Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe
11.13 02:11
nb.exe
11.13 02:11
svcyr.exe
11.13 02:11
Ghost_1.5.11.5.exe
11.13 02:11
PowderGpl.exe
11.13 02:11
goodlabel%E6%89%93%E5%...

Latest News
11.14 10:11
윈도우 10,윈도우 11 kb504661...
11.14 10:11
Scammer robs homebuyer...
11.14 10:11
Europol supports EPPO-...
11.14 10:11
Here’s how misconfigur...
11.14 10:11
Scammer robs homebuyer...
11.14 10:11
Inside Intelligence Ce...
11.14 10:11
“Free Hugs” – What To ...
11.14 10:11
Parcel-Locker Billiona...
11.14 09:11
5 BCDR Oversights That...
11.14 09:11
Meta’s Week of Setback...

Dropped Files | ZeroBOX

Name	01c9527fc9b156a8_may.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-ISI8A.tmp\may.tmp
Size	677.5KB
Processes	2552 (may.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`6e0e02658efabdcc6047b40ef0fb42ab`
SHA1	`210470ea74054b66d221a2529860fbac1a58924c`
SHA256	`01c9527fc9b156a8db026c2b508790e4fa8012f6e453f800783e18078ef613b8`
CRC32	`973411FF`
ssdeep	`12288:lhg/qrLc0yVrPg37AzHqA63JJVndjzrN6IRpOf+u1nWXExyd:A/qrQ0yVrPg37AzHqA6Zfn0f3NWXExyd`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature DllRegisterServer_Zero - execute regsvr32.exe IsPE32 - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet mzp_file_format - MZP(Delphi) file format Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	a4c86fc4836ac728__setup64.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-RGJ2I.tmp\_isetup\_setup64.tmp
Size	6.0KB
Processes	2604 (may.tmp)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`4ff75f505fddcc6a9ae62216446205d9`
SHA1	`efe32d504ce72f32e92dcf01aa2752b04d81a342`
SHA256	`a4c86fc4836ac728d7bd96e7915090fd59521a9e74f1d06ef8e5a47c8695fd81`
CRC32	`B1C5F7C5`
ssdeep	`96:sfkcXegaJ/ZAYNzcld1xaX12pS5SKvkc:sfJEVYlvxaX12EF`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	e85aecc40854203b_libwinpthread-1.dll Submit file
Filepath	c:\users\test22\appdata\local\top style free edition\libwinpthread-1.dll
Size	66.9KB
Processes	2604 (may.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`f06b0761d27b9e69a8f1220846ff12af`
SHA1	`e3a2f4f12a5291ee8ddc7a185db2699bffadfe1a`
SHA256	`e85aecc40854203b4a2f4a0249f875673e881119181e3df2968491e31ad372a4`
CRC32	`B17D5A1D`
ssdeep	`768:Jd8ALXCfP6bO/XfLCwiWBot9ZOGLuNTizPm3YRiFVinPHF:X8fq+X9OjZ2APm3YeinPl`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	9941eee1cafffad8_libgcc_s_dw2-1.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Top Style Free Edition\libgcc_s_dw2-1.dll
Size	122.7KB
Processes	2604 (may.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`6231b452e676ade27ca0ceb3a3cf874a`
SHA1	`f8236dbf9fa3b2835bbb5a8d08dab3a155f310d1`
SHA256	`9941eee1cafffad854ab2dfd49bf6e57b181efeb4e2d731ba7a28f5ab27e91cf`
CRC32	`C7DD09A8`
ssdeep	`3072:lRvT0WUWJXNEn9bufmWAHE9pQIAOBmuWR2:DT0WU6E9Kfms9p5guWc`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	9de15a9be56b915c_unins000.exe Submit file
Filepath	c:\users\test22\appdata\local\top style free edition\unins000.exe
Size	687.8KB
Processes	2604 (may.tmp)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`156fa24b76423605fbe93f6277595d5e`
SHA1	`85e77dd6ff9dda6de960e27dcbfb2ff66b902340`
SHA256	`9de15a9be56b915c256644f07b4e2148a6c6329618dd92230e7d92f140c4f87b`
CRC32	`8AE5BF95`
ssdeep	`12288:dhg/qrLc0yVrPg37AzHqA63JJVndjzrN6IRpOf+u1nWXExyd8:o/qrQ0yVrPg37AzHqA6Zfn0f3NWXExye`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature DllRegisterServer_Zero - execute regsvr32.exe IsPE32 - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet mzp_file_format - MZP(Delphi) file format Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	9884e9d1b4f8a873__shfoldr.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-RGJ2I.tmp\_isetup\_shfoldr.dll
Size	22.8KB
Processes	2604 (may.tmp)
Type	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`92dc6ef532fbb4a5c3201469a5b5eb63`
SHA1	`3e89ff837147c16b4e41c30d6c796374e0b8e62c`
SHA256	`9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87`
CRC32	`AE2C3EC2`
ssdeep	`384:+Vm08QoKkiWZ76UJuP71W55iWHHoSHigH2euwsHTGHVb+VHHmnH+aHjHqLHxmoq1:2m08QotiCjJuPGw4`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	8f5f13313d6799ba_unins000.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Top Style Free Edition\unins000.dat
Size	4.6KB
Processes	2604 (may.tmp)
Type	data
MD5	`c95d021c32f931deaced8facbb27debf`
SHA1	`3bed1163bfc3f1cf17ce81717586cc40461440e5`
SHA256	`8f5f13313d6799ba3be3d962e8bc97052b12292f1b00967af14535ab60107fc0`
CRC32	`4973BDBA`
ssdeep	`96:MTBEWsRPpHSfz9R+eOIhUMr4cVSQs0Lnq6T96:YEWslpH/HIhOcVSQ1nqb`
Yara	None matched
VirusTotal	Search for analysis

Name	631bab24cb5998ab_tstylefreeedition.exe Submit file
Filepath	c:\users\test22\appdata\local\top style free edition\tstylefreeedition.exe
Size	2.0MB
Processes	2604 (may.tmp)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`fd3a1b47362da2ec6a0af2859a64d497`
SHA1	`0bfccc16c38535167c823dfda1c932408cf61a56`
SHA256	`631bab24cb5998ab4501addf6db08a6ce238e953a96c4527b86b2d224cac2d91`
CRC32	`22B6A653`
ssdeep	`49152:iZdXpKqwUjDppjqvWmpcAup5SLN7bG1z01+jlid0OhRjwO:ibXpKrUjDpp2bpvup4LJS01+jlid0M5H`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Antivirus - Contains references to security software IsPE32 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	602c2b9f796da7ba_libogg-0.dll Submit file
Filepath	c:\users\test22\appdata\local\top style free edition\libogg-0.dll
Size	40.0KB
Processes	2604 (may.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`f47e78ad658b2767461ea926060bf3dd`
SHA1	`9ba8a1909864157fd12ddee8b94536cea04d8bd6`
SHA256	`602c2b9f796da7ba7bf877bf624ac790724800074d0e12ffa6861e29c1a38144`
CRC32	`3264B433`
ssdeep	`768:kB8JMzjwsTYQgUvXtrs7GtUplYj7SG7MLXm:kmMwsTYwvXhZP77SW`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	2f6294f9aa09f59a__iscrypt.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-RGJ2I.tmp\_isetup\_iscrypt.dll
Size	2.5KB
Processes	2604 (may.tmp)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`a69559718ab506675e907fe49deb71e9`
SHA1	`bc8f404ffdb1960b50c12ff9413c893b56f2e36f`
SHA256	`2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc`
CRC32	`FB05FA3A`
ssdeep	`24:e1GSgDIX566lIB6SXvVmMPUjvhBrDsqZ:SgDKRlVImgUNBsG`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	f8385d08bd44b213_libbz2-1.dll Submit file
Filepath	c:\users\test22\appdata\local\top style free edition\libbz2-1.dll
Size	103.3KB
Processes	2604 (may.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`0c6452935851b7cdb3a365aecd2dd260`
SHA1	`83ef3cd7f985acc113a6de364bdb376dbf8d2f48`
SHA256	`f8385d08bd44b213ff2a2c360fe01ae8a1eda5311c7e1fc1a043c524e899a8ed`
CRC32	`07B006F5`
ssdeep	`1536:2VpMEh4vFu4sry2jkEw0D2cXTY+sgmX18CGLganGc:2Vai3yjEw0DNX03gmqCOD3`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	8a7d2da7685cedb2_libvorbis-0.dll Submit file
Filepath	c:\users\test22\appdata\local\top style free edition\libvorbis-0.dll
Size	172.1KB
Processes	2604 (may.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`6896dc57d056879f929206a0a7692a34`
SHA1	`d2f709cde017c42916172e9178a17eb003917189`
SHA256	`8a7d2da7685cedb267bfa7f0ad3218afa28f4ed2f1029ee920d66eb398f3476d`
CRC32	`25A4B92A`
ssdeep	`1536:9teve4OMTqM/iKAo+/zO9RhR9aPTxRm1TxStoBtwIbaU+yUsXxTTLRazIxSp/FjU:ze24OM+M/bAWK9Rm1NXwIl+/I9RtqIn`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	4dc09bac0613590f__regdll.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-RGJ2I.tmp\_isetup\_RegDLL.tmp
Size	4.0KB
Processes	2604 (may.tmp)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`0ee914c6f0bb93996c75941e1ad629c6`
SHA1	`12e2cb05506ee3e82046c41510f39a258a5e5549`
SHA256	`4dc09bac0613590f1fac8771d18af5be25a1e1cb8fdbf4031aa364f3057e74a2`
CRC32	`2748B2DA`
ssdeep	`48:ivuz1hEU3FR/pmqBl8/QMCBaquEMx5BC+SS4k+bkguj0KHc:bz1eEFNcqBC/Qrex5iSKDkc`
Yara	PE_Header_Zero - PE File Signature DllRegisterServer_Zero - execute regsvr32.exe IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis