Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe
11.13 02:11
nb.exe
11.13 02:11
svcyr.exe
11.13 02:11
Ghost_1.5.11.5.exe
11.13 02:11
PowderGpl.exe
11.13 02:11
goodlabel%E6%89%93%E5%...

Latest News
11.14 01:11
메가존클라우드, AWS 생성형 AI 혁신...
11.14 01:11
이글루코퍼레이션, ‘IDC 2024’ 성...
11.14 01:11
스플렁크, 앱다이나믹스 통합으로 엔터프라...
11.14 01:11
뷰이뷰이, 홍콩 코스모프로프 아시아 20...
11.14 01:11
스윙부스ENT, ‘Just Click’ ...
11.14 01:11
지니언스, 2024년 3분기 영업이익…전...
11.14 01:11
2024년 IDC AI 보고서, "생성형...
11.14 12:11
씨이랩, ‘HPE 디스커버 모어 서울 2...
11.14 12:11
AI Face Anonymizer Mas...
11.14 12:11
주식회사 해신, 전남 글로벌 으뜸기업 선...

Dropped Files | ZeroBOX

Name	c4e362528afb5785_lang.dll Submit file
Filepath	c:\program files (x86)\pa previewer\lang.dll
Size	22.0KB
Processes	2560 (is-KOTGS.tmp)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`85be300cf4cb0f8cc3c8361b36adfaed`
SHA1	`646ca3f6551e39ba098da40ed11276c43780ee31`
SHA256	`c4e362528afb5785c8093a39c9f80ad0ef5981551712ea98ce4a4378c89e9e52`
CRC32	`6609A01F`
ssdeep	`384:bx0iwxqsRQmr92sP0AzKFt22txrsUZ6L5C:2iwxqsQQrY223sRd`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) mzp_file_format - MZP(Delphi) file format
VirusTotal	Search for analysis

Name	f91e4ff7811a5848_latestx.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\latestX.exe
Size	5.6MB
Processes	2068 (zinda.exe)
Type	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5	`bae29e49e8190bfbbf0d77ffab8de59d`
SHA1	`4a6352bb47c7e1666a60c76f9b17ca4707872bd9`
SHA256	`f91e4ff7811a5848561463d970c51870c9299a80117a89fb86a698b9f727de87`
CRC32	`1EC89FFF`
ssdeep	`49152:MMcDmMRlBdzs3EThgR0uEqBXLdcJAbtNmbOHaGhEospqOziZXAfrrARS7JL2ozPX:dcdrCET8XeospuZXAf0EJyocDKIVDT05`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description)
VirusTotal	Search for analysis

Name	56d6788b4b40af4a_31839b57a4f11171d6abc8bbc4451ee4.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
Size	4.2MB
Processes	2068 (zinda.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`906e8dd59115761a98c0308313a2ad3b`
SHA1	`b2f9debeea9624b2e64e8062bf40382318cc42bd`
SHA256	`56d6788b4b40af4a7c0329a9d91b1b4407beef8bd9395ef852851f53a3d36dcf`
CRC32	`FF35061C`
ssdeep	`98304:pF10jpaWsugxMhTbI3iyxger++TzsWgXZ7Ub:t0jUIHhTXIge5EjXZa`
Yara	Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature IsPE32 - (no description) OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	481a04aaa641aca5_help.chm Submit file
Filepath	c:\program files (x86)\pa previewer\help.chm
Size	27.2KB
Processes	2560 (is-KOTGS.tmp)
Type	MS Windows HtmlHelp Data
MD5	`08c609c5a7250b430583fd3083ab28ae`
SHA1	`221a73ecc4e00af0749a50809568b50786e929c3`
SHA256	`481a04aaa641aca508f0ce84064c272a8865f1727a5d711eba6ca86e78baf3e8`
CRC32	`5850AF72`
ssdeep	`768:C8wgT1NL3SlyygQLKKVf9qPFHj42FydqT:C0T1RDAJcFHboa`
Yara	chm_file_format - chm file format
VirusTotal	Search for analysis

Name	2ae4169f721beb38__isdecmp.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-CLU6L.tmp\_isetup\_isdecmp.dll
Size	32.0KB
Processes	2560 (is-KOTGS.tmp)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`b4786eb1e1a93633ad1b4c112514c893`
SHA1	`734750b771d0809c88508e4feb788d7701e6dada`
SHA256	`2ae4169f721beb389a661e6dbb18bc84ef38556af1f46807da9d87aec2a6f06f`
CRC32	`6FC55B73`
ssdeep	`384:jT0DmlTZXYYCJWJqzg9kT8gbtNYvRPtAsLiA:jT0DmltXYYCJukT8gPoN23A`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	d1b71081d7ba414b_kos.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\kos.exe
Size	8.0KB
Processes	2248 (kos1.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`076ab7d1cc5150a5e9f8745cc5f5fb6c`
SHA1	`7b40783a27a38106e2cc91414f2bc4d8b484c578`
SHA256	`d1b71081d7ba414b589338329f278ba51c6ccf542d74f131f96c2337ee0a4c90`
CRC32	`26FF3457`
ssdeep	`96:SJyJOuzsUIyOoR5ofnkdeKozt14fNdVdJFnzNt:SIIyjR5ofGe34vjx`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) Is_DotNET_EXE - (no description)
VirusTotal	Search for analysis

Name	0a6c41612400c340__setup64.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-CLU6L.tmp\_isetup\_setup64.tmp
Size	4.5KB
Processes	2560 (is-KOTGS.tmp)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`42bf074b99a445614bd19c6e5724a01a`
SHA1	`a07123adbe7fa8bbd4a001332dc08aa6d3b5aec0`
SHA256	`0a6c41612400c3400466a0583dbb0e6c9bd310393704807e4f9617aa53abded6`
CRC32	`DE4308D6`
ssdeep	`48:68tbXKoGQ6oNrP/MXebrvrMTtFcEBO3K8/wzTqkO3KExygKBDM3f8:PX6Xe/DMTtWE0/wz5sxyblMv8`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) DllRegisterServer_Zero - execute regsvr32.exe
VirusTotal	Search for analysis

Name	bec723c47365d436_unins000.dat Submit file
Filepath	C:\Program Files (x86)\PA Previewer\unins000.dat
Size	3.2KB
Processes	2560 (is-KOTGS.tmp)
Type	data
MD5	`2d548d84997ba0c584376a0a3383b709`
SHA1	`7857e90f55407e87856cd973517a6e5925058baf`
SHA256	`bec723c47365d436f8c4b8195b2f7d7d4754299420f51ea8886f21cfd62fd4eb`
CRC32	`8C6C1637`
ssdeep	`48:RHeAKAeO1yMeLBv8gD8SpPUqKXAZQN0ITLVO3471qNTaOVOsi:RHePSNmp8gD8SpP7QKIlOIhsfi`
Yara	None matched
VirusTotal	Search for analysis

Name	9884e9d1b4f8a873__shfoldr.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-CLU6L.tmp\_isetup\_shfoldr.dll
Size	22.8KB
Processes	2560 (is-KOTGS.tmp)
Type	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`92dc6ef532fbb4a5c3201469a5b5eb63`
SHA1	`3e89ff837147c16b4e41c30d6c796374e0b8e62c`
SHA256	`9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87`
CRC32	`AE2C3EC2`
ssdeep	`384:+Vm08QoKkiWZ76UJuP71W55iWHHoSHigH2euwsHTGHVb+VHHmnH+aHjHqLHxmoq1:2m08QotiCjJuPGw4`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	7a0417d7440e50f8_e0cbefcb1af40c7d4aff4aca26621a98.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\e0cbefcb1af40c7d4aff4aca26621a98.exe
Size	4.2MB
Processes	2068 (zinda.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`4c05c54dd3007dced398eb41ab68992f`
SHA1	`1a737edff587c6acc830c8897ccf6128c718530c`
SHA256	`7a0417d7440e50f8156d6487b9e58fd1c5cb55eafe6e2dc95ab1627f7b099e6a`
CRC32	`4535B7B9`
ssdeep	`98304:xF10jpaWsugxMhTbI3iyxger++TzsWgXZ7U0:V0jUIHhTXIge5EjXZV`
Yara	Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature IsPE32 - (no description) OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	0990c73e4389e3b9_toolspub2.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\toolspub2.exe
Size	292.5KB
Processes	2068 (zinda.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`39baa178f1fc5ec2111eb95008ee6e38`
SHA1	`8a36b6d95d6453e9eed8df12eaed71580384f2a3`
SHA256	`0990c73e4389e3b912fff43e2ed3363e9f9af367741fc285b3aa5168b5646c74`
CRC32	`FF59BCC5`
ssdeep	`3072:tWTWBbYEQvpDhaPpgDkTf4WrNRjfHRAaZom+IXUcS6+Fsjr4VoF:gKYtvpUPmDs4aLfK+cDSIsAVo`
Yara	Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature IsPE32 - (no description) OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	022e225d8276539f_unins000.exe Submit file
Filepath	c:\program files (x86)\pa previewer\unins000.exe
Size	657.8KB
Processes	2560 (is-KOTGS.tmp)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`ac288704b40b91746059f55637df3013`
SHA1	`996b2d6a33d2b5b899ee4b89c1a49fd14f4411e1`
SHA256	`022e225d8276539f3420916c67fc980980507c19e97cc81a9e7748e83fd7b08c`
CRC32	`B6F09A2E`
ssdeep	`12288:CeuHnWgyrgVu4rPy37WzH0A6uaF4Ad7dNsVN1qRqnD1Yxpd:buHcrgVxrPy37WzH0A6uwpd7QN11JYxf`
Yara	Malicious_Library_Zero - Malicious_Library Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature IsPE32 - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet mzp_file_format - MZP(Delphi) file format DllRegisterServer_Zero - execute regsvr32.exe ConfuserEx_Zero - Confuser .NET OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	2f6294f9aa09f59a__iscrypt.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-CLU6L.tmp\_isetup\_iscrypt.dll
Size	2.5KB
Processes	2560 (is-KOTGS.tmp)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`a69559718ab506675e907fe49deb71e9`
SHA1	`bc8f404ffdb1960b50c12ff9413c893b56f2e36f`
SHA256	`2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc`
CRC32	`FB05FA3A`
ssdeep	`24:e1GSgDIX566lIB6SXvVmMPUjvhBrDsqZ:SgDKRlVImgUNBsG`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	f98b98404ecf3871_previewer.exe Submit file
Filepath	c:\program files (x86)\pa previewer\previewer.exe
Size	1.9MB
Processes	2560 (is-KOTGS.tmp)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`27b85a95804a760da4dbee7ca800c9b4`
SHA1	`f03136226bf3dd38ba0aa3aad1127ccab380197c`
SHA256	`f98b98404ecf3871a10a290ade21ad77d0b2633f47247debc53d094b9bdff245`
CRC32	`D84E3AB0`
ssdeep	`24576:2OXJFy/x8ElU5rzjTn9CfFOJlrJUUKEo+ahivBH45xdc2jX+cahT5VdNePwWdQTS:L7MFOJk0DpPa4lFHvrhQF`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	78efcbb0c6eb6a4c_kos1.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\kos1.exe
Size	1.4MB
Processes	2068 (zinda.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`85b698363e74ba3c08fc16297ddc284e`
SHA1	`171cfea4a82a7365b241f16aebdb2aad29f4f7c0`
SHA256	`78efcbb0c6eb6a4c76c036adc65154b8ff028849f79d508e45babfb527cb7cfe`
CRC32	`193D119A`
ssdeep	`24576:uS7LJeESj3RxrDKaWrnuzzBv7oV2Ev20sYoh9nhhM/vacAVoZFjo:T7LJqjr/KaWrn4Ev20m9h8ZF`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) Is_DotNET_EXE - (no description)
VirusTotal	Search for analysis

Name	e71ec712064f193c__regdll.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-CLU6L.tmp\_isetup\_RegDLL.tmp
Size	2.0KB
Processes	2560 (is-KOTGS.tmp)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`bb211d7a8cea15072de7425403508c17`
SHA1	`3df747464c8ccdcf5e7410a5137323a4588af470`
SHA256	`e71ec712064f193c367b0bb95a07a6dd9eb450be1be12cd48073fefa1c3e0e58`
CRC32	`2A70D001`
ssdeep	`24:ev1GSdXX7gQ1zWiR1viPnBpuivjll9itfXS3SHi2qHvjPBvP0:qr1zWiyDuivJlEt/QJ2qPjPBE`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) DllRegisterServer_Zero - execute regsvr32.exe
VirusTotal	Search for analysis

Name	ab16986253bd187e_set16.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\set16.exe
Size	1.4MB
Processes	2248 (kos1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`22d5269955f256a444bd902847b04a3b`
SHA1	`41a83de3273270c3bd5b2bd6528bdc95766aa268`
SHA256	`ab16986253bd187e3134f27495ef0db4b648f769721bc8c84b708c7ba69156fd`
CRC32	`211FA8A3`
ssdeep	`24576:bI39dDR2/K50jpteDDyBcid0Ku1mUWOHVCakQodAgKBhE5fgRDU52KXsbIlyE3hH:b6dDk/KmpRdz1pFdyvEaY0KXsbAxVbvt`
Yara	Malicious_Library_Zero - Malicious_Library Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature IsPE32 - (no description) mzp_file_format - MZP(Delphi) file format ConfuserEx_Zero - Confuser .NET
VirusTotal	Search for analysis