Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe
11.13 02:11
nb.exe
11.13 02:11
svcyr.exe
11.13 02:11
Ghost_1.5.11.5.exe
11.13 02:11
PowderGpl.exe
11.13 02:11
goodlabel%E6%89%93%E5%...

Latest News
11.14 04:11
Drupal security adviso...
11.14 04:11
Blizzard Brings Back O...
11.14 04:11
GitLab security adviso...
11.14 03:11
Amazon Labor Ruling Ou...
11.14 03:11
PG&amp;E Project A...
11.14 03:11
China’s Trump Cards fo...
11.14 03:11
CVE-2024-43451: A New ...
11.14 03:11
Making Sense of Real-T...
11.14 03:11
Zero-day vulnerability...
11.14 03:11
US indicts alleged Sno...

Dropped Files | ZeroBOX

Name	bdee1ce0e1d66bbc_democrat Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\15598\Democrat
Size	154.0KB
Processes	1960 (HomepageReverse.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`e6e6f116eba97f6eb794068257e55db6`
SHA1	`c899e03302b2cc58c8e3ae28a380695504470d20`
SHA256	`bdee1ce0e1d66bbc3f53f134f1b24d894edb48f029917bd2fc44aa66185cad6b`
CRC32	`A20D29D8`
ssdeep	`3072:pPpU08BjlWTPJth26X7Sn4UfpLUNN9t68cCWlrss4M5iRq3U0P/:LQBk7JjX74cN0lrztgwU0n`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	1dd4231c7daacef5_print Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\15598\Print
Size	197.4KB
Processes	1960 (HomepageReverse.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`4a5745811e628fe1ace1026ec6228ca7`
SHA1	`e8c65c9faa37a3d5db959abf76d73bfd6e42a7c8`
SHA256	`1dd4231c7daacef52820da15764aef08ac86700daaa9e89c4d2d6f5a29479665`
CRC32	`86F01BF1`
ssdeep	`3072:w/IcBZR99D7s/k2nDEte1+Hyv5T8WDT7dmbrY:eI+RzD7sBDEmFT`
Yara	Suspicious_Obfuscation_Script_2 - Suspicious obfuscation script (e.g. executable files) Admin_Tool_IN_Zero - Admin Tool Sysinternals
VirusTotal	Search for analysis

Name	9c220a7e285d9940_nintendo Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\15598\Nintendo
Size	124.0KB
Processes	1960 (HomepageReverse.exe)
Type	data
MD5	`b85fd2eeea9c1f1b8dba5b654d697561`
SHA1	`5a70af1ccee67719bd895d4a4136f7b0dc1b41e0`
SHA256	`9c220a7e285d994035bb2525342c7b8c9e6b92ff1b2b2780b711529a9aad799e`
CRC32	`D5EF7C29`
ssdeep	`3072:GRYH/fA9vtqmcCVs5A3q5eAg0Fuz08XvBNbIaAtbC:GRYmFqZvEAOz04pmdVC`
Yara	None matched
VirusTotal	Search for analysis

Name	07bd9eadd16b68b4_p Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\15598\20701\p
Size	1.0MB
Processes	2640 (cmd.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`becfb5ce4b29b45b1bab278fb5d168e5`
SHA1	`ce2bd52fbf94d3b09e3a248ad7d886142a42efe0`
SHA256	`07bd9eadd16b68b4fbdc235f4342048844a772554deac459276f8ce28834ec6f`
CRC32	`6FD2BEAB`
ssdeep	`12288:6R7X4xy/TILE3kh4kMNVQOjRGgyCpmoAqeUnZ+7y2UDAZEmV:EDEgTMEUPMNV/RGglAaM7yp0`
Yara	Admin_Tool_IN_Zero - Admin Tool Sysinternals hide_executable_file - Hide executable file ftp_command - ftp command
VirusTotal	Search for analysis

Name	72cda7460b83841c_elder Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\15598\Elder
Size	12.6KB
Processes	1960 (HomepageReverse.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`0d7ee28a105397e6fd612285e5e02e1a`
SHA1	`09a37809de8329f2adabd432387fffa040396bf9`
SHA256	`72cda7460b83841c3650f47c659d48d37c89db327edec7ad586fe15971ce087f`
CRC32	`76531231`
ssdeep	`192:DCxSdOhj9IhCk1UW3S0HY+hYQdqOCwA1/WChQSmCG5b5eM4PuGl:mEkh7E5HY8CZ1/WPpCE5ePPuI`
Yara	None matched
VirusTotal	Search for analysis

Name	ec6225cae0596154_textbooks Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\15598\Textbooks
Size	422.0KB
Processes	1960 (HomepageReverse.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`42f7dd33a7acbd3200dc7e226731f0af`
SHA1	`096114f527fc26f9829020a9eab23a087f97d4c0`
SHA256	`ec6225cae0596154e9d858502cfc861ac8086b8073bf935a97bb2e0a719efdc3`
CRC32	`3B3BC655`
ssdeep	`6144:aJROKXkXb88OB4xyF9fd/uKF3Ifayw132ph4kMv:6R7X4xy/TILE3kh4kMv`
Yara	Admin_Tool_IN_Zero - Admin Tool Sysinternals hide_executable_file - Hide executable file ftp_command - ftp command
VirusTotal	Search for analysis

Name	797405780ca1b8ea_leader Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\15598\Leader
Size	440.0KB
Processes	1960 (HomepageReverse.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`0075c74629b39a16a04ac81d51c82fed`
SHA1	`a0be424d18953530d50532c2eb569691cc6ddb1e`
SHA256	`797405780ca1b8eaef52fcd582c44cb01b503c41116c43ba42a86fec0b3833a8`
CRC32	`0CE950FE`
ssdeep	`6144:P96UZVUn/QnjRg/VgyCpKjX4Aqt8xElnZ+7yW:FVQOjRGgyCpmoAqeUnZ+7yW`
Yara	Suspicious_Obfuscation_Script_2 - Suspicious obfuscation script (e.g. executable files)
VirusTotal	Search for analysis

Name	f8cefaabbcef1ad6_entitled Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\15598\Entitled
Size	223.0KB
Processes	1960 (HomepageReverse.exe)
Type	data
MD5	`d2a3f8a39b9102fd1465b31f9e2f8af3`
SHA1	`b26f0295fed4a76d75e0386bfd9416034393e0b5`
SHA256	`f8cefaabbcef1ad6c78aaca006d81fa8ed2cabafeb288f9ea5f39a3384a1b7d9`
CRC32	`2B4E347B`
ssdeep	`6144:Wyw3mFygyE4mqd12lqlEAehuqN8zwNzlmhPL1b5nZ2j:Wyw20K4mqClqlEZuB1b5Z2j`
Yara	None matched
VirusTotal	Search for analysis

Name	f58d3a4b2f3f7f10_receptors.pif Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\15598\20701\Receptors.pif
Size	924.6KB
Processes	2596 (cmd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`848164d084384c49937f99d5b894253e`
SHA1	`3055ef803eeec4f175ebf120f94125717ee12444`
SHA256	`f58d3a4b2f3f7f10815c24586fae91964eeed830369e7e0701b43895b0cefbd3`
CRC32	`4FCA9037`
ssdeep	`24576:LOo8pEnK4mrqlEZuVZ2HOI+X0l1lMZyYFaeBmyF:LF8p4KpqlEZeXI+X0TVcae3F`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	0978ccb822bbb06e_garage Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\15598\Garage
Size	216.0KB
Processes	1960 (HomepageReverse.exe)
Type	data
MD5	`15d7bc706262e5905bd734db3ec8d374`
SHA1	`35b5d7e2fc34ae2adc9d387cf5a8bd2f195b9cd6`
SHA256	`0978ccb822bbb06e3812db855ecbeb5aeb9e09978ff097aeb3be0b3e8a751b25`
CRC32	`910F28A0`
ssdeep	`6144:BZ6lfA6Gfm608DsvqJX4xNAB+xHFq9O0lHPOGUWLhxu:BZ6XKmNvqJWNAB+X0lHPOGNQ`
Yara	None matched
VirusTotal	Search for analysis

Name	16e83a4458a76b70_aka Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\15598\Aka
Size	207.6KB
Processes	1960 (HomepageReverse.exe)
Type	data
MD5	`f44941374c648cf3903bddd2003a81ec`
SHA1	`ed3379ace31d1b424a3ef83dcc491039fd0777fd`
SHA256	`16e83a4458a76b70fd9607f889c1f665d0ddff4d65159b68f0c9074b267ecce7`
CRC32	`0DB25AC1`
ssdeep	`3072:0f6jKj+wsxjgarB3RZgDWy4ZNogXJ3i2Umb2Oq:i64EgarxUaBZ2myoG`
Yara	Malicious_Library_Zero - Malicious_Library
VirusTotal	Search for analysis