Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
01.18 04:01
svc.exe
01.18 04:01
RemittanceForms.exe
01.18 04:01
Aristois-Free.jar
01.18 10:01
setup641.msi
01.18 10:01
Needle_Setup.exe
01.18 10:01
8734_5737.exe
01.18 10:01
CondoGenerator.exe
01.18 10:01
QGFQTHIU.exe
01.18 10:01
4909_7122.exe
01.18 10:01
Updater.exe

Latest News
01.20 03:01
Bambu Connect’s Authen...
01.20 03:01
TikTok to Restore Serv...
01.20 01:01
KI statt Kanzler? Drei...
01.20 01:01
Donald Trump und die T...
01.20 12:01
An Instant Gratificati...
01.19 10:01
Apple Is Unlikely to B...
01.19 09:01
DIY Handheld is an Emu...
01.19 07:01
Behörde stärkt Sicherh...
01.19 07:01
Keine Bewegung, kein S...
01.19 07:01
Computing und KI: Die ...

Dropped Files | ZeroBOX

Name	caa1cc0fdb620d86_832866432405 Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\832866432405
Size	23.7KB
Processes	2716 (Utsysc.exe)
Type	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1024x768, frames 3
MD5	`f84b4b662ac77c001d7d59dfd014b318`
SHA1	`78f758573b1668b7216ffe98e5570eb98e3cd79b`
SHA256	`caa1cc0fdb620d86e67a75cd5e73b85f15b5138b533e5489fd27ef1ae3e3eb3e`
CRC32	`941F82A3`
ssdeep	`192:WfJaLyOeTVezoJqNdIheZH18isdgVM/cBhjeEKm3RDNLhMsd2m0wYpSxQn:0JaiPk7vZAq6UhjRpSsMXpSxS`
Yara	JPEG_Format_Zero - JPEG Format
VirusTotal	Search for analysis

Name	9e6e4772050998a5_readme.txt Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_Files_\readme.txt
Size	10.0B
Type	ASCII text, with no line terminators
MD5	`eb6b6c90251ab33cee784713c451e6d8`
SHA1	`451685e9efac4a6dc1fee73ec53ffb6b2c4c38b5`
SHA256	`9e6e4772050998a5c0dc3c61acf3dab0a7e594566171fa5746d6b62f9598efb6`
CRC32	`22598B08`
ssdeep	`3:IS:7`
Yara	None matched
VirusTotal	Search for analysis

Name	92342e62a3f51b7e_cred64.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\80c6bf70bf3f8f\cred64.dll
Size	1.2MB
Processes	2716 (Utsysc.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`b5cdfc4ca11aa7705c605fd93538a310`
SHA1	`c9c1baac2fe2be6d924cea5affa0518aa665dc3f`
SHA256	`92342e62a3f51b7e205863f58b6a0e0145c4fecc31d40049b91e97ed0bb710ca`
CRC32	`3B58739B`
ssdeep	`24576:sxYTyT6AMgQZvBHa726ZwccIIF1cV6n6zyYkEFzd6:BAMgQ7672swJIR06yF`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	dfce2d4d06de6452_protect544cd51a.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Protect544cd51a.dll
Size	742.5KB
Processes	2912 (hv.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`544cd51a596619b78e9b54b70088307d`
SHA1	`4769ddd2dbc1dc44b758964ed0bd231b85880b65`
SHA256	`dfce2d4d06de6452998b3c5b2dc33eaa6db2bd37810d04e3d02dc931887cfddd`
CRC32	`94895C27`
ssdeep	`12288:wCMz4nuvURpZ4jR1b2Ag+dQMWCD8iN2+OeO+OeNhBBhhBBgoo+A1AW8JwkaCZ+36:wCs4uvW4jfb2K90oo+C8JwUZc0`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	69c3d5a7edebb0ed_hv.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000001001\hv.exe
Size	3.9MB
Processes	2716 (Utsysc.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`4bd0a75b3ace98a7226f3a22fbe29745`
SHA1	`316aea2a19ecbee6414f04799352ce6bdc654484`
SHA256	`69c3d5a7edebb0ed71c7cdfa42ae8a78c4eb74655d159939c3e212fd89dd7791`
CRC32	`B8B0E97A`
ssdeep	`49152:ynn8p9K3Tb8TpGeF7fhzjwZeJz+Uf1CAEmB1SQjiejeCEu50TzNCop+OBu:yn8c8MKaAJaUFj1S9ejeCEC4okrBu`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description) Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	6b3383ad0a767b00_utsysc.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\4fdb51ccdc\Utsysc.exe
Size	5.2MB
Processes	2548 (ama.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`294593fcb93a6d6694c9670e86e649bf`
SHA1	`fd861b0d33cc076ded2987c94fa9860e0c4aadd0`
SHA256	`6b3383ad0a767b008e8a41db84efea8847de86796aefd3703dcecb7ec3203e27`
CRC32	`D41CB068`
ssdeep	`98304:a3t1ASlTBJNo0uwOBq+X9vV2vJmWVFJqP54CzfhnCiOFXrOzxdIoDL/dHMeGT2uV:a91jBJNWwOBq+X5mFGJhnGyzxdh2XFL`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	f5d35a2366cf1331_clip64.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\80c6bf70bf3f8f\clip64.dll
Size	102.0KB
Processes	2716 (Utsysc.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`c06513af505f65393b4ebcd2a11a2ee4`
SHA1	`6e9e8a6b93fc9afbcc781790881d821b0bfb0821`
SHA256	`f5d35a2366cf13312a30c9384f1ac30d9dc9ced46fa6b1b9c2d0621493cc2495`
CRC32	`CE0C781B`
ssdeep	`3072:ewTxt8T+Mz7G2MosmfNuQR/SrT7BUEYW0Z:eQ7R0PseNuQREmW0Z`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description) UPX_Zero - UPX packed file Win_Amadey_Zero - Amadey bot OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis