Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.22 04:09
2.exe
09.21 02:09
random.exe
09.21 02:09
sdhsfd.exe
09.21 02:09
66edb89bc4073_crypted....
09.21 02:09
66ed33772bbe7_vdfhsjf1...
09.21 02:09
game.exe
09.21 02:09
66ebb3bf78bd6_Send.exe...
09.21 02:09
66ed33717e4c1_vfdshfda...
09.21 02:09
random.exe
09.21 02:09
66ed336eac985_vdfhssfd...

Latest News
09.22 08:09
When Raw Network Socke...
09.22 08:09
Biden Administration t...
09.22 08:09
IT Sicherheitsnews tae...
09.22 07:09
September 22, 2024
09.22 06:09
Cards Against Humanity...
09.22 05:09
Linux, Now In Real Time
09.22 04:09
Was können Roboter wir...
09.22 04:09
Schluss mit Basis-Auth...
09.22 04:09
Deutsches Jugendherber...
09.22 02:09
Learn How to Dissect B...

Dropped Files | ZeroBOX

Name	b1fcb0339b9ef486_rtl120.bpl Submit file
Filepath	C:\Windows\Temp\{709910E0-149B-4C9A-9252-53B87F118B0F}\.ba\rtl120.bpl
Size	1.1MB
Processes	2180 (install.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`630991830afe0b969bd0995e697ab16e`
SHA1	`feda243d83fba15b23d654513dc1f0d70787ba18`
SHA256	`b1fcb0339b9ef4860bb1ed1e5ba0e148321be64696af64f3b1643d1311028cb3`
CRC32	`4087548F`
ssdeep	`24576:ebhz5FWbA1msvIRzM7Rk5JZzSQ4+Is2D9Tx0gbo5:l2hTKgbo5`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Admin_Tool_IN_Zero - Admin Tool Sysinternals IsDLL - (no description) DllRegisterServer_Zero - execute regsvr32.exe IsPE32 - (no description) UPX_Zero - UPX packed file mzp_file_format - MZP(Delphi) file format OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	52019f47f96ca868_maddisasm_.bpl Submit file
Filepath	C:\Windows\Temp\{709910E0-149B-4C9A-9252-53B87F118B0F}\.ba\maddisAsm_.bpl
Size	61.5KB
Processes	2180 (install.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`84bc072f8ea30746f0982afbda3c638f`
SHA1	`f39343933ff3fc7934814d6d3b7b098bc92540a0`
SHA256	`52019f47f96ca868fa4e747c3b99cba1b7aa57317bf8ebf9fcbf09aa576fe006`
CRC32	`0C01FC35`
ssdeep	`768:RhaUyLDjc8SqMhnJ/zq0siFsjB5mYdWtC16+C+024bQJu0D3BIBo1w4Kv57dbhrC:RNy3eqMne0sXB0IWtCLwEJhY0w1SD`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file mzp_file_format - MZP(Delphi) file format
VirusTotal	Search for analysis

Name	c8d091db5a64964e_prolificacy_20240709132729.cleanroom.log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Prolificacy_20240709132729.cleanroom.log
Size	761.0B
Processes	2068 (install.exe)
Type	ASCII text, with CRLF line terminators
MD5	`5bfdb170e74cc2b6d94b73c436efc8c8`
SHA1	`a18cdae72f6d7f29e94fec949e08fd994a0a7c36`
SHA256	`c8d091db5a64964e3bb0928c6fe3d0e239ffd181933745e45e904c463ad88e7c`
CRC32	`D9A7D2DA`
ssdeep	`12:Sr38HSX2W/xOLMcSRcP2EmRKYOLMHSRcP2EWKYOLMwSRcP2rRKYOLMYk/XCnA:8sHSmAn5cP2hCcP29VcP2VF/X6A`
Yara	None matched
VirusTotal	Search for analysis

Name	2bdf023c439010ce_vclx120.bpl Submit file
Filepath	C:\Windows\Temp\{709910E0-149B-4C9A-9252-53B87F118B0F}\.ba\vclx120.bpl
Size	220.5KB
Processes	2180 (install.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`7daa2b7fe529b45101a399b5ebf0a416`
SHA1	`fd73f3561d0cebe341a6c380681fb08841fa5ce6`
SHA256	`2bdf023c439010ce0a786ec75d943a80a8f01363712bbf69afc29d3e2b5306ed`
CRC32	`663361A6`
ssdeep	`3072:F4af8kXL6nX0YXjvkWQ5vYhbNkWPFOEJ8YZbjeTl0Y25zFgYBzRKy6sB65avEtAt:Oaf8kLWL7Xov8bNxdOmrfgYmHA6I`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file mzp_file_format - MZP(Delphi) file format
VirusTotal	Search for analysis

Name	aa395ccf586f59c4_install.exe Submit file
Filepath	C:\Windows\Temp\{F2500F20-1137-43DF-AF52-FD6592584886}\.cr\install.exe
Size	7.0MB
Processes	2068 (install.exe)
Type	PE32+ executable (GUI) x86-64, for MS Windows, InstallShield self-extracting archive
MD5	`01f5e32e63c3944766392411da3c5573`
SHA1	`48a5fbdf029f793040eb2a84fcad0d551b5a6858`
SHA256	`aa395ccf586f59c470b39858a0e33015ec59a9f57f9d0fa47dbd6b50de25dd59`
CRC32	`4B3DFE59`
ssdeep	`98304:tPx1VR1MSpVQJu7ikcXqhKRgGJC1LIrip+M38GEcfNv3SsnFx3ai3i/bgkqf1nnN:dxHR1likZGgv1LH6cBSeqi3idqfVnPLh`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE64 - (no description) CAB_file_format - CAB archive file UPX_Zero - UPX packed file Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	b6f321a48812dc92_vcl120.bpl Submit file
Filepath	C:\Windows\Temp\{709910E0-149B-4C9A-9252-53B87F118B0F}\.ba\vcl120.bpl
Size	1.9MB
Processes	2180 (install.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`849070ebd34cbaedc525599d6c3f8914`
SHA1	`b0543d13f4d0cb787abdaaf1d3c9a5af17c87afa`
SHA256	`b6f321a48812dc922b26953020c9a60949ec429a921033cfaf1e9f7d088ee628`
CRC32	`42981C68`
ssdeep	`24576:L2gt8PRUMggrgN/5tWw+eNVEXZB5SOCwhuuYY8RPyS9YEPI5yz6T:LRSf0Ww+NpPSyzYY8c8YEPI4+T`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file mzp_file_format - MZP(Delphi) file format
VirusTotal	Search for analysis

Name	9760afe7f7ec9c9a_pdfium.dll Submit file
Filepath	C:\Windows\Temp\{709910E0-149B-4C9A-9252-53B87F118B0F}\.ba\pdfium.dll
Size	4.3MB
Processes	2180 (install.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`88659c389547bdc3515c446cc6670208`
SHA1	`2800f0a84d8e4194e778b1a7ce829b35568160e1`
SHA256	`9760afe7f7ec9c9a6d885a944cbafec52091a4fadd893ebb0a003f696cab747f`
CRC32	`1A076D1E`
ssdeep	`98304:kRxHLI9xEoQRTlaVA+5xfMMHG05OJuJrCp4Pa0wwnYCICsA4:ipTcAsEhuTPahCICsV`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsDLL - (no description) Obsidium_Zero - Obsidium protector file IsPE32 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	c31edd1c1f5bac8f_ondatra.tar.gz Submit file
Filepath	C:\Windows\Temp\{709910E0-149B-4C9A-9252-53B87F118B0F}\.ba\ondatra.tar.gz
Size	503.8KB
Processes	2180 (install.exe)
Type	data
MD5	`417b7657b1872596f396ae4e0571ea8e`
SHA1	`363226ca6634b75c87023519aaddd864fae2a67a`
SHA256	`c31edd1c1f5bac8f6fa367a0bf54df45eeef3b693509fd72a27b011509b499d4`
CRC32	`3CBA4746`
ssdeep	`6144:bTf0012owd0bpCSw/cU0MKeN87PI4m4QyFzsT7NGutDuboWzXejsURePIxeX2C7L:MUVgcI/cU0/BaoikoozXejlob8ylCER`
Yara	None matched
VirusTotal	Search for analysis

Name	16126ff5daa3787a_madbasic_.bpl Submit file
Filepath	C:\Windows\Temp\{709910E0-149B-4C9A-9252-53B87F118B0F}\.ba\madbasic_.bpl
Size	209.0KB
Processes	2180 (install.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`dc6655a38ffdc3c349f13828fc8ec36e`
SHA1	`95db71ef7bff8c16ce955c760292bad9f09bb06d`
SHA256	`16126ff5daa3787a159cf4a39aa040b8050ebb66ab90dbb97c503110ef72824a`
CRC32	`39BD36A9`
ssdeep	`6144:wN/kSQxE6qeM/k4qTl5L5e5+53WCG1CbF/Frf1:PqeM/k4qR5L5e5+53WulZ1`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file mzp_file_format - MZP(Delphi) file format
VirusTotal	Search for analysis

Name	aa9fb49e1e21b3c4_prolificacy_20240709132733.log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Prolificacy_20240709132733.log
Size	1.1KB
Processes	2180 (install.exe)
Type	ASCII text, with CRLF line terminators
MD5	`6347538d9cc83aaee2126a3d0099736c`
SHA1	`5264f70078925070428a6251c7f71b83126cacf2`
SHA256	`aa9fb49e1e21b3c4d233bb7f12d7a5400fc9cf595aca6a87ae3ed43a073ebd84`
CRC32	`0ED68D1D`
ssdeep	`24:k5sHSmAzTdibIHcP2h4cP29UcP2VFzcP2ucP23VcP2S:k5sHMPdiVYvkrOFmED7`
Yara	None matched
VirusTotal	Search for analysis

Name	6d234acfa5889595_bootstrapperapplicationdata.xml Submit file
Filepath	C:\Windows\Temp\{709910E0-149B-4C9A-9252-53B87F118B0F}\.ba\BootstrapperApplicationData.xml
Size	2.3KB
Processes	2180 (install.exe)
Type	XML 1.0 document, Little-endian UTF-16 Unicode text, with very long lines, with CRLF line terminators
MD5	`133a2380f96dc09162ef4aa78055349e`
SHA1	`cabe437e16057d1740277674c2c8a806b20f6c4c`
SHA256	`6d234acfa5889595dba5363f8ee6ec352d11616c1211260fdc926ca000634833`
CRC32	`68E09CC0`
ssdeep	`48:y+03N6hOuTUbcDkwcne1CM3JiS0wpyc3eoSyui1arni1ubrgl:lgNwcn6CMH0wpych8WarnWyru`
Yara	None matched
VirusTotal	Search for analysis

Name	0bd2c84f3a013b46_ladysmantle.dll Submit file
Filepath	C:\Windows\Temp\{709910E0-149B-4C9A-9252-53B87F118B0F}\.ba\Ladysmantle.dll
Size	933.7KB
Processes	2180 (install.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`8bf22244be2ec6c3a95d31f715602c28`
SHA1	`298b26a8d60ac1e5b90d37046ec75778c66f8742`
SHA256	`0bd2c84f3a013b466b21947b69ef2cb9a77fccb4327f34aed00318a110c559dd`
CRC32	`3BF4799F`
ssdeep	`24576:dk8+EUPoH5KTcAxt/qvRQdxQxO6CkCS9mmWymfVPO:dkpAlM8ixQISC6A`
Yara	Malicious_Library_Zero - Malicious_Library Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	f64cc7e7a916c98f_hardy.xlsx Submit file
Filepath	C:\Windows\Temp\{709910E0-149B-4C9A-9252-53B87F118B0F}\.ba\hardy.xlsx
Size	62.8KB
Processes	2180 (install.exe)
Type	data
MD5	`ea58a53d96e22c2d2cd1e50550c2c3bf`
SHA1	`a9b13004916968606f04d77b557ab88f9d87752b`
SHA256	`f64cc7e7a916c98f0e409d013caef376cc371ea02a67269f120dcdc2d7c302e9`
CRC32	`C4AAB4DF`
ssdeep	`1536:9NpUMI9w1yhmW9cAKdsrFaja2n2hTEF3odjeOevmySGsu:3WwtWmPqFaja22o4eHvmosu`
Yara	None matched
VirusTotal	Search for analysis

Name	835f1141ece59c36_madexcept_.bpl Submit file
Filepath	C:\Windows\Temp\{709910E0-149B-4C9A-9252-53B87F118B0F}\.ba\madexcept_.bpl
Size	435.0KB
Processes	2180 (install.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`21068dfd733435c866312d35b9432733`
SHA1	`3d5336c676d3dd94500d0d2fe853b9de457f10fd`
SHA256	`835f1141ece59c36b18e76927572d229136aeb12eff44cb4ba98d7808257c299`
CRC32	`32FCE865`
ssdeep	`6144:mlAz49EKhEV30F8sl88nTjQ4Q50gEcW/jd+o72niVUNMa4Yn2c:mlG4ut30F8slzYlQcW/jd++2nJ6u2c`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware mzp_file_format - MZP(Delphi) file format
VirusTotal	Search for analysis

Name	9b696ad0ec3b37ba_bundleextensiondata.xml Submit file
Filepath	C:\Windows\Temp\{709910E0-149B-4C9A-9252-53B87F118B0F}\.ba\BundleExtensionData.xml
Size	252.0B
Processes	2180 (install.exe)
Type	XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
MD5	`a35990570afaa7d023fd2ebbe229afb8`
SHA1	`86688b13d3364adb90bba552f544d4d546afd63d`
SHA256	`9b696ad0ec3b37bac11da76bcd51ad907d31ee9638dad7bb8fdd5aef919ef621`
CRC32	`A09044DF`
ssdeep	`6:QFulcLk0YR5Ie8GcUlLulFwENeWlYmH1fMWGVUlLulFwEnk:QF/LXYRWe8OLqF3Ye1kWGaLqFhk`
Yara	None matched
VirusTotal	Search for analysis

Name	3c317dbab70d3ab4_itopdatarecovery.exe Submit file
Filepath	C:\Windows\Temp\{709910E0-149B-4C9A-9252-53B87F118B0F}\.ba\iTopDataRecovery.exe
Size	4.0MB
Processes	2180 (install.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`95387cc85dacad60b3e10665b43602e6`
SHA1	`d9aafd45fe3ad10d28716d6289fe76b4fdce1869`
SHA256	`3c317dbab70d3ab4fce944c92532d111f69fd71dca5c7f7c7b8d57e657f26a1a`
CRC32	`C869CAA3`
ssdeep	`98304:ad/+HMxTNPx8kwh+Pfddfe/nxmu5QK1V7Z:Y2H2TNPx8kwhWddfImqQI/`
Yara	PhysicalDrive_20181001 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Admin_Tool_IN_Zero - Admin Tool Sysinternals Malicious_Packer_Zero - Malicious Packer Antivirus - Contains references to security software IsPE32 - (no description) Microsoft_Office_File_Zero - Microsoft Office File UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware mzp_file_format - MZP(Delphi) file format
VirusTotal	Search for analysis

Name	eb48e0e36be7b0a8_pdf2bmp.dll Submit file
Filepath	C:\Windows\Temp\{709910E0-149B-4C9A-9252-53B87F118B0F}\.ba\pdf2bmp.dll
Size	278.2KB
Processes	2180 (install.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`f65c3b116281fd23e5748ad73e9501cf`
SHA1	`ebda8a741833c4fcbfcb72591a7c173d69a01ebd`
SHA256	`eb48e0e36be7b0a89a0b8cc129a3b004a8525e5f60445e5ca48a7810d9d93725`
CRC32	`EB92735C`
ssdeep	`6144:Fy21Cp1pVexu7mAdMyQ69cu2hk8vZM4ie:Fy2Ap1feEPQ6Z2fMFe`
Yara	HermeticWiper_Zero - HermeticWiper Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	6010e2147a0f51a7_datastate.dll Submit file
Filepath	C:\Windows\Temp\{709910E0-149B-4C9A-9252-53B87F118B0F}\.ba\datastate.dll
Size	75.5KB
Processes	2180 (install.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`28f0ccf746f952f94ff434ca989b7814`
SHA1	`506e85d2de6377492d90b98aa20663b0ff3ce32a`
SHA256	`6010e2147a0f51a7bfa2f942a5a9eaad9a294f463f717963b486ed3f53d305c2`
CRC32	`8D053259`
ssdeep	`768:BdPmXHrMcRkZrVlqE6BI6TalNPzrrSRTy3IXGX8prYXDRMMUKkVp4VdEhahE:r+XrMzriE6BorrJIXJpCRM7fVp4c`
Yara	Malicious_Library_Zero - Malicious_Library Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis