Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe
11.13 02:11
nb.exe
11.13 02:11
svcyr.exe
11.13 02:11
Ghost_1.5.11.5.exe
11.13 02:11
PowderGpl.exe
11.13 02:11
goodlabel%E6%89%93%E5%...

Latest News
11.14 10:11
윈도우 10,윈도우 11 kb504661...
11.14 10:11
Scammer robs homebuyer...
11.14 10:11
Europol supports EPPO-...
11.14 10:11
Here’s how misconfigur...
11.14 10:11
Scammer robs homebuyer...
11.14 10:11
Inside Intelligence Ce...
11.14 10:11
“Free Hugs” – What To ...
11.14 10:11
Parcel-Locker Billiona...
11.14 09:11
5 BCDR Oversights That...
11.14 09:11
Meta’s Week of Setback...

Dropped Files | ZeroBOX

Name	e3b0c44298fc1c14_nsn5C05.tmp Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\nsn5C05.tmp
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	fdd8a7a40fdee48b_placing Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Placing
Size	247.0KB
Processes	2676 (DisabilityCharge.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`b68df1f6cc55a943bd8bd6a1ba4baeb2`
SHA1	`ed2f9c007bef6a9e8d52aba49704b56c9babea6d`
SHA256	`fdd8a7a40fdee48bd3a93b70e27c8efbb1aa860e2f7f587e1eecacbee3d6dd68`
CRC32	`990327EC`
ssdeep	`3072:pQZCvxA58pED+N7S0lXJummb/Clu+teg5bT2PX:p6C5A58CDEommbMsgaX`
Yara	None matched
VirusTotal	Search for analysis

Name	1713e9701d98f06a_church Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Church
Size	113.8KB
Processes	2676 (DisabilityCharge.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`b020ac666f105e582800755e46b87e54`
SHA1	`33c9afc7390f7fefe0b11ee2f9e32f8107d5ec21`
SHA256	`1713e9701d98f06a20391a048b2f5cb213b0ccf23f45df39df3cdbd55b23935c`
CRC32	`024FBAB4`
ssdeep	`1536:wohYh2nlGFuYHWaU7ifmgKBJqiMophCFPOntgQOY+XhfKHZgOuNEAGIWga8n6M2M:wd0lNOp0w8hJV9xIWc`
Yara	Suspicious_Obfuscation_Script_2 - Suspicious obfuscation script (e.g. executable files)
VirusTotal	Search for analysis

Name	ecdf70fe9c642352_factura[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\factura[1]
Size	186.5KB
Processes	2416 (mshta.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`e33380cd66cb38cdf6ed3008e1c8154e`
SHA1	`961327ff23c8c578ad91902b03c2c0f61ebaa721`
SHA256	`ecdf70fe9c6423522d7ed26058a9c705413b923863eddc44cf406d55bbc8f7d9`
CRC32	`339E976C`
ssdeep	`768:lfGgTViahszDOtfGgTViahszDO0jzefGgTViahszDOHefGgTViahszDO:F4WsO94WsOsu4WsOC4WsO`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	35ed65d991984330_disabilitycharge.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\DisabilityCharge.exe
Size	934.3KB
Processes	1140 (powershell.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`7def16e0ceea0ad69d53e0e636541dd9`
SHA1	`92080bb5ad272cf69f69aa0588856cda4b4b1c28`
SHA256	`35ed65d9919843300db648bf93ae57d7330095eb1ce18d6c6050db88a2e4f297`
CRC32	`6BF4285A`
ssdeep	`24576:gbVB9BI+CacE07NGWx1G0MEL2XH09GIGiSUS00dpf:qVrIacF7dnMBXU9GIzSUlypf`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature NSIS_Installer - Null Soft Installer IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	a9b1dc8eaa5fcd00_d93f411851d7c929.customDestinations-ms~RF138c45.TMP Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF138c45.TMP
Size	7.8KB
Processes	2256 (powershell.exe) 1140 (powershell.exe)
Type	data
MD5	`c1d8708bab1e838a2deda26d58bb8d42`
SHA1	`95d39e75a804752961c139bb6c0b67f84f685035`
SHA256	`a9b1dc8eaa5fcd0034694cf9742ae915a5932142a1477c3ab6fada45d98750b2`
CRC32	`E71AF2A2`
ssdeep	`96:QtuC6GCPDXBqvsqvJCwoFtuC6GCPDXBqvsEHyqvJCworFS7HwxWlUVul:QtbXoFtbbHnor/xo`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	3a6b764666b16752_customs Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Customs
Size	239.0KB
Processes	2676 (DisabilityCharge.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`4c4ea6968e54f5f5c4c254587fee63dc`
SHA1	`d21927f93dfb1626405cf09f3379d6bc7dd8a505`
SHA256	`3a6b764666b1675287f39a952e072fcd41332b4d0ce2b4e59a96aa5a27af8707`
CRC32	`809C431C`
ssdeep	`1536:QxOkSLAyvgYcsfoaRbwl2V2RJRxZT5kSxEsOdGrF5tWaePJkQEqpwDCSw8vpDfmK:QxDuvAgEbfB36jEtE0X62yL8`
Yara	Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	00559112065d90d8_software Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Software
Size	101.0KB
Processes	2676 (DisabilityCharge.exe)
Type	data
MD5	`722238ba226d0e01df25a8d6e95d609f`
SHA1	`2f5e912ff0660bdc3f85ccf6d61bcb10fab8edef`
SHA256	`00559112065d90d8ba296b46949907ea4141c19323e999670a918bd50c5ae162`
CRC32	`BC226AEB`
ssdeep	`1536:V6CV21YEsmnq7Cv/+/Coc5m+4Xf8O46895LmNpRGDox2S3hPt8gNpkUu:0CV26MqgQTc5F446iYNpK5SB7S`
Yara	None matched
VirusTotal	Search for analysis

Name	449e7d4fef2f0a11_sa160.pdf Submit file
Filepath	C:\Users\test22\AppData\Roaming\SA160.pdf
Size	290.9KB
Processes	1140 (powershell.exe)
Type	PDF document, version 1.3
MD5	`267489e084b08204ba4f32a865f2afec`
SHA1	`7c77753e748b3fc0a1e26687032bbbf575021d91`
SHA256	`449e7d4fef2f0a11f5ccc0698a36d05fbac682791ca6b3ffaafa4605533e6553`
CRC32	`E7A2D1B1`
ssdeep	`6144:FAHA4zTgWX47DqUGmlmFVe5LcZb1miyaiNZT3uern58bmch:Z2TpQDtBlmGCZBlOZ3PYh`
Yara	PDF_Format_Z - PDF Format
VirusTotal	Search for analysis

Name	b64c28e45770c23b_cap Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Cap
Size	152.0KB
Processes	2676 (DisabilityCharge.exe)
Type	data
MD5	`d7b3e4a1f20444dd37b4ef305b6f8199`
SHA1	`bfd1d1bdff7c9d7e1ab6b46399252e94bbab8258`
SHA256	`b64c28e45770c23ba7b4cc1b80efd0edafaa0ad8109d3c9e340b45ae40565929`
CRC32	`06F44F1B`
ssdeep	`3072:EJBzLZDKJtIs8di/37EM/j2xQeixApVIa0/A:EJBnGtINsegA/12A`
Yara	None matched
VirusTotal	Search for analysis

Name	83d49034bd164bc6_icon-240419043631z-195.bmp Submit file
Filepath	C:\Users\test22\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240419043631Z-195.bmp
Size	63.6KB
Processes	1680 (AcroRd32.exe)
Type	PC bitmap, Windows 3.x format, 107 x -152 x 32
MD5	`6f04cf4780dad369dcb0f0c0c717ed0e`
SHA1	`2afe148ecaff39ce7797c3ee699ea9a4860b9300`
SHA256	`83d49034bd164bc651738419f5be87e2d2da30b90b965cf683d3dc0221b59475`
CRC32	`A47B5CBC`
ssdeep	`192:FsMq9tSNTu9c+JTJJf8B/J9W3DyP+Q4MTi:Fi9Oc30hTi`
Yara	bmp_file_format - bmp file format
VirusTotal	Search for analysis

Name	c43b8b1a8b8ab145_m Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\5125865\M
Size	867.8KB
Processes	1648 (cmd.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`b18b385dc3c027bc4cd4362e23677edc`
SHA1	`65b09d44a81ca8528cf472f91e783a5199411f45`
SHA256	`c43b8b1a8b8ab1455009a1463c77166c87d21b5ded408a9b9d2eb91213e783de`
CRC32	`8FE5A2C5`
ssdeep	`6144:OguBTX62yE6C5A58CDEommbMsgaV6EgnLukXNc+J7i7mIN8uO4mBV5Q1J7w1XV9k:b+V6KAK0jDCuk9t75V5Gw1XV+`
Yara	hide_executable_file - Hide executable file Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	eb882bf341c37bcd_observed.bat Submit file
Filepath	c:\users\test22\appdata\local\microsoft\windows\temporary internet files\observed.bat
Size	25.6KB
Processes	2676 (DisabilityCharge.exe) 2836 (cmd.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`ad5b9509809e2c43efd8e4e0cbb697aa`
SHA1	`440d24a228fd1a0b125d535e55b887713b237f37`
SHA256	`eb882bf341c37bcd1c625e156f33db1b338d0e435aa074fa379cc3e73d6d9dad`
CRC32	`B509CF57`
ssdeep	`768:RFCaZ3M9cC47yV1yV8tKyFFrB3QuHcawRT4pRhIRhiT/U:RFCaZ8o7yV0FyfrVT8awRT4pRhIRhiTM`
Yara	OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	81ff65efc4487853_testing Submit file
Filepath	C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\TESTING
Size	4.0B
Processes	1680 (AcroRd32.exe)
Type	data
MD5	`dc84b0d741e5beae8070013addcc8c28`
SHA1	`802f4a6a20cbf157aaf6c4e07e4301578d5936a2`
SHA256	`81ff65efc4487853bdb4625559e69ab44f19e0f5efbd6d5b2af5e3ab267c8e06`
CRC32	`FF41D9ED`
ssdeep	`3:e:e`
Yara	None matched
VirusTotal	Search for analysis

Name	4dab1074edd81fc8_ons Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Ons
Size	140.0B
Processes	2676 (DisabilityCharge.exe)
Type	data
MD5	`61bab20dd66e4690943a6165fd4ff9ca`
SHA1	`01237b42f749d18c2529aa6233349ecc5de29db2`
SHA256	`4dab1074edd81fc8d7b5c1e989b025f96ff09ae42e58934668bcc2f696a167c9`
CRC32	`052451A8`
ssdeep	`3:ChhkppPcCMLcU7cUqt/vllpfrYZcFTS9gXQ:ChhQzMLRLqjvVgj`
Yara	Suspicious_Obfuscation_Script_2 - Suspicious obfuscation script (e.g. executable files)
VirusTotal	Search for analysis

Name	740648b4a3501282_dominican Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Dominican
Size	137.6KB
Processes	2676 (DisabilityCharge.exe)
Type	data
MD5	`3c699f1767c677adfed1c113de6d184f`
SHA1	`ca15988fb3c81b6b4e0d7c5914e0bb2e07b35d1b`
SHA256	`740648b4a35012828dc95ef4258677d80659d820461ccfc9f98216facf0fea9a`
CRC32	`C88147AF`
ssdeep	`1536:r6JPTcUNx6/xhgariwYLTN3EfrDWyu0uZo2+9BBVgCOa1ZBPaPQaEwo0yv:r6i/xhgariwYLTNaWy4ZNoBVxjCPjojv`
Yara	Malicious_Library_Zero - Malicious_Library Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	f1e2acd5399b8fd8_anatomy Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Anatomy
Size	268.0KB
Processes	2676 (DisabilityCharge.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`3d0fe94011bfc11f960f3692773becf6`
SHA1	`eda278f584c80b7a5ec1a48c16c1453fd79d30fe`
SHA256	`f1e2acd5399b8fd82a7d3be16aba6cf70dd4f5fea82211979b89e6293b736e85`
CRC32	`8987EF50`
ssdeep	`3072:l6EgnTnuk8KjN0QOeZxJeP0uJ7mUUgEyPEtUO4mBV8sQskY/gJBF+Y8:l6EgnLukXNc+J7i7mIN8uO4mBV5Q1J8`
Yara	hide_executable_file - Hide executable file Suspicious_Obfuscation_Script_2 - Suspicious obfuscation script (e.g. executable files)
VirusTotal	Search for analysis

Name	53a87d85121c6e59_cingular Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Cingular
Size	262.0KB
Processes	2676 (DisabilityCharge.exe)
Type	data
MD5	`5b18970d8c464ca95ef183c6eddf2c79`
SHA1	`30f9ef49ce58ded149dd60a32359052c7fda6b25`
SHA256	`53a87d85121c6e590a928d3fae1f72ab3c266c980cc6a89f39cd74a2127d6b1e`
CRC32	`6604FE14`
ssdeep	`3072:So2IkVvh8p65Nu+dVtqi/x4Rqf21Rgat0g/bZaUAg0FuPOKBNEBNUGXEyaAt7Po:58JTDD/xcq21R1p/rAOPOei7TdFQ`
Yara	None matched
VirusTotal	Search for analysis

Name	865347471135bb54_cheers.pif Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\5125865\Cheers.pif
Size	872.7KB
Processes	1192 (cmd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`6ee7ddebff0a2b78c7ac30f6e00d1d11`
SHA1	`f2f57024c7cc3f9ff5f999ee20c4f5c38bfc20a2`
SHA256	`865347471135bb5459ad0e647e75a14ad91424b6f13a5c05d9ecd9183a8a1cf4`
CRC32	`B4B75CDF`
ssdeep	`12288:DpVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31troPTdFqgaAV2M0L:DT3E53Myyzl0hMf1te7xaA8M0L`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	2e933f3194ac2649_typing Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Typing
Size	220.0KB
Processes	2676 (DisabilityCharge.exe)
Type	data
MD5	`f0c0d7aff4f13ac8f3c247cb9fca2943`
SHA1	`94b642aa412319f2bfd814fefefa1b66c9fd7cc7`
SHA256	`2e933f3194ac2649b3f2c3f0289174b787ef71314143d63980b4d0c3ca698582`
CRC32	`6803F10A`
ssdeep	`6144:qk6AQzyMfA+eyVPlcBgtoTqnvAfcaG9b2E:zMyyzlcqikvAfcN9b2E`
Yara	None matched
VirusTotal	Search for analysis

Name	9d2af9db2847adc6_sophia.json Submit file
Filepath	C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\SOPHIA.json
Size	138.0B
Processes	1680 (AcroRd32.exe)
Type	ASCII text, with no line terminators
MD5	`5560a07d3ef622b3d6964c95205797c0`
SHA1	`1d436ced01b2f294f5a8a0a7a95d54ed5963c4b9`
SHA256	`9d2af9db2847adc65b24c2833ed03db99aea2e6fe0990b38df80a7e116805322`
CRC32	`8F9B4478`
ssdeep	`3:YEH5chxs2H7GxvBxs2HOx9xJvDTHWeiXx6LPAPRaon/GzNLV6n:YEcZqxvHZOvGedAUon/2Nsn`
Yara	None matched
VirusTotal	Search for analysis