Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.22 03:09
config.exe
09.22 03:09
game.exe
09.22 03:09
svchost.exe
09.22 03:09
66eef0d7ec94e_vrewgh12...
09.22 03:09
66eef0cc8034a_sdgdfs.exe
09.22 03:09
qq-1950222243-x%e2%80%...
09.22 03:09
nate.exe
09.22 03:09
66eef0d27af21_vfdsgfd.exe
09.22 03:09
Autoupdate.exe
09.22 03:09
feelniceforgivenmegrea...

Latest News
09.22 04:09
SGA솔루션즈, 클라우드 네이티브 보안 ...
09.22 03:09
S2W, AI 기술과 위협 인텔리전스 역...
09.22 03:09
탈레스, 양자 시대 보안위협 대비 사이버...
09.22 02:09
디지서트, 디지털 신뢰 분야 글로벌 선도...
09.22 02:09
넷앤드, 시스템 접근통제 및 계정관리 분...
09.22 02:09
FreeCAD is Near 1.0
09.22 02:09
토큰증권 플랫폼 펀블, ‘현대테라타워DM...
09.22 12:09
[PASCON 2024-리뷰] 굿모닝아이...
09.22 12:09
[PASCON 2024-강연] 박나룡 소...
09.22 12:09
2024-09-19 - File down...

Dropped Files | ZeroBOX

Name	40799e64da3944f7_legacy8ujsse.jar.p2 Submit file
Filepath	C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1698834936-6-app\lib\ext\legacy8ujsse.jar.p2
Size	271.6KB
Processes	3056 (questionnaire.exe)
Type	JAR compressed with pack200, version 171.0
MD5	`3b997068ed80236ba82703b7c8275621`
SHA1	`63d2bbca29231220d5beb285c9cf263b4c93acb9`
SHA256	`40799e64da3944f75ddb8e9a378c7d37fe8c94183f173717b2f08dad865cf89d`
CRC32	`043A4311`
ssdeep	`6144:wkRW6Sp+RI7HP7YJXv50+ACy1av07m2WtozTItNBW:Jc887s5vf0auJ`
Yara	None matched
VirusTotal	Search for analysis

Name	29977238c33d12c0_jaccess.jar.p2 Submit file
Filepath	C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1698834936-6-app\lib\ext\jaccess.jar.p2
Size	35.6KB
Processes	3056 (questionnaire.exe)
Type	JAR compressed with pack200, version 171.0
MD5	`171c05d2fefe375032a6babc7dd11515`
SHA1	`dec20c83b6168dd5d3bb4935322e39e7c46ba3d8`
SHA256	`29977238c33d12c08aef17139daed8d7ecf97b4f502c40a791062915705ebe52`
CRC32	`86632C10`
ssdeep	`384:W+eNocIxRNMNo8CDYhYUZ1d3Vh6yDZvi7dmXypppppppppppppppppYppppppppc:iN3IxRGND1hZ1d3Oamdm9hKaE`
Yara	None matched
VirusTotal	Search for analysis

Name	3490e4a3ce662dae_sunpkcs11.jar.p2 Submit file
Filepath	C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1698834936-6-app\lib\ext\sunpkcs11.jar.p2
Size	164.2KB
Processes	3056 (questionnaire.exe)
Type	JAR compressed with pack200, version 171.0
MD5	`593de57a7abd58e4f31ac663254f85e0`
SHA1	`0684301a3b0433b51eba019c20560090d79eda15`
SHA256	`3490e4a3ce662daeccc19aee199e22833f60a5e0f3743ffc99a80ba9b7be169c`
CRC32	`5A983037`
ssdeep	`1536:R+/ZoB/6tYyDMjoE0gtsxYZ4tn5NB/5WGob44j44L4EnkQ4444xvqhfCM/G7vpsT:RsViDpsxCehZC8EmYbykjuyWvO8V9P`
Yara	None matched
VirusTotal	Search for analysis

Name	d97e1a6356e7531e_rt.jar.p2 Submit file
Filepath	C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1698834936-6-app\lib\rt.jar.p2
Size	15.7MB
Processes	3056 (questionnaire.exe)
Type	JAR compressed with pack200, version 171.0
MD5	`d538beef841a0bf0bd057e663fa74048`
SHA1	`3f1a1351b0e66357f7a2f9f9bc85c1a7606f2fa3`
SHA256	`d97e1a6356e7531e94c1a4457d9e3f41141408a397d4b06f5618d34cb50b423b`
CRC32	`4E6803F3`
ssdeep	`196608:auLt6KSgAA4DAVQPZbnevjz0V8NtaJTTFmFkoll/o:LQKPAA4DAVQPZbnevjIAkollg`
Yara	anti_vm_detect - Possibly employs anti-virtualization techniques ftp_command - ftp command OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	4431aec1f1ab8985_cldrdata.jar.p2 Submit file
Filepath	C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1698834936-6-app\lib\ext\cldrdata.jar.p2
Size	3.9MB
Processes	3056 (questionnaire.exe)
Type	JAR compressed with pack200, version 171.0
MD5	`c70a80c9ac49fa51b2b77fc62a7b839d`
SHA1	`3e1a26f783c86fd60f03c7f3f2df7b739f621bc5`
SHA256	`4431aec1f1ab898589de8487b57de2598b4659ae671d02859c3900da509b0b26`
CRC32	`2B814961`
ssdeep	`49152:+kSov8bdfSAY3YQMhHBUmrMYHt+e1et++e:PEbd6AY+BzrJH4e1qC`
Yara	None matched
VirusTotal	Search for analysis

Name	e752dca0e0913fa7_access-bridge-64.jar.p2 Submit file
Filepath	C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1698834936-6-app\lib\ext\access-bridge-64.jar.p2
Size	68.6KB
Processes	3056 (questionnaire.exe)
Type	JAR compressed with pack200, version 171.0
MD5	`a9c19296cfff6730388171354874280e`
SHA1	`48db4034cd603d01603921f19bc623cb08e9c96c`
SHA256	`e752dca0e0913fa722aa507538976e66e5425db6b3ef36001013b4398066b2b9`
CRC32	`089DA802`
ssdeep	`1536:FLpN00QYQvWCdznpQ8Q/JIEzNbyaRUcAgNBY6OjjYIKKuSWdddddKfaW3ttapII6:q7cI2z2RNp`
Yara	None matched
VirusTotal	Search for analysis

Name	8398efce0e7afd0b_wrapper-2023-11-01-19-35-35-375.log Submit file
Filepath	C:\ProgramData\JWrapper-Remote Access\logs\Wrapper-2023-11-01-19-35-35-375.log
Size	68.0KB
Processes	3056 (questionnaire.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`ec984cece009240659c4d3a9778e70c8`
SHA1	`862a955d89ea3d28510dad04aeb89c5cc5e3b7b8`
SHA256	`8398efce0e7afd0bb1305a65affb9f424670efcf90431bde6c77350ae545ef81`
CRC32	`3B5EB4D1`
ssdeep	`384:Zotq6ji2t0JiW3vE3rdT1B/9fHSwwAFfchitwW3uk0fPrUM35OwX2cd4QRm+Nz:Zor5ff/VHSsFfcE3ukCPrUub5`
Yara	None matched
VirusTotal	Search for analysis

Name	b482d2aace7286c7_jwrapper-windows64jre-version.txt Submit file
Filepath	C:\ProgramData\JWrapper-Remote Access\JWrapper-JWrapper-00089360978-complete\JWrapper-Windows64JRE-version.txt
Size	11.0B
Processes	3056 (questionnaire.exe)
Type	ASCII text, with no line terminators
MD5	`271563b96fbbff5dc3e04656f3f18923`
SHA1	`7f6800a9d6112bf5c360d56f3b0c5c616260fee8`
SHA256	`b482d2aace7286c78a565879c3ac49b772e9bd9d003bed856542c2cee1049b22`
CRC32	`63D17029`
ssdeep	`3:L/9:J`
Yara	None matched
VirusTotal	Search for analysis

Name	b014d460fd7aacf2_jwlaunchproperties-2322914141-20 Submit file
Filepath	C:\ProgramData\JWrapper-Remote Access\JWrapper-JWrapper-00089360978-complete\unrestricted\JWLaunchProperties-2322914141-20
Size	14.4KB
Processes	3056 (questionnaire.exe)
Type	data
MD5	`7b86bc8ef413ffcc16d61cf63cf27f63`
SHA1	`cf110910cbbb17fdb1d08254a2e206c14b17d4e0`
SHA256	`b014d460fd7aacf2a38b98336ed99ca678e9a82113588ee1b3d1c0a9a9923e26`
CRC32	`7BFC195D`
ssdeep	`192:9mmoL78uhb3nHGtQv3nNm/jpDS9jP2jNUCDnbZMdyQRuWlb8cMLO3rlCi6BqKt2q:9mmSYuhbXHWQvXNQFD3BxIhMLOoqKkq`
Yara	None matched
VirusTotal	Search for analysis

Name	214b6e8108349c7b_remote access.exe Submit file
Filepath	C:\ProgramData\JWrapper-Remote Access\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Access.exe
Size	169.1KB
Processes	3056 (questionnaire.exe)
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`a46bb5fba9e69463fb89039d19fea2b0`
SHA1	`a96561051f7cd1d10c87bfad290c5131191686d3`
SHA256	`214b6e8108349c7bb4944b4d20bbc44c8b2e55ed69dc28f8651e44bf72dd9dcf`
CRC32	`C3B164B7`
ssdeep	`3072:TV8eyUbavDzJwkfJvnWsv9rsuQguAXwZ+LRrwZxm9tZe0GNpNu:5M1dfMsVguQgZMEy3o`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE64 - (no description)
VirusTotal	Search for analysis

Name	75e2fcd8e5db747c_crs-agent.jar.p2 Submit file
Filepath	C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1698834936-6-app\lib\crs-agent.jar.p2
Size	83.1KB
Processes	3056 (questionnaire.exe)
Type	JAR compressed with pack200, version 171.0
MD5	`7618098477e433a3297beec060e38554`
SHA1	`e57585e7f78f8290a534bae6bbe85e89bf59b671`
SHA256	`75e2fcd8e5db747c4f2619c67e9a6898b083318dbab0b4276052593a9ed22825`
CRC32	`908278ED`
ssdeep	`1536:7mUlPrLpiahcdI7gSiCRnMxzXWr2j8+Gyp+dkeLLWM7Hj36yu68D5p646bd2yqVO:LlPrLpisBM1xx8Ip+vf36yu68DX646bN`
Yara	None matched
VirusTotal	Search for analysis

Name	9bf43b7dd1e1aa02_sunmscapi.jar.p2 Submit file
Filepath	C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1698834936-6-app\lib\ext\sunmscapi.jar.p2
Size	21.6KB
Processes	3056 (questionnaire.exe)
Type	JAR compressed with pack200, version 171.0
MD5	`4ea26f1be03d62f5170c551398913c5c`
SHA1	`b633de9990e519dd878b5eb20e4f4d0441f96aca`
SHA256	`9bf43b7dd1e1aa0270e6c250674a8c0d651ab85463ab0337bf09f04e574b6183`
CRC32	`BB9A493F`
ssdeep	`384:LnW+lH/HBPpyuH75nreZzZixpfieL68CqEgjpdcnGGx5Lc:zp/HBPpHH75nreZzZip6025LI`
Yara	None matched
VirusTotal	Search for analysis

Name	e935fa86aed1296e_jsse.jar.p2 Submit file
Filepath	C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1698834936-6-app\lib\jsse.jar.p2
Size	365.3KB
Processes	3056 (questionnaire.exe)
Type	JAR compressed with pack200, version 171.0
MD5	`048afc64953480883554a6b3135de599`
SHA1	`a7c088c61b0178661012f10802e2de4d3eaec762`
SHA256	`e935fa86aed1296e44c9b59aeee8d75fd8670d6ce23c1ed418e9af8cc862e9e2`
CRC32	`0BFB2938`
ssdeep	`3072:NW31G1XEPjwafKNYge+i0mca9KZfH9D0GCCCCbNuamI+o3Uz3U5am8zEXECb1kb2:w3EhafeYg3cceKZfHTuf55rkA8`
Yara	None matched
VirusTotal	Search for analysis

Name	ec51166a6f4796de_openjsse.jar.p2 Submit file
Filepath	C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1698834936-6-app\lib\ext\openjsse.jar.p2
Size	580.7KB
Processes	3056 (questionnaire.exe)
Type	JAR compressed with pack200, version 171.0
MD5	`558a800e89bc6c647e2909a0c91dd9f8`
SHA1	`8fcfec1b4e704661ff0c7599e0ee2ec60c69088c`
SHA256	`ec51166a6f4796de2283de2a59e9143d953fe37bf9abbc71873a3978dbec85db`
CRC32	`E60FEE45`
ssdeep	`6144:x7M0OZX224seLcjlbvXd8I6+DwJlZ3yrwgNc7GuffND7votTItNUT:xAhXksdll84MlZiOQ`
Yara	Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	62bcb3385c37e914_charsets.jar.p2 Submit file
Filepath	C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1698834936-6-app\lib\charsets.jar.p2
Size	1022.5KB
Processes	3056 (questionnaire.exe)
Type	JAR compressed with pack200, version 171.0
MD5	`18c2b0d47a25b263c555edc4305b3a62`
SHA1	`8a76193e200e5cefe782c617966282157a535087`
SHA256	`62bcb3385c37e914be0ed0eb4e4c41f4b01a4a6123c784a8838aef53f35674fd`
CRC32	`5C27FD8B`
ssdeep	`12288:H+BXim0XyhTMeRoqkobZ36qoCFsQn3cE1JrEc3D4F:Hiym0eRog56Wn3PcF`
Yara	None matched
VirusTotal	Search for analysis