Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.23 10:09
66f064675abb3_lyla3.exe
09.23 09:09
CovidPass.exe
09.23 09:09
TripVPN.exe
09.23 09:09
Macro.vbs
09.23 09:09
Cloudshare.vbs
09.23 09:09
sample.exe
09.23 09:09
powershell.exe.lnk
09.23 09:09
2.jpg
09.23 09:09
inst_4WKY_x.exe
09.23 09:09
getlab.exe

Latest News
09.23 09:09
Australia Medical Diag...
09.23 09:09
Ivanti Product Securit...
09.23 08:09
A Mercedes-Benz Fire M...
09.23 08:09
IT Sicherheitsnews woc...
09.23 08:09
IT Sicherheitsnews tae...
09.23 08:09
컬러풀대구 웨딩박람회, 오는 10월 엑스...
09.23 08:09
3D Printing a Wire-Wra...
09.23 07:09
Three Media Moguls Are...
09.23 07:09
Harris Vows to Grow AI...
09.23 07:09
September 23, 2024

Dropped Files | ZeroBOX

Name	6da6311325de6c4f_queens Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\11590\Queens
Size	180.0KB
Processes	2548 (MedicinesViews.exe)
Type	data
MD5	`9f181f33649edbfc20a910eead51a6fb`
SHA1	`675f603d3ccd995e7193f2c299ca740c1f72b70d`
SHA256	`6da6311325de6c4fe37fca5d5d60077e89c220fcf1ad7313cdb01bcec3485974`
CRC32	`1C0A2005`
ssdeep	`3072:JtHk5B+LNBPcAvPTjFq9iOIXyTw0ltj0EowPOGU6WS2uLhxjRYH/fA9vtqmcCVsZ:/AB+xHFq9O0lHPOGUWLhxjRYmFqZvE0`
Yara	None matched
VirusTotal	Search for analysis

Name	82d85478d6f86d25_cumshot Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\11590\Cumshot
Size	12.6KB
Processes	2548 (MedicinesViews.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`5a27cb08648407d9a64a055f3f569290`
SHA1	`bc0a6a4a1acf1cda5c8b40e611f62b800313b27c`
SHA256	`82d85478d6f86d257e6bea839ce5aad7a255aeca56975f58c26d4da316f780f2`
CRC32	`FDC0CEA5`
ssdeep	`96:ZrGiXvIejvIJNm55qNICvYxEQpLH+2M/sSyUyuevdgOHP5Obxr2VfDmmhYhR3htx:ZrPIo8ICAxzHAsPvd7D33m`
Yara	None matched
VirusTotal	Search for analysis

Name	f8da4054814885f7_mechanics Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\11590\Mechanics
Size	178.0KB
Processes	2548 (MedicinesViews.exe)
Type	data
MD5	`eb69cceac680ee8d138709ad23c27eac`
SHA1	`f2fc9003978bc88390210b2c3187f50326fe892d`
SHA256	`f8da4054814885f77dc5654777565aec9405c251e50fe91210acb1360253559d`
CRC32	`9DBA6A5F`
ssdeep	`3072:Tlrss4M5iRq3U0Pe3vHU4S4/33SrF7etHufKE5Kmqd1UhlqRWO/9EAehuqCkr/:TlrztgwU0Wyw3mFygyE4mqd12lqlEAed`
Yara	None matched
VirusTotal	Search for analysis

Name	98eae455efc43e33_petroleum Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\11590\Petroleum
Size	448.0KB
Processes	2548 (MedicinesViews.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`610b20146f310ef6d331c33118ef41ce`
SHA1	`3e78c5ea4c0e6509c6f6a3a9edea8dff26bed1cb`
SHA256	`98eae455efc43e335478e0263da744db7263b16004cad735009d28616d3cd967`
CRC32	`65E3A422`
ssdeep	`6144:xv3CXfKhFILXBi0Y66oBkJKUtSXCKL6bfe5F:xKXfKhFaw0Y66oBcKUtSSKL6bmv`
Yara	Suspicious_Obfuscation_Script_2 - Suspicious obfuscation script (e.g. executable files) hide_executable_file - Hide executable file
VirusTotal	Search for analysis

Name	99792e2eda5c50df_MedicinesViews.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\MedicinesViews.exe
Size	1.6MB
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`d0b882c07526d97ef91eccf153e31a4b`
SHA1	`41451d210d2fe112b21f751c9effbbe65de26517`
SHA256	`99792e2eda5c50df332f2ba9bde7dbe158398acd913c16f980ff54bfda274f36`
CRC32	`5E2A9A1B`
ssdeep	`24576:LlmVGLBPhxC3jlp8gxakx09mTPPX58SuB1IyJdJe+32B0v:L0+BDuH8aHi9sfCSuBuq`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file mzp_file_format - MZP(Delphi) file format
VirusTotal	Search for analysis

Name	d636d9543514ffc8_hole Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\11590\Hole
Size	115.0KB
Processes	2548 (MedicinesViews.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`f763b8e9bba9221a1683238d61c7d049`
SHA1	`4a4bc7cec307dec607fbb935bf4eb94482253032`
SHA256	`d636d9543514ffc8ef80980e52e425a7031383274abc22afca077eab72acff06`
CRC32	`4E5DFE57`
ssdeep	`3072:pPpU08BjlWTPJth26X7Sn4UfpLUNN9t68cCc:LQBk7JjX74cNq`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	f8671ff3f867737a_via Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\11590\Via
Size	467.0KB
Processes	2548 (MedicinesViews.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`6cc7e910c814055224e86bcfb567849c`
SHA1	`494d36e0943e31d61d1a7801e59ae6121f15d6e0`
SHA256	`f8671ff3f867737ae82bf98899c459ac3c735f81e502d72b1a2a999014de9bfa`
CRC32	`C3785ABA`
ssdeep	`6144:+XlpTiIZV9ghdSjYTD3pk5bDS+/Z2Mgevo+p0B:YiIZV9me7/nJo`
Yara	OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	eb7470a5ff4d2618_fever Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\11590\Fever
Size	193.0KB
Processes	2548 (MedicinesViews.exe)
Type	data
MD5	`4aec3e44e1136b633b15a0c57620ea3b`
SHA1	`58dab7619805ba940a911236139a28e9f323a927`
SHA256	`eb7470a5ff4d26186cae3987cc1cc7c0cf7b3cc208e02a7e30a14957685d7f22`
CRC32	`F5A12958`
ssdeep	`6144:ozwNzlmhPL1b5nZ2tZ6lfA6Gfm608DsvqJX4xh:21b5Z2tZ6XKmNvqJWh`
Yara	None matched
VirusTotal	Search for analysis

Name	4a5710dd11023b92_spider Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\11590\Spider
Size	119.0KB
Processes	2548 (MedicinesViews.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`aa360db9f80c5e5e6cd7b8bc3ed13771`
SHA1	`0d8cb02214fff534f24188c37396a04ef9117680`
SHA256	`4a5710dd11023b92821c1342b8d8e7a717860a962e7302ec745484978a09c888`
CRC32	`95E824D4`
ssdeep	`1536:ZfJ4Enc+CA3X++bqUtee9K14oaXbMpf6zqbba67/0JFEPFprPFsKJOl8B8Yx9yo5:ZfJVm5EU6zob1yFEPFVPFs8BJqo5`
Yara	Suspicious_Obfuscation_Script_2 - Suspicious obfuscation script (e.g. executable files)
VirusTotal	Search for analysis

Name	87463dde87dd763f_k Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\11590\29577\k
Size	1.0MB
Processes	2088 (cmd.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`6889f30937ac56a5f6a4e3f474752a34`
SHA1	`951a19d1f89dec6d6ef0829827f5a74355241d35`
SHA256	`87463dde87dd763f39c67cf255964dc9d9cdbaa1138a2ee2fd6e636f91a3fde8`
CRC32	`88E6F68A`
ssdeep	`12288:YiIZV9me7/nJcKXfKhFaw0Y66oBcKUtSSKL6bmCbD3:YiIZVdxjinaw0fa6mbmGD3`
Yara	hide_executable_file - Hide executable file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	e5d598db2cf4a9b2_sussex Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\11590\Sussex
Size	117.6KB
Processes	2548 (MedicinesViews.exe)
Type	data
MD5	`2c0f37724b27462a055e978da3b9f3f9`
SHA1	`89044a8b7af8e518baa33dca7fece6087c41babf`
SHA256	`e5d598db2cf4a9b27a535c711a5783a6c6e8d52e72208d0b00a9f337da52641b`
CRC32	`43A660A2`
ssdeep	`1536:LgarB3RZg3EYrDWyu0uZo2+9BkxXiblenlJJyIE2UWb/hoQZ2OE3:LgarB3RZgDWy4ZNogXJ3i2Umb2Oq`
Yara	None matched
VirusTotal	Search for analysis

Name	d7610e59c4db347f_period Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\11590\Period
Size	141.0KB
Processes	2548 (MedicinesViews.exe)
Type	data
MD5	`b9d1dd9d8f3de0a2437eab87eced0210`
SHA1	`cf463d4c0768dd20e4d0dfba4db7e89ba4356d0d`
SHA256	`d7610e59c4db347f722ddcc2b6461b8a6bb73a45de0fe27cf4b66af468cd92ca`
CRC32	`FC3E38AD`
ssdeep	`1536:XgMbFuz08QuklMBNIi9u5aAwubPdMaj6iTcohiPfKj+wsxP:Xg0Fuz08XvBNbIaAtbPf6jKj+wsxP`
Yara	Malicious_Library_Zero - Malicious_Library
VirusTotal	Search for analysis

Name	f58d3a4b2f3f7f10_represent.pif Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\11590\29577\Represent.pif
Size	924.6KB
Processes	604 (cmd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`848164d084384c49937f99d5b894253e`
SHA1	`3055ef803eeec4f175ebf120f94125717ee12444`
SHA256	`f58d3a4b2f3f7f10815c24586fae91964eeed830369e7e0701b43895b0cefbd3`
CRC32	`4FCA9037`
ssdeep	`24576:LOo8pEnK4mrqlEZuVZ2HOI+X0l1lMZyYFaeBmyF:LF8p4KpqlEZeXI+X0TVcae3F`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis