Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe
11.13 02:11
nb.exe
11.13 02:11
svcyr.exe
11.13 02:11
Ghost_1.5.11.5.exe
11.13 02:11
PowderGpl.exe
11.13 02:11
goodlabel%E6%89%93%E5%...

Latest News
11.15 02:11
The Intersection of Ma...
11.15 02:11
Revisiting Battery Safety
11.15 02:11
Diamond Sports Wins Ap...
11.15 02:11
From risks to resilien...
11.15 02:11
Newly patched Windows ...
11.15 02:11
Chinese targeting of U...
11.15 02:11
Expanded cyberattacks ...
11.15 02:11
Data aggregator breach...
11.15 02:11
Chinese malware attack...
11.15 02:11
American Associated Ph...

Dropped Files | ZeroBOX

Name	e3b0c44298fc1c14_cerF27E.tmp Empty file or file not found
Filepath	C:\Windows\cerF27E.tmp
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	e34e637fdfc81a39_buns.cmD Submit file
Filepath	C:\Users\test22\AppData\Local\buns.cmD
Size	1.9MB
Processes	2772 (certutil.exe) 2668 (cmd.exe)
Type	DOS batch file, ASCII text, with very long lines
MD5	`8b503cdbcf09edcda58681c38541c1f0`
SHA1	`df3f1e15e7c8446f7607fed6396f58de724c2656`
SHA256	`e34e637fdfc81a3905f339dd13bf7c2505d648d7b546c8904b45c7c0c23a2f10`
CRC32	`C907721B`
ssdeep	`24576:ZV+sgLyZVzW0RzT0stlQeKqrJyBBwZIwkalhF3VCDrCWSHKNFYUoOLXq4SsvJCe8:PIe0scWiw7FCDr1Nvkq6`
Yara	hide_executable_file - Hide executable file
VirusTotal	Search for analysis

Name	2f49fee339e30c02_ctnycgb.pdf Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ctnycgb.pdf
Size	175.5KB
Processes	3024 (certutil.exe)
Type	PDF document, version 1.7
MD5	`dc0b1e7a5217dbc4c9076063168fa8b2`
SHA1	`d5561132f5871ecc2f2a26b060b5ef199246d34b`
SHA256	`2f49fee339e30c0267a6ca0f2aa0e93e240b1b219c51facef24b20d8d5b6750a`
CRC32	`5D484582`
ssdeep	`3072:svkH/uJHB+6bVH0/sqriqBdWGVkxmHbHsoo/DT/4DThkq83A+KfDm:sO8HB+6bm/sqJ3GmHbMo8Pw83r+S`
Yara	PDF_Format_Z - PDF Format
VirusTotal	Search for analysis

Name	dc31cceb04efcbce_th.txt Submit file
Filepath	C:\Users\test22\AppData\Roaming\th.txt
Size	1.7MB
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`db248d20cd293be0aa1559abec5f2461`
SHA1	`cfb4facd55fe82066fc84cb87fe02d33cab27e8d`
SHA256	`dc31cceb04efcbce535e4b848bb7cfa5bf8124578b71bb8d9390411194a90cda`
CRC32	`8C798448`
ssdeep	`24576:tV+sgLyZVzW0RzT0stlQeKqrJyBBwZIwkalhF3VCDrCWSHKNFYUoOLXq4:bIe0scWiw7FCDr1NvP`
Yara	hide_executable_file - Hide executable file
VirusTotal	Search for analysis

Name	894648789f564491_deco.64 Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\deco.64
Size	234.0KB
Type	ASCII text, with very long lines, with no line terminators
MD5	`8a87ded43aa7ab722a0f43f10029bfe4`
SHA1	`42ceb40ec27bee360b8c43c18b73d3db522e6855`
SHA256	`894648789f564491e6afef7ce7fe4b2ff849c2b8c3e4fb9394d7bbd24847d305`
CRC32	`A2CD9654`
ssdeep	`3072:kQ6cB9+aMtDpeTjZzN53CjpXWCnqcbOViukv4+N1FZiHBzR/pPhbazldJo3+SjG:pBSpeTFvqpXW9cbiiLv4+HF4/ppm6o`
Yara	Suspicious_Obfuscation_Script_2 - Suspicious obfuscation script (e.g. executable files)
VirusTotal	Search for analysis

Name	96e5dfa2b6230b8e_runtimebroker.exe Submit file
Filepath	c:\users\test22\appdata\roaming\runtimebroker.exe
Size	1.2MB
Processes	2868 (certutil.exe) 2668 (cmd.exe)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`b77473dc38e51f9005cb4cc43e93c313`
SHA1	`5bba2a80b3c204a25f62521d56a80833527bddea`
SHA256	`96e5dfa2b6230b8eb53a4434bc053c1993965fca0a42b80e36e0f69cb9014d1d`
CRC32	`03D09E96`
ssdeep	`24576:jj8hYtCiktE+baggge0Zvs7xFHKhrTds1JsE7HT:MhY70E7164sw`
Yara	Malicious_Library_Zero - Malicious_Library OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature IsPE64 - (no description) Malicious_Packer_Zero - Malicious Packer
VirusTotal	Search for analysis