Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Dropped Files | ZeroBOX

Name	a4c86fc4836ac728__setup64.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-ASMSV.tmp\_isetup\_setup64.tmp
Size	6.0KB
Processes	2644 (crt.tmp)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`4ff75f505fddcc6a9ae62216446205d9`
SHA1	`efe32d504ce72f32e92dcf01aa2752b04d81a342`
SHA256	`a4c86fc4836ac728d7bd96e7915090fd59521a9e74f1d06ef8e5a47c8695fd81`
CRC32	`B1C5F7C5`
ssdeep	`96:sfkcXegaJ/ZAYNzcld1xaX12pS5SKvkc:sfJEVYlvxaX12EF`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	9884e9d1b4f8a873__shfoldr.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-ASMSV.tmp\_isetup\_shfoldr.dll
Size	22.8KB
Processes	2644 (crt.tmp)
Type	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`92dc6ef532fbb4a5c3201469a5b5eb63`
SHA1	`3e89ff837147c16b4e41c30d6c796374e0b8e62c`
SHA256	`9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87`
CRC32	`AE2C3EC2`
ssdeep	`384:+Vm08QoKkiWZ76UJuP71W55iWHHoSHigH2euwsHTGHVb+VHHmnH+aHjHqLHxmoq1:2m08QotiCjJuPGw4`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	b1e4659f97b99610_crt.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-LHPNH.tmp\crt.tmp
Size	692.5KB
Processes	2592 (crt.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`16e4357834b680772864d9467c3e4001`
SHA1	`9d2ed94fc7b5c528e58810cd29daa4c4b2fb64df`
SHA256	`b1e4659f97b9961002a2b1247d1796e0f458fc6bb80e07cfa0c4e72469af5132`
CRC32	`CDB2EAB9`
ssdeep	`12288:thu7eEcdCP8trP837szHUA6JCzS9Ntc3l3ER6orNjURZFDExyF:Pu7eEYCP8trP837szHUA60SLtcV3E9IT`
Yara	DllRegisterServer_Zero - execute regsvr32.exe Malicious_Library_Zero - Malicious_Library Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet mzp_file_format - MZP(Delphi) file format OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	2f6294f9aa09f59a__iscrypt.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-ASMSV.tmp\_isetup\_iscrypt.dll
Size	2.5KB
Processes	2644 (crt.tmp)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`a69559718ab506675e907fe49deb71e9`
SHA1	`bc8f404ffdb1960b50c12ff9413c893b56f2e36f`
SHA256	`2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc`
CRC32	`FB05FA3A`
ssdeep	`24:e1GSgDIX566lIB6SXvVmMPUjvhBrDsqZ:SgDKRlVImgUNBsG`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	4dc09bac0613590f__regdll.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-ASMSV.tmp\_isetup\_RegDLL.tmp
Size	4.0KB
Processes	2644 (crt.tmp)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`0ee914c6f0bb93996c75941e1ad629c6`
SHA1	`12e2cb05506ee3e82046c41510f39a258a5e5549`
SHA256	`4dc09bac0613590f1fac8771d18af5be25a1e1cb8fdbf4031aa364f3057e74a2`
CRC32	`2748B2DA`
ssdeep	`48:ivuz1hEU3FR/pmqBl8/QMCBaquEMx5BC+SS4k+bkguj0KHc:bz1eEFNcqBC/Qrex5iSKDkc`
Yara	DllRegisterServer_Zero - execute regsvr32.exe PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis