Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
07.06 06:07
build.exe
07.06 06:07
CoronaVirus.exe
07.06 06:07
RedLineStealer.exe
07.06 06:07
stealc_zov.exe
07.06 06:07
newbuild.exe
07.06 06:07
setup.exe
07.06 06:07
leva.exe
07.06 06:07
CryptoWall.exe
07.06 06:07
univ.exe
07.06 06:07
inte.exe

Latest News
07.06 10:07
Researchers Discover C...
07.06 10:07
New Mallox Ransomware ...
07.06 09:07
[한 주를 관통하는 보안 소식] 2024...
07.06 09:07
[퀴즈 이·보·소] 최근 벌어진 국내외 ...
07.06 08:07
김포시, 70만 김포시대 대비해 최첨단 ...
07.06 08:07
식약처, ‘체외진단의료기기 품질관리 및 ...
07.06 08:07
코레일, 정보보호의 날 맞아 ‘사이버 안...
07.06 08:07
소프트웨어 가치 보장, 발주자가 앞장선다
07.06 08:07
‘AI 과학기술 강군 육성’을 위한 발돋...
07.06 06:07
The Problem With Bug B...

Dropped Files | ZeroBOX

Name	8a9235655b1a499d_dllhost.exe Submit file
Filepath	C:\ProgramData\Dllhost\dllhost.exe
Size	62.0KB
Processes	2580 (Installer.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`4aa5e32bfe02ac555756dc9a3c9ce583`
SHA1	`50b52a46ad59cc8fdac2ced8a0dd3fceeb559d5f`
SHA256	`8a9235655b1a499d7dd9639c7494c3664e026b72b023d64ea8166808784a8967`
CRC32	`8E7E3EE7`
ssdeep	`768:+vfLyCdU0puufOIK1Nekmd52a3bCnP2PmxeETwM:+3LE0pu59ikmdYebCnO+xeEsM`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description)
VirusTotal	Search for analysis

Name	885fc2d24fdbcd2e_file_1.zip Submit file
Filepath	C:\Users\test22\AppData\Roaming\temp\extracted\file_1.zip
Size	9.4KB
Processes	2440 (7z.exe) 2144 (cmd.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`6e4853d27cb12e5f469c8af9b67f6081`
SHA1	`9cf373eb402708c4f0ae24d7d27bf6a6698248ae`
SHA256	`885fc2d24fdbcd2e9e0ac653212dbb48fc4615b8f3d9cba0e9620f48051d6528`
CRC32	`E01F3A25`
ssdeep	`192:jSoL2ZzyQ9aA/8mbF08dE3m+MaiGDxs58l03eDNTXgobMMS/u7ybt3kb5cH:jS9T9PjbFum+MD5b3UNTwob8/ukqb5G`
Yara	zip_file_format - ZIP file format
VirusTotal	Search for analysis

Name	ab29b2ded97c0d89_file_4.zip Submit file
Filepath	C:\Users\test22\AppData\Roaming\temp\extracted\file_4.zip
Size	1.6MB
Processes	2296 (7z.exe) 2144 (cmd.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`31f727fb39321fcdd43ae04753b7054e`
SHA1	`cf024d529b90e66885784bc3e6df12fba1a64b9d`
SHA256	`ab29b2ded97c0d8974ec53f5680ad97ef72bea85c6ae099f528f3d80b2095e8c`
CRC32	`ECFDF581`
ssdeep	`24576:ybI/7AAb+JQl3Vd02kOC/l5X4/KiROMdWbBkDC6SX39qbwK1ZNKdvLIJvQ271sp:yujCK3D0AC/l5mwbBkDWYb1ZN4UJ9Jc`
Yara	zip_file_format - ZIP file format
VirusTotal	Search for analysis

Name	f07c7223fdb691ac_winlogson.exe Submit file
Filepath	C:\ProgramData\Dllhost\winlogson.exe
Size	5.2MB
Processes	2580 (Installer.exe)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`118c2d536d52dd30116baaf06dfe5e63`
SHA1	`fe510bca4c36cf0791132d15c58c33dee7bf0bc8`
SHA256	`f07c7223fdb691acbf0ebc7d9cc2ae614c0cf705920420c0130248a0c0e861d4`
CRC32	`641DD856`
ssdeep	`98304:ZHjJcetx2WKUcuIBjyHS7M4NrZdQ/UxBq0L56CVtM3g1fiZYi6BFAD04FyTR:wetx2Td0KBq09jXLfri6v52yTR`
Yara	Malicious_Library_Zero - Malicious_Library XMRig_Miner_IN - XMRig Miner Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature IsPE64 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	64929489dc8a0d66_killduplicate.cmd Submit file
Filepath	C:\Users\test22\AppData\Roaming\temp\KillDuplicate.cmd
Size	222.0B
Processes	1440 (conhost.exe)
Type	ASCII text, with CRLF line terminators
MD5	`68cecdf24aa2fd011ece466f00ef8450`
SHA1	`2f859046187e0d5286d0566fac590b1836f6e1b7`
SHA256	`64929489dc8a0d66ea95113d4e676368edb576ea85d23564d53346b21c202770`
CRC32	`F14E4A56`
ssdeep	`6:vFuj9HUHOPLtInnIgvRY77flFjfA+qpxuArS3+xTfVk3:duj9HeONgvRYnlfYFrSMTtk3`
Yara	None matched
VirusTotal	Search for analysis

Name	344f076bb1211cb0_7z.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\temp\7z.exe
Size	458.0KB
Processes	1440 (conhost.exe)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`619f7135621b50fd1900ff24aade1524`
SHA1	`6c7ea8bbd435163ae3945cbef30ef6b9872a4591`
SHA256	`344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2`
CRC32	`085DB415`
ssdeep	`6144:fz1gL5pRTMTTjMkId/BynSx7dEe6XwzRaktNP08NhKs39zo43fTtl1fayCV7+DHV:r1gL5pRTcAkS/3hzN8qE43fm78V`
Yara	Malicious_Library_Zero - Malicious_Library Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature IsPE64 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	35717983594cbbba_AntiAV.data Submit file
Filepath	C:\Users\test22\AppData\Roaming\temp\extracted\AntiAV.data
Size	2.1MB
Processes	2344 (7z.exe) 2144 (cmd.exe)
Type	ASCII text, with very long lines, with no line terminators
MD5	`11c2e8054f4c61bbb6431e6bf02ae66b`
SHA1	`4d6f431543eea147bd4bbb367c5a8e827eb4aaf6`
SHA256	`35717983594cbbba14782b62bd3b6f5eb40d38f931083f4fa1e6c333cca2dbe2`
CRC32	`2E4EB23C`
ssdeep	`24576:5yZBPkpRrP9pxC+XvoflcYy36s3vb0EecYy37n92k8GtGAQZ67hR7krC/Cyf0/xZ:R9kqGu7okoZscCnf0/Zs9E`
Yara	Suspicious_Obfuscation_Script_2 - Suspicious obfuscation script (e.g. executable files)
VirusTotal	Search for analysis

Name	34ad9bb80fe8bf28_7z.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\temp\7z.dll
Size	1.6MB
Processes	1440 (conhost.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`72491c7b87a7c2dd350b727444f13bb4`
SHA1	`1e9338d56db7ded386878eab7bb44b8934ab1bc7`
SHA256	`34ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891`
CRC32	`D5226149`
ssdeep	`24576:S+clx4tCQJSVAFja8i/RwQQmzgO67V3bYgR+zypEqxr2VSlLP:jclmJSVARa86xzW3xRoyqqxrT`
Yara	Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	63d52f881fd4b6e9_file.bin Submit file
Filepath	C:\Users\test22\AppData\Roaming\temp\file.bin
Size	1.6MB
Processes	1440 (conhost.exe) 2144 (cmd.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`816999288f62f8a522955383e8b45cda`
SHA1	`818ed8ab8a3372f5ad991b2deedb4749eafb9b98`
SHA256	`63d52f881fd4b6e990483302370abb0e97bbaf2603ca84aa56005f9a59027786`
CRC32	`ABF666BA`
ssdeep	`49152:kwE8w8EerY/B6nH3at1AKnmvaq0LK/VSy/Y9XaL2V0j:/Ep8EaY/G3at1AKnmyqVV5Y9K62j`
Yara	zip_file_format - ZIP file format
VirusTotal	Search for analysis

Name	a9220271c0eb79e5_d93f411851d7c929.customDestinations-ms~RF1dde9a4.TMP Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF1dde9a4.TMP
Size	7.8KB
Type	data
MD5	`b0c9ff441742f3847ea27da9dee7f2cd`
SHA1	`c42a1eb32ba953a0ce5d8635caabf71b5b281495`
SHA256	`a9220271c0eb79e5750e0d0e62058ecac560e09cdf9e82ef61aeeabada5d48a4`
CRC32	`0BBCAB1A`
ssdeep	`96:RutuCOGCPDXBqvsqvJCwo+utuCOGCPDXBqvsEHyqvJCworSP7Hwxf2lUVul:UtvXoxtvbHnorrxQ`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	c38af953c71f6ec3_Installer.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\temp\Installer.exe
Size	21.0KB
Processes	2488 (7z.exe) 2144 (cmd.exe) 1440 (conhost.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`3b1ec9e00a1f356c09fc082228bd09b7`
SHA1	`f6a02a7c6cd7b3e8d025824d49eb8ade4f4d78dc`
SHA256	`c38af953c71f6ec3b5b450dd077c4f4da24d2748e6f22d686fa24cd79cc7b52f`
CRC32	`F96512A9`
ssdeep	`384:qbjjHZQ3NzofJHFrybCN906pXtM5PFNwN9zmwf15/ufjWrynX:qbjjHe32BgbGqBFNw19NG`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description) Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	ad8da8b3360fc79a_file_2.zip Submit file
Filepath	C:\Users\test22\AppData\Roaming\temp\extracted\file_2.zip
Size	9.5KB
Processes	2392 (7z.exe) 2144 (cmd.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`7550944f2499455480f32aaf9349cf26`
SHA1	`2c0594f2992cdd28926a6766213e5506d152118f`
SHA256	`ad8da8b3360fc79a7deab02b80f83805a800137f3f386a0765a1d1ca2b13859a`
CRC32	`5F9936EB`
ssdeep	`192:5WrO2AB5Z7AUj0o93osZ4qgetZlu+wXBDDfs7E6HnM3oxf:5nPrZMUnRosI7+ufqEG95`
Yara	zip_file_format - ZIP file format
VirusTotal	Search for analysis

Name	4aef11faa0949b47_d93f411851d7c929.customdestinations-ms Submit file
Filepath	c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size	7.8KB
Processes	2808 (powershell.exe)
Type	data
MD5	`30da16f8e6c55243fe6a4e149f85aa42`
SHA1	`6a9f19afdd67fde68696aaa9be4fcc5e0698501b`
SHA256	`4aef11faa0949b47d049c8d8bbb569d2bb3e471e8907afa946998c33c3e52120`
CRC32	`A14E574B`
ssdeep	`96:otuCeGCPDXBqvsqvJCwoNtuCeGCPDXBqvsEHyqvJCworSP7Hwxf2lUVul:otvXoNtvbHnorrxQ`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	5c366e302219784c_file_3.zip Submit file
Filepath	C:\Users\test22\AppData\Roaming\temp\extracted\file_3.zip
Size	9.7KB
Processes	2344 (7z.exe) 2144 (cmd.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`d6853609d11aaed9a6c95a0fafaa6cd2`
SHA1	`3b94fd069cd912aaf0e905fff90db6019a43dc2b`
SHA256	`5c366e302219784cdb7877e76a3f65cd0e98d4d01c82378075f51374ccb9c833`
CRC32	`43D3D383`
ssdeep	`192:vymjV5JahdgWHuEF87ejX8ZBvOzo4gQ0FTGGuFwpgF:vymJzaXgBEZwB57Q0hIwuF`
Yara	zip_file_format - ZIP file format
VirusTotal	Search for analysis

Name	11bd2c9f9e2397c9_winring0x64.sys Submit file
Filepath	C:\ProgramData\Dllhost\WinRing0x64.sys
Size	14.2KB
Processes	2580 (Installer.exe)
Type	PE32+ executable (native) x86-64, for MS Windows
MD5	`0c0195c48b6b8582fa6f6373032118da`
SHA1	`d25340ae8e92a6d29f599fef426a2bc1b5217299`
SHA256	`11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5`
CRC32	`6B0323EB`
ssdeep	`192:nqjKhp+GQvzj3i+5T9oGYJh1wAoxhSF6OOoe068jSJUbueq1H2PIP0:qjKL+v/y+5TWGYOf2OJ06dUb+pQ`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description)
VirusTotal	Search for analysis

Name	c912f8bf8997cfe2_main.bat Submit file
Filepath	C:\Users\test22\AppData\Roaming\temp\main.bat
Size	473.0B
Processes	1440 (conhost.exe)
Type	Little-endian UTF-16 Unicode text, with no line terminators
MD5	`d9ea2fddbaab069df3c6be1a16686fdf`
SHA1	`e6717654a9d0e9f22e9f86c5f7358f050d27140d`
SHA256	`c912f8bf8997cfe20ba32f72363553eb3b734e82f0e181475244956872879b33`
CRC32	`B0224538`
ssdeep	`12:QUp+CF16g64CTFMj2LIQLvsiEqTHW+CVGrMLvmuCCgXjgrXgX78agXrrEOXUigXY:QUpNF16g632Cke9xHW+CVGYTtS0rXS7Y`
Yara	None matched
VirusTotal	Search for analysis

Name	4dcf9d4bdab21c12_logs.uce Submit file
Filepath	C:\logs.uce
Size	352.0B
Processes	2580 (Installer.exe)
Type	ASCII text, with CRLF line terminators
MD5	`a7c1cbb6373dbcc4ffcfbb85f365f95f`
SHA1	`52209f7ffd6b3006b2c34fb48eec57457c646e25`
SHA256	`4dcf9d4bdab21c121299d47b3f492dc56af5ddceefab20752cea3ee50622c2f5`
CRC32	`2B79D049`
ssdeep	`6:DiYgE/ovKDMcPmriYgE/ovKDMczDjEPCT2QSBa5ydXnzAiGUlQPo9eAKS3/y:uwgyXmGwgynA6T2Qtyc3rAfy`
Yara	None matched
VirusTotal	Search for analysis