Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.21 02:09
l6E.exe
09.20 01:09
setup.exe
09.20 11:09
3uTools.exe
09.20 11:09
66ecb4573225b_vsbhfdg1...
09.20 10:09
66ecb452ba19c_sfbdsgfd...
09.20 10:09
66ecb44c35444_vfdhsgdf...
09.20 10:09
66ec0e61998bf_setup30.exe
09.20 10:09
66ebf725efe38_lyla.exe
09.20 10:09
Desktop_Explorer.exe
09.20 10:09
66ec3528901bb_winupdat...

Latest News
09.21 05:09
Intel Gains on Report ...
09.21 05:09
ION Reprices Leveraged...
09.21 05:09
Microsoft bringt Windo...
09.21 05:09
Falsche Buchungen in M...
09.21 05:09
Auf diesem Twitter-Klo...
09.21 04:09
OIG audit calls for mo...
09.21 04:09
How Google Allegedly M...
09.21 04:09
Metasploit Weekly Wrap...
09.21 03:09
Fixing an Elgato HD60 ...
09.21 02:09
Google Faces EU Ultima...

Dropped Files | ZeroBOX

Name	af2642060a29b640_profile_cleanup_page.css Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nsu4D31.tmp\profile_cleanup_page.css
Size	1.3KB
Processes	2200 (setup-stub.exe)
Type	ASCII text
MD5	`a19f25578e4c90a1ebdbb65f05848c2a`
SHA1	`6ef1152fc2e931e07bdaabbbb5ad2ebe1196bae7`
SHA256	`af2642060a29b6402f9aa8dbe691f685efe2b592b17520b1da36a559547dc944`
CRC32	`39AFD374`
ssdeep	`24:wfrmokmGn+wkoHGistU2gwbAePqD+XOxjYAUHoeKoYfotqDsOLFXn:AKmGnnkoHStU2r7Z8jZ6YwgAOpX`
Yara	None matched
VirusTotal	Search for analysis

Name	705f4947fb94254c_nsjson.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nsu4D31.tmp\nsJSON.dll
Size	33.9KB
Processes	2200 (setup-stub.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`e832077eaee06f3b2ac9a8d2e7264567`
SHA1	`decbc329257c9c7fb67d3c449b4c5dfc1f87471f`
SHA256	`705f4947fb94254c4e5084e6a962045f6a4e790dfc1ecf59cd0fc3feb38bcbbf`
CRC32	`F044B17D`
ssdeep	`768:QoZ1ZnhrTfldqk7Yyy94RxOcVQJrTuDGFo+EAe2:Vpi52vOcqlTvoyr`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_nsu4D30.tmp Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\nsu4D30.tmp
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	6476d0dcd6dbeb78_profile_cleanup.js Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nsu4D31.tmp\profile_cleanup.js
Size	1.1KB
Processes	2200 (setup-stub.exe)
Type	ASCII text
MD5	`ba983408ac62250294557403ceabad7a`
SHA1	`3b7b9987c6fb4957e93148ac389bed111b3b23cf`
SHA256	`6476d0dcd6dbeb786ddb5467b7ba6ebe5f6571015fa96397087c108d2f7ce8dd`
CRC32	`E0EAE02E`
ssdeep	`24:ZrmAAJGjHktqJRRaK/6xTRRlBovaRRCRRavSxiaXRRNIRRK:1PAJOjJ9ET/9OvcsxIm`
Yara	None matched
VirusTotal	Search for analysis

Name	ffacb83389d71186_setup-stub.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7zS4EBD3D2D\setup-stub.exe
Size	551.2KB
Processes	3044 (Firefox_Installer.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`4376e7770d25ba0dbc1f5d320cd7d346`
SHA1	`acb633912d87ca785c0a28cb180b3579e7c3e64e`
SHA256	`ffacb83389d71186b6baa1eef35f567b6f59b3c4b824558d9ee173e4bffc6e6f`
CRC32	`5FC70281`
ssdeep	`6144:ST4Dtrz08eL/W2T9es0mitrE7xPCtkpOz3U6uW/ns1VIddde:STs0l9euYrE5OzhuW/sTIdC`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature NSIS_Installer - Null Soft Installer IsPE32 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	0e28aa770b0afade_stub_common.js Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nsu4D31.tmp\stub_common.js
Size	817.0B
Processes	2200 (setup-stub.exe)
Type	ASCII text
MD5	`58b8ac894c64370cfa137f5848aeb88d`
SHA1	`6a1ac1f88a918a232b79fe798b2de69cf433945f`
SHA256	`0e28aa770b0afade30be85c6dc1e50344db8f8cdd3fa01989d81a9e20a4990bd`
CRC32	`A7F93097`
ssdeep	`24:ZrmAAJdslLElW0d+TrT0kKJRRZotfjJRRnE00:1PAJQLKWxXTGtoxjJjE00`
Yara	None matched
VirusTotal	Search for analysis

Name	b711c4f17690421c_system.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nsu4D31.tmp\System.dll
Size	22.4KB
Processes	2200 (setup-stub.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`b361682fa5e6a1906e754cfa08aa8d90`
SHA1	`c6701aee0c866565de1b7c1f81fd88da56b395d3`
SHA256	`b711c4f17690421c9dc8ddb9ed5a9ddc539b3a28f11e19c851e25dcfc7701c04`
CRC32	`955519E1`
ssdeep	`384:78+Qlt70Fj/lQRY/9VjjgLZvDGFtart8E9VFK4ietffvtlh:7SqFjm6YL1DGFo+EA6tlh`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	dc98ed352476af45_inetbgdl.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nsu4D31.tmp\InetBgDL.dll
Size	17.4KB
Processes	2200 (setup-stub.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`97c607f5d0add72295f8d0f27b448037`
SHA1	`dfb9a1aa1d3b1f7821152afaac149cad38c8ce3c`
SHA256	`dc98ed352476af459c91100b8c29073988da19d3adc73e2c2086d25f238544a5`
CRC32	`9C2A3CC9`
ssdeep	`384:Pbp9amRB1QxIsjvDGFtart8E9VFK4iwgEQsJE:f3DqDGFo+EAOY`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	ec6a56d981892bf2_uac.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nsu4D31.tmp\UAC.dll
Size	28.4KB
Processes	2200 (setup-stub.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`d23b256e9c12fe37d984bae5017c5f8c`
SHA1	`fd698b58a563816b2260bbc50d7f864b33523121`
SHA256	`ec6a56d981892bf251df1439bea425a5f6c7e1c7312d44bedd5e2957f270338c`
CRC32	`AEC424CA`
ssdeep	`384:2lqVibvTh4qnFP+OPEzinclP++vDGFtart8E9VFK4iBSaXrwz1k:EqVavVfPkzhlmIDGFo+EAzrn`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	4b7e441d51b790ee_bgstub.jpg Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nsu4D31.tmp\bgstub.jpg
Size	66.7KB
Processes	2200 (setup-stub.exe)
Type	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1344x822, frames 3
MD5	`c55f15ceedc724d6c6e15d1daf96b698`
SHA1	`af6bf647d708ca7a5377925d521097b67a269ae8`
SHA256	`4b7e441d51b790ee1c0baff19e4e968392a937877dfa8b84e74464f5ba7a4cf4`
CRC32	`FBFD162F`
ssdeep	`1536:UJFE//uqpq16OXAXZYiQiCIiuVpkH3KQO82ztmIdQutOC91d043:UrE+0q4xPCnuVWH3KQGzgGjd7`
Yara	JPEG_Format_Zero - JPEG Format
VirusTotal	Search for analysis

Name	4d9495b6f0e18331_stub_common.css Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nsu4D31.tmp\stub_common.css
Size	684.0B
Processes	2200 (setup-stub.exe)
Type	ASCII text
MD5	`544b51f11ad19df720669478d28f129d`
SHA1	`d238b604fd3fa37dfd552eacdc6aacc474fcddad`
SHA256	`4d9495b6f0e18331659993b79440e414a6e607fcdaeacbc7477e0683cc0fa98b`
CRC32	`D67C5CD9`
ssdeep	`12:UffrmssQiG8XxmcuKOdNGwQm/vYukF45fEibiHoEsyhqvR0T1vx:wfrmokmPqwQ+vY05fRiJLhqU1J`
Yara	None matched
VirusTotal	Search for analysis

Name	c299a0a71bf57eb2_cityhash.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nsu4D31.tmp\CityHash.dll
Size	53.9KB
Processes	2200 (setup-stub.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`2021acc65fa998daa98131e20c4605be`
SHA1	`2e8407cfe3b1a9d839ea391cfc423e8df8d8a390`
SHA256	`c299a0a71bf57eb241868158b4fcfe839d15d5ba607e1bdc5499fdf67b334a14`
CRC32	`08025BE1`
ssdeep	`768:jfXngOuwVTROMOZbPg9ao/wxsfJM3JuNUgo3BDGFo+EA3:j/hPVTRBO9NJYMMnomoy3`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	c6c413108539f141_userinfo.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nsu4D31.tmp\UserInfo.dll
Size	14.4KB
Processes	2200 (setup-stub.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`610ad03dec634768cd91c7ed79672d67`
SHA1	`dc8099d476e2b324c09db95059ec5fd3febe1e1e`
SHA256	`c6c413108539f141bea3f679e0e2ef705898c51ec7c2607f478a865fc5e2e2df`
CRC32	`41DF29C8`
ssdeep	`192:PmTH+kPMC7x0KDWpHFtH6cAAANa3Gy2sE9jBFKWJfsHRGz6ot87n5/:PWH+SvDGFtart8E9VFK4iczNwn5`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	281a0dc8b4f64433_webbrowser.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nsu4D31.tmp\WebBrowser.dll
Size	103.4KB
Processes	2200 (setup-stub.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`b53cd4ad8562a11f3f7c7890a09df27a`
SHA1	`db66b94670d47c7ee436c2a5481110ed4f013a48`
SHA256	`281a0dc8b4f644334c2283897963b20df88fa9fd32acca98ed2856b23318e6ec`
CRC32	`ED4F5E85`
ssdeep	`3072:XfSOjAHW06ovW1UOBnuW/0L8ieV1QWZxs1VIdfyb:KOz3U6uW/ns1VIdY`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	aec8db1b7a2d3b09_profile_cleanup.html Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nsu4D31.tmp\profile_cleanup.html
Size	1.0KB
Processes	2200 (setup-stub.exe)
Type	HTML document, ASCII text
MD5	`72e70244833cb1c8bad6fa8f98fc14d5`
SHA1	`6abdc75d0bd50fd1796872661fa26e2e2e0f8fb9`
SHA256	`aec8db1b7a2d3b09505ed0762d829c3786cf4e2b74ede492aee3631126e21a65`
CRC32	`0E9C6B4A`
ssdeep	`24:0lrrmeoWPkZObANVvPO1VIwO5HOvTY1UZFo6R6Mh:0lnfoW4HPbwmHO6U`
Yara	None matched
VirusTotal	Search for analysis

Name	5c78a05b5fb625c0_firefox_versions.json Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nsu4D31.tmp\firefox_versions.json
Size	685.0B
Processes	2200 (setup-stub.exe)
Type	ASCII text
MD5	`3265b8c530007fd453a72763e8231493`
SHA1	`98136ab99f77b2e12b12204fbecf295452164c1b`
SHA256	`5c78a05b5fb625c0c5255fcf649ce6465ed185a78c77fc32fa3aa7dbda6a0d39`
CRC32	`5B1792EA`
ssdeep	`12:JdY6dYhukhSdYXUdY0jsUdYZzpDhz0H1kh7SVH168g1HT0H1kh7tH1a83c:J5hkgHRGzH0H1k0VH1Pez0H1kzH1pc`
Yara	None matched
VirusTotal	Search for analysis