Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe
11.13 02:11
nb.exe
11.13 02:11
svcyr.exe
11.13 02:11
Ghost_1.5.11.5.exe
11.13 02:11
PowderGpl.exe
11.13 02:11
goodlabel%E6%89%93%E5%...

Latest News
11.14 07:11
Former FTX Coder Wang ...
11.14 06:11
Jenkins security advis...
11.14 06:11
Nu Posts Record Return...
11.14 06:11
Cisco Gives Strong Rev...
11.14 06:11
US Accuses China of ‘B...
11.14 06:11
Landscape Motif Makes ...
11.14 05:11
Iranian threat group t...
11.14 05:11
Palo Alto Networks sec...
11.14 05:11
Agencies push for digi...
11.14 05:11
Statt Wechsel auf Wind...

Dropped Files | ZeroBOX

Name	e528c2a6706b5ad5_Downloading.pif Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\413404\Downloading.pif
Size	990.2KB
Processes	2556 (cmd.exe) 2604 (cmd.exe)
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`7e778aecb67efac6252d3664087209e3`
SHA1	`e710316dae046e32f9011cabd2b68342a0d02626`
SHA256	`e528c2a6706b5ad536c7d5b745fbb037ae5ed197df4d687321eeb119c60007b3`
CRC32	`4FB372F4`
ssdeep	`12288://RSlbQydQowbvuXJN6VDBYQql5o4wFT15KLf56SuhMeqCPKSnVKqOraVrdHfX5s:3RSKcQowaN69BegScM0Qr6BqW9gaC8g`
Yara	IsPE64 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	096c03a100040e3a_adjust Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Adjust
Size	136.0KB
Processes	1952 (RoughExperienced.exe)
Type	data
MD5	`5f998222206b54a015de203d50013919`
SHA1	`0f0c03ee1d535c5ab9a11f7b0cb0fd0cd17f3250`
SHA256	`096c03a100040e3aa18471b45cb8676cffa084e14048ff25e2baa3b9ee6be286`
CRC32	`25EF2F02`
ssdeep	`1536:NsW4dIsTu9aAwueAUPxKfi6JfTcQdAOxXPlAk:yViaAteAUPx6RXPGk`
Yara	None matched
VirusTotal	Search for analysis

Name	12c7a7d489c0c203_skype Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Skype
Size	266.0KB
Processes	1952 (RoughExperienced.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`74c926a03678fbdb41d0b347e9968f54`
SHA1	`3e20927c48eaa226aff887fd199a109cc268d846`
SHA256	`12c7a7d489c0c2032fd37edaf8c0616e4ff44e0d2f6ed0b9ebdae834d262d764`
CRC32	`69F8DA16`
ssdeep	`3072:cXS1YNuXjTchZP7Ho0Svd7OktxIpjRbAKLw4WqW1rvGJYPfMa:cC1SuzTgo0SvVfqpjRAKE4W7NMa`
Yara	Suspicious_Obfuscation_Script_2 - Suspicious obfuscation script (e.g. executable files)
VirusTotal	Search for analysis

Name	f6238ef450cbf687_sword.bat Submit file
Filepath	c:\users\test22\appdata\local\microsoft\windows\temporary internet files\sword.bat
Size	19.2KB
Processes	1952 (RoughExperienced.exe) 2052 (cmd.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`79dabe9b028f94d9af71be6224b0a58f`
SHA1	`ae6c5eebe69bc60d4a55ca30e08a5a8ddb4feb5e`
SHA256	`f6238ef450cbf68796a99593c18eb1e64d359263c77baf4aec1acb942fe808ee`
CRC32	`03098B52`
ssdeep	`384:Pf/7BZ3+A1toYTLD0H+jsMGGmnYB+/U0urFIzMR/eYaVTJgZ/PbQ:vX+MV8HqsMtme4U0gIzMRAHgZU`
Yara	None matched
VirusTotal	Search for analysis

Name	c5562d70a3486e40_besides Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Besides
Size	245.0KB
Processes	1952 (RoughExperienced.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`e6f59e2d5eb54747cf837c35e9df9fe3`
SHA1	`d9ad2413360d2acc0b3a23b959a927a3530f3462`
SHA256	`c5562d70a3486e40af0d77231324f6415383b676cd37d2be60a52f3066d159c4`
CRC32	`DD46030F`
ssdeep	`3072:mXARFDFnzNfy7RMGDePAUsM5N/8RHWVvUF5k5C4F9+kP6MTx0:mw71NMrDuANM5N/8RHW+FW/9CCx0`
Yara	Suspicious_Obfuscation_Script_2 - Suspicious obfuscation script (e.g. executable files)
VirusTotal	Search for analysis

Name	2cac89fb2c6f1153_optimal Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Optimal
Size	131.1KB
Processes	1952 (RoughExperienced.exe)
Type	data
MD5	`f72ea29a6ba0b7ba31239d5555f8d4c0`
SHA1	`1859148e0396f7d1c97212f825fd412ae311e589`
SHA256	`2cac89fb2c6f1153b8a9e824e7e934fbb969c01f626fbaf65d3411d9e8b4c962`
CRC32	`6C7E0E56`
ssdeep	`1536:UELxsnBgarS9atzPIGfAwmrnN3EfrDWyu0uZo2+9B9a:UELx6BgarSMtQGVenNaWy4ZNo9a`
Yara	Malicious_Library_Zero - Malicious_Library Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	32c835301815d1e0_l Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\413404\L
Size	1.2MB
Processes	2600 (cmd.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`4a0b073d4a765c476a112964df5ff1c8`
SHA1	`032907067a8df3e5cd18606ae4076084e7095ce8`
SHA256	`32c835301815d1e0660efc9c09375caaeb75f90d2b1f77c6ceae295c156f80b4`
CRC32	`C5B35C51`
ssdeep	`12288:JkcRHrnWOf18DzKdPS07ffX7sUA1ngopVSAKE4kW7w5NyYKZW4e9CH:9DWOfAKn7bAMAKYyYKic`
Yara	Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	08d11b731018d746_resume Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Resume
Size	199.0KB
Processes	1952 (RoughExperienced.exe)
Type	data
MD5	`d36c9e3b7c98f094f3a3a2026c7f5d40`
SHA1	`bcbc3b22b164146ae8a108c256211114cd557524`
SHA256	`08d11b731018d74681d829202e8926ed547023aaeea764bb3d6f426f2e531883`
CRC32	`67B3A4FB`
ssdeep	`6144:ch820nOG7V5n6qKDBYJAxI0kuql5o4wFT15KLf59dQ7SucwQ:cvuXJN6VDBYQql5o4wFT15KLf56SuhQ`
Yara	None matched
VirusTotal	Search for analysis

Name	ddef45c206e72ac0_winds Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Winds
Size	223.0KB
Processes	1952 (RoughExperienced.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`3ea30d6c00dee320fab47266261cc4d4`
SHA1	`c4b062d349ea502580c2b846e2a3dcce0ad19985`
SHA256	`ddef45c206e72ac0ab26c1793cfd8bb8f2c34ca6acc7f3bdc196b0fc2ddcf04a`
CRC32	`0A8ACC0D`
ssdeep	`3072:4MmMyrpULlhJLLwpOmvLsncz6zFzQXLgDIF/d8:4MmMopOmvLxC`
Yara	Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	6bb78419c4697b52_environmental Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Environmental
Size	298.0KB
Processes	1952 (RoughExperienced.exe)
Type	data
MD5	`bfd5e0f0435f2984613b57209faefb96`
SHA1	`57d35bf49135e2e552453a983a0bd3bab1c2b93f`
SHA256	`6bb78419c4697b5287cf6f9b31d66357ee7a907c8b432a097bebb5f6bad403dc`
CRC32	`4FBF657C`
ssdeep	`6144:sChNuqcxN4QVtKSnVKYUWOtci/aVrdHfX5bZYalrISe6HKfPeohX:xeqCPKSnVKqOraVrdHfX5bZPrNHaWoh`
Yara	None matched
VirusTotal	Search for analysis

Name	78cb40e0df6752c4_kirk Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Kirk
Size	226.0KB
Processes	1952 (RoughExperienced.exe)
Type	data
MD5	`80e5c12559f7db2eff61d9c75d8916ed`
SHA1	`f6010cb54f65f2fd781bbcac052581ba5eac3bc5`
SHA256	`78cb40e0df6752c4454168d11f4af632825d95aeaf2901b475549b8fa6e860e7`
CRC32	`DE450D03`
ssdeep	`3072:xhBaQ5h+Roc0UPSmadFLH7Jv8tlTc7PvuaaxabyTR0WtP58/wMW4xTLIKQLJsvPS:xP60dPLH7JSleLaxQydPP5KKATbQLivq`
Yara	None matched
VirusTotal	Search for analysis

Name	4f8b24e2a41f0638_buck Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Buck
Size	50.0B
Processes	1952 (RoughExperienced.exe)
Type	data
MD5	`6268ac4040c9c50d6cc138f00d1ff031`
SHA1	`b0474a799086ad83f26ac4c94990b18f791e58ab`
SHA256	`4f8b24e2a41f06385a217d2cf3ba9118e3c9ff2e1af4898f8818ab6b4b47d608`
CRC32	`9741BD81`
ssdeep	`3:YjEMLtAFolUqt/1:YjEMLSFoGqf`
Yara	None matched
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_nsaC212.tmp Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\nsaC212.tmp
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	a2f1a59c57151179_move Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Move
Size	290.0KB
Processes	1952 (RoughExperienced.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`e315eec0df8fa4518bcea1a2d74e75c8`
SHA1	`81e7cf34cb69e2196dd60ca0eb8ad9d7b1c8a2c6`
SHA256	`a2f1a59c5715117971c921258f1ee3f0d065dd695810c4924e150a518b02a437`
CRC32	`112F2447`
ssdeep	`3072:n21UpOPbnA3jJamkna+ubHFZ4cKhPQmbKdQwkOu4IUoUC4DTGE:2OpOPb8Imt+yHrnhwOf1VCYx`
Yara	None matched
VirusTotal	Search for analysis

Name	80810fa392f77775_w Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\W
Size	252.0KB
Processes	1952 (RoughExperienced.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`38c9e1bcc01e87e599cac5a8772bf25e`
SHA1	`35abdd6e42088e131d0151a3027c634932322b50`
SHA256	`80810fa392f77775e1415507bde2a6c7a3a18cc442494db47e089c64886694d8`
CRC32	`44D43EB4`
ssdeep	`3072:Gzm1fbhvr0GPS07Ge00f3m12n8B47sbWzdM:GzubhvDPS0amf3vn8C7syzdM`
Yara	Suspicious_Obfuscation_Script_2 - Suspicious obfuscation script (e.g. executable files)
VirusTotal	Search for analysis