Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Dropped Files | ZeroBOX

Name	f7e07f7936269756_irsetup.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
Size	4.9MB
Processes	300 (KavachAuthentication%20Updater.exe)
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`b0a1f1e0a106e1a62753c8a07fb3809b`
SHA1	`b4bab82aa173a401a2f16f8b4ad91105a895b2d9`
SHA256	`f7e07f7936269756bb73e91c8b280c2ab8532fb5bf15085d96eaebc7a05a8950`
CRC32	`B9F581E2`
ssdeep	`49152:N7W5z4K6uYQ4Xzw8fc8ez3v36vTAMFroMjG0IoNWYIgfFI6wJR+ig5S0M7A2m++1:ICPL/ezqAMdGUFI6wJ1cak9pnN`
Yara	UPX_Zero - UPX packed file Network_Downloader - File Downloader Win32_Trojan_Emotet_1_Zero - Win32 Trojan Emotet IsPE64 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature ASPack_Zero - ASPack packed file
VirusTotal	Search for analysis

Name	74485623fafe0ea2_IRIMG1.BMP Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_ir_sf_temp_0\IRIMG1.BMP
Size	10.7KB
Processes	2180 (irsetup.exe)
Type	PC bitmap, Windows 3.x format, 62 x 58 x 24
MD5	`3c7b16e0b18dcd372f510541edf83036`
SHA1	`cdaa6eb238465e1a69d7ec846bd1887824db928c`
SHA256	`74485623fafe0ea24456b66f836224ee7fc262a30d23b331a9b5e6c81341190a`
CRC32	`B98C9540`
ssdeep	`96:4N7Qq1+/xXTMcHCoUqCvEBKIlv5ET/JRt65VVTkS9JCT5Nruqj9Y0ngoiFOhdb/X:EZ1cjzYqCvEBKIlAQVd9JCltTYRQhx`
Yara	bmp_file_format - bmp file format
VirusTotal	Search for analysis

Name	02216a16248d8e75_irsetup.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_ir_sf_temp_0\irsetup.dat
Size	112.9KB
Processes	2180 (irsetup.exe)
Type	data
MD5	`af4dcf74c8997127e5ca50a114616d56`
SHA1	`eec5f217daab7b805a263b38e58b5c703fcbea1b`
SHA256	`02216a16248d8e750b6ad1b9a31a36d20a5bc21cacbaa1c4626850deffe255fb`
CRC32	`5832DD3B`
ssdeep	`1536:WZEK0mOeJKSkpAYD292UYSbHkUKwT62LSvqePJsylWBKKHQ7rdvHPnAspidvkRGT:WIW09Gl6b15Tr1Lkp0n/I8ybKwjDfoQF`
Yara	None matched
VirusTotal	Search for analysis

Name	3d07466b8f5c18af_lua5.1.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
Size	351.0KB
Processes	300 (KavachAuthentication%20Updater.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`c916c7815286c5233a49deac81f8543e`
SHA1	`cb964c3c8eae8e7ce170f3ad3a55993f7a1918db`
SHA256	`3d07466b8f5c18afc70c6a9746d43fa7daa39c9bd41e8bfb928c70e7d7458bf4`
CRC32	`D8851EEC`
ssdeep	`6144:v69Kz8bp39xTdy2q7tJ8p4ac931N4cyZZ38ez0dokx:vGKz8FtxJTC8pfHJKdoq`
Yara	IsDLL - (no description) IsPE64 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	45eba9d0872bcb19_IRIMG1.JPG Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_ir_sf_temp_0\IRIMG1.JPG
Size	24.6KB
Processes	2180 (irsetup.exe)
Type	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 166x312, frames 3
MD5	`21d0c4f3cff95c34e07ad1140136e99e`
SHA1	`1f7f58b1cf233d7ff0852c7fe79c3b67d1141cbe`
SHA256	`45eba9d0872bcb19a40ec70ff01a410adeab5706424304ba3f19a7d530e98c78`
CRC32	`4560AA8C`
ssdeep	`768:hq8NVsdt0ygmOzp5miYHUD8eDdKKYz4F24:hq2sdNWbnsUIeD6624`
Yara	JPEG_Format_Zero - JPEG Format
VirusTotal	Search for analysis

Name	727d803ef807aac5_applicpywizable.lnk Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KavachAuthentication\ApplicPywizable.lnk
Size	2.0KB
Processes	2180 (irsetup.exe)
Type	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Wed Jun 28 01:39:20 2023, mtime=Wed Jun 28 01:39:20 2023, atime=Wed Jun 28 01:39:16 2023, length=8673280, window=hide
MD5	`932f5e1aef9d3b0dff8fa290cc44dee1`
SHA1	`84ef3ac79624088e6aeaf4c442812c5bafb02523`
SHA256	`727d803ef807aac548b2b8779e06e3910ae0ece7d5afef3b29584e5b4a034b20`
CRC32	`28FD2C2C`
ssdeep	`24:8Qu7mLdRdGArcc4ldD4AlBHd2+lDEd2Td2+lDwNx+lDEJCdPyV:8kdR8HPXDfrdjDEd6djDQUD3yV`
Yara	Lnk_Format_Zero - LNK Format
VirusTotal	Search for analysis

Name	bbe0fa619435a89b_applicpywizable.exe Submit file
Filepath	C:\Program Files\KavachAuthentication\ApplicPywizable.exe
Size	8.3MB
Processes	2180 (irsetup.exe)
Type	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5	`606115347958dca7ac3c206c643d5419`
SHA1	`7e382790b7175922150e91d36410eb82aaecaf06`
SHA256	`bbe0fa619435a89b6c054d9ef84574e05cb1ae76dd707d6c27155bf6951a01e5`
CRC32	`F51E9086`
ssdeep	`98304:IQrH4r7ApUqQPxcEtwNMfBeTIUqMDyM3v:Xr47AyBbGIkyM3v`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsPE64 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer Antivirus - Contains references to security software
VirusTotal	Search for analysis