Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.21 02:09
l6E.exe
09.20 01:09
setup.exe
09.20 11:09
3uTools.exe
09.20 11:09
66ecb4573225b_vsbhfdg1...
09.20 10:09
66ecb452ba19c_sfbdsgfd...
09.20 10:09
66ecb44c35444_vfdhsgdf...
09.20 10:09
66ec0e61998bf_setup30.exe
09.20 10:09
66ebf725efe38_lyla.exe
09.20 10:09
Desktop_Explorer.exe
09.20 10:09
66ec3528901bb_winupdat...

Latest News
09.21 05:09
Raspberry Pi RP2350-E9...
09.21 05:09
Apple's iPhone Hits St...
09.21 05:09
Intel Gains on Report ...
09.21 05:09
ION Reprices Leveraged...
09.21 05:09
Microsoft bringt Windo...
09.21 05:09
Falsche Buchungen in M...
09.21 05:09
Auf diesem Twitter-Klo...
09.21 04:09
OIG audit calls for mo...
09.21 04:09
How Google Allegedly M...
09.21 04:09
Metasploit Weekly Wrap...

Dropped Files | ZeroBOX

Name	14225793889f877e_zmmivihx.0.cs Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\zmmivihx.0.cs
Size	461.0B
Processes	2116 (powershell.exe)
Type	C++ source, UTF-8 Unicode (with BOM) text, with very long lines
MD5	`fa28eedfcb69eea1881a826b87a84dd1`
SHA1	`234463b35c18898d10eab923c8f087fc3d78b7f6`
SHA256	`14225793889f877e6133b9915300f39ff4f8f4c787c4fa2c8be79ec98304eb2e`
CRC32	`379F6AFB`
ssdeep	`6:V/DsYLDS81zul0i/MGNHQXReKJ8SRHy4HYYBWQmG0/WpsZTQy:V/DTLDfuKXfH3BWhupgMy`
Yara	Network_Downloader - File Downloader
VirusTotal	Search for analysis

Name	8efc15df3d104652_recoverystore.{1f22d05d-5548-11ef-ac50-94de278c3274}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1F22D05D-5548-11EF-AC50-94DE278C3274}.dat
Size	4.5KB
Processes	2172 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`305f6dd5a1b8f3e972ba81e9297df136`
SHA1	`25acc9fc8eced33c08044dc593e8607d62cedc77`
SHA256	`8efc15df3d1046529f533d8e162b75e91e05dd791878f0900606b713a49a653d`
CRC32	`ED9E8CA0`
ssdeep	`12:rlfF2XrEg5+IaCrI0F7+F2W2OrEg5+IaCrI0F7ugQNlTqbaxoVECQNlTqbaxoV0V:rqX5/1XO5/3QNlW5KNlW5`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	796146f490f0b790_CSC4DC8.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\CSC4DC8.tmp
Size	652.0B
Processes	312 (csc.exe)
Type	MSVC .res
MD5	`fd89643ced5167dc8f4d67871bf76c51`
SHA1	`bdb2f47fd8dbaab0f77f0eadea2b17a2e9802742`
SHA256	`796146f490f0b790e19801a85622d712b816a69e63c2ce370c320bf434558b29`
CRC32	`F868F91C`
ssdeep	`12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gry1LnYak7YnqqGLnNPN5Dlq5J:+RI+ycuZhNzYakS4NPNnqX`
Yara	None matched
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_zmmivihx.err Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\zmmivihx.err
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	0ed5b0823e71e0e3_590aee7bdd69b59b.customdestinations-ms Submit file
Filepath	c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\590aee7bdd69b59b.customdestinations-ms
Size	7.8KB
Processes	2116 (powershell.exe)
Type	data
MD5	`f4a8a3e56bca0190031a365f104571cf`
SHA1	`7a4eac7016b8feca961f757cfe05bfeb4b76c10f`
SHA256	`0ed5b0823e71e0e3262a8a73ff269499135b20c9c5aa71e34b57a9f43218ed41`
CRC32	`E95A2C69`
ssdeep	`96:QtuC6GCPDXBqvsqvJCwoFtuC6GCPDXBqvsEHyqvJCworQStDHXyWlUVul:QtbXoFtbbHnorFTyo`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	ea65c22729df908a_{1f22d05e-5548-11ef-ac50-94de278c3274}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1F22D05E-5548-11EF-AC50-94DE278C3274}.dat
Size	4.0KB
Processes	2172 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`3891236b7c55dfe25e7041ec1d95721a`
SHA1	`650fe5aa59544bcecf6fb1b842965bb0bb68f49f`
SHA256	`ea65c22729df908a011fe9e71b6fb78edf966f07df84f3d49b73e59845f6d09d`
CRC32	`CB20D698`
ssdeep	`12:rl0YmGFy7KYrEgmfcB7KFEorEgmfZ7qgONlQ8dbax9tX/Q1mRy46NlL9baxGjMsg:rQ7KYGTG/ONlZ54RMNlpDAlh+K`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	89287fd08491aba5_zmmivihx.pdb Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\zmmivihx.pdb
Size	7.5KB
Processes	312 (csc.exe) 2116 (powershell.exe)
Type	MSVC program database ver 7.00, 512*15 bytes
MD5	`210e53e365e8c08a650d17f5e36ff8a0`
SHA1	`4378eb08a721bd229f4a239216d7e3edaf83e25d`
SHA256	`89287fd08491aba57db557478bbd7e2a98aa92d15261270bc9613e2910ac7197`
CRC32	`635760A0`
ssdeep	`6:zz/BamfXllNS/FeWu/91mllxrS/77715KZYXCeWuNfoGggksl/3YXBGQu+e0KWEb:zz/H1W/FJuPSXS/pwlJulmqRi`
Yara	None matched
VirusTotal	Search for analysis

Name	336731de8929e82c_zmmivihx.cmdline Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\zmmivihx.cmdline
Size	311.0B
Processes	2116 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`79af26079300af9f3a4109b39ff771ee`
SHA1	`7c5c658cf75627d82029ae615dde07132e3a6138`
SHA256	`336731de8929e82c24f82e1d944261bc7019f8f84bf2b2ac9e3f176c9e3d4781`
CRC32	`A9DC052B`
ssdeep	`6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23fhqmGsSAE2NmQpcLJ23fhEA:p37LvXOLMcnPAE2xOLMN`
Yara	None matched
VirusTotal	Search for analysis

Name	270b76862396fe35_RES4E56.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RES4E56.tmp
Size	1.2KB
Processes	3060 (cvtres.exe) 312 (csc.exe)
Type	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5	`873971f50653329de8a01a3faad7df83`
SHA1	`5d2932a231f39faea3944ba3c768c0aa5c1d378b`
SHA256	`270b76862396fe3584d448ec7a8eaf1330259589e29ccd1d158b796d81995185`
CRC32	`73368EFA`
ssdeep	`24:HwMJ9YernMwsmH/UnhKLI+ycuZhNzYakS4NPNnqjtd:Sern+mcnhKL1ulca3gqjH`
Yara	None matched
VirusTotal	Search for analysis

Name	2362b52741c858e2_zmmivihx.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\zmmivihx.dll
Size	3.5KB
Processes	312 (csc.exe) 2116 (powershell.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`aa7612798f0218e569a4736f05dfc710`
SHA1	`ee091b9ba72cc85d09c350defad7c7f84cfe2ca0`
SHA256	`2362b52741c858e29635fb56dfdbe8d22803384a58ab8341d9400cb6796a1226`
CRC32	`1BD41E40`
ssdeep	`24:etGS2N6G7wct7xQukmPkJKRUbdPtkZfDQso1mkmI+ycuZhNzYakS4NPNnq:6F/DyMuJM5wX1ulca3gq`
Yara	Network_Downloader - File Downloader PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	0bafbe545f234970_zmmivihx.out Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\zmmivihx.out
Size	598.0B
Processes	2116 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`4dc2656705de0a4f84c5d1eee2bede3c`
SHA1	`c147a397d75366fae65868f27569228af88d6792`
SHA256	`0bafbe545f234970082d5278f5aada19809e65ce51bff8825c8c492a26f1ba4d`
CRC32	`30976F7D`
ssdeep	`12:K4X/NzR37LvXOLMcnPAE2xOLMIKai31bIKIMBj6I5BFR5y:KyNzd3BcnIE2nIKai31bIKIMl6I5Dvy`
Yara	None matched
VirusTotal	Search for analysis