Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Dropped Files | ZeroBOX

Name	960fdf8a31e985b7_t_baibaoyun_win32.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\25521341b0\t_baibaoyun_win32.dll
Size	1.2MB
Processes	2552 (1.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`22fb4088016272b0284a927187d89808`
SHA1	`ced1857001bb07529f3e4d5d66a00fca586081a3`
SHA256	`960fdf8a31e985b7c69b934ad3f19b55f4d52804113401060a7b7a7cf79391df`
CRC32	`A4777DB3`
ssdeep	`24576:Xybf1tSl87l5pWXv1SDpg6UjaePfwuT+ayux8Eugw+a/HPfmSsVHxeGMSC25n9oP:Xa1glWk9ke3VjIwm6V2`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	295cc157a8b7fbc3_tv.vbe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\25521341b0\tv.vbe
Size	615.0B
Processes	2552 (1.exe)
Type	data
MD5	`3e793a1ddc42267f34f9329e7a1d321b`
SHA1	`898747d4dd5b1ac87ead3caed3f42939118b11c3`
SHA256	`295cc157a8b7fbc36028fb56cc0990891920da1eb79c26a118e160b5788c6d9c`
CRC32	`6BFC1708`
ssdeep	`12:GzWkzgDjGkJC71QxQgIgYw8EwRx7zVQj3Oo3KV0E/D0Y0je2TY+t986Ix:GdONJC7emHVEKCLXKf/50qB+EXx`
Yara	None matched
VirusTotal	Search for analysis

Name	c5b08eef88b10fab_1262031.temp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\25521341b0\1262031.temp
Size	1.1MB
Processes	2552 (1.exe)
Type	7-zip archive data, version 0.3
MD5	`a9db3ffe30143baa9147977abed93cb6`
SHA1	`6ec20b79bc73f8933c348d8a0a54b5d67391231a`
SHA256	`c5b08eef88b10fab1d59e932b6d5e470fbbfb5ed78008e18b2b903eaedf5878d`
CRC32	`AD16E03D`
ssdeep	`24576:WNqRu/t1fqUV5eNjPnPDUybMUcpq6pWZP8sKYJo8yJ:WN9tV4NTj0xVsZfE`
Yara	None matched
VirusTotal	Search for analysis

Name	dd4985539c4316e9_intermediate.tis Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\25521341b0\intermediate.tis
Size	56.4KB
Processes	2552 (1.exe)
Type	data
MD5	`412972cff01a0ad23a128b1e337155d1`
SHA1	`efeda2bcf302547a6ff91ab4b5425f6471b07960`
SHA256	`dd4985539c4316e99d24703d86c3442752c5281ca8454d4cc5793c468941c0a1`
CRC32	`F5D77582`
ssdeep	`768:toet+fICraz7aWbnGSxV3U1zJJ9U8Nfcv5YP2LUuyWsHxHDg6E5/V8A+1esLAcCE:t8fICMrGgU11wScRYkKWfD5/H+qcz`
Yara	None matched
VirusTotal	Search for analysis

Name	16fdf499c06543de_ai.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\25521341b0\ai.exe
Size	96.0KB
Processes	2552 (1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`290d2267039a01322b590592cbf0c13c`
SHA1	`188996bfb808374f09a6f5a087d47f4fc450d668`
SHA256	`16fdf499c06543dedab6f17279fdf1fabb29779f54cb1f4cc2e61fdb6961ed33`
CRC32	`99FEDE25`
ssdeep	`1536:nV4MllIAZdhS+VEoJuLVBWra2kfHzR04c3TOT0792TOOYnMrOk:neClBlcCOtHl04cj207o6E`
Yara	PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	b8ab64b00c2cb719_tlib.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\25521341b0\TLib.dll
Size	707.5KB
Processes	2552 (1.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`84d18da644ec2559aa8a9f5cdc3948c0`
SHA1	`660c10a221ace21b418e526de45453ef972e66c1`
SHA256	`b8ab64b00c2cb719d7dabdacf17187ff75e053aad1aeae7298b4e596a6edf354`
CRC32	`33A45241`
ssdeep	`12288:2Xy3qmE8T7+E3CraIYXgDTqYON+lP5YbLAV81p8PW/ZBm2OkK6:2Xy3qmWE36aIYXgDTq5iP5YbMV8QoZHP`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	e3a682bc9ab15846_tapi.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\25521341b0\TApi.dll
Size	1.8MB
Processes	2552 (1.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`20a87544961d0189b6f180fb330e96bd`
SHA1	`4eb6d4edecad1472ede74989753043704b754300`
SHA256	`e3a682bc9ab15846da7105c819b138c9aee29fbf43ab4c9d349ea9bac9ed6773`
CRC32	`05289C3A`
ssdeep	`49152:zpqt05Rp4dTA56+KEr/rkrmPblHtImQJfvJ1FRJJMBLCGdZO36P3ouNk8B/qZQvK:7rkrmPblHtImQJfvJxMBLCGdOU37RSPn`
Yara	DllRegisterServer_Zero - execute regsvr32.exe Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	a0a88a5a789baa82_main.twin Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\25521341b0\main.twin
Size	1.8KB
Processes	2552 (1.exe)
Type	Little-endian UTF-16 Unicode text
MD5	`c2266f836fa0c45a4634b08e2f9f9a5a`
SHA1	`222a1a0893e92a06b429a3f105ebea73e79308c0`
SHA256	`a0a88a5a789baa826d480eb7450a363d3a2baa333c16ff4b66d6f384dd2b85e7`
CRC32	`5FC381B6`
ssdeep	`24:Q1BQVNBqqcjB0sgBqqA/B7EEpJF2Y/RH5qatYJirF0bQvfQJpy/cs6kySDJLizRA:yBQVajD5noirF0bQv4nec/SuA`
Yara	None matched
VirusTotal	Search for analysis

Name	905c8db404e6a1ff_sc.vbe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\25521341b0\sc.vbe
Size	599.0B
Processes	2552 (1.exe)
Type	data
MD5	`012692095c915cd4313ba44b414a3b8b`
SHA1	`3c1ed7f39b49b6d81242ebe6b998c51ab0aee4ff`
SHA256	`905c8db404e6a1ff1987dec187f980c62db630f16767332f61b14f94aaf7852d`
CRC32	`0033DB83`
ssdeep	`12:Gnkl6a2zr0O5Vl+e+LgbFc1e1+zuUmrVe9GWZxJn4On9:GnuYD5v+e+LgJc1eP9W2Y`
Yara	None matched
VirusTotal	Search for analysis