Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Dropped Files | ZeroBOX

Name	9e6e4772050998a5_readme.txt Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_Files_\readme.txt
Size	10.0B
Type	ASCII text, with no line terminators
MD5	`eb6b6c90251ab33cee784713c451e6d8`
SHA1	`451685e9efac4a6dc1fee73ec53ffb6b2c4c38b5`
SHA256	`9e6e4772050998a5c0dc3c61acf3dab0a7e594566171fa5746d6b62f9598efb6`
CRC32	`22598B08`
ssdeep	`3:IS:7`
Yara	None matched
VirusTotal	Search for analysis

Name	4fb4496aead93bba_cred64.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\110809d565579c\cred64.dll
Size	1.2MB
Processes	2184 (Utsysc.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`c7612ef960097ff466e641c7fe0cd5d3`
SHA1	`06849181c7ed4a8b44440f66583e6d1c11308916`
SHA256	`4fb4496aead93bba8589248a89030c9ba1fb033aa505d8a14295b7ae511e2486`
CRC32	`47599B4D`
ssdeep	`24576:axYTyT6AMgQZvBHa726ZwccIIF1cV6n6zyYqOFzd6:fAMgQ7672swJIR06wb`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	8813a622ec135335_clip64.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\110809d565579c\clip64.dll
Size	102.0KB
Processes	2184 (Utsysc.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`83a532c46261758c3d74cc11fc0f20ef`
SHA1	`eb3827d8cdf46f80241eac73da136a5d72b5d301`
SHA256	`8813a622ec13533542655e87e56d5746332d3df3dcdb6c2a993a8d2b21e2583d`
CRC32	`3CF9F86E`
ssdeep	`3072:sYHZ5o8D+sjrW2sosmrtuQRYKr77BUQYW0Z:scDoBkPsituQR5uW0Z`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) Win_Amadey_Zero - Amadey bot IsPE32 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	6338b823d5172f03_utsysc.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\466504e025\Utsysc.exe
Size	260.0KB
Processes	1044 (amadey.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`107c3b33e05d1d569cccc2052e56055e`
SHA1	`e843ffcb2d67ec5778a66abce8ee3d162831dd90`
SHA256	`6338b823d5172f0321814534c1d7aff08a60132c62de48c2752c2c7dfc191228`
CRC32	`B09810CA`
ssdeep	`6144:og7RU92ushCQjrnlNTnbWRp1MHuqbMlAOxyYizl7:mTshCQjrnlluMHuqberyT7`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	e86353197a153163_832866432405 Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\832866432405
Size	85.0KB
Processes	2184 (Utsysc.exe)
Type	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1024x768, frames 3
MD5	`d6b01952a7c14fa7d0b9a657d8956658`
SHA1	`93ee79644c81aa00d74386cf911b8baa01b2dd6a`
SHA256	`e86353197a15316384f34d14e171264722cdd7a9f7c70aed4292ac29565c02e3`
CRC32	`D24099BC`
ssdeep	`1536:08qQRlKOtginlqeQf4gq7W9r8Wa8+3vMqHILIIsw/jUrBt5mw:NRlk8lqjQg/N8WA0qoLhd/jUFt5p`
Yara	JPEG_Format_Zero - JPEG Format
VirusTotal	Search for analysis