Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe
11.15 01:11
msf.exe
11.15 01:11
lum250.exe
11.15 01:11
msf443.exe
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe

Latest News
11.17 06:11
DIN-Download: Neue Vor...
11.17 06:11
IT Sicherheitsnews stü...
11.17 05:11
[AIS 2024 영상] 최원혁 누리랩 ...
11.17 05:11
[강연 영상] 김직동 개인정보위 과장 “...
11.17 05:11
Diese KI-Oma soll Betr...
11.17 05:11
ChatGPT knackt Rekord:...
11.17 05:11
Ancient TP-Link Backdo...
11.17 04:11
Malware Analysis - Wri...
11.17 03:11
Register Renaming: The...
11.17 02:11
Raspberry Pi’s ‘Once i...

Dropped Files | ZeroBOX

Name	11bd2c9f9e2397c9_winring0x64.sys Submit file
Filepath	C:\Windows\Fonts\WinRing0x64.sys
Size	14.2KB
Processes	1200 (xmrig.exe)
Type	PE32+ executable (native) x86-64, for MS Windows
MD5	`0c0195c48b6b8582fa6f6373032118da`
SHA1	`d25340ae8e92a6d29f599fef426a2bc1b5217299`
SHA256	`11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5`
CRC32	`6B0323EB`
ssdeep	`192:nqjKhp+GQvzj3i+5T9oGYJh1wAoxhSF6OOoe068jSJUbueq1H2PIP0:qjKL+v/y+5TWGYOf2OJ06dUb+pQ`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	1a7b245cdf2fe139_conhost.exe Submit file
Filepath	C:\Windows\Fonts\conhost.exe
Size	9.0MB
Processes	1200 (xmrig.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`05051cd3b66aed5c4a25be3d0da67982`
SHA1	`b37778577efe35a85d9a211b322b6882a7408077`
SHA256	`1a7b245cdf2fe139cd056640bdfb696b40b845659f65c36592217560cf361211`
CRC32	`83FCC6A3`
ssdeep	`196608:Rpb9Vjgid90x08gAFsonxy4dqsc7WFIhqvVfO0fnhOgpQ78m:vrAFe4MWFIhIVO0JOK1m`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature IsPE32 - (no description) Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	a7270c3472d0d1a2_tem.vbs Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tem.vbs
Size	218.0B
Processes	1200 (xmrig.exe) 2184 (wscript.exe)
Type	ASCII text, with CRLF line terminators
MD5	`25bb142d25b6e15330515079f42264f3`
SHA1	`989b15319c547e42dae96635fc1e5c2135a0e21d`
SHA256	`a7270c3472d0d1a21e66a3e9f16d89003941b20166e94b1f2c72949c633d8eee`
CRC32	`E9C1229C`
ssdeep	`6:aBjw+7y8UpAM1mQpcLJ23fSAly/xAM1mQpcLJ23f/THp:+dnUpAYOLMqHJAYOLMjJ`
Yara	None matched
VirusTotal	Search for analysis

Name	516319905545cf57_svchost.exe Submit file
Filepath	C:\Windows\Fonts\svchost.exe
Size	87.0KB
Processes	1200 (xmrig.exe)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`3215a773eecd1089babe6b9975086ebd`
SHA1	`6f28080e58149aeb72dfd0f2568ce80de4eff43c`
SHA256	`516319905545cf575de3322f7733d99d5293df4a38d46fccf1a41e23b64d2d6c`
CRC32	`A101990A`
ssdeep	`1536:yRYh74DJEup8S69OLvbBiq5B6r9par9bXQ/WOd2QDgTVpBWsKu+q:yRYC1Eup4sAqH63ar5XyIQDgTVpUGF`
Yara	UPX_Zero - UPX packed file IsPE64 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	1dbe16e04438694c_xmrig.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\xmrig.exe
Size	2.9MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`1e7094119ed8a4415c7549c19d771a71`
SHA1	`61822e356d758509138cafd2da35b43ace52a80a`
SHA256	`1dbe16e04438694c62bb747d0073bf463a2a9525f6b637432d2f1381dad04608`
CRC32	`4D4FAD93`
ssdeep	`49152:g4A6TH7YA/AoKRQvdTq4WpYlV7QdJUqxU5b+5318PNSC8uDo:lFr7lINRqpq47lVAJM5g1OYCFs`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis