Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
01.18 10:01
setup641.msi
01.18 10:01
Needle_Setup.exe
01.18 10:01
8734_5737.exe
01.18 10:01
CondoGenerator.exe
01.18 10:01
QGFQTHIU.exe
01.18 10:01
4909_7122.exe
01.18 10:01
Updater.exe
01.17 05:01
beacon.exe
01.17 05:01
remcos_a2.exe
01.17 05:01
ogpayload.exe

Latest News
01.18 10:01
‘Sneaky Log’ phishing ...
01.18 10:01
리튬코리아, 일본 스이린과 리튬 배터리 ...
01.18 10:01
Feds worry AT&T br...
01.18 10:01
AIs in Love, UEFI, For...
01.18 09:01
프롬한라, 제주 유정란 담은 반려견 간식...
01.18 09:01
무암(MooAm), 생성형 AI로 26종...
01.18 09:01
Trinteract Mini Space ...
01.18 09:01
IT Sicherheitsnews tae...
01.18 09:01
IT Sicherheitsnews tae...
01.18 08:01
TikTok’s national secu...

Dropped Files | ZeroBOX

Name	95ff901d89bcdb32_dojxxcrwgstql Submit file
Filepath	C:\Users\test22\AppData\Roaming\FWCGUTSTAGUYPMKK\DOJXXCRWGSTQL
Size	9.7MB
Processes	2556 (truever0510dn.exe)
Type	data
MD5	`ce64ff4795ee0e507193b1377daf7b47`
SHA1	`a46bb83142ba14d47846902cf5fc6705d9648481`
SHA256	`95ff901d89bcdb32c6b32f946dcfc0ccc671e426cc9d1dfa2f3d20aac67bcf5d`
CRC32	`1FE3DA84`
ssdeep	`196608:3RO8OOQOOc4hOOHrYSYT91vterDij69E4k1GrVRnhxeO/uTN2kfVEnr++G7pKqcf:KsLDsD66/5bw8upRfVHDIX6S`
Yara	None matched
VirusTotal	Search for analysis

Name	448402c129a72181_vboxsvc.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\Lfp_Install_v2\VBoxSVC.exe
Size	3.4MB
Processes	2556 (truever0510dn.exe)
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`c8a2de7077f97d4bce1a44317b49ef41`
SHA1	`6cb3212ec9be08cb5a29bf8d37e9ca845efc18c9`
SHA256	`448402c129a721812fa1c5f279f5ca906b9c8bbca652a91655d144d20ce5e6b4`
CRC32	`F8697864`
ssdeep	`49152:AQ902GYI12BpN8G/i6Hdw2u68X5RPrftuX9wZcQm2J9FjdH0pdTrRBlkG0BjMEgr:H9DGYIob9wp68pRzVsiHI9atBjMEY`
Yara	Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature IsPE64 - (no description) anti_vm_detect - Possibly employs anti-virtualization techniques OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	7328aeb5cec65215_vboxrt.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Lfp_Install_v2\VBoxRT.dll
Size	4.1MB
Processes	2556 (truever0510dn.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`31e7657643d832681fee0e303e25ee52`
SHA1	`0756c911a602cfe2f094104d1c10a2d014c52e59`
SHA256	`7328aeb5cec65215e5462c1ea4d69a6383fb77605ccb84c60fdb90d6d0b3c0f4`
CRC32	`87A6A42E`
ssdeep	`49152:IaNFpHeVfZqJru0K1kLo7RrObviwkZcrA2P16szn0uyIeOGTrLvQb8by7Ja:KVfZq+1kLRGIn0uy7wb8d`
Yara	Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) anti_vm_detect - Possibly employs anti-virtualization techniques ftp_command - ftp command DllRegisterServer_Zero - execute regsvr32.exe
VirusTotal	Search for analysis

Name	40cb13fc10bca2a5_vboxddu.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Lfp_Install_v2\VBoxDDU.dll
Size	371.3KB
Processes	2556 (truever0510dn.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`469d4b07a645be8eba3c6a7f4925a836`
SHA1	`9987d7407826e6544482bc7ad808b60c572845ca`
SHA256	`40cb13fc10bca2a5d8899286cfafa241d56a69de9185ff48e6a119c1b0c62c44`
CRC32	`F716152C`
ssdeep	`6144:TT5w9G2rDrR7YR+euVO0jg3N0++++I333O333qj333MEq333h3333f92333a5Dep:Rce3u++++I333O333qj333MJ333h333E`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description)
VirusTotal	Search for analysis

Name	934d882efd3c0f3f_msvcp100.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Lfp_Install_v2\msvcp100.dll
Size	593.8KB
Processes	2556 (truever0510dn.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`d029339c0f59cf662094eddf8c42b2b5`
SHA1	`a0b6de44255ce7bfade9a5b559dd04f2972bfdc8`
SHA256	`934d882efd3c0f3f1efbc238ef87708f3879f5bb456d30af62f3368d58b6aa4c`
CRC32	`2E822A5A`
ssdeep	`12288:koBFUsQ1H5FH3YUTd/df0RA7XkNvEKZm+aWodEEiblHN/:dFUsQ1H5FHdGKkNvEKZm+aWodEEcHN/`
Yara	UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	ae3cb6c6afba9a4a_msvcr100.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Lfp_Install_v2\msvcr100.dll
Size	809.8KB
Processes	2556 (truever0510dn.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`366fd6f3a451351b5df2d7c4ecf4c73a`
SHA1	`50db750522b9630757f91b53df377fd4ed4e2d66`
SHA256	`ae3cb6c6afba9a4aa5c85f66023c35338ca579b30326dd02918f9d55259503d5`
CRC32	`120A2DB3`
ssdeep	`12288:QgzGPEett9Mw9HfBCddjMb2NQVmTW75JfmyyKWeHQGoko+1:HzJetPMw9HfBCrMb2Kc6dmyyKWewGzB1`
Yara	Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	91f6b3a1323909f1_exponential.csv Submit file
Filepath	C:\Users\test22\AppData\Roaming\Lfp_Install_v2\exponential.csv
Size	4.2MB
Processes	2556 (truever0510dn.exe)
Type	PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
MD5	`bf4c60c9059050524377ddd8b25e1a9d`
SHA1	`513e1103ce4af8be2edce54dae7f085665152bc5`
SHA256	`91f6b3a1323909f13ff3e2d54f23a7a74553b911418ec09d9b9199dc9c168e96`
CRC32	`9BCE1AB9`
ssdeep	`98304:hAVYNe0MbNOLyfO2qSRCSpYHcwJIKRm3YGi37O7ZS:knNxPe3JIKE38CZS`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis