Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe
11.15 01:11
msf.exe
11.15 01:11
lum250.exe
11.15 01:11
msf443.exe
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe

Latest News
11.16 07:11
(g+) Datenschutz: Spor...
11.16 06:11
티오더, 메뉴 사진 무료 촬영 서비스 진행
11.16 06:11
WiFi Status Indicator ...
11.16 06:11
PAN-OS Firewall Vulner...
11.16 06:11
Dahua und Delo vereine...
11.16 05:11
NSO 그룹, 소송 중에도 ‘페가수스’로...
11.16 04:11
Warning: DEEPDATA Malw...
11.16 03:11
It’s a Soldering Iron!...
11.16 12:11
Critical Unauthenticat...
11.16 12:11
BASIC Co-Inventor Thom...

Dropped Files | ZeroBOX

Name	d96856cd944a9f15_nskbfltr.inf Submit file
Filepath	C:\ProgramData\nskbfltr.inf
Size	328.0B
Processes	2828 (7zz.exe)
Type	Windows setup INFormation, ASCII text, with CRLF line terminators
MD5	`26e28c01461f7e65c402bdf09923d435`
SHA1	`1d9b5cfcc30436112a7e31d5e4624f52e845c573`
SHA256	`d96856cd944a9f1587907cacef974c0248b7f4210f1689c1e6bcac5fed289368`
CRC32	`91EDA8F7`
ssdeep	`6:a0S880EeLL6sWqYFcf8KYFEAy1JoHBIr2M2OIAXFYJKRLIkg/LH2yi9vyifjBLWh:JShNvPG1JoHBx2XFhILH4Burn`
Yara	None matched
VirusTotal	Search for analysis

Name	3c072532bf7674d0_htctl32.dll Submit file
Filepath	C:\ProgramData\HTCTL32.DLL
Size	320.4KB
Processes	2828 (7zz.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`c94005d2dcd2a54e40510344e0bb9435`
SHA1	`55b4a1620c5d0113811242c20bd9870a1e31d542`
SHA256	`3c072532bf7674d0c5154d4d22a9d9c0173530c0d00f69911cdbc2552175d899`
CRC32	`0EF370EB`
ssdeep	`6144:Hib5YbsXPKXd6ppGpwpbGf30IVFpSzyaHx3/4aY5dUilQpAf84lH0JYBAnM1OKB:Hib5YbsXioEgULFpSzya9/lY5SilQCfR`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library IsDLL - (no description) anti_vm_detect - Possibly employs anti-virtualization techniques PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	5fd924625f6ab16a_readme.txt Submit file
Filepath	C:\ProgramData\readme.txt
Size	6.0B
Processes	2828 (7zz.exe)
Type	ASCII text, with no line terminators
MD5	`a8f5f167f44f4964e6c998dee827110c`
SHA1	`85136c79cbf9fe36bb9d05d0639c70c265c18d37`
SHA256	`5fd924625f6ab16a19cc9807c7c506ae1813490e4ba675f843d5a10e0baacdb8`
CRC32	`7F84A974`
ssdeep	`3:/BJ:JJ`
Yara	None matched
VirusTotal	Search for analysis

Name	fedd609a16c717db_remcmdstub.exe Submit file
Filepath	C:\ProgramData\remcmdstub.exe
Size	62.4KB
Processes	2828 (7zz.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`6fca49b85aa38ee016e39e14b9f9d6d9`
SHA1	`b0d689c70e91d5600ccc2a4e533ff89bf4ca388b`
SHA256	`fedd609a16c717db9bea3072bed41e79b564c4bc97f959208bfa52fb3c9fa814`
CRC32	`1DE794F0`
ssdeep	`1536:Tf6fvDuNcAjJMBUHYBlXU1wT2JFqy9BQhiK:D6f7cjJ4U4I1jFqy92hiK`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	213af995d4142854_client32.exe Submit file
Filepath	C:\ProgramData\client32.exe
Size	99.3KB
Processes	2828 (7zz.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`f70b67c2b3204b7ddd8b755799cccff0`
SHA1	`a42e55e328d62d11e687c167bb7049d46f0f9b26`
SHA256	`213af995d4142854b81af3cf73dee7ffe9d8ad6e84fda6386029101dbf3df897`
CRC32	`EC77D126`
ssdeep	`384:qUjV5+6j6Qa86Fkv2Wr120hZIq6nYPL7NheMxnB1:qgVZl6FhWr80/h6EN/`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	815a9ffe9fae2b28_archive.bat Submit file
Filepath	C:\ProgramData\ARCHIVE.bat
Size	106.0B
Processes	2828 (7zz.exe)
Type	ASCII text, with no line terminators
MD5	`d20c31e281d831e1b84533e6f39908a5`
SHA1	`73500b313628175161f11533685b267a98add270`
SHA256	`815a9ffe9fae2b28b9326240e01ed141b25146e2c3e0b24d181dbd34bc087703`
CRC32	`164FBDCA`
ssdeep	`3:oNy3c5WeX8E5WAXWMgFqrA+mfNy3c5WeX8E5WAXWaXz0PF:oNy3IvjHX6FqUZfNy3IvjHXTzi`
Yara	None matched
VirusTotal	Search for analysis

Name	fc6f9dbdf4b9f8dd_putty.exe Submit file
Filepath	C:\ProgramData\putty.exe
Size	1.6MB
Processes	2828 (7zz.exe)
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`f838fdafd0881cf1e6040a07d78e840d`
SHA1	`2a35456b2f67bd12905378beb6eaf373f6a0d0d1`
SHA256	`fc6f9dbdf4b9f8dd1f5f3a74cb6e55119d3fe2c9db52436e10ba07842e6c3d7c`
CRC32	`D17B93FD`
ssdeep	`49152:TDXOPFJK9bbYF8paMB8QMy3bHwPXNg/7UyW+ekBeZmn:T0WhreNg/X`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library IsPE64 - (no description) Win32_PWS_Loki_Zero - Win32 PWS Loki PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	f4e2f28169e0c88b_nsm.lic Submit file
Filepath	C:\ProgramData\NSM.LIC
Size	258.0B
Processes	2828 (7zz.exe)
Type	ASCII text, with CRLF line terminators
MD5	`1b41e64c60ca9dfadeb063cd822ab089`
SHA1	`abfcd51bb120a7eae5bbd9a99624e4abe0c9139d`
SHA256	`f4e2f28169e0c88b2551b6f1d63f8ba513feb15beacc43a82f626b93d673f56d`
CRC32	`4B3CB7F2`
ssdeep	`6:O/oPDvXk4xRPjwx3LzX81DKHMoEEjLgpW2MorGLUfKdYpPM/ioxTKa8l6i7s:X7XZR7wx3LzXBJjjqW2M23KKPM/iox7X`
Yara	None matched
VirusTotal	Search for analysis

Name	7d1302fc5aeb3aa1_client32.ini Submit file
Filepath	C:\ProgramData\client32.ini
Size	600.0B
Processes	2828 (7zz.exe)
Type	ASCII text, with CRLF line terminators
MD5	`9fd51ba7e1b8b8c4586354338df32acc`
SHA1	`30f194d6f87be214031410adeaf5f9df4f7945e2`
SHA256	`7d1302fc5aeb3aa1233d44cea8263ee577041c92d7aab5cad69dce94574ef49a`
CRC32	`9E20494F`
ssdeep	`12:BvyXBhzd+mPfGS5w+1lnxTPfY8o5kLXfDWQknmSuoc1zR6wGJ/:BeBhzEmPf2Clnx71cefDmh3t`
Yara	None matched
VirusTotal	Search for analysis

Name	38684adb2183bf32_pcicl32.dll Submit file
Filepath	C:\ProgramData\PCICL32.DLL
Size	3.6MB
Processes	2828 (7zz.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`d3d39180e85700f72aaae25e40c125ff`
SHA1	`f3404ef6322f5c6e7862b507d05b8f4b7f1c7d15`
SHA256	`38684adb2183bf320eb308a96cdbde8d1d56740166c3e2596161f42a40fa32d5`
CRC32	`9CB15CBA`
ssdeep	`49152:0KJKmPEYIPqxYdoF4OSvxmX3+m7OTqupa7HclSpTAyFMJa:0KJ/zIPq7F4fmXO8u6kS+y/`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library IsDLL - (no description) PE_Header_Zero - PE File Signature Admin_Tool_IN_Zero - Admin Tool Sysinternals IsPE32 - (no description) Malicious_Packer_Zero - Malicious Packer Antivirus - Contains references to security software
VirusTotal	Search for analysis

Name	6795d760ce7a955d_tcctl32.dll Submit file
Filepath	C:\ProgramData\TCCTL32.DLL
Size	387.4KB
Processes	2828 (7zz.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`eab603d12705752e3d268d86dff74ed4`
SHA1	`01873977c871d3346d795cf7e3888685de9f0b16`
SHA256	`6795d760ce7a955df6c2f5a062e296128efdb8c908908eda4d666926980447ea`
CRC32	`63E9E6A2`
ssdeep	`12288:OpwbUb48Ju0LIFZB4Qaza4yFaMHAZtJ4Yew2j/bJa+neNQ:epq7BaGIn4BbLneNQ`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library IsDLL - (no description) anti_vm_detect - Possibly employs anti-virtualization techniques PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	e7f7904c0de07240_2.bat Submit file
Filepath	C:\ProgramData\2.bat
Size	736.0B
Processes	3056 (curl.exe)
Type	DOS batch file, ASCII text, with very long lines, with CRLF line terminators
MD5	`40219802ccba25256712fe582510d862`
SHA1	`e82f56c31792498201d4ffff67b592c9bdbc7d56`
SHA256	`e7f7904c0de07240d0f2a211dfd0e6e27fe7e4b42a810d9f60a8aad50044afa0`
CRC32	`AFEA47C4`
ssdeep	`12:f2Bdfa4uP28QVaVM+/WSHPHVjWtO+Vj0hCRtfM/tidEWSDcEkWXn:fmRvaVPTHd8VkCRtf4tIEDJ`
Yara	None matched
VirusTotal	Search for analysis

Name	4bfa4c00414660ba_nsm_vpro.ini Submit file
Filepath	C:\ProgramData\nsm_vpro.ini
Size	46.0B
Processes	2828 (7zz.exe)
Type	ASCII text, with CRLF line terminators
MD5	`3be27483fdcdbf9ebae93234785235e3`
SHA1	`360b61fe19cdc1afb2b34d8c25d8b88a4c843a82`
SHA256	`4bfa4c00414660ba44bddde5216a7f28aeccaa9e2d42df4bbff66db57c60522b`
CRC32	`1FC5A049`
ssdeep	`3:lsylULyJGI6csM:+ocyJGIPsM`
Yara	None matched
VirusTotal	Search for analysis

Name	60fe386112ad51f4_nsm.ini Submit file
Filepath	C:\ProgramData\NSM.ini
Size	6.3KB
Processes	2828 (7zz.exe)
Type	Non-ISO extended-ASCII text, with CRLF line terminators
MD5	`88b1dab8f4fd1ae879685995c90bd902`
SHA1	`3d23fb4036dc17fa4bee27e3e2a56ff49beed59d`
SHA256	`60fe386112ad51f40a1ee9e1b15eca802ced174d7055341c491dee06780b3f92`
CRC32	`B9FA7C89`
ssdeep	`96:B6pfGAtXOdwpEKyhuSY92fihuUhENXh8o3IFhucOi49VLO9kNVnkOeafhuK7cwo4:BnwpwYFuy6/njroYbe3j1vlS`
Yara	None matched
VirusTotal	Search for analysis

Name	c136b1467d669a72_7zz.exe Submit file
Filepath	C:\ProgramData\7zz.exe
Size	574.0KB
Processes	2932 (curl.exe) 2828 (7zz.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`42badc1d2f03a8b1e4875740d3d49336`
SHA1	`cee178da1fb05f99af7a3547093122893bd1eb46`
SHA256	`c136b1467d669a725478a6110ebaaab3cb88a3d389dfa688e06173c066b76fcf`
CRC32	`1A160D6B`
ssdeep	`12288:myyKdVnyNhXCV4EkP7AIfzNXZ0b5NrnkcAqIV0A1caRI:mKvyNhXCV4E8BXAfrnkcAqU0A`
Yara	Malicious_Library_Zero - Malicious_Library CAB_file_format - CAB archive file PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	8793353461826fbd_msvcr100.dll Submit file
Filepath	C:\ProgramData\msvcr100.dll
Size	755.8KB
Processes	2828 (7zz.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`0e37fbfa79d349d672456923ec5fbbe3`
SHA1	`4e880fc7625ccf8d9ca799d5b94ce2b1e7597335`
SHA256	`8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18`
CRC32	`4623CD62`
ssdeep	`12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet IsDLL - (no description) PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	5cdc6ed724405a44_tempy.7z Submit file
Filepath	C:\ProgramData\tempy.7z
Size	2.4MB
Processes	2796 (curl.exe)
Type	7-zip archive data, version 0.4
MD5	`188d69944c5cf8eeebaba1cd5d479cbc`
SHA1	`7987c5707c13ac17bd077d5802e930fe0b728796`
SHA256	`5cdc6ed724405a44ea722845364b1ed4d0a9d585e58378d7a4fa774e3672d191`
CRC32	`DF41765F`
ssdeep	`49152:XmcTL9ozke7HIgwYSo3tyYr4Z9wN9JXd4DniMR55rdqTucO4k6U+iA:X7XlezH2o9N94DniyrdMuKTU+iA`
Yara	None matched
VirusTotal	Search for analysis

Name	4ab0092f97f5c351_hints.txt Submit file
Filepath	C:\ProgramData\hints.txt
Size	10.0B
Processes	2828 (7zz.exe)
Type	ASCII text, with no line terminators
MD5	`bb8f94bea3c0cd4204ff6202c01af1c6`
SHA1	`f43188ee2c792e0677e5374aea07c6a4d63b56fb`
SHA256	`4ab0092f97f5c3513b8054cde81078be51a13ceaa3c43155f16f886b4e47f163`
CRC32	`E484F63C`
ssdeep	`3:tGjH:mH`
Yara	None matched
VirusTotal	Search for analysis

Name	2d6c6200508c0797_pcicapi.dll Submit file
Filepath	C:\ProgramData\pcicapi.dll
Size	32.4KB
Processes	2828 (7zz.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`34dfb87e4200d852d1fb45dc48f93cfc`
SHA1	`35b4e73fb7c8d4c3fefb90b7e7dc19f3e653c641`
SHA256	`2d6c6200508c0797e6542b195c999f3485c4ef76551aa3c65016587788ba1703`
CRC32	`76398878`
ssdeep	`768:JFvNhAyi5hHA448qZkSn+EgT8ToDXTVi0:JCyoHA448qSSzgIQb`
Yara	Malicious_Library_Zero - Malicious_Library IsDLL - (no description) PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	956b9fa960f913cc_pcichek.dll Submit file
Filepath	C:\ProgramData\PCICHEK.DLL
Size	18.4KB
Processes	2828 (7zz.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`104b30fef04433a2d2fd1d5f99f179fe`
SHA1	`ecb08e224a2f2772d1e53675bedc4b2c50485a41`
SHA256	`956b9fa960f913cce3137089c601f3c64cc24c54614b02bba62abb9610a985dd`
CRC32	`788D89FB`
ssdeep	`192:dogL7bo2t6n76RRHirmH/L7jtd3hfwjKd3hfwB7bjuZRvI:dogL7bo2YrmRTAKT0iTI`
Yara	IsDLL - (no description) PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis