popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 183fb85fc9150171_부가가치세 수정신고 안내(부가가치세사무처리규정).hwp.lnk
Submit file
Size 62.9MB
Type MS Windows shortcut, Has Description string, Has command line arguments, Icon number=0, ctime=Sun Dec 31 15:32:08 1600, mtime=Sun Dec 31 15:32:08 1600, atime=Sun Dec 31 15:32:08 1600, length=0, window=hidenormalshowminimized
MD5 6eee6fa92a270b1f32390eec50512eea
SHA1 e8b471c3d383fd44e53029676df3370f0504555f
SHA256 183fb85fc915017104cd473f8f3ad515a54603e38fd4463214adcbf84b421183
CRC32 E0112929
ssdeep 3072:JaE7c6hknR8CMis/ozg0WCIB3oBSKcBdKjoKBDKRZ1/dO:HX/9/oIySbI8KNw/dO
Yara
  • Lnk_Format_Zero - LNK Format
  • lnk_file_format - Microsoft Windows Shortcut File Format
VirusTotal Search for analysis
Name 24c857b6f6adc35d_start.vbs
Submit file
Filepath c:\users\public\documents\start.vbs
Size 326.0B
Processes 3040 (expand.exe)
Type ASCII text, with CRLF line terminators
MD5 751d6a5f39860065bfea1396ce8c338c
SHA1 04f3072111c27c8c946f6e773c534f1822091007
SHA256 24c857b6f6adc35dc8042309afa96b51622ed6da7ca18a5a2ef86fde739fa484
CRC32 2E175B8A
ssdeep 6:Y0qvAnrDPwWferwMos/4fNg27RBGkRfZjPOG6B/4FIh4oZwQh/486/C:WvA/LfpMos/4Fz7RhRf83/4FIhHZwe/V
Yara None matched
VirusTotal Search for analysis
Name f11ed7165bd68e9f_19569508.bat
Submit file
Filepath c:\users\public\documents\19569508.bat
Size 2.0KB
Processes 3040 (expand.exe)
Type DOS batch file, ASCII text, with very long lines, with CRLF line terminators
MD5 bac78d78d63059011e1aaf5560ee6efc
SHA1 9615a5b711372251e06d8a6a2af5537f3fa2855f
SHA256 f11ed7165bd68e9f8796d9149ce45e304ffba4822ecfa9493b48734f198f6bb5
CRC32 3E7D31EF
ssdeep 48:kiIPL6qHoQ4tri3Au1aGY/IxI79HxbKdSrhaGI/IxI79HrISrR21xjCdrJFC/K28:9sSt+Au1aGY/CIZHljhaGI/CIZHrISOi
Yara None matched
VirusTotal Search for analysis
Name 8e93c554fc6a2f53_setupact.log
Submit file
Filepath C:\Windows\Logs\DPX\setupact.log
Size 22.5KB
Processes 3040 (expand.exe)
Type UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5 46c8e31d75d1b08c929de5de28137991
SHA1 a1f7150e8d141257d52b4a641dc03da35a871679
SHA256 8e93c554fc6a2f536037f65c7319f6ebe1aacb02ac38c6dd31f044d40213fb15
CRC32 5A4D4A89
ssdeep 192:sKLKYKLKdIH36KBKzWI1EcTm8oKyKEK/KdKGKvKdKiKfKWKHKjKQKPKKKWKhKqKb:pIHVou
Yara None matched
VirusTotal Search for analysis
Name 3124a8b806f5ccf3_29320325.bat
Submit file
Filepath c:\users\public\documents\29320325.bat
Size 152.0B
Processes 3040 (expand.exe)
Type DOS batch file, ASCII text, with CRLF line terminators
MD5 56346f3c5ffe84da1a37b63906dd94d1
SHA1 4af53a91ee4e47bcd24b20c833fcdc18205d7f62
SHA256 3124a8b806f5ccf31ebee9f7c2d0986ccac28cd781fad2f645ff2432724c6788
CRC32 14725399
ssdeep 3:mKDDGQWT0ygSSJJFIGthdEuWogMdMQAXuWJSIfOWNVP93BVS:hSnJs8GLmZ/MeXuWg9KV13jS
Yara None matched
VirusTotal Search for analysis
Name 8d9b5190aace52a1_unzip.exe
Submit file
Filepath c:\users\public\documents\unzip.exe
Size 164.0KB
Processes 3040 (expand.exe)
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 75375c22c72f1beb76bea39c22a1ed68
SHA1 e1652b058195db3f5f754b7ab430652ae04a50b8
SHA256 8d9b5190aace52a1db1ac73a65ee9999c329157c8e88f61a772433323d6b7a4a
CRC32 B1B54384
ssdeep 3072:IeAGcNNwmlR2GNUbomMYMLnbtoKOmiNL2SJOUOhop:CvNNtWuYcqHmiNLOc
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 8be032dd9940beaf_94892591.bat
Submit file
Filepath c:\users\public\documents\94892591.bat
Size 2.6KB
Processes 3040 (expand.exe)
Type DOS batch file, ASCII text, with very long lines, with CRLF line terminators
MD5 97f34baf01b308092a96f132e8d6b684
SHA1 4bf6b8f96490ae3a5dceb62ea4056e504268cf6b
SHA256 8be032dd9940beaf59ffb17aa7cc91582c71cc9d37f82ccd58e40c86b505a986
CRC32 FCA7E0B1
ssdeep 48:kKPdwMSTf6+KHI8TQdb7nTNYhTZ7vcP58SYU75RTVoYbjmmwVQ2ftEYWA92cAWn:9dnSTxKHVu7nalZ7o51jRTVoSjV7YtEu
Yara None matched
VirusTotal Search for analysis
Name d42203d7abf33f7e_38808439.bat
Submit file
Filepath c:\users\public\documents\38808439.bat
Size 597.0B
Processes 3040 (expand.exe)
Type DOS batch file, ASCII text, with CRLF line terminators
MD5 e8bf323df5e2e6798695e8b5441024a7
SHA1 27b11cb128eb68ec4e7350c507b58769e12e18bc
SHA256 d42203d7abf33f7e9e6027a864ffd826e54b2419d191c70162b8ddde0ac367ea
CRC32 84758195
ssdeep 12:0n/E9AkTCJkLffsCL46PWeHISk3FP1dbSk3YP0RSk3XPESk3CPk:0n/iHIgk3FP+k3YcYk3Xhk3Cc
Yara None matched
VirusTotal Search for analysis
Name d8530cb83263f371_temp.folder.lnk
Submit file
Filepath C:\Users\test22\AppData\Roaming\HNC\Office\Recent\Temp.folder.lnk
Size 823.0B
Processes 2976 (Hwp.exe)
Type MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Directory, ctime=Wed Jan 31 20:32:29 2018, mtime=Wed Jun 26 23:13:57 2024, atime=Wed Jun 26 23:13:57 2024, length=65536, window=hide
MD5 dd6a7a969e60b04390373f1f4a538d4f
SHA1 05ca0f64c5f10dd1223028099ed6be58669c1c12
SHA256 d8530cb83263f37100be300ec7956949bd58324a011e5f4cc0d7df4e8a6a4e56
CRC32 C2ECA640
ssdeep 12:8pgkEsh64cZCrR8EvSWMlR+/bkpe8izCCOLMa1Swua4t2YLEPKzlX8yGwH:8pVsERdglRcdzNRak6Pyd
Yara
  • Lnk_Format_Zero - LNK Format
  • lnk_file_format - Microsoft Windows Shortcut File Format
VirusTotal Search for analysis
Name e6056caae1f22de7_gRRXda.cab
Submit file
Filepath C:\Users\Public\gRRXda.cab
Size 79.2KB
Processes 2872 (powershell.exe)
Type Microsoft Cabinet archive data, 81106 bytes, 9 files
MD5 215f0df68aa48258873ab293a6955b76
SHA1 ce80c31b5245e19fca94e50046d0bbb2e3b54f5c
SHA256 e6056caae1f22de71b6165c49f31ee8bdeef5da7ad289c0dddfb0b0db2cc23ea
CRC32 7E937D99
ssdeep 1536:YMHr7jea1utPHrhd+j8aYfYx+a3wqItgDRDRqKyRcu:d7jea1eThd+j2fm0gVNqNmu
Yara
  • CAB_file_format - CAB archive file
VirusTotal Search for analysis
Name 4be207de293c39bc_emb00000ba479bd.jpg
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\Hnc\BinData\EMB00000ba479bd.jpg
Size 30.4KB
Processes 2976 (Hwp.exe)
Type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 341x527, frames 3
MD5 fded8048242122aadd9a101bfde82019
SHA1 1b6385e0b4acfa5d16d3fb163c6764c260be844c
SHA256 4be207de293c39bc7800b45d187b1779caedaf5ff643fc82cb5037d0c327c64d
CRC32 9C40765E
ssdeep 768:V7fIy6Ajh/GOTQquc46YvILO8OFUsEzvI07B+UjRtpfNuWfECVYh+mx:VLIlexpTQqu6YgLgFUsEDIFUjRzftF8T
Yara
  • JPEG_Format_Zero - JPEG Format
VirusTotal Search for analysis
Name 76296ca80ceb9d2d_sharefont.ini
Submit file
Filepath C:\Users\test22\AppData\Roaming\HNC\User\Common\80\Fonts\ShareFont.ini
Size 183.0B
Processes 2976 (Hwp.exe)
Type ASCII text, with CRLF line terminators
MD5 34766d17d04c24aaa62124eae6b5bac4
SHA1 984e092e32fe8f7bd340a7799541c2600d96a4fb
SHA256 76296ca80ceb9d2db0b4ed08ba1b060c92a75805d71978c30dd33b87bd698b6e
CRC32 E0E924A3
ssdeep 3:5xxovKdVo6LR5nE9Aj4I5tLGoW+QRX7AMWRUrNmWxpcL4EaKC5YoH1KLDTjEcKl0:5RVogR5nEk55GoW+QWMWRKNmQpcLJaZg
Yara None matched
VirusTotal Search for analysis
Name b7c225ef3cc3e875_d93f411851d7c929.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size 7.8KB
Processes 2872 (powershell.exe)
Type data
MD5 81ca4510272caf505e8091e9a28cb716
SHA1 71414aeec9f1e4a6f5a461b01700cc9cc992cd9e
SHA256 b7c225ef3cc3e87506150eb140e7b9cc127a3469c50a808854acac71a53d98bf
CRC32 FC31E90F
ssdeep 96:EtuCcBGCPDXBqvsqvJCwoRtuCcBGCPDXBqvsEHyqvJCwor/47HwxGlUVul:EtCgXoRtCgbHnorLxY
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 5442793c67d7f5e2_15320821.bat
Submit file
Filepath c:\users\public\documents\15320821.bat
Size 572.0B
Processes 3040 (expand.exe)
Type DOS batch file, ASCII text, with CRLF line terminators
MD5 d89ee4d972c2aa70ce3fff3fa55fedcf
SHA1 4a1eb20888971da4c77a710ca305adced6c7ee96
SHA256 5442793c67d7f5e27fe180d5c6712835813b1aa60db5ac74172c5ee7af3c3936
CRC32 30E58CA9
ssdeep 12:D/StbVj0KzdrqyfPJ/oBJ74aJfAxKnKVjBJ/BrR8m4hWJ7NKuxRQ:D/SpVprqyRjIQpJBlP4yrQ
Yara None matched
VirusTotal Search for analysis
Name 91a3484310e83840_부가가치세 수정신고 안내(부가가치세사무처리규정).hwp
Submit file
Size 70.5KB
Type Hangul (Korean) Word Processor File 5.x
MD5 c8b0321a3087b132f2c3cb6be31df49d
SHA1 23424f3356197b118770cbf904e1383653e6844b
SHA256 91a3484310e83840cba73eb7f0d9ad2bb0d724efe662a020bb83f2a3bf22c5f2
CRC32 4261D92B
ssdeep 1536:95b2f3B45F52r7qxxggaLIlexpTQqu6YgLgFUsEDIFUjRzftF8+m3rJCEmBjv0W:vw3B45z2f8xgnBxpLu6YgLgWsZSNFF8i
Yara
  • HWP_file_format - HWP Document File
  • Microsoft_Office_File_Zero - Microsoft Office File
  • Win32_HWP_PostScript_Zero - Detect a HWP with embedded Post Script code
VirusTotal Search for analysis
Name 2b8dc5de5117c433_24175147.bat
Submit file
Filepath c:\users\public\documents\24175147.bat
Size 258.0B
Processes 3040 (expand.exe)
Type DOS batch file, ASCII text, with CRLF line terminators
MD5 b748c71f6dd5e14afd923c54b155be0b
SHA1 6ea778924cc979dccb8bb5bdee0466be95eb8690
SHA256 2b8dc5de5117c4333ddd09dd25e03edea3fbc275dffe663cdddc46b18e5fa415
CRC32 F66DB723
ssdeep 6:hSnJXd5U+mUm0q7AMF6xiCbuuEuKBL6NEhacJXUGxQJy:0n5WNzAxizuEuKMNRJy
Yara None matched
VirusTotal Search for analysis
Name 26430359b46a4b81_부가가치세 수정신고 안내(부가가치세사무처리규정).hwp.lnk
Submit file
Size 1.2KB
Type MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Jun 26 23:13:54 2024, mtime=Wed Jun 26 23:13:54 2024, atime=Wed Jun 26 23:13:54 2024, length=72192, window=hide
MD5 453fc279626aa77c37f55c7729c76033
SHA1 8dfa8679dd7bfabb9b5c92021d683327b9e3db90
SHA256 26430359b46a4b810a2ce43841fd59d3d15a5b162f53b828d07293e5c8a1462b
CRC32 748C2849
ssdeep 24:8Vl/qsERdglRcDVtQxqRQsZttskttq6PytdN:8VlCsHlRcDbBRnZTtTxyp
Yara
  • Lnk_Format_Zero - LNK Format
  • lnk_file_format - Microsoft Windows Shortcut File Format
VirusTotal Search for analysis