable (native) x86-64, for MS Windows
MD5	`f036ce71586e93d94dab220d7bdf4416`
SHA1	`89204964b695862c31b10ab7129ec96b66c78f89`
SHA256	`bd07aad9e20ceaf9fc84e4977c55ea2c45604a2c682ac70b9b9a2199b6713d5b`
CRC32	`8EF5C8DF`
ssdeep	`3072:b+xOQgQ5vZ0AJyCFlFJacJZlnhcEtrqSLuKhDq5yn1:qxZvZVJWslhcSLDq5M`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	a7a5732ab9f859e4_x Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\x
Size	116.6KB
Type	ASCII text, with CRLF line terminators
MD5	`2e000614aec93ce7ae46dd2eccbd4909`
SHA1	`3729179982898079d2e618dfc5c761032660d2d8`
SHA256	`a7a5732ab9f859e4412b8efc73f32991d702632b37c7b389b6c1cb9c6d3ed0d9`
CRC32	`0F8E6EA6`
ssdeep	`3072:PPrinB4Pe8r9doaT9FuFWKo7Mujnnu67gp3GxE3RIAU1m:PP1PBrkE9FoWfMSnw3GxEhFR`
Yara	Suspicious_Obfuscation_Script_2 - Suspicious obfuscation script (e.g. executable files)
VirusTotal	Search for analysis

Name	b74cd24cef07f022_winload.exe Submit file
Filepath	C:\Windows\System32\winload.exe
Size	591.4KB
Type	PE32+ executable x86-64, for MS Windows
MD5	`e2f68dc7fbd6e0bf031ca3809a739346`
SHA1	`9c35494898e65c8a62887f28e04c0359ab6f63f5`
SHA256	`b74cd24cef07f0226e7b777f7862943faee4cf288178b423d5344b0769dc15d4`
CRC32	`6B0C714B`
ssdeep	`12288:g3SAVNtsCiPdRpuHq83wf1PKWZlZQUUFoqn6F7H4:giAJsC6dbuHq8G1PK6lZvL+6NY`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	571bc886e87c888d_disk.sys Submit file
Filepath	C:\Windows\System32\drivers\disk.sys
Size	71.6KB
Type	PE32+ executable (native) x86-64, for MS Windows
MD5	`9819eee8b5ea3784ec4af3b137a5244c`
SHA1	`46eb418de38f0a7bfce59de215f4146c32b3dcf9`
SHA256	`571bc886e87c888da96282e381a746d273b58b9074e84d4ca91275e26056d427`
CRC32	`B14C78F8`
ssdeep	`1536:BSyuxWNF0xFWM1YzftZHUlEoMzgMkuHoaxxHJXsAGQK:BS1YF0xFWdzV9oMEMfHZxpXsAGQK`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	6766717b8afafe46_taskmgr.exe Submit file
Filepath	C:\Windows\System32\taskmgr.exe
Size	251.0KB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`09f7401d56f2393c6ca534ff0241a590`
SHA1	`e8b4d84a28e5ea17272416ec45726964fdf25883`
SHA256	`6766717b8afafe46b5fd66c7082ccce6b382cbea982c73cb651e35dc8187ace1`
CRC32	`D5B3F6F7`
ssdeep	`6144:V09tY7h5eJ5Kfnsgj2NjP3wMN1YCTIsiTeM:V09tY7TeTK/VSNDwMN1YCkf6`
Yara	UPX_Zero - UPX packed file Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen OS_Processor_Check_Zero - OS Processor Check Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet Malicious_Library_Zero - Malicious_Library IsPE64 - (no description) PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	fdaab7e23012b4d3_acpi.sys Submit file
Filepath	C:\Windows\System32\drivers\acpi.sys
Size	326.4KB
Type	PE32+ executable (native) x86-64, for MS Windows
MD5	`d81d9e70b8a6dd14d42d7b4efa65d5f2`
SHA1	`54fb26c69829d3f1d0774d4e608327ffefa34d76`
SHA256	`fdaab7e23012b4d31537c5bdef245bb0a12fa060a072c250e21c68e18b22e002`
CRC32	`35CF306F`
ssdeep	`6144:7p8wPoJXh5s5CdFxBNnnRg6NuxpyQrwoQ:7p8wARs5CdFjN+6NuDyQcz`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsPE64 - (no description) PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	72ffa65ac56b7946_z.zip Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\z.zip
Size	85.2KB
Processes	2308 (cscript.exe) 2168 (cmd.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`1440570efffe6886be86d1b2986993d2`
SHA1	`8104d2543bf2f15748763228c2624c70e787a2e2`
SHA256	`72ffa65ac56b79466f8e3e1aaec7e19db1764fa40b90fb434a3c82d4277ad041`
CRC32	`420FA220`
ssdeep	`1536:2HYW0xezJ7L9rfWp+X2dHcJEaSSvv6wkq8XrfA7SbZtEBO0udicM:xHNLH4Ea1H8bI7SnEBODij`
Yara	zip_file_format - ZIP file format
VirusTotal	Search for analysis

Name	aa01b8864b43e920_x.js Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\x.js
Size	448.0B
Type	ASCII text, with CRLF line terminators
MD5	`8eec8704d2a7bc80b95b7460c06f4854`
SHA1	`1b34585c1fa7ec0bd0505478ac9dbb8b8d19f326`
SHA256	`aa01b8864b43e92077a106ed3d4656a511f3ba1910fba40c78a32ee6a621d596`
CRC32	`C7D4F068`
ssdeep	`12:KiN1ZxJbVCWiutHvBmjUXgYzxLElp3OxZIQv:JPxPCWDtPBmgX2ROxu6`
Yara	None matched
VirusTotal	Search for analysis

Name	09ab0535a54c2e29_logonui.exe Submit file
Filepath	C:\Windows\System32\logonui.exe
Size	27.0KB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`715f03b4c7223349768013ea95d9e5b7`
SHA1	`f5778343588df78fdd55c9cfcd49e5f39f959dd9`
SHA256	`09ab0535a54c2e2962f0fd06988d99060f8ceca39b07ac00a63204c773b95893`
CRC32	`C79EBD17`
ssdeep	`768:WMfPVhqgT55ZJiaL9/gb0iZwUWlO3ABpoeHSzm:dHbpT5Tg0/DiZo8kmeHkm`
Yara	UPX_Zero - UPX packed file IsPE64 - (no description) PE_Header_Zero - PE File Signature Antivirus - Contains references to security software
VirusTotal	Search for analysis

Name	e3cd3faf52ed11a8_ntfs.sys Submit file
Filepath	C:\Windows\System32\drivers\ntfs.sys
Size	1.6MB
Type	PE32+ executable (native) x86-64, for MS Windows
MD5	`05d78aa5cb5f3f5c31160bdb955d0b7c`
SHA1	`dc8e85ef3f01f279763eb067d3f50c9c2ec472b0`
SHA256	`e3cd3faf52ed11a8fb96d667510f1edca49053705aa3a13f560f8f6ec995ca45`
CRC32	`59493472`
ssdeep	`49152:UC8Q8RUbe8GlQ9Hibo9xPKytL2UOnevyx3oGUSF1:UTQ2cedl5qKYi3g0`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsPE64 - (no description) PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	53e260b8bfc50ba4_ndis.sys Submit file
Filepath	C:\Windows\System32\drivers\ndis.sys
Size	929.4KB
Type	PE32+ executable (native) x86-64, for MS Windows
MD5	`79b47fd40d9a817e932f9d26fac0a81c`
SHA1	`9788350e64905b5f2137742b136e0b3823eee985`
SHA256	`53e260b8bfc50ba45fa73bfcf4e58c233890d0eaa9defdccbb55fd3eb992ff2d`
CRC32	`61B0E398`
ssdeep	`24576:m+TrYG8GcZNYhcercVE8ky/h+IHe9hUnl5gHcYwA:zWGcvYBBny/hG9+c`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsPE64 - (no description) PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	9c113ae7f7243690_hal.dll Submit file
Filepath	C:\Windows\System32\hal.dll
Size	256.9KB
Type	PE32+ executable (DLL) (native) x86-64, for MS Windows
MD5	`cfb8c673f9188f99466e76c6972191e0`
SHA1	`70e4ce7f42a2216aae15b4d094210d6a32a28f6d`
SHA256	`9c113ae7f724369077a301ac97e4d3e8313fa965674fec401efd6e89b077bdcb`
CRC32	`DC6C679B`
ssdeep	`3072:Vp5qC/hi+2t/xV/ltGCJPRC5j7VZVf6MIaw0Qig/5hZ/w3iE13j6RnmF9IJ:VOjjf69VZVW0Qig/5H6iCW5I6J`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE64 - (no description) PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	7fba129db114e880_ntoskrnl.exe Submit file
Filepath	C:\Windows\System32\ntoskrnl.exe
Size	5.3MB
Type	PE32+ executable (native) x86-64, for MS Windows
MD5	`c6cec3e6cc9842b73501c70aa64c00fe`
SHA1	`a5d80ea1edcb1cb75e10c8dec0d3a2d5c4088f41`
SHA256	`7fba129db114e8808a2ee5ae597f66176b7eb3c4077e0b5e9a3be3f74aa2e6a6`
CRC32	`09B13933`
ssdeep	`49152:zmQiN93Ttt4wQyw8oFVbu+mG2FodxuI8IwLGFf2GThaVGH/9A7bnw1Yz/9oN37Rl:zmnPjgLPg0d1cOAHnIsI37Rv5lbF`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsPE64 - (no description) PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis