Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Dropped Files | ZeroBOX

Name	824fae3331b95e2f_13d6pS3 Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\13d6pS3
Size	40.0KB
Type	SQLite 3.x database, last written using SQLite version 3033000
MD5	`41c19a9e8541fcb934c13c075bf47721`
SHA1	`648a7622d533d79b9a0bb31dc370134ec3a75ed7`
SHA256	`824fae3331b95e2f88ca60c87a6c9569086906ec76fc1db8d6dee9adddc4e80c`
CRC32	`560F7642`
ssdeep	`48:+35TqYzDGF/8LKBwUf9KfWfkMUEilGc7xBM6vu3f+fmyJqhU:Ulce7mlcwilGc7Ha3f+u`
Yara	None matched
VirusTotal	Search for analysis

Name	58a478f0560ea22c_sqlite3.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\sqlite3.dll
Size	932.5KB
Processes	2376 (dfrgui.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`661fd92d4eaeea3740649af5a484d7c8`
SHA1	`c93f868890fee1475f8ec9e7607e26f5dce67d54`
SHA256	`58a478f0560ea22c1bc194263f07cf6f3ecfe47d0c8b534a7bba185f28a1141f`
CRC32	`84CA7493`
ssdeep	`24576:zsiI1aHU4BvoskVp15pPoTpJ7e/VpR8FMg3Y:o4Bvosk95pPQC/VpRIo`
Yara	IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	413852f536628cfa_13d6pS3 Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\13d6pS3
Size	40.0KB
Type	SQLite 3.x database, last written using SQLite version 3033000
MD5	`91a39ee5267872c5a86c0b791bfd0fe0`
SHA1	`3ee10302a6d40c7aa02afe01d36498f1b27f7895`
SHA256	`413852f536628cfad0f6be985e814443f8a2bbdcfd55994aff9a561fbad68fe1`
CRC32	`B431A379`
ssdeep	`24:TL2C0RlPbXaFpEO5bNmISHdL6UwcOxvo5:TYLOpEO5J/KdGU1Eo5`
Yara	None matched
VirusTotal	Search for analysis

Name	c07c024bf43d8ba6_sqlite3.def Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\sqlite3.def
Size	5.7KB
Processes	2376 (dfrgui.exe)
Type	ASCII text
MD5	`540f7ab54d3b2e6e69222de98bb6b10e`
SHA1	`55fa5084ee581043a071f77d604a21db8d584424`
SHA256	`c07c024bf43d8ba619740174d104eace6c3576cab357f4a2b0a29b8fd88164dc`
CRC32	`A366B6EC`
ssdeep	`96:GcuN/gR+7Ggb9XdMcAM3KOGOF++hwIMtvaENw+Y0aR:E/Q+7Ggb9bKOBF++eHvaENw+cR`
Yara	None matched
VirusTotal	Search for analysis

Name	ac61066997c1ed19_sharo.scr Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\sharo.scr
Size	596.0KB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`3935f15dafdd5edfca70895940dce681`
SHA1	`26e8309b8b9eff1f38481a3c70f9a240d7192213`
SHA256	`ac61066997c1ed196dc3311c32afc2507ec5e97c46242b12871dcec8b558e040`
CRC32	`0CD850AF`
ssdeep	`12288:6+I/fIe8N6sqAtOuXeEjq1/9yPZNYlGtLefxwu:qIeWHOEjCoBNY4Liwu`
Yara	Malicious_Library_Zero - Malicious_Library Is_DotNET_EXE - (no description) IsPE32 - (no description) Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis