Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Dropped Files | ZeroBOX

Name	7676b84b0cd7ecc9_index.html Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\index.html
Size	2.0KB
Processes	1964 (wfplwfs.exe)
Type	HTML document, UTF-8 Unicode text
MD5	`2ddda0af7a0d8df3b789cf28d6fd66ed`
SHA1	`2db7c96ce58b77c7c13cb38d99eac186e55302e3`
SHA256	`7676b84b0cd7ecc9950b094a01c8a384d62d6625b949e87ddf1ff3c3bc763b72`
CRC32	`65A27465`
ssdeep	`48:nXafrqPiIZLdeUvoJX+d3vgQ1/GO90OISThw:nXafrqPiIZ5eLJX+eQ1+E0Rghw`
Yara	None matched
VirusTotal	Search for analysis

Name	c6459d39c4204c24_1d896d6f4de8430f.job Submit file
Filepath	C:\Windows\Tasks\1d896d6f4de8430f.job
Size	476.0B
Processes	1964 (wfplwfs.exe)
Type	VAX-order 68k Blit mpx/mux executable
MD5	`d9d684f35346b770d8a486dbd5aead85`
SHA1	`c420283d336ccac67561dc396aee03d34ea59204`
SHA256	`c6459d39c4204c240e9ed05d64fea808dc161af3cb5ea3b71073722c5b02a170`
CRC32	`7FD5F0A5`
ssdeep	`6:eRubaZXE/jm/UEZ+lX1t5N6tO8m/UEZ+lX1+lPL+SkE+MTBSclRMlTJzXlAca+wC:eRUalki/Q11/Q1UaQ1BZ7MTLwtVVBgB`
Yara	None matched
VirusTotal	Search for analysis

Name	74cd8cebc022b06c_wfplwfs.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\wfplwfs.exe
Size	5.4MB
Processes	2556 (a02.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`ad08fb264dd83251bebda5b2c71871f0`
SHA1	`ca71a18d8a696031c016434de89c7a158e3a6052`
SHA256	`74cd8cebc022b06c2cb58d00eb7d4dedaa47442bd7011130302785a3533c03ae`
CRC32	`7D602A38`
ssdeep	`98304:u4S0clXTS9EIv1281Ey0l6iEz0JzA3+rBAlrHC3dNtCLCh:6/lX3I9R1EFlnxJzVA1ALI+h`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) Malicious_Packer_Zero - Malicious Packer VMProtect_Zero - VMProtect packed file
VirusTotal	Search for analysis

Name	21df0ff4710ab3ea_2.1.1.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\2.1.1.exe
Size	478.5KB
Processes	2556 (a02.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`eb75a43690afdea95c83ba331de640b7`
SHA1	`b65715468e185c3b54b60e075459a5f8b6e9c0f7`
SHA256	`21df0ff4710ab3ea44a1950745f9c71f3098bce46c5b0a7e86ba2777810ae855`
CRC32	`ED5CA848`
ssdeep	`3072:J5HqXHmQESDeGF+hNnbP1vumSrUDTX3AzgsL0A1lr:JBuHZDINxIYy`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) Raccoon_Stealer_1_Zero - Raccoon Stealer
VirusTotal	Search for analysis

Name	b41bd7c17b6bdfe6_logo.png Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\logo.png
Size	2.9KB
Processes	1964 (wfplwfs.exe)
Type	PNG image data, 222 x 48, 8-bit/color RGBA, non-interlaced
MD5	`561a5a310ac6505c1dc2029a61632617`
SHA1	`f267ab458ec5d0f008a235461e466b1fd3ed14ee`
SHA256	`b41bd7c17b6bdfe6ae0d0dbbb5ce92fd38c4696833ae3333a1d81cf7e38d6e35`
CRC32	`A427A4F5`
ssdeep	`48:1URrn/9eEsyo0EeDcQ4ltBljxjzQz4EJcDUe8E+afOp8L2rZ5lFw5CiSJzJ8Xp9T:2RZt7wurUCcE2DT8wZL2FkCVl8PRTJR1`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	308de7da302d3ecf_d8c5e4a16c2bea0e36baa2d018275111ff62fd09 Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\D8C5E4A16C2BEA0E36BAA2D018275111FF62FD09
Size	812.0B
Processes	2556 (a02.exe)
Type	data
MD5	`1c3527f8fe5a24623bdd6ad96bf602fd`
SHA1	`bc988ad300ca4d581a7056bf8c342377d72d7c73`
SHA256	`308de7da302d3ecf499b6c140b11fb3d9db0d3b9515d8fa3dd0ce4a65659266c`
CRC32	`5F7886F7`
ssdeep	`24:Z6hR2MTR2d7NVM+uAR2CP0M9BHMvf9SJbsb:Z6WH1N2DAR2CP02xVg`
Yara	None matched
VirusTotal	Search for analysis

Name	7740df954417683f_a02.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\a02.exe
Size	6.0MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`820241820224a5c7eed0ca74b7420361`
SHA1	`4ad3588ecd226fde7fe8543c281290997a4ad9ac`
SHA256	`7740df954417683f1614403a7fa6607e7b9002ae045e25a07c8fd4e67f0b3c3f`
CRC32	`72AD8249`
ssdeep	`98304:x4S0clXTS9EIv1281Ey0l6iEz0JzA3+rBAlrHC3dNtCLChB:v/lX3I9R1EFlnxJzVA1ALI+hB`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) Malicious_Packer_Zero - Malicious Packer VMProtect_Zero - VMProtect packed file Raccoon_Stealer_1_Zero - Raccoon Stealer
VirusTotal	Search for analysis

Name	741a816750ffd35e_qrcode.png Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\qrcode.png
Size	1.6KB
Processes	1964 (wfplwfs.exe)
Type	PNG image data, 300 x 300, 8-bit/color RGB, non-interlaced
MD5	`abcf7fd62d78b302475bac66fd1e2968`
SHA1	`fad0de7476d1cb563ffd3723dfc8f6dc9d7fbac4`
SHA256	`741a816750ffd35e3c4828cca24e90ffad946e040e11eca3c4a2ec2a1c74def4`
CRC32	`FCDF6C5A`
ssdeep	`24:HTGl04lZ9/YrueZrVFSsOIcqeEDkXcmUb7/oQq:8xYrRZrjr0f07AQq`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis