Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
10.05 02:10
mime-attachment 2
10.05 11:10
66fffb908255c_nnxin.exe
10.05 11:10
66fe13d56fd43_EdgeOUpd...
10.05 11:10
9dd06d870941.exe#d15
10.05 11:10
7f3c2473d1e6.exe#sp_vid
10.05 11:10
f2e7fcb20146.exe#sp_sl
10.05 11:10
956d73b7f041.exe#defau...
10.05 09:10
payload.msi
10.05 09:10
fedf8679e8d2.exe#d12
10.05 09:10
segura.vbs

Latest News
10.05 05:10
Phoniebox: A Family-Fr...
10.05 04:10
Clone of TEST BLOG WIL...
10.05 03:10
Anzeige: So gelingt di...
10.05 03:10
KI verstehen mit Excel...
10.05 03:10
Apple Releases Critica...
10.05 02:10
Mechanical Switch Sci-...
10.05 11:10
This Bluetooth GATT Co...
10.05 09:10
Mac Malware with L0Pse...
10.05 09:10
타이거다즐러, 올리브영 온라인몰 입점… ...
10.05 09:10
Ben Horowitz Will Dona...

Dropped Files | ZeroBOX

Name	3d65e5f78fa228a7_blob.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000001001\blob.exe
Size	2.5MB
Processes	2120 (Hkbsse.exe)
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`fbfbe4ee13baecac3e7d16bec24cf079`
SHA1	`360caf2bb458bee7e65c316099a868b929839d25`
SHA256	`3d65e5f78fa228a79d279fd903b45e584effe6b680d3a3adcb582985de62d01e`
CRC32	`B0BFC4C0`
ssdeep	`49152:0GXNqt3/rQCbVuI1SjuNVASD++6ozKQ/hD5xkmIW3vFqbrBeL9SSKl:0Gm3/rQCbVuIioc9ihD5KmjteALgl`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	77d7ec4c54e6db91_build.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000003001\build.exe
Size	420.0KB
Processes	2120 (Hkbsse.exe)
Type	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`e59cb9f032187838b2be9823757bb85a`
SHA1	`e42f9772116fe6bffccc64897654a87774bdd372`
SHA256	`77d7ec4c54e6db91a4562c59472d659c3768dda653cf396443187087a3a61b1b`
CRC32	`DBF1EF26`
ssdeep	`12288:YV5JxH9UKyOAYCsDyTgiBTbMpzCNaifwls3:gJpXyOA9iSgilaifwls3`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description) IsPE32 - (no description) Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
VirusTotal	Search for analysis

Name	258a3bf21183ad63_hkbsse.job Submit file
Filepath	C:\Windows\Tasks\Hkbsse.job
Size	270.0B
Processes	1508 (bin.exe)
Type	VAX-order 68k Blit mpx/mux executable
MD5	`71895ad619b1f44ebd895170fb880fe5`
SHA1	`1083ed8d8a473ce84cd375af9e2865899dfb2ee8`
SHA256	`258a3bf21183ad63e750f1efb8e60214c74e85b90cb65913fdf16b96f06bd5c3`
CRC32	`FAE51476`
ssdeep	`6:9sN1BCXE/E/UEZ+lX1KrUetI4y0ldtkut0:9sIkE/Q1Ku4Vdiut0`
Yara	None matched
VirusTotal	Search for analysis

Name	2528886537fecbc2_832866432405 Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\832866432405
Size	85.0KB
Processes	2120 (Hkbsse.exe)
Type	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1024x768, frames 3
MD5	`3651bede3dca63917ddab309686192e8`
SHA1	`29a1d57f1401169109107cbb3103b3cda56068ba`
SHA256	`2528886537fecbc2d1ce9c075b05c4923f70bf8d49c3e069c2868f334b045a97`
CRC32	`305CE3E1`
ssdeep	`1536:08qQRlKOtginlqeQf4gq7W9r8Wa8+3vMqHILIIsw/jUrBt5G:NRlk8lqjQg/N8WA0qoLhd/jUFt5G`
Yara	JPEG_Format_Zero - JPEG Format
VirusTotal	Search for analysis

Name	d6cfb9d6c862be5a_hkbsse.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\5641a448ac\Hkbsse.exe
Size	424.5KB
Processes	1508 (bin.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`13e5872e9b7c47090e035dc228c5589f`
SHA1	`c55a9708091f19b5fc5baf7c37beb99d8d3bf760`
SHA256	`d6cfb9d6c862be5a244eb5e4c6339312f74b7eb57cad8d08f56e3de0024b2bbc`
CRC32	`A1AC4AF1`
ssdeep	`6144:9O1rkNbOFsBuztTfSoRgxX+j14TGYoij7aR1XPQg9TU5YGmvST3h68BoKupOdCHP:3xBuBTExX+AoLzTUKdvST/BoKupOjUz`
Yara	Malicious_Packer_Zero - Malicious Packer Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis