Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
08.02 05:08
66a3594e79991.msi
08.02 05:08
guardservice.exe
08.02 05:08
build_2024-07-24_23-16...
08.02 05:08
%E5%AE%89%E8%A3%85%E5%...
08.02 10:08
payload_1_3.ps1
08.02 10:08
payload_1_2.ps1
08.02 10:08
payload_1.ps1
08.02 09:08
wemustbegood.js
08.02 09:08
SNK.txt.exe
08.02 09:08
sos.txt.exe

Latest News
08.03 04:08
What is an adversary-i...
08.03 04:08
Achieving PCI DSS 4.0 ...
08.03 04:08
Sensitive Illinois Vot...
08.03 04:08
Optus and Medibank Dat...
08.03 04:08
Emulating Sandworm’s P...
08.03 03:08
Here Are EFF's Sacrame...
08.03 03:08
GSI promove reunião so...
08.03 03:08
Relatório propõe ao Go...
08.03 03:08
News alert: Security R...
08.03 02:08
Laboratório da Febraba...

Dropped Files | ZeroBOX

Name	45c49011d855b74a_deliverystatusfields.exe Submit file
Filepath	c:\users\test22\appdata\local\deliverystatusfields\deliverystatusfields.exe
Size	3.4MB
Processes	2604 (tuc6.tmp)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`72e86b7df14e6faf1cadb2daa8267538`
SHA1	`c5fe00015fa255fba06b713671b6a4e30fed0087`
SHA256	`45c49011d855b74a4ec06599b06f6df93b5c59afdd779b239872b13b8fe3bb53`
CRC32	`14D2A049`
ssdeep	`49152:bL8JeqSnjyWAoeo+6ClWBhCnBd7Kq0hJaDOrKoeULQL1Vi8juaA5xRAS6pBh:nt4jUD+X0hJUCKoeUsZrae`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	775f6842d7e5c918_unins000.exe Submit file
Filepath	c:\users\test22\appdata\local\deliverystatusfields\unins000.exe
Size	703.5KB
Processes	2604 (tuc6.tmp)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`7bf0c1acf4985454d42e4a99a0652828`
SHA1	`df3abb93bd179eec18d1f6c76c393d245746b699`
SHA256	`775f6842d7e5c918b07a1c889320badadef69120b1742d88575799f9576746d2`
CRC32	`C01E5B1F`
ssdeep	`12288:Vhu7eEcdCP8trP837szHUA6JCzS9Ntc3l3ER6orNjUR0FDExyF2:nu7eEYCP8trP837szHUA60SLtcV3E9xK`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet PE_Header_Zero - PE File Signature Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet UPX_Zero - UPX packed file mzp_file_format - MZP(Delphi) file format DllRegisterServer_Zero - execute regsvr32.exe OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	c84d2f1177aad5ea_turkish.ini Submit file
Filepath	c:\users\test22\appdata\local\deliverystatusfields\languages\turkish.ini
Size	3.1KB
Processes	2604 (tuc6.tmp)
Type	Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
MD5	`0f16041a3efe467ee8440060a5ed7f8a`
SHA1	`6fb9c518e8f468275b4c821db8d1f64dec787687`
SHA256	`c84d2f1177aad5ea224c68f34da0cd0c8e7308ba1cc93494b3376f52051fac93`
CRC32	`C6C8234C`
ssdeep	`96:r9BirQRr9DW1t0Y+6HcRMRBm8K+0vNZry19:Jk+9Ot0EcF8K+d19`
Yara	None matched
VirusTotal	Search for analysis

Name	a4c86fc4836ac728__setup64.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-ADOA0.tmp\_isetup\_setup64.tmp
Size	6.0KB
Processes	2604 (tuc6.tmp)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`4ff75f505fddcc6a9ae62216446205d9`
SHA1	`efe32d504ce72f32e92dcf01aa2752b04d81a342`
SHA256	`a4c86fc4836ac728d7bd96e7915090fd59521a9e74f1d06ef8e5a47c8695fd81`
CRC32	`B1C5F7C5`
ssdeep	`96:sfkcXegaJ/ZAYNzcld1xaX12pS5SKvkc:sfJEVYlvxaX12EF`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	d20e213ef79f5f58_avutil-56.dll Submit file
Filepath	c:\users\test22\appdata\local\deliverystatusfields\avutil-56.dll
Size	682.0KB
Processes	2604 (tuc6.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`7c4c4a4d5684e8aacdc6b118a601a7bb`
SHA1	`64c8cc24339d73909916e303ab08a253dd49fe3f`
SHA256	`d20e213ef79f5f58cf6ca45812648e21612af6b82f52eeee044ea050ab32d75e`
CRC32	`A784E7C6`
ssdeep	`12288:Y8ncCX9jvWgnTMfFj/QhZmyF3yBRAotqlFRHEnWiGGLN:YscCNj3TGFTQhgyF3yBRAyqqV5`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description)
VirusTotal	Search for analysis

Name	e6a08981ab88e25b_libvorbisenc-2.dll Submit file
Filepath	c:\users\test22\appdata\local\deliverystatusfields\libvorbisenc-2.dll
Size	542.9KB
Processes	2604 (tuc6.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`77a96c1c8e72d12be4dfa5600a67e0f4`
SHA1	`f1a94189f7da47db26e332024c255afaa085a654`
SHA256	`e6a08981ab88e25b892db826d75ebe4c3a9ec932704f722b3e32e5d9c8cd359c`
CRC32	`AF48DB42`
ssdeep	`6144:TnOHRuNruVRJ/RbM4YkuYFSwqFux5T8hac1eQ3RcMLQa9gKutRJhuusoAu3FsWVI:2z8wqux5TEacQmRcMcpfLnFQ`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description)
VirusTotal	Search for analysis

Name	f6df43ee735edfb5_tuc6.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-INNK0.tmp\tuc6.tmp
Size	692.5KB
Processes	2552 (tuc6.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`b35517f0a793f47e88116112aecff9b9`
SHA1	`a9a09db89bc4ab535197b8338f085a905621b809`
SHA256	`f6df43ee735edfb581653b2d8463990d16e439c70ea5a0047e4e0f6d64dfa319`
CRC32	`53A146ED`
ssdeep	`12288:thu7eEcdCP8trP837szHUA6JCzS9Ntc3l3ER6orNjUR0FDExyF:Pu7eEYCP8trP837szHUA60SLtcV3E9xT`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet PE_Header_Zero - PE File Signature Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet UPX_Zero - UPX packed file mzp_file_format - MZP(Delphi) file format DllRegisterServer_Zero - execute regsvr32.exe OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	e85aecc40854203b_libwinpthread-1.dll Submit file
Filepath	c:\users\test22\appdata\local\deliverystatusfields\libwinpthread-1.dll
Size	66.9KB
Processes	2604 (tuc6.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`f06b0761d27b9e69a8f1220846ff12af`
SHA1	`e3a2f4f12a5291ee8ddc7a185db2699bffadfe1a`
SHA256	`e85aecc40854203b4a2f4a0249f875673e881119181e3df2968491e31ad372a4`
CRC32	`B17D5A1D`
ssdeep	`768:Jd8ALXCfP6bO/XfLCwiWBot9ZOGLuNTizPm3YRiFVinPHF:X8fq+X9OjZ2APm3YeinPl`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	9941eee1cafffad8_libgcc_s_dw2-1.dll Submit file
Filepath	C:\Users\test22\AppData\Local\DeliveryStatusFields\libgcc_s_dw2-1.dll
Size	122.7KB
Processes	2604 (tuc6.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`6231b452e676ade27ca0ceb3a3cf874a`
SHA1	`f8236dbf9fa3b2835bbb5a8d08dab3a155f310d1`
SHA256	`9941eee1cafffad854ab2dfd49bf6e57b181efeb4e2d731ba7a28f5ab27e91cf`
CRC32	`C7DD09A8`
ssdeep	`3072:lRvT0WUWJXNEn9bufmWAHE9pQIAOBmuWR2:DT0WU6E9Kfms9p5guWc`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description)
VirusTotal	Search for analysis

Name	74024fe9b8a1e4f8_libiconv-2.dll Submit file
Filepath	c:\users\test22\appdata\local\deliverystatusfields\libiconv-2.dll
Size	1.0MB
Processes	2604 (tuc6.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`b7df9b43bf812ddaf60c99732c1ab273`
SHA1	`4a90353c8b2845008483854642b711e917f9ceef`
SHA256	`74024fe9b8a1e4f8b9b7561b336b2916a20784699cdeef2948074f0e820c9bde`
CRC32	`1B29011E`
ssdeep	`24576:gsRe/8fBAUZLYnwPKO6lbbTCpGavkg3NyeuQ6l9fHOfD:gzKBAUZLYwiO6UpGaXBuQQ9uD`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description)
VirusTotal	Search for analysis

Name	9884e9d1b4f8a873__shfoldr.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-ADOA0.tmp\_isetup\_shfoldr.dll
Size	22.8KB
Processes	2604 (tuc6.tmp)
Type	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`92dc6ef532fbb4a5c3201469a5b5eb63`
SHA1	`3e89ff837147c16b4e41c30d6c796374e0b8e62c`
SHA256	`9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87`
CRC32	`AE2C3EC2`
ssdeep	`384:+Vm08QoKkiWZ76UJuP71W55iWHHoSHigH2euwsHTGHVb+VHHmnH+aHjHqLHxmoq1:2m08QotiCjJuPGw4`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description)
VirusTotal	Search for analysis

Name	a7651132f3a49b9f_unins000.dat Submit file
Filepath	C:\Users\test22\AppData\Local\DeliveryStatusFields\unins000.dat
Size	5.3KB
Processes	2604 (tuc6.tmp)
Type	data
MD5	`67e5dbd512875a14e1944cfb8bf4fab7`
SHA1	`4e632a22cb28621e6fa60078342d524f3169352f`
SHA256	`a7651132f3a49b9fcaac7e8a0703086b909255bebb1202ac3004e5a2ec1bc51b`
CRC32	`95D50F9B`
ssdeep	`96:TEWoaRqpukJd97u+eOIhDV7ICSss/LnxeqL:TEWoaIpu0LHHIh1ICSsAnxp`
Yara	None matched
VirusTotal	Search for analysis

Name	a23d944bea101c57_sdl2.dll Submit file
Filepath	c:\users\test22\appdata\local\deliverystatusfields\sdl2.dll
Size	983.5KB
Processes	2604 (tuc6.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`ae58662a16410481b477b78b8d47460b`
SHA1	`fb8b1ba166913c18eb00f8ca53439d0f4ee54359`
SHA256	`a23d944bea101c574875c13883088798cfda712de969dd14f529e870a0de87da`
CRC32	`92A52CC1`
ssdeep	`24576:hEbJuxlv9Sawf3oEYsTXR7fxiGmUDZ/HJkAVJcJdKll6/QTjFZLFGPQRGnx54IC5:zlv9SlEJ8C/KjFnMMvvS4`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description)
VirusTotal	Search for analysis

Name	602c2b9f796da7ba_libogg-0.dll Submit file
Filepath	c:\users\test22\appdata\local\deliverystatusfields\libogg-0.dll
Size	40.0KB
Processes	2604 (tuc6.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`f47e78ad658b2767461ea926060bf3dd`
SHA1	`9ba8a1909864157fd12ddee8b94536cea04d8bd6`
SHA256	`602c2b9f796da7ba7bf877bf624ac790724800074d0e12ffa6861e29c1a38144`
CRC32	`3264B433`
ssdeep	`768:kB8JMzjwsTYQgUvXtrs7GtUplYj7SG7MLXm:kmMwsTYwvXhZP77SW`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description)
VirusTotal	Search for analysis

Name	b39cf5a71b85b2cd_avformat-58.dll Submit file
Filepath	c:\users\test22\appdata\local\deliverystatusfields\avformat-58.dll
Size	2.5MB
Processes	2604 (tuc6.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`608fc55e2116cdcb88c3cf98b206017a`
SHA1	`d73e406a963d160d164d686ea25611e8771adebf`
SHA256	`b39cf5a71b85b2cd233093ef7d55b39db025da78e080b38c070accf1436a2b4f`
CRC32	`D8416BD0`
ssdeep	`49152:i5AIqzwPbYgLHcIE0DtbfgQPKaGSR+J8QVPqFk8QCMJn:i5AIqMPbYgLastLzPzGSR+J8QVPq9Q`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description) ftp_command - ftp command UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	2f6294f9aa09f59a__iscrypt.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-ADOA0.tmp\_isetup\_iscrypt.dll
Size	2.5KB
Processes	2604 (tuc6.tmp)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`a69559718ab506675e907fe49deb71e9`
SHA1	`bc8f404ffdb1960b50c12ff9413c893b56f2e36f`
SHA256	`2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc`
CRC32	`FB05FA3A`
ssdeep	`24:e1GSgDIX566lIB6SXvVmMPUjvhBrDsqZ:SgDKRlVImgUNBsG`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description)
VirusTotal	Search for analysis

Name	f83401305acda249_swresample-3.dll Submit file
Filepath	c:\users\test22\appdata\local\deliverystatusfields\swresample-3.dll
Size	126.0KB
Processes	2604 (tuc6.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`3d8c24a40935fb27fc494fc6147e6ea8`
SHA1	`c26b6949c34aadb8271e124ce08f511be5033a04`
SHA256	`f83401305acda249d2a81cd8496e08643686ff1327ee4a495a1f3abd77c7c3e6`
CRC32	`0A5D30C5`
ssdeep	`3072:2n7B3zAWc/gG6IsRc+JdTCXw4hXAMpI3pr:2n7B3zAWc/SmXfAMK`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description)
VirusTotal	Search for analysis

Name	f8385d08bd44b213_libbz2-1.dll Submit file
Filepath	c:\users\test22\appdata\local\deliverystatusfields\libbz2-1.dll
Size	103.3KB
Processes	2604 (tuc6.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`0c6452935851b7cdb3a365aecd2dd260`
SHA1	`83ef3cd7f985acc113a6de364bdb376dbf8d2f48`
SHA256	`f8385d08bd44b213ff2a2c360fe01ae8a1eda5311c7e1fc1a043c524e899a8ed`
CRC32	`07B006F5`
ssdeep	`1536:2VpMEh4vFu4sry2jkEw0D2cXTY+sgmX18CGLganGc:2Vai3yjEw0DNX03gmqCOD3`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description)
VirusTotal	Search for analysis

Name	8a7d2da7685cedb2_libvorbis-0.dll Submit file
Filepath	c:\users\test22\appdata\local\deliverystatusfields\libvorbis-0.dll
Size	172.1KB
Processes	2604 (tuc6.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`6896dc57d056879f929206a0a7692a34`
SHA1	`d2f709cde017c42916172e9178a17eb003917189`
SHA256	`8a7d2da7685cedb267bfa7f0ad3218afa28f4ed2f1029ee920d66eb398f3476d`
CRC32	`25A4B92A`
ssdeep	`1536:9teve4OMTqM/iKAo+/zO9RhR9aPTxRm1TxStoBtwIbaU+yUsXxTTLRazIxSp/FjU:ze24OM+M/bAWK9Rm1NXwIl+/I9RtqIn`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description)
VirusTotal	Search for analysis

Name	82aa37dde211ee28_avcodec-58.dll Submit file
Filepath	c:\users\test22\appdata\local\deliverystatusfields\avcodec-58.dll
Size	5.3MB
Processes	2604 (tuc6.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`90593c11e9997dd4224cf278d5d66323`
SHA1	`a89583c180a66fe2c8272f8ccd9876326cb29a1e`
SHA256	`82aa37dde211ee28b366603cc9c74f0584ed46d57df7c06447060bfcff886a07`
CRC32	`007C007A`
ssdeep	`98304:8IS8iFbnejXFHVSh3z6+N5NeOYVxtAcPVBgkgrumYE1HpMTdy2/vlCyUIs:85hCFVSh3fN5NeOYVxLPVBcumzJMTdyx`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description) anti_vm_detect - Possibly employs anti-virtualization techniques
VirusTotal	Search for analysis

Name	7087cdd1acdff6cd_zlib1.dll Submit file
Filepath	c:\users\test22\appdata\local\deliverystatusfields\zlib1.dll
Size	124.2KB
Processes	2604 (tuc6.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`8b2a6e8419a8a4e7d3fd023d97455fb9`
SHA1	`2547a1f94fb4f83b7c133a3e285ee11faa155e84`
SHA256	`7087cdd1acdff6cd1b8d821388f430af3888314b05a5821bb53e67034362f670`
CRC32	`94A36830`
ssdeep	`1536:/fMTf09hjtHy4xaIqGpnuJY8KYA/hKjUR+YABqKBrnToIfqIOoIOGESvrTEgTWjx:XMA3Fa0sYDY6hKgRvwqOTBf4uGE+rYgE`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description)
VirusTotal	Search for analysis

Name	4dc09bac0613590f__regdll.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-ADOA0.tmp\_isetup\_RegDLL.tmp
Size	4.0KB
Processes	2604 (tuc6.tmp)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`0ee914c6f0bb93996c75941e1ad629c6`
SHA1	`12e2cb05506ee3e82046c41510f39a258a5e5549`
SHA256	`4dc09bac0613590f1fac8771d18af5be25a1e1cb8fdbf4031aa364f3057e74a2`
CRC32	`2748B2DA`
ssdeep	`48:ivuz1hEU3FR/pmqBl8/QMCBaquEMx5BC+SS4k+bkguj0KHc:bz1eEFNcqBC/Qrex5iSKDkc`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file DllRegisterServer_Zero - execute regsvr32.exe
VirusTotal	Search for analysis

Name	d0755838efef3a42_setting.ini Submit file
Filepath	c:\users\test22\appdata\local\deliverystatusfields\setting.ini
Size	442.0B
Processes	2604 (tuc6.tmp)
Type	Little-endian UTF-16 Unicode text, with CRLF line terminators
MD5	`09204e71e9f3b624e909fb20defe6ef5`
SHA1	`2374900ebb8d9bb7127217dae828a949b8e7938b`
SHA256	`d0755838efef3a423fff51c91b2aec497eb6c1a2a845534d6918c433e1f95267`
CRC32	`7D24015C`
ssdeep	`12:Q+gZPiv77qlXS8lvlRFo1MonAUNycdlUlaT9SaG:Q+gZPo7GU0vlRq1pnAUNnd+gTAaG`
Yara	None matched
VirusTotal	Search for analysis