Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe
11.15 01:11
msf.exe
11.15 01:11
lum250.exe
11.15 01:11
msf443.exe
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe

Latest News
11.16 09:11
T-Mobile’s Network Bre...
11.16 09:11
Spotted at Supercon: G...
11.16 09:11
IT Sicherheitsnews tae...
11.16 09:11
Bitfinex Hacker Gets 5...
11.16 07:11
(g+) Datenschutz: Spor...
11.16 06:11
티오더, 메뉴 사진 무료 촬영 서비스 진행
11.16 06:11
WiFi Status Indicator ...
11.16 06:11
PAN-OS Firewall Vulner...
11.16 06:11
Dahua und Delo vereine...
11.16 05:11
NSO 그룹, 소송 중에도 ‘페가수스’로...

Dropped Files | ZeroBOX

Name	fd8e8bee3bb11304_x3761824.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\IXP000.TMP\x3761824.exe
Size	317.0KB
Processes	652 (foto172.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`e4bcac7f027a4669f9e9d764219e2e79`
SHA1	`03300c496bb93f073176fdfd7a9bfbaa0951a128`
SHA256	`fd8e8bee3bb113048d3a6a7eac1bdede3160f4a41ca22b0d2e8f5457bddfb3d5`
CRC32	`245234D9`
ssdeep	`6144:Kty+bnr+Up0yN90QE6TdpsVasRiyMB0cud9SjpicwA43P:vMrQy90ETdpZsRQrjpiL/3P`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet CAB_file_format - CAB archive file IsPE32 - (no description) PE_Header_Zero - PE File Signature Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
VirusTotal	Search for analysis

Name	00f972eb3d4d2fac_rugen.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\200f691d32\rugen.exe
Size	205.0KB
Processes	2688 (g6015459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`835f1373b125353f2b0615a2f105d3dd`
SHA1	`1aae6edfedcfe6d6828b98b114c581d9f15db807`
SHA256	`00f972eb3d4d2fac05c10c0e6e212cf096b4142b5b5075b29c6c100d51432cd4`
CRC32	`B342F64B`
ssdeep	`3072:CXkSckkHbzG1iXAt60p0zuNmnKG7peNMQbuZAIOb2y3xfbT:8kSDAzG1iciuInRexuZAIKj`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	850cd190aaeebcf1_i1343857.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\IXP000.TMP\i1343857.exe
Size	11.0KB
Processes	652 (foto172.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`7e93bacbbc33e6652e147e7fe07572a0`
SHA1	`421a7167da01c8da4dc4d5234ca3dd84e319e762`
SHA256	`850cd190aaeebcf1505674d97f51756f325e650320eaf76785d954223a9bee38`
CRC32	`C025CC12`
ssdeep	`96:yA/vMth9sDLibql3A44P9QL4fwmPImg+A03PvXLOzk+gqWYV4J6oP/zNt:yw+wGWt94+iANiCkc4Jhp`
Yara	Is_DotNET_EXE - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	90ccd84f28e4dd03_mu.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000003051\mu.exe
Size	30.0KB
Processes	2808 (rugen.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`35a15fad3767597b01a20d75c3c6889a`
SHA1	`eef19e2757667578f73c4b5720cf94c2ab6e60c8`
SHA256	`90ccd84f28e4dd03fb70b8739c4636acbcf8a030404b5a24264afd1acd09ecbc`
CRC32	`15C40371`
ssdeep	`384:K9VD6tee+qUOTd2opQTLAdz1SvNmhpdvOjT7PbA6HBiTSnjxZMdP05ldpRMaYIBI:k6Qe+qUv8zcqdvOXA6XkPslJvGaVW`
Yara	win_smokeloader_auto - Detects win.smokeloader. IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	08dabdd0b0fb13d5_clip64.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\006700e5a2ab05\clip64.dll
Size	89.0KB
Processes	2808 (rugen.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`83fc14fb36516facb19e0e96286f7f48`
SHA1	`40082ca06de4c377585cd164fb521bacadb673da`
SHA256	`08dabdd0b0fb13d5d748daf1173f392aa27eb9943eef78bd29e6a8fa61007a6e`
CRC32	`7E54004B`
ssdeep	`1536:Uo4NPCKLbqoYkbpplW9YoUsxXzbcouNhj2ZszsWuKcdJUGNaB89p:UoUCWbBNpplToUs1uNhj25LJU6aB89p`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library IsDLL - (no description) Admin_Tool_IN_Zero - Admin Tool Sysinternals IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	21bcf3ffe07f6ee8_fotod95.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000002051\fotod95.exe
Size	507.3KB
Processes	2808 (rugen.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`d7445b86a046707d2e0d4991ba193f89`
SHA1	`de8e721595d39b010e3ba41a50a0630ad4bdf549`
SHA256	`21bcf3ffe07f6ee84f916c0f419b4f155d29fa9abbf077388e6b651e2f57570d`
CRC32	`5876248E`
ssdeep	`12288:0Q03ztfEq4eBybqPVm3nqnmph4XXCJ+0Y0ec:0Q0ZfR4epPWqn6450ec`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	587c2fb0cf025a25_cred64.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\006700e5a2ab05\cred64.dll
Size	273.0B
Processes	2808 (rugen.exe)
Type	HTML document, ASCII text
MD5	`04a943771990ab49147e63e8c2fbbed0`
SHA1	`a2bde564bef4f63749716621693a3cfb7bd4d55e`
SHA256	`587c2fb0cf025a255a077b24fe6433fd67bdfac451d74d321d86db96c369841e`
CRC32	`2C11B08C`
ssdeep	`6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoIR+knacCFEcXaoD:J0+oxBeRmR9etdzRxGezH0qasma+`
Yara	None matched
VirusTotal	Search for analysis

Name	530c483ed1bdff2a_foto172.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000001051\foto172.exe
Size	495.8KB
Processes	2808 (rugen.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`9dad0b4017cb30229fdce0d9ab926721`
SHA1	`da9715a36c267a28244103ea23cd8d704cf9c558`
SHA256	`530c483ed1bdff2a59bf75f818ac5ed96fa5874643773a77e5105f4063a072b5`
CRC32	`3E305751`
ssdeep	`6144:tdF7K0q6Zwh24HVvsrlnQyf7TVe08q6yBG26et41/0EiLc+LK0CGab4MOkBT23wi:tfK03zQq7QafG2xt41hiLZumuJsO3S`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis