Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe
11.13 02:11
nb.exe
11.13 02:11
svcyr.exe
11.13 02:11
Ghost_1.5.11.5.exe
11.13 02:11
PowderGpl.exe
11.13 02:11
goodlabel%E6%89%93%E5%...

Latest News
11.13 04:11
에너지홀딩스, 고교생 대상 신재생에너지 ...
11.13 04:11
오아이브, 블랙 프라이데이 맞아 ‘블프 ...
11.13 04:11
Microsoft Fixes 90 New...
11.13 04:11
가트너, “AI 데이터센터 40%, 20...
11.13 04:11
미라트 쇼룸, DDP에서 약 1.5만명 방문
11.13 04:11
IBM, AI와 복잡내성 보안 강화한 I...
11.13 04:11
Fake Job Ads and Fake ...
11.13 04:11
노크, 전국 30만 대학생 소통의 장 열어
11.13 04:11
종로 골드게이트, 예물반지용 랩다이아몬드...
11.13 04:11
코오롱베니트, 글로벌 소프트웨어 기업 에...

Dropped Files | ZeroBOX

Name	d5c4d5a7f67292d5_compan.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\compan.exe
Size	1.0MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`3fae3aac2be5c0120c6a5427356c8c72`
SHA1	`13bdff94571ffb4ee027740c5456baddef38ae3c`
SHA256	`d5c4d5a7f67292d5e2480a5e7d13d5e69b6229795cf09b7eb97d9e3783bd2392`
CRC32	`B0B3913E`
ssdeep	`24576:SmJZW2wSdIHuiCyhuGaD0y13DrmmfVpd+c2ZAa7ZRa1dDk:SmJZW2FIOiCIuGaD0yh/zvd+c2ZAafaX`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsPE64 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	c9daa467a96f84c1_lukumrahmat.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\lukumrahmat.exe
Size	1012.5KB
Processes	1488 (compan.exe)
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`b8984fa531de29bff678fa99589dd2c0`
SHA1	`ac1f0c5a1d0a77a12f8ea0ff99d48726b8a69006`
SHA256	`c9daa467a96f84c12457a5d112cf5e3e6afa80b08a2215e0886d1fc964fb5762`
CRC32	`6B08528E`
ssdeep	`24576:BmJZW2wSdIHuiCyhuGaD0y13DrmmfVpd+c2ZAa7ZRaLt:BmJZW2FIOiCIuGaD0yh/zvd+c2ZAafaL`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsPE64 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	8e2d9a83ba6712c4_researchprevailing.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\IXP000.TMP\researchprevailing.exe
Size	113.2KB
Processes	2408 (rahmatlukum.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`8da2cad56c75fd310179767416c97f3a`
SHA1	`2a17aefa89c03d44e383bb6bffcb8739783d91ee`
SHA256	`8e2d9a83ba6712c43591ce3ead973d1a6338efc49f75710d79b43baca7d7d076`
CRC32	`81421E23`
ssdeep	`3072:gFBUjX+7LY6KJphnDRigl5nMdKJZD7wxbuUOmCLf:gYjXI65nOKJVwFDC7`
Yara	Is_DotNET_EXE - (no description) PE_Header_Zero - PE File Signature IsPE32 - (no description) Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	ee37878cc2395bd8_meroplex.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\meroplex.exe
Size	1.8MB
Processes	1488 (compan.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`674886b0e3cab040d8db3a5a16381c5d`
SHA1	`ae98c23fdca064a21a9ab011f3424050424f068a`
SHA256	`ee37878cc2395bd8872e1d5531b374ddd3da459aaa0e63f74b4c34aa7c7d63dc`
CRC32	`0A460503`
ssdeep	`24576:ihdTHae60YU5EayiQtx41jwko18q+V7Wj4/6/aKJSzj6H8b76ovDGERF4TiwOdGY:ibTHN60H5howQ87WjpFJ42GvM28+hx`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	12595e1822e40759_rahmatlukum.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\rahmatlukum.exe
Size	298.0KB
Processes	1488 (compan.exe)
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`3f52100fbab960bd3d871809b646a37c`
SHA1	`f0883a09a31faddad8c3271a56539f80567c6175`
SHA256	`12595e1822e40759b63f0fd250d94c4633dab2d69d92d61dc811250074d3d8e3`
CRC32	`2FAB3EC2`
ssdeep	`6144:IahOFp0yN90QEdny1v8j1GFDibyl5ADl7fBwL8jLZZW:IiNy90rncvy0Yyl5ANpfZZW`
Yara	UPX_Zero - UPX packed file Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet CAB_file_format - CAB archive file IsPE64 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
VirusTotal	Search for analysis

Name	26c533574df3f10b_11914415.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\11914415.exe
Size	2.2MB
Processes	1488 (compan.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`0ee55c32ae12c602364490cc965e25b4`
SHA1	`a1efbfe535f9465d312f96bdc894d79b4356660e`
SHA256	`26c533574df3f10b3c250e141b8ef4d74a7436ef449602f1f6bb7f2834ce5b13`
CRC32	`50C2E2BB`
ssdeep	`49152:Vnov7KIuYpntnIUZiG5CuUu/FG6rXB70sVY16NXYrt4KOPMXl5:V3AtnIUM7i3rl0sVYQNct9`
Yara	anti_vm_detect - Possibly employs anti-virtualization techniques PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	07a4cc4abd70e297_researchprevailiing.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\IXP000.TMP\researchprevailiing.exe
Size	95.4KB
Processes	2408 (rahmatlukum.exe)
Type	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5	`38c75d8c299db498b38a22f60231bded`
SHA1	`e2d82dd3d465d2cd90d02479e1781dd2523a5f2b`
SHA256	`07a4cc4abd70e2979831dd388f237794954bd12d9c318cfa418a6663aa9b603e`
CRC32	`9C159D2F`
ssdeep	`768:QdMLy693lNQsfakGIYNArygFxhWo6sWNWTnJHqbMwV9qMHubBacfRz1p6LR+gjUW:1Ly69VNff+uWoU0HqqS9RH+L8PxM+p`
Yara	IsPE64 - (no description) Is_DotNET_EXE - (no description) PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis