Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.20 01:09
setup.exe
09.20 11:09
3uTools.exe
09.20 11:09
66ecb4573225b_vsbhfdg1...
09.20 10:09
66ecb452ba19c_sfbdsgfd...
09.20 10:09
66ecb44c35444_vfdhsgdf...
09.20 10:09
66ec0e61998bf_setup30.exe
09.20 10:09
66ebf725efe38_lyla.exe
09.20 10:09
Desktop_Explorer.exe
09.20 10:09
66ec3528901bb_winupdat...
09.20 10:09
Inquiry-Dubai.js

Latest News
09.21 01:09
Hackaday Podcast Episo...
09.21 01:09
The Russian Bot Army T...
09.21 01:09
Australia’s Labor Part...
09.21 12:09
Inviting the Public to...
09.21 12:09
How Ransomhub Ransomwa...
09.21 12:09
Middle East backdoored...
09.21 12:09
Updated CISA exploited...
09.21 12:09
Several orgs purported...
09.21 12:09
New CISA guidance seek...
09.21 12:09
Lumma Stealer deployed...

Dropped Files | ZeroBOX

Name	2cc8ebea55c06981_audiocapture.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\updtewinsup221\AudioCapture.dll
Size	87.3KB
Processes	1700 (ApertureLab.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`7629af8099b76f85d37b3802041503ee`
SHA1	`f40a5efcb9dee679de22658c6f95c7e9c0f2f0c0`
SHA256	`2cc8ebea55c06981625397b04575ed0eaad9bb9f9dc896355c011a62febe49b5`
CRC32	`1A05ACB3`
ssdeep	`768:ZrOxYZwDgyfoVD/Ksdl0R8rKZEmU2ffE7CdmW1B1jvmhxccp2UvHNORpPePtJPv4:ZrOxDJs/Ksdl0R1dBmhFJERpPyJPvuXR`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	d96856cd944a9f15_nskbfltr.inf Submit file
Filepath	C:\Users\test22\AppData\Roaming\updtewinsup221\nskbfltr.inf
Size	328.0B
Processes	1700 (ApertureLab.exe)
Type	Windows setup INFormation, ASCII text, with CRLF line terminators
MD5	`26e28c01461f7e65c402bdf09923d435`
SHA1	`1d9b5cfcc30436112a7e31d5e4624f52e845c573`
SHA256	`d96856cd944a9f1587907cacef974c0248b7f4210f1689c1e6bcac5fed289368`
CRC32	`91EDA8F7`
ssdeep	`6:a0S880EeLL6sWqYFcf8KYFEAy1JoHBIr2M2OIAXFYJKRLIkg/LH2yi9vyifjBLWh:JShNvPG1JoHBx2XFhILH4Burn`
Yara	None matched
VirusTotal	Search for analysis

Name	7fb2efd09c92cff4_client32.ini Submit file
Filepath	C:\Users\test22\AppData\Roaming\updtewinsup221\client32.ini
Size	761.0B
Processes	1700 (ApertureLab.exe)
Type	ASCII text, with CRLF line terminators
MD5	`d08afe2af7e89b127b3e9388ea505915`
SHA1	`f9d9e682417410d7046c7ecf6958458f245c9eff`
SHA256	`7fb2efd09c92cff4d5cb3efb26628aba91ec17f28c0dbdb407384dbc4627d7f8`
CRC32	`71376084`
ssdeep	`12:dBrd+mPfGSyDWVTXzPfY837GXoKIDWpSYL79XCYubluI2X4a1AFK/c:dBrEmPfCo1yXtID4nlVuL2Xl1AFQc`
Yara	None matched
VirusTotal	Search for analysis

Name	5eeb014e3b390e0c_nsm.lic Submit file
Filepath	C:\Users\test22\AppData\Roaming\updtewinsup221\NSM.LIC
Size	261.0B
Processes	1700 (ApertureLab.exe)
Type	ASCII text, with CRLF line terminators
MD5	`886e4bb84e1ecc4a04ae599d76fcce1d`
SHA1	`3f0493bb2088af50bcc8223462db0b207354e946`
SHA256	`5eeb014e3b390e0c85ce72988d422dcd9de1520566b11755c70bdd9bb7376060`
CRC32	`DE06E66C`
ssdeep	`6:O/oPeU4xRPjwxVp8WdDKHMoEEjLgpW2M+xrXrIXZNWYpPM/ioM4La8l6i7s:XGpR7wxX8W8JjjqW2MAXWNBPM/iom8lM`
Yara	None matched
VirusTotal	Search for analysis

Name	475b188aadb4e4c0_automrunner201.ini.lnk Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\automrunner201.ini.lnk
Size	1.8KB
Processes	1700 (ApertureLab.exe)
Type	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Icon number=0, Hidden, Archive, ctime=Sun Aug 11 14:48:04 2024, mtime=Sun Aug 11 14:48:04 2024, atime=Thu Oct 3 17:04:26 2013, length=103824, window=hide
MD5	`dbfe0f87ea81f3627b02e4f7cb52a29e`
SHA1	`ff173527140e934b9c143b3dfaa45fdfc467af07`
SHA256	`475b188aadb4e4c0e1d65c57d05786d509526eede7b875f7a8268718c45db0be`
CRC32	`7154D04C`
ssdeep	`12:8SCxkikg64k64cZCrR8EvSECPSL6/zlzE72HF5MIYl3CizCCOLAHt261k2lqmm/A:89xTJesERdkUiGDXlZzNfvk2lt2310`
Yara	lnk_file_format - Microsoft Windows Shortcut File Format Lnk_Format_Zero - LNK Format
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14___tmp_rar_sfx_access_check_31314484 Empty file or file not found
Filepath	C:\Users\test22\AppData\Roaming\__tmp_rar_sfx_access_check_31314484
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	b11380f81b0a704e_remcmdstub.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\updtewinsup221\remcmdstub.exe
Size	58.3KB
Processes	1700 (ApertureLab.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`5be6fb8f28544d4f83c25a2b76ff7890`
SHA1	`6ad5d9338984c52b37f2176c8ae4ae2366a7fd25`
SHA256	`b11380f81b0a704e8c7e84e8a37885f5879d12fbece311813a41992b3e9787f2`
CRC32	`618A0B3D`
ssdeep	`1536:Uf6nvXuNcAjJMBUHYBlXU1wT2JFqywsQ:e6nPcjJ4U4I1jFqywL`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	6ffe12cdfe0a36de_tcctl32.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\updtewinsup221\TCCTL32.DLL
Size	378.3KB
Processes	1700 (ApertureLab.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`1e6e804ca71eaf5bef0abef95c578cf0`
SHA1	`8eb7e6eff15edcb01d20322c4994512fdd1dd227`
SHA256	`6ffe12cdfe0a36dec4b4a40ecdafb4097b1af7c340b0fcecf9f5c67b7fa8b299`
CRC32	`4367BD81`
ssdeep	`6144:bn452GF6HWSJkgGjMTUjemzWz+ZsYRtFM2V3KZ/aDVpIxNc+KT5Ev7pt0AUazmgt:D452GF6HlkgGjMT8emzWusytFMKDXIxj`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) anti_vm_detect - Possibly employs anti-virtualization techniques IsPE32 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	18df68d1581c1113_client32.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\updtewinsup221\client32.exe
Size	101.4KB
Processes	1700 (ApertureLab.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c4f1b50e3111d29774f7525039ff7086`
SHA1	`57539c95cba0986ec8df0fcdea433e7c71b724c6`
SHA256	`18df68d1581c11130c139fa52abb74dfd098a9af698a250645d6a4a65efcbf2d`
CRC32	`E6259E9D`
ssdeep	`768:q78j0+RH6e6XhBBxUcnRWIDDDDDDDDDDDDDDDDADDDDDDDDDDDDDDDDDDDDDDXDU:qwpHLiLniepfxP91/bQxnu`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	e0ed36c897eaa535_nsm.ini Submit file
Filepath	C:\Users\test22\AppData\Roaming\updtewinsup221\NSM.ini
Size	6.0KB
Processes	1700 (ApertureLab.exe)
Type	Non-ISO extended-ASCII text, with CRLF line terminators
MD5	`99f493dce7fab330dc47f0cab8fe6172`
SHA1	`16906fb5988303bb462b65ff4ece23539a12f4b5`
SHA256	`e0ed36c897eaa5352fab181c20020b60df4c58986193d6aaf5bf3e3ecdc4c05d`
CRC32	`83DFCF9B`
ssdeep	`96:L1DgNnkStXsfpsNXl0o1n49+jJeQScwzTHXllBXl3SXlcwah0SgAh0su9h0kEhhd:h4nt9kgamEvfUsrywp7`
Yara	None matched
VirusTotal	Search for analysis

Name	6562585009f15155_htctl32.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\updtewinsup221\HTCTL32.DLL
Size	316.3KB
Processes	1700 (ApertureLab.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`051cdb6ac8e168d178e35489b6da4c74`
SHA1	`38c171457d160f8a6f26baa668f5c302f6c29cd1`
SHA256	`6562585009f15155eea9a489e474cebc4dd2a01a26d846fdd1b93fdc24b0c269`
CRC32	`9E312CAF`
ssdeep	`6144:WyspIr8g8imeKk9Fv8TamdF3xuHGAimnx30aaY5nFJl8NjzGrn0J/d3M1OGg:WyspIr8g8i191uzdwHGAimd0bY5FJl85`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) anti_vm_detect - Possibly employs anti-virtualization techniques IsPE32 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	0cff893b1e7716d0_pcichek.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\updtewinsup221\PCICHEK.DLL
Size	14.3KB
Processes	1700 (ApertureLab.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`3aabcd7c81425b3b9327a2bf643251c6`
SHA1	`ea841199baa7307280fc9e4688ac75e5624f2181`
SHA256	`0cff893b1e7716d09fb74b7a0313b78a09f3f48c586d31fc5f830bd72ce8331f`
CRC32	`14987400`
ssdeep	`192:uuYr6062b6Z1HVF6RRHXPPr+13fnYe+PjPIrI9FlP4r9ZCspE+TMlr78Vkf:uuYe72u6r+5nYPL7NheMr`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	4bfa4c00414660ba_nsm_vpro.ini Submit file
Filepath	C:\Users\test22\AppData\Roaming\updtewinsup221\nsm_vpro.ini
Size	46.0B
Processes	1700 (ApertureLab.exe)
Type	ASCII text, with CRLF line terminators
MD5	`3be27483fdcdbf9ebae93234785235e3`
SHA1	`360b61fe19cdc1afb2b34d8c25d8b88a4c843a82`
SHA256	`4bfa4c00414660ba44bddde5216a7f28aeccaa9e2d42df4bbff66db57c60522b`
CRC32	`1FC5A049`
ssdeep	`3:lsylULyJGI6csM:+ocyJGIPsM`
Yara	None matched
VirusTotal	Search for analysis

Name	2dfdc169dfc27462_pcicapi.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\updtewinsup221\pcicapi.dll
Size	106.4KB
Processes	1700 (ApertureLab.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`67c53a770390e8c038060a1921c20da9`
SHA1	`49e63af91169c8ce7ef7de3d6a6fb9f8f739fa3a`
SHA256	`2dfdc169dfc27462adc98dde39306de8d0526dcf4577a1a486c2eef447300689`
CRC32	`4D4DD553`
ssdeep	`1536:LnzOfAUs8aONOb2H4NECHnTXg05rQMb2bbaPrw6BkJElFBIboKKGQ1w:LnSfAB8cb2YN7pSy8AuElFBIboKKGSw`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	8793353461826fbd_msvcr100.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\updtewinsup221\msvcr100.dll
Size	755.8KB
Processes	1700 (ApertureLab.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`0e37fbfa79d349d672456923ec5fbbe3`
SHA1	`4e880fc7625ccf8d9ca799d5b94ce2b1e7597335`
SHA256	`8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18`
CRC32	`4623CD62`
ssdeep	`12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z`
Yara	Malicious_Library_Zero - Malicious_Library Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	b6d4ad0231941e06_pcicl32.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\updtewinsup221\PCICL32.DLL
Size	3.3MB
Processes	1700 (ApertureLab.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`e7b92529ea10176fe35ba73fa4edef74`
SHA1	`fc5b325d433cde797f6ad0d8b1305d6fb16d4e34`
SHA256	`b6d4ad0231941e0637485ac5833e0fdc75db35289b54e70f3858b70d36d04c80`
CRC32	`7C4E2253`
ssdeep	`49152:FwWtZSlgPoqxyszApD0Ew0J94KinCgqGBQTdTBOHa3clSToWZiwDA:FwWrSlgHyszApD090mCgqTUSPE9`
Yara	Malicious_Library_Zero - Malicious_Library Admin_Tool_IN_Zero - Admin Tool Sysinternals PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsDLL - (no description) Antivirus - Contains references to security software IsPE32 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis