Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
01.31 01:01
29.exe
01.30 07:01
joiner.exe
01.30 07:01
stub.exe
01.30 07:01
fag.exe
01.30 07:01
rh_0-8_2025-01-23_15-0...
01.30 07:01
newest.exe
01.30 07:01
setup_64.msi
01.30 07:01
1.jar
01.30 07:01
enai2.exe
01.30 07:01
BQEHIQAG.exe

Latest News
01.31 05:01
Dark Web Activity Janu...
01.31 04:01
뉴욕혈액센터 랜섬웨어 공격으로 혈액 공급...
01.31 04:01
헬스케어 서비스 삐빅, ISO 27001...
01.31 04:01
Living with AI: The Fu...
01.31 04:01
메이크보그, 누적 후원 금액 4억 원 돌파
01.31 04:01
Broadcom Patches VMwar...
01.31 03:01
결혼정보회사 듀오, ‘비혼 출산’ 설문 발표
01.31 03:01
The Jell-O Glow Tenseg...
01.31 03:01
DeepSeek and Ozempic A...
01.31 03:01
2025년 전반기 최대 정보보호&...

Dropped Files | ZeroBOX

Name	aef4998f2e1cbe3a_screen.jpeg Submit file
Filepath	C:\Users\test22\AppData\Roaming\ScreenShot\screen.jpeg
Size	35.8KB
Processes	2888 (XS1WFR6F.exe)
Type	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1024x768, frames 3
MD5	`e0c3ca74b0b06b832fdfcf1bfd03c3c8`
SHA1	`e86823c3c3866d6acaae47bea473abfbb60b69e6`
SHA256	`aef4998f2e1cbe3a547285543c8d4c804dfa463c30bb7e7384e5f5dbbdc6c144`
CRC32	`7C0C90FB`
ssdeep	`768:RSph1/eeeeenIZ9555Qfs+E/IWop1kg2gPoRgnQjMevmHMLh+R6UZOtthj:RSp7eeeeen/BEXoq9aAcex8MLsQUZOJ`
Yara	JPEG_Format_Zero - JPEG Format
VirusTotal	Search for analysis

Name	6535ba91fcca7174__isdecmp.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-274TJ.tmp\_isetup\_isdecmp.dll
Size	29.7KB
Processes	2804 (6WCKE74G.tmp)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`fd4743e2a51dd8e0d44f96eae1853226`
SHA1	`646cef384e949aaf61e6d0b243d8d84ab04e79b7`
SHA256	`6535ba91fcca7174c3974b19d9ab471f322c2bf49506ef03424517310080be1b`
CRC32	`62E04312`
ssdeep	`768:84NHPfHCs6GNOpiM+RFjFyzcN23AEoSXMYisio:8anvc+R9F4s8BoaMYi2`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	948ce4952f2ae39a_tmpg843.tmp Submit file
Filepath	c:\users\test22\appdata\local\temp\tmpg843.tmp
Size	183.0KB
Processes	2540 (eCVXk3pYsYhZNlI.exe) 2888 (XS1WFR6F.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`1a17a64471057ab792f756874114d241`
SHA1	`6b444a2854eaa58a69058e1b906d9145729d1cd0`
SHA256	`948ce4952f2ae39a5db002acaebba5deb54fa5742d69977dc0bb087d2ab2e2a9`
CRC32	`41EE5999`
ssdeep	`3072:nYn5jsoUdPukH+LGP34ouKerVUzeeDXbwa21D59ua/aHyvZRqd2iT:nYnJsoU42bwv`
Yara	Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature IsPE32 - (no description) Is_DotNET_EXE - (no description) OS_Name_Check_Zero - OS Name Check Signature OS_Memory_Check_Zero - OS Memory Check OS_Processor_Check_Zero - OS Processor Check Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	3bb0ee5569fe5453_6wcke74g.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-PJ43B.tmp\6WCKE74G.tmp
Size	702.5KB
Processes	2756 (6WCKE74G.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`1afbd25db5c9a90fe05309f7c4fbcf09`
SHA1	`baf330b5c249ca925b4ea19a52fe8b2c27e547fa`
SHA256	`3bb0ee5569fe5453c6b3fa25aa517b925d4f8d1f7ba3475e58fa09c46290658c`
CRC32	`811A0355`
ssdeep	`12288:XqIRz+f+ui8TrPO37fzH4A63RRwDFtuXUZERmhrNh4dT9TaC+IGNbDtQPuFyxyR:aIZg+uiirPO37fzH4A6haDbcUZEbdT9+`
Yara	Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature IsPE32 - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet mzp_file_format - MZP(Delphi) file format OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	7d0de3affd571f87_6wcke74g.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\TCDD8B2.tmp\6WCKE74G.exe
Size	4.5MB
Processes	2540 (eCVXk3pYsYhZNlI.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`a569e3a707a4e8e94fad9403f17f37d4`
SHA1	`ccca7f477caaf7177b37b3d74520f3d547ef1608`
SHA256	`7d0de3affd571f870d2979a73ff6f6a02df4970c271453da2c4b523e5a86939e`
CRC32	`C65D43B4`
ssdeep	`98304:ZRZeqHJhV+6VD2r53srRjILoeChV+6VD2r53srRjILo9y1X:7ZfHpTM3qptTM3qpVyB`
Yara	Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature IsPE32 - (no description) mzp_file_format - MZP(Delphi) file format
VirusTotal	Search for analysis

Name	388a796580234efc__setup64.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-274TJ.tmp\_isetup\_setup64.tmp
Size	6.0KB
Processes	2804 (6WCKE74G.tmp)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`e4211d6d009757c078a9fac7ff4f03d4`
SHA1	`019cd56ba687d39d12d4b13991c9a42ea6ba03da`
SHA256	`388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95`
CRC32	`2CDCC338`
ssdeep	`96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0`
Yara	UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature IsPE64 - (no description)
VirusTotal	Search for analysis