Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe
11.13 02:11
nb.exe
11.13 02:11
svcyr.exe
11.13 02:11
Ghost_1.5.11.5.exe
11.13 02:11
PowderGpl.exe
11.13 02:11
goodlabel%E6%89%93%E5%...

Latest News
11.14 10:11
Uptycs EDR for Windows...
11.14 10:11
Advertisers are pushin...
11.14 10:11
2025 Predictions — How...
11.14 10:11
Meta Fined €798 Millio...
11.14 10:11
Advertisers are pushin...
11.14 10:11
윈도우 10,윈도우 11 kb504661...
11.14 10:11
Scammer robs homebuyer...
11.14 10:11
Europol supports EPPO-...
11.14 10:11
Here’s how misconfigur...
11.14 10:11
Scammer robs homebuyer...

Dropped Files | ZeroBOX

Name	854ebb2fb2ba2e8b_rcpcpruler.exe Submit file
Filepath	c:\users\test22\appdata\local\rcp spruler\rcpcpruler.exe
Size	1.9MB
Processes	2056 (february.tmp)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`516a3db54c1df04a26991566da4ea00c`
SHA1	`0eb97065fc24278071777b5114545614496d1bf3`
SHA256	`854ebb2fb2ba2e8b9fbf31b064f039d668b694999c92ab810b572958eb6176ee`
CRC32	`49FE00F9`
ssdeep	`49152:uIYElKv5fe5SnxrLbDEvu8tN7bG1zv9iMOmM6A8yeLf:uIYmc5WSnJLbQvumJSv99On6Am7`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) Antivirus - Contains references to security software UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	faa51ee9ae03f7cf_unins000.dat Submit file
Filepath	C:\Users\test22\AppData\Local\RCP SPRuler\unins000.dat
Size	4.5KB
Processes	2056 (february.tmp)
Type	data
MD5	`8b0c790781b34ab17a64271b72242062`
SHA1	`223e9f18572b1082281188338aa68f4f297cfa45`
SHA256	`faa51ee9ae03f7cfb9f9aaf2ee6ce0c463c533d0b486caee67ef921c3eec8ca1`
CRC32	`F8CCC8E4`
ssdeep	`96:Ih4EWIRzpj7H9L+eOIhPv84cVSQs0Lnu58:s4EWIJpj8HIh5cVSQ1nF`
Yara	None matched
VirusTotal	Search for analysis

Name	a4c86fc4836ac728__setup64.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-OQJQ8.tmp\_isetup\_setup64.tmp
Size	6.0KB
Processes	2056 (february.tmp)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`4ff75f505fddcc6a9ae62216446205d9`
SHA1	`efe32d504ce72f32e92dcf01aa2752b04d81a342`
SHA256	`a4c86fc4836ac728d7bd96e7915090fd59521a9e74f1d06ef8e5a47c8695fd81`
CRC32	`B1C5F7C5`
ssdeep	`96:sfkcXegaJ/ZAYNzcld1xaX12pS5SKvkc:sfJEVYlvxaX12EF`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	e85aecc40854203b_libwinpthread-1.dll Submit file
Filepath	c:\users\test22\appdata\local\rcp spruler\libwinpthread-1.dll
Size	66.9KB
Processes	2056 (february.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`f06b0761d27b9e69a8f1220846ff12af`
SHA1	`e3a2f4f12a5291ee8ddc7a185db2699bffadfe1a`
SHA256	`e85aecc40854203b4a2f4a0249f875673e881119181e3df2968491e31ad372a4`
CRC32	`B17D5A1D`
ssdeep	`768:Jd8ALXCfP6bO/XfLCwiWBot9ZOGLuNTizPm3YRiFVinPHF:X8fq+X9OjZ2APm3YeinPl`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	fdb33e2812de516f_february.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-EJ37K.tmp\february.tmp
Size	677.5KB
Processes	1932 (february.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`f8e1d9f78e12f926961ff9dad1b68cde`
SHA1	`1fed3aefc1be086d8705c6927c28a1810c98b335`
SHA256	`fdb33e2812de516fb0ca01304a20d15c1d41e45a82fd0cc70b6b5d816a1f678c`
CRC32	`29A34D3E`
ssdeep	`12288:lhg/qrLc0yVrPg37AzHqA63JJVndjzrN6IRpOb+u1nWXExyd:A/qrQ0yVrPg37AzHqA6Zfn0b3NWXExyd`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature DllRegisterServer_Zero - execute regsvr32.exe IsPE32 - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet mzp_file_format - MZP(Delphi) file format Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	9941eee1cafffad8_libgcc_s_dw2-1.dll Submit file
Filepath	C:\Users\test22\AppData\Local\RCP SPRuler\libgcc_s_dw2-1.dll
Size	122.7KB
Processes	2056 (february.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`6231b452e676ade27ca0ceb3a3cf874a`
SHA1	`f8236dbf9fa3b2835bbb5a8d08dab3a155f310d1`
SHA256	`9941eee1cafffad854ab2dfd49bf6e57b181efeb4e2d731ba7a28f5ab27e91cf`
CRC32	`C7DD09A8`
ssdeep	`3072:lRvT0WUWJXNEn9bufmWAHE9pQIAOBmuWR2:DT0WU6E9Kfms9p5guWc`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	9884e9d1b4f8a873__shfoldr.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-OQJQ8.tmp\_isetup\_shfoldr.dll
Size	22.8KB
Processes	2056 (february.tmp)
Type	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`92dc6ef532fbb4a5c3201469a5b5eb63`
SHA1	`3e89ff837147c16b4e41c30d6c796374e0b8e62c`
SHA256	`9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87`
CRC32	`AE2C3EC2`
ssdeep	`384:+Vm08QoKkiWZ76UJuP71W55iWHHoSHigH2euwsHTGHVb+VHHmnH+aHjHqLHxmoq1:2m08QotiCjJuPGw4`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	7c4980157569482c_unins000.exe Submit file
Filepath	c:\users\test22\appdata\local\rcp spruler\unins000.exe
Size	687.8KB
Processes	2056 (february.tmp)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`dbc00936e847959ccb5ce2e183b12cc7`
SHA1	`afc2628266930fa5ec2978136c0ca8e87c2ace3a`
SHA256	`7c4980157569482cd6201ea18908fc1b40d8088e688367b67f24bb4d80c7bbf7`
CRC32	`AB0A18B4`
ssdeep	`12288:dhg/qrLc0yVrPg37AzHqA63JJVndjzrN6IRpOb+u1nWXExydL:o/qrQ0yVrPg37AzHqA6Zfn0b3NWXExyZ`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature DllRegisterServer_Zero - execute regsvr32.exe IsPE32 - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet mzp_file_format - MZP(Delphi) file format Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	602c2b9f796da7ba_libogg-0.dll Submit file
Filepath	c:\users\test22\appdata\local\rcp spruler\libogg-0.dll
Size	40.0KB
Processes	2056 (february.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`f47e78ad658b2767461ea926060bf3dd`
SHA1	`9ba8a1909864157fd12ddee8b94536cea04d8bd6`
SHA256	`602c2b9f796da7ba7bf877bf624ac790724800074d0e12ffa6861e29c1a38144`
CRC32	`3264B433`
ssdeep	`768:kB8JMzjwsTYQgUvXtrs7GtUplYj7SG7MLXm:kmMwsTYwvXhZP77SW`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	2f6294f9aa09f59a__iscrypt.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-OQJQ8.tmp\_isetup\_iscrypt.dll
Size	2.5KB
Processes	2056 (february.tmp)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`a69559718ab506675e907fe49deb71e9`
SHA1	`bc8f404ffdb1960b50c12ff9413c893b56f2e36f`
SHA256	`2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc`
CRC32	`FB05FA3A`
ssdeep	`24:e1GSgDIX566lIB6SXvVmMPUjvhBrDsqZ:SgDKRlVImgUNBsG`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	f8385d08bd44b213_libbz2-1.dll Submit file
Filepath	c:\users\test22\appdata\local\rcp spruler\libbz2-1.dll
Size	103.3KB
Processes	2056 (february.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`0c6452935851b7cdb3a365aecd2dd260`
SHA1	`83ef3cd7f985acc113a6de364bdb376dbf8d2f48`
SHA256	`f8385d08bd44b213ff2a2c360fe01ae8a1eda5311c7e1fc1a043c524e899a8ed`
CRC32	`07B006F5`
ssdeep	`1536:2VpMEh4vFu4sry2jkEw0D2cXTY+sgmX18CGLganGc:2Vai3yjEw0DNX03gmqCOD3`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	8a7d2da7685cedb2_libvorbis-0.dll Submit file
Filepath	c:\users\test22\appdata\local\rcp spruler\libvorbis-0.dll
Size	172.1KB
Processes	2056 (february.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`6896dc57d056879f929206a0a7692a34`
SHA1	`d2f709cde017c42916172e9178a17eb003917189`
SHA256	`8a7d2da7685cedb267bfa7f0ad3218afa28f4ed2f1029ee920d66eb398f3476d`
CRC32	`25A4B92A`
ssdeep	`1536:9teve4OMTqM/iKAo+/zO9RhR9aPTxRm1TxStoBtwIbaU+yUsXxTTLRazIxSp/FjU:ze24OM+M/bAWK9Rm1NXwIl+/I9RtqIn`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	4dc09bac0613590f__regdll.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-OQJQ8.tmp\_isetup\_RegDLL.tmp
Size	4.0KB
Processes	2056 (february.tmp)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`0ee914c6f0bb93996c75941e1ad629c6`
SHA1	`12e2cb05506ee3e82046c41510f39a258a5e5549`
SHA256	`4dc09bac0613590f1fac8771d18af5be25a1e1cb8fdbf4031aa364f3057e74a2`
CRC32	`2748B2DA`
ssdeep	`48:ivuz1hEU3FR/pmqBl8/QMCBaquEMx5BC+SS4k+bkguj0KHc:bz1eEFNcqBC/Qrex5iSKDkc`
Yara	PE_Header_Zero - PE File Signature DllRegisterServer_Zero - execute regsvr32.exe IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis