Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe
11.13 02:11
nb.exe
11.13 02:11
svcyr.exe
11.13 02:11
Ghost_1.5.11.5.exe
11.13 02:11
PowderGpl.exe
11.13 02:11
goodlabel%E6%89%93%E5%...
11.13 02:11
ua.exe

Latest News
11.13 04:11
가트너, “AI 데이터센터 40%, 20...
11.13 04:11
미라트 쇼룸, DDP에서 약 1.5만명 방문
11.13 04:11
IBM, AI와 복잡내성 보안 강화한 I...
11.13 04:11
Fake Job Ads and Fake ...
11.13 04:11
노크, 전국 30만 대학생 소통의 장 열어
11.13 04:11
종로 골드게이트, 예물반지용 랩다이아몬드...
11.13 04:11
코오롱베니트, 글로벌 소프트웨어 기업 에...
11.13 04:11
사회복지법인 대한사회복지회, 한양대학교 ...
11.13 04:11
한싹, AI 답변 생성 솔루션 ‘블루러닝...
11.13 04:11
'바툼 시스템 히터' 오는15일 현대홈쇼...

Dropped Files | ZeroBOX

Name	f719890d1006271b_kh2-la8c.out Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\kh2-la8c.out
Size	598.0B
Processes	2132 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`349a3c62829d8d9d480a7ae2c71411bc`
SHA1	`52582e1e96ffcb26e4d503d96f96fa8839854a29`
SHA256	`f719890d1006271b2e29b6cd87081b7d9c88678a8c70cfa3f57a864c2a0164d0`
CRC32	`82510AFA`
ssdeep	`12:K4X/NzR37LvXOLMLtQnPAE2xOLML2Kai31bIKIMBj6I5BFR5y:KyNzd3BLqnIE2nL2Kai31bIKIMl6I5Da`
Yara	None matched
VirusTotal	Search for analysis

Name	e99a001d143bc337_RES3F81.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RES3F81.tmp
Size	1.2KB
Processes	1692 (cvtres.exe) 2184 (csc.exe)
Type	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5	`0a0281a1da8de8c744c0f35a08424a9c`
SHA1	`54935356e62063e8747dcb62031b242fdedca9f8`
SHA256	`e99a001d143bc337584e127637b66e1f39ec87012d1ff7710e1fc3b4e6a46579`
CRC32	`A5066C14`
ssdeep	`24:HYJ9YernHClmH1UnhKLI+ycuZhNKTakSt8PNnqjtd:ZernilmynhKL1ulKTa3tsqjH`
Yara	None matched
VirusTotal	Search for analysis

Name	1dc36cbf1f606844_{14853d00-594c-11ef-ac50-94de278c3274}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{14853D00-594C-11EF-AC50-94DE278C3274}.dat
Size	4.5KB
Processes	2172 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`43f9f177cda472773ea91239ec6abed1`
SHA1	`fffdb7d3992ef653cbc1613dab6747b8d0d4672e`
SHA256	`1dc36cbf1f606844edb16743d532d6f6e10d9120730562f5eac5d457453fa9c3`
CRC32	`03BD5045`
ssdeep	`12:rl0ZGFKprEgmfAB76FDrEgmfN7qgONl08hbaxsv/Q1M2/4DNl/9baxdzKtHaK+wN:rUGHGLONl0Afwq2yNlFKmlh+C2`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	a04783d2666b2812_CSC3F12.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\CSC3F12.tmp
Size	652.0B
Processes	2184 (csc.exe)
Type	MSVC .res
MD5	`0fd0fc3d08083164a698db85f0e741c2`
SHA1	`bb7888201fef059e12e0b27317529392dba5fac0`
SHA256	`a04783d2666b2812469adf69449eae6654b78dee4f45bf9f5827f451382b893f`
CRC32	`6200EC18`
ssdeep	`12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5grycTak7Ynqqt8PN5Dlq5J:+RI+ycuZhNKTakSt8PNnqX`
Yara	None matched
VirusTotal	Search for analysis

Name	0ed5b0823e71e0e3_590aee7bdd69b59b.customdestinations-ms Submit file
Filepath	c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\590aee7bdd69b59b.customdestinations-ms
Size	7.8KB
Processes	2132 (powershell.exe)
Type	data
MD5	`f4a8a3e56bca0190031a365f104571cf`
SHA1	`7a4eac7016b8feca961f757cfe05bfeb4b76c10f`
SHA256	`0ed5b0823e71e0e3262a8a73ff269499135b20c9c5aa71e34b57a9f43218ed41`
CRC32	`E95A2C69`
ssdeep	`96:QtuC6GCPDXBqvsqvJCwoFtuC6GCPDXBqvsEHyqvJCworQStDHXyWlUVul:QtbXoFtbbHnorFTyo`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	26d0551dc29271ee_kh2-la8c.0.cs Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\kh2-la8c.0.cs
Size	488.0B
Processes	2132 (powershell.exe)
Type	C++ source, UTF-8 Unicode (with BOM) text, with very long lines
MD5	`c7aada668e1a5a7f1ebc22a81482a88e`
SHA1	`b6d67db57a74b1740be17986c83b328d72b92a78`
SHA256	`26d0551dc29271eebe340cb7f437d16c7312d399513c306249139e7a6e7e0640`
CRC32	`6F1EFDCB`
ssdeep	`6:V/DsYLDS81zu1B2340viWmMORQXReKJ8SRHy4HfEyiMCO3T1wKy:V/DTLDfuL2IlWXfHNiM56Ky`
Yara	Network_Downloader - File Downloader
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_kh2-la8c.tmp Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\kh2-la8c.tmp
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	e529a76dc8f3504b_recoverystore.{14853cff-594c-11ef-ac50-94de278c3274}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{14853CFF-594C-11EF-AC50-94DE278C3274}.dat
Size	4.5KB
Processes	2172 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`898c60bd5277952a88c1aea327de165b`
SHA1	`9f62335f55b7d2b5abe6e4402ca81d8cfa318c39`
SHA256	`e529a76dc8f3504b2fcf2942fb869561e5fbc405c9f1ebaa3b6ee7cdcc8072b6`
CRC32	`4FDB59EF`
ssdeep	`12:rlfF2CnHrEg5+IaCrI0F7+F2xrEg5+IaCrI0F7ugQNlTqbax43NlTqbax4:rqu5/1x5/3QNlW3NlW`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	c4898ea3462a8b51_kh2-la8c.pdb Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\kh2-la8c.pdb
Size	7.5KB
Processes	2184 (csc.exe) 2132 (powershell.exe)
Type	MSVC program database ver 7.00, 512*15 bytes
MD5	`8dfd8abf36c616b7e51fc7b66c06daa3`
SHA1	`df42dd0c116592dcd4f723f9a1ba4467a29685c3`
SHA256	`c4898ea3462a8b510cbea3e6f41f071c4884a58751f09b4d83b7a835d4afe9b0`
CRC32	`C720D609`
ssdeep	`6:zz/BamfXllNS/v3usx3Lv2ln1mllxrS/77715KZYXC3usx3Lv2loGggksl/3YXBe:zz/H1W/vuEC1SXS/pwPuEqmqRi`
Yara	None matched
VirusTotal	Search for analysis

Name	762cdfa6ead8e893_kh2-la8c.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\kh2-la8c.dll
Size	3.5KB
Processes	2184 (csc.exe) 2132 (powershell.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`3dd010f89f272e45a0b7a978b63c491e`
SHA1	`e3003fc9555054d6848cfa64f1b3ecef21b2b68a`
SHA256	`762cdfa6ead8e8939b1bc77ffe1ccc13c86254a343b7eace05d6da5388d4b94d`
CRC32	`B1BDC9CC`
ssdeep	`24:etGShsdatX2vw1/LktXS9UbdPtkZfYoAMT17H7uLKmI+ycuZhNKTakSt8PNnq:6rpj59MuJY7i57uL51ulKTa3tsq`
Yara	Network_Downloader - File Downloader PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	8ea9576f40b40808_kh2-la8c.cmdline Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\kh2-la8c.cmdline
Size	311.0B
Processes	2132 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`7ff3ef100bcec5dc9c96bbc4788f6571`
SHA1	`e1e14afb856de1f9c9c06bc37da1358e94a9c8aa`
SHA256	`8ea9576f40b40808964527849b42eb4f88011036d7f0d0a6051103c73b93420b`
CRC32	`1981610C`
ssdeep	`6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23fjtQmGsSAE2NmQpcLJ23fjEWH:p37LvXOLMLtQnPAE2xOLMLP`
Yara	None matched
VirusTotal	Search for analysis