Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe
11.13 02:11
nb.exe
11.13 02:11
svcyr.exe
11.13 02:11
Ghost_1.5.11.5.exe
11.13 02:11
PowderGpl.exe
11.13 02:11
goodlabel%E6%89%93%E5%...

Latest News
11.13 09:11
Launching On-Demand Mo...
11.13 09:11
Killing Filecoin nodes
11.13 09:11
ICE Started Ramping Up...
11.13 09:11
Sports League Platform...
11.13 09:11
Mishing: The Rising Mo...
11.13 09:11
Europe’s Tech Startups...
11.13 09:11
NASA Announces New Tri...
11.13 09:11
Microsoft’s Gaming Chi...
11.13 09:11
Amazon Makes it Harder...
11.13 09:11
Brain Implant Startups...

Dropped Files | ZeroBOX

Name	b50f9e5dee2929ea_590aee7bdd69b59b.customdestinations-ms Submit file
Filepath	c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\590aee7bdd69b59b.customdestinations-ms
Size	7.8KB
Processes	2900 (powershell.exe)
Type	data
MD5	`79554726609ee4ad83247006f91548b1`
SHA1	`b72cedf1f11cc1c2eed89ce81814b12616ec3e35`
SHA256	`b50f9e5dee2929eac08ed158d2221c938c925967324a3ab8f910cd27fdac17ac`
CRC32	`19DF44F7`
ssdeep	`96:EtuCcBGCPDXBqvsqvJCwoRtuCcBGCPDXBqvsEHyqvJCworM/X4tDHXyA/PlUVul:EtCgXoRtCgbHnor6cTy2t`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	5d92d1af82521971_fakecmd.bat Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\fakecmd.bat
Size	60.0B
Processes	2552 (winmod.exe)
Type	DOS batch file, ASCII text, with CRLF line terminators
MD5	`f96d7ee1c050f915b080bd319564c817`
SHA1	`6f095907e07e178f9063a01020caf2921d982c7a`
SHA256	`5d92d1af825219719e4009d70a50a63a8ed5e51e2faf79e2e83bc212e55cad21`
CRC32	`C602405A`
ssdeep	`3:mKDDPp7PJyWNAJJovovVKzGSJJn:hNB3smvdz9J`
Yara	None matched
VirusTotal	Search for analysis

Name	c769721071f2e65e_tmp4551.tmp.bat Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmp4551.tmp.bat
Size	160.0B
Processes	2552 (winmod.exe) 2984 (cmd.exe)
Type	DOS batch file, ASCII text, with CRLF line terminators
MD5	`50384de0eb1286eb8845b3314a55fb07`
SHA1	`3a152fc3e108685822ea74eec4833302c5461262`
SHA256	`c769721071f2e65ebe45cba4a2681fdedb34c592a9e9d3d317055df3a9c66e8a`
CRC32	`C987C7EF`
ssdeep	`3:mKDDCMNqTtv3DmWxpcL4E2J5xAIJSM8gQDwU1hGDmWxpcL4E2J5xAInTRI7FSGZ6:hWKqTtLmQpcLJ23fJSM0DNemQpcLJ23P`
Yara	None matched
VirusTotal	Search for analysis

Name	1ef86b1cfa7e45f6_winmod.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\winmod.exe
Size	61.5KB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`e2e17ea8d5d471e58cbef7258dfec0e3`
SHA1	`3cb8ddc90819a8d9b5d971a484b91c6593fb3df0`
SHA256	`1ef86b1cfa7e45f6602e24a18e76d5e556f781abb0acf18f92eaca95bb53e25d`
CRC32	`236DEC3F`
ssdeep	`768:2l/9Ypu3qBk1q2quJAEtHgRc0LMT1iPcY9nLsmgmuYotCtGB2:29YA3OuJAEH30wTk/9nLsBjyGB2`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	103cb14f2460de6e_windowshealthchecker.exe Submit file
Filepath	C:\Windows\WindowsHealthChecker.exe
Size	31.5KB
Processes	2748 (WindowsModificator.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`b075f9e4015e2f43154b9903d9ec5fb5`
SHA1	`0717b04115360a6d1d4451c90d0f6b0f781d249f`
SHA256	`103cb14f2460de6ef7c780becc87bac0599bdd0527e176c0ec87aad2397b57e6`
CRC32	`4FD8E7CC`
ssdeep	`768:CmDVuVP514zxjCzXjX/v/DJvikQmIDUu0ti+irj:ze6SvBjQVkdoj`
Yara	PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description) IsPE32 - (no description) Win_Backdoor_njRAT_Zero - Win Backdoor njRAT
VirusTotal	Search for analysis