Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.11 10:11
bxn.exe
11.11 10:11
glued.hta
11.11 10:11
MONDAYconstraints.vbs
11.11 10:11
tartarises.vbs
11.11 10:11
xwo.exe
11.11 10:11
comehomeconstraints.vbs
11.11 10:11
hello.exe
11.11 10:11
chrome_130.exe
11.11 10:11
s.exe
11.11 10:11
Citatfusk.vbe

Latest News
11.13 10:11
세일포인트, "기업 약 41%, 아이덴티...
11.13 10:11
컴퓨터 수리 전문 브랜드 ‘컴닥터119’...
11.13 10:11
DirecTV Plans to Cance...
11.13 10:11
[사전규격공개] 2025년 기관 홍보 콘...
11.13 10:11
로그인 정보를 훔치는것 으로 추정 되는 ...
11.13 10:11
유니닥스, AI 기반 주얼리 검색 시스템...
11.13 10:11
퓨어피크, ‘솔리드 라인’ 초도 물량 완...
11.13 10:11
커버낫 우먼, ‘호빵 X 클로버하트’ 카...
11.13 09:11
(주)아삭·(주)유독컴퍼니, 소상공인 및...
11.13 09:11
Weekly Detection Rule ...

Dropped Files | ZeroBOX

Name	e3b0c44298fc1c14_cuserdown.txt Empty file or file not found
Filepath	C:\Users\Public\Documents\cuserdown.txt
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	df7915942028c0ab_start.vbs Submit file
Filepath	C:\Users\Public\Documents\start.vbs
Size	419.0B
Processes	292 (powershell.exe)
Type	ASCII text, with CRLF line terminators
MD5	`7bc0a651b8eb87820e0e0f4cbcede485`
SHA1	`194ac8ffe71ee6d476961f0d6bdf34d2cd601dd7`
SHA256	`df7915942028c0abfa72620b6a67382c5635bf698e663b1189a78b8a02d27015`
CRC32	`1D7A61D1`
ssdeep	`12:ZMvA0GFlyGKbHy+Az7RhRfevA0wMp2esoejUVC:ZYA5Fl2jy+AzVHfiA58d/eQVC`
Yara	None matched
VirusTotal	Search for analysis

Name	7858b76dbbcdba81_국세청 종합소득세 해명자료 제출 안내.hwp Submit file
Size	80.0KB
Type	Hangul (Korean) Word Processor File 5.x
MD5	`7f7fa98fee3cfd5b927a678e43574f4b`
SHA1	`3c887563af672f647dd70ed6086edf1fe24bb7f1`
SHA256	`7858b76dbbcdba815523522a0c2de4f5a7e6c5157052f2ca97b22402cbdb9ea0`
CRC32	`040725D3`
ssdeep	`1536:CoNqKYp5H9KYQuElyHmRdAHqUeLW6UMeUStd:mKYp5HkuLHqA0LWeFa`
Yara	Win32_HWP_PostScript_Zero - Detect a HWP with embedded Post Script code HWP_file_format - HWP Document File Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	7c08b9178c05ab76_국세청 종합소득세 해명자료 제출 안내.hwp.lnk Submit file
Size	176.4KB
Type	MS Windows shortcut, Has Description string, Has command line arguments, Icon number=0, ctime=Sun Dec 31 15:32:08 1600, mtime=Sun Dec 31 15:32:08 1600, atime=Sun Dec 31 15:32:08 1600, length=0, window=hidenormalshowminimized
MD5	`6f5e4b45ca0d8c1128d27a15421eea38`
SHA1	`1a8d8aa268d0475408f8a10c96d4cfee5e122011`
SHA256	`7c08b9178c05ab765a3d7754ac99f4ba1abddb226dbb6cc898bc692bba1898a1`
CRC32	`7F92AE43`
ssdeep	`3072:7g99+K+7S7ft8Niq+NXh2qrGqToXAZSWW2NETulGS0xVjIQzu8tZKaDJJhVRYmxi:kyKySJqsxxyqJ/Su0ScpS8vKaDJJhfY7`
Yara	lnk_file_format - Microsoft Windows Shortcut File Format Lnk_Format_Zero - LNK Format
VirusTotal	Search for analysis

Name	8495f0f5a9fb66c0_cuserdesk.txt Submit file
Filepath	C:\Users\Public\Documents\cuserdesk.txt
Size	423.0B
Processes	2496 (cmd.exe)
Type	ASCII text, with CRLF line terminators
MD5	`05951501704de458a23072eaa0995a01`
SHA1	`beca713fd2ed1ac9d6828c58ad165ac317999e1e`
SHA256	`8495f0f5a9fb66c03e787fdbb6423b7fa00cf74f4b1b1fdffa17d48c33759ff7`
CRC32	`1BE8A603`
ssdeep	`6:5eGTMQcOLYemQpByyoo3Fo3euKcEBgk/zhreym4Wlk/zh3QlF8k:53TRVhzyyoQ57cEekrhVZUkrhAEk`
Yara	None matched
VirusTotal	Search for analysis

Name	9b0dcdc88b7a11c9_63237951.bat Submit file
Filepath	C:\Users\Public\Documents\63237951.bat
Size	146.0B
Processes	292 (powershell.exe)
Type	DOS batch file, ASCII text, with CRLF line terminators
MD5	`20f0e8362782c7451993e579336f2f3e`
SHA1	`62a02d87145f82a8b14da0420f4366e84a4b6b61`
SHA256	`9b0dcdc88b7a11c96235c693562aa391fe54cb0396e6bcc94f25863c80d51105`
CRC32	`C79C0723`
ssdeep	`3:mKDDGQWT0ygSSJJFIGthWYRWogMdMQA7QcSIfOWNVP93BVS:hSnJs8GLWp/MecP9KV13jS`
Yara	None matched
VirusTotal	Search for analysis

Name	5de5a71a81007ce6_67611071.bat Submit file
Filepath	C:\Users\Public\Documents\67611071.bat
Size	1.7KB
Processes	292 (powershell.exe)
Type	DOS batch file, ASCII text, with very long lines, with CRLF line terminators
MD5	`4e9f14735c3befc094db8323600d7b5f`
SHA1	`57fbeff629d9a5b403c9d68c86be8eae5d01d476`
SHA256	`5de5a71a81007ce6d479657f7212991d17fd8dfa42df6675820bee6e484258db`
CRC32	`C34ED91B`
ssdeep	`48:kHksxPUdcDs+UXdYfxAL5MKoSLGlXVOm5Lt1fwP0yFt1fn:xsxU6ZQ285oSRm5LtNC0yFtNn`
Yara	None matched
VirusTotal	Search for analysis

Name	3248aa398316e88b_43595826.bat Submit file
Filepath	C:\Users\Public\Documents\43595826.bat
Size	645.0B
Processes	292 (powershell.exe)
Type	DOS batch file, ASCII text, with CRLF line terminators
MD5	`fe37ee353521eb064bb266c0fda59fb4`
SHA1	`bd288a13a5316d223f5637ea13a08700dd8656b1`
SHA256	`3248aa398316e88beca2f652990a1b92393d49a51c225bddfd27a580e159d619`
CRC32	`13C205C7`
ssdeep	`12:0nt/rGFUdQgv+HPJNWjR9FeJaUPx/B0/QT0f8j3//G+drfy:0nt69gAxYjR9Fcx/m/aYQG+Zfy`
Yara	None matched
VirusTotal	Search for analysis

Name	8d9b5190aace52a1_unzip.exe Submit file
Filepath	C:\Users\Public\Documents\unzip.exe
Size	164.0KB
Processes	292 (powershell.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`75375c22c72f1beb76bea39c22a1ed68`
SHA1	`e1652b058195db3f5f754b7ab430652ae04a50b8`
SHA256	`8d9b5190aace52a1db1ac73a65ee9999c329157c8e88f61a772433323d6b7a4a`
CRC32	`B1B54384`
ssdeep	`3072:IeAGcNNwmlR2GNUbomMYMLnbtoKOmiNL2SJOUOhop:CvNNtWuYcqHmiNLOc`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	eb66305fcfa08848_05772046.bat Submit file
Filepath	C:\Users\Public\Documents\05772046.bat
Size	833.0B
Processes	292 (powershell.exe)
Type	DOS batch file, ASCII text, with CRLF line terminators
MD5	`61f98b178c240f40cf013bdd57b0e9d0`
SHA1	`4f50a7fd618fb85dc0f8b0f4ec1654e3ecb6346c`
SHA256	`eb66305fcfa088485b4558eb915b10909735cde9765845211dcda5a6b86d5527`
CRC32	`8886B2F2`
ssdeep	`12:D/9bVj0K7drqy4JJ/lJWJ747JfALnKVIJWJ/BrIM9CWN5FUnkxiNKgfJ7WKuxIMP:D/ZVxrqy4fXhlfCUBJC+C4iNrut`
Yara	None matched
VirusTotal	Search for analysis

Name	b15dac1e72259ba7_cuserdocu.txt Submit file
Filepath	C:\Users\Public\Documents\cuserdocu.txt
Size	2.3KB
Processes	2496 (cmd.exe) 2320 (powershell.exe)
Type	ASCII text, with CRLF line terminators
MD5	`69420266db7739b9e38b9ded2941124b`
SHA1	`28f9918639d21d6b4e6436cd9505896c33015cf2`
SHA256	`b15dac1e72259ba7385fd08fb8a76d22e27edd6b0670fa8b3d5c4dfcc3fec162`
CRC32	`1ECE7CF9`
ssdeep	`48:lVHHSfSnxhIi2sgc0EMzMdjCapA3lT7s5QuiJLDeBxJqUAN8No0Q+k:YqAC43lT7s5QuLOGq`
Yara	None matched
VirusTotal	Search for analysis

Name	6064ce87d79c19ef_temp.folder.lnk Submit file
Filepath	C:\Users\test22\AppData\Roaming\HNC\Office\Recent\Temp.folder.lnk
Size	823.0B
Processes	2492 (Hwp.exe)
Type	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Directory, ctime=Wed Jan 31 20:32:29 2018, mtime=Mon Sep 4 00:22:54 2023, atime=Mon Sep 4 00:22:54 2023, length=65536, window=hide
MD5	`60ad68047cb49b5f7b1f1853d765b383`
SHA1	`077090505070f1e79bda11fe758296fb7ed3446b`
SHA256	`6064ce87d79c19ef4a48f21e057c9e31585b908ef181d2eece4651052fcc38d9`
CRC32	`49023E95`
ssdeep	`12:8pouSsh64cZCrR8EvSWCR+/608izCCOLMa1Swua4t2YLEPKzlX8yvMM:8poufsERdWRYzNRak6Py9`
Yara	lnk_file_format - Microsoft Windows Shortcut File Format Lnk_Format_Zero - LNK Format
VirusTotal	Search for analysis

Name	4be207de293c39bc_emb0000045c8adc.jpg Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Hnc\BinData\EMB0000045c8adc.jpg
Size	30.4KB
Processes	2492 (Hwp.exe)
Type	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 341x527, frames 3
MD5	`fded8048242122aadd9a101bfde82019`
SHA1	`1b6385e0b4acfa5d16d3fb163c6764c260be844c`
SHA256	`4be207de293c39bc7800b45d187b1779caedaf5ff643fc82cb5037d0c327c64d`
CRC32	`9C40765E`
ssdeep	`768:V7fIy6Ajh/GOTQquc46YvILO8OFUsEzvI07B+UjRtpfNuWfECVYh+mx:VLIlexpTQqu6YgLgFUsEDIFUjRzftF8T`
Yara	JPEG_Format_Zero - JPEG Format
VirusTotal	Search for analysis

Name	76296ca80ceb9d2d_sharefont.ini Submit file
Filepath	C:\Users\test22\AppData\Roaming\HNC\User\Common\80\Fonts\ShareFont.ini
Size	183.0B
Processes	2492 (Hwp.exe)
Type	ASCII text, with CRLF line terminators
MD5	`34766d17d04c24aaa62124eae6b5bac4`
SHA1	`984e092e32fe8f7bd340a7799541c2600d96a4fb`
SHA256	`76296ca80ceb9d2db0b4ed08ba1b060c92a75805d71978c30dd33b87bd698b6e`
CRC32	`E0E924A3`
ssdeep	`3:5xxovKdVo6LR5nE9Aj4I5tLGoW+QRX7AMWRUrNmWxpcL4EaKC5YoH1KLDTjEcKl0:5RVogR5nEk55GoW+QWMWRKNmQpcLJaZg`
Yara	None matched
VirusTotal	Search for analysis

Name	0ed5b0823e71e0e3_590aee7bdd69b59b.customDestinations-ms~RF1b9aab6.TMP Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF1b9aab6.TMP
Size	7.8KB
Processes	2956 (powershell.exe) 2388 (powershell.exe)
Type	data
MD5	`f4a8a3e56bca0190031a365f104571cf`
SHA1	`7a4eac7016b8feca961f757cfe05bfeb4b76c10f`
SHA256	`0ed5b0823e71e0e3262a8a73ff269499135b20c9c5aa71e34b57a9f43218ed41`
CRC32	`E95A2C69`
ssdeep	`96:QtuC6GCPDXBqvsqvJCwoFtuC6GCPDXBqvsEHyqvJCworQStDHXyWlUVul:QtbXoFtbbHnorFTyo`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	26b74170d836b7ba_74727756.bat Submit file
Filepath	C:\Users\Public\Documents\74727756.bat
Size	1.7KB
Processes	292 (powershell.exe)
Type	DOS batch file, ASCII text, with very long lines, with CRLF line terminators
MD5	`398879caa00b1b5cec041a3a234dc61f`
SHA1	`deae1607e3a80f0b4d0c1ffb87547e8f0defb61f`
SHA256	`26b74170d836b7baca0612ca4713e0a853cff46b3c6c81f7090e181773231219`
CRC32	`EA73279F`
ssdeep	`48:kEhPUdcDs+UXdYfxAL5AL1bAVKwip2S6L03Ln:fU6ZQ28ARbj7pV6Li`
Yara	None matched
VirusTotal	Search for analysis

Name	25df9cff5a42aa23_20676.zip Submit file
Filepath	C:\Users\Public\20676.zip
Size	81.3KB
Processes	292 (powershell.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`944712f762bc9c03c3649dedba368a30`
SHA1	`1426c03d86496fc1422c34d1ef3a3900cbdd20ae`
SHA256	`25df9cff5a42aa2320fa2dbf5c6af46d9901ff37d83c761dc31ed8e5f4154e01`
CRC32	`C2DE2ADD`
ssdeep	`1536:BaCk0xHv12dFyaD0YyAGLRWN/3qjtMdAkXYbqehJLiHJD50JKek6i9xOLI6hc5s:BaCpxHvAGaPGVljUJIbRhCJD50JHkzTK`
Yara	zip_file_format - ZIP file format
VirusTotal	Search for analysis

Name	1dc0c0479292d7db_36838375.bat Submit file
Filepath	C:\Users\Public\Documents\36838375.bat
Size	867.0B
Processes	292 (powershell.exe)
Type	DOS batch file, ASCII text, with CRLF line terminators
MD5	`36f91bf8e3fe74627912d96b8e5e6265`
SHA1	`176715d6e4eade467df3cffe0b10e05a8b7ea8ef`
SHA256	`1dc0c0479292d7db1a786f94e980859f9bea3e57f256cf2b72f4cbd4cfdcf5dc`
CRC32	`D88EAE85`
ssdeep	`24:0n/vHjOkHEYfXYkbXwwPTLLKGLJJQAj/wq7w6OQR:knKkHPXwQTLLdLJjac`
Yara	None matched
VirusTotal	Search for analysis

Name	a9b1dc8eaa5fcd00_d93f411851d7c929.customdestinations-ms Submit file
Filepath	c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size	7.8KB
Processes	292 (powershell.exe)
Type	data
MD5	`c1d8708bab1e838a2deda26d58bb8d42`
SHA1	`95d39e75a804752961c139bb6c0b67f84f685035`
SHA256	`a9b1dc8eaa5fcd0034694cf9742ae915a5932142a1477c3ab6fada45d98750b2`
CRC32	`E71AF2A2`
ssdeep	`96:QtuC6GCPDXBqvsqvJCwoFtuC6GCPDXBqvsEHyqvJCworFS7HwxWlUVul:QtbXoFtbbHnor/xo`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	f223e999146b8bac_국세청 종합소득세 해명자료 제출 안내.hwp.lnk Submit file
Size	1.1KB
Type	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Mon Sep 4 00:22:29 2023, mtime=Mon Sep 4 00:22:29 2023, atime=Mon Sep 4 00:22:29 2023, length=81920, window=hide
MD5	`2855b93494360f568f44b317ab92d628`
SHA1	`8ef8220b8be7c2a0e3074ced8a584090e0ae7b00`
SHA256	`f223e999146b8bace1789d6eee712293bad7497effc3adb2eca23b485ca99cc4`
CRC32	`9B81DBE1`
ssdeep	`24:8sdsERdWRoYKBR4qRQUMNBR4eNBR4V6Pyd:8sdsJR1Kn4qRzMNn4eNn48yd`
Yara	lnk_file_format - Microsoft Windows Shortcut File Format Lnk_Format_Zero - LNK Format
VirusTotal	Search for analysis