Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.11 10:11
bxn.exe
11.11 10:11
glued.hta
11.11 10:11
MONDAYconstraints.vbs
11.11 10:11
tartarises.vbs
11.11 10:11
xwo.exe
11.11 10:11
comehomeconstraints.vbs
11.11 10:11
hello.exe
11.11 10:11
chrome_130.exe
11.11 10:11
s.exe
11.11 10:11
Citatfusk.vbe

Latest News
11.13 10:11
로그인 정보를 훔치는것 으로 추정 되는 ...
11.13 10:11
유니닥스, AI 기반 주얼리 검색 시스템...
11.13 10:11
퓨어피크, ‘솔리드 라인’ 초도 물량 완...
11.13 10:11
커버낫 우먼, ‘호빵 X 클로버하트’ 카...
11.13 09:11
(주)아삭·(주)유독컴퍼니, 소상공인 및...
11.13 09:11
Weekly Detection Rule ...
11.13 09:11
그라스메디 ‘자유펫’, 2025 JKC ...
11.13 09:11
November Patch Tuesday...
11.13 09:11
WAV2VGM Plays Audio Vi...
11.13 09:11
로코모션뷰, 무료 AI 뉴스레터와 함께 ...

Dropped Files | ZeroBOX

Name	04ba4487f95290e0_cleanospp.exe Submit file
Filepath	C:\files\x86\cleanospp.exe
Size	25.8KB
Processes	2816 (files.dat)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`98821a7a5737d656633d10a3afb724bd`
SHA1	`0307ba03137de39735c6e5bde8afd22d5279f0f9`
SHA256	`04ba4487f95290e0b0557b44300c18f637fbaf0872ee96e3111013b8a1539f25`
CRC32	`3C84535E`
ssdeep	`384:N9FuUOvAiG0gIVDKDYgmh02HPwzi3AnXdOKV1TE54UslGsGK3:wUAAYgmO21QXPV1Y1i3`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	cbbeb5758166f4d5_sibclr.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\sibD1F3.tmp\SibClr.dll
Size	52.2KB
Processes	2096 (OInstall_x64.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`6e500f73d5349991165807174fd32ada`
SHA1	`07a5cf87461cd3d6205c411edc5587eea39afd4e`
SHA256	`cbbeb5758166f4d532bb155daf3830618e4b31da0c14a66f4d16a308d7477842`
CRC32	`DA045295`
ssdeep	`1536:7yMz8ueRvU1Dc1xpHaLIa97v7AVqgwbioQ+wF:7yRvQDg76Lb97sV82F`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	4b8fca1d2f0eecd5_start.ps1 Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\sibD1F3.tmp\0\start.ps1
Size	1.1KB
Processes	2096 (OInstall_x64.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`fa2f7c78c7bb6b4336f7e83ef412ec8b`
SHA1	`4283f649aacd8eb2c12351ab0bbdda829694a0c6`
SHA256	`4b8fca1d2f0eecd5e5c7b14f97427fb5687c6c6ea1c729a0540edd7100976591`
CRC32	`C9CAC4AC`
ssdeep	`24:FlYyQxGIX582XXApZfL5kz/sikrAQtSzZl+YWV:FlYyMrApVdY/s/AQt6Zl+7V`
Yara	None matched
VirusTotal	Search for analysis

Name	caf295438040eca0_setup.exe Submit file
Filepath	C:\files\setup.exe
Size	7.3MB
Processes	2544 (setup64.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`6b6f44e4ef1ee8fb94ea28aed02964fb`
SHA1	`c9f845c97b5c5863682c2f38f8f1ed26377b4dfb`
SHA256	`caf295438040eca0632d475eeecf51a16307a23cb87dcfce796d274e8e8ff221`
CRC32	`D5E707CA`
ssdeep	`196608:hXqTPuiy2bA5G4GGxNd226ALHcXSHo36r6weCUJaI6HMaJTtGb8b:tSuiy2Qx76ALHqK6wxBb`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer Antivirus - Contains references to security software IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	08f23c75858e25be_sibca.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\sibD1F3.tmp\SibCa.dll
Size	4.5KB
Processes	2096 (OInstall_x64.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`db34fda1537ea3d7a047c6f361256e77`
SHA1	`92ddd4037db66d828822b971367850bd0690bf5a`
SHA256	`08f23c75858e25be010165e3e6dd5bc5d618745db6e662d1a0a51e82d9db9366`
CRC32	`C485D121`
ssdeep	`48:6QsF7uQXGrx6KCF17v0Zder2szXRnaFHGHWSqOPulC0M3I:BRx+FZ2dk2s9naFmCU0M`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) Antivirus - Contains references to security software IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	be7d8a8825fde96e_static.ps1 Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\sibD1F3.tmp\1\static.ps1
Size	5.2KB
Processes	2096 (OInstall_x64.exe)
Type	ASCII text, with CRLF line terminators
MD5	`e31e73395f06c575a6df467978781653`
SHA1	`d498043dc1a5392d2d1c255005b689ff70e63ad8`
SHA256	`be7d8a8825fde96e1fa449fd1898bc1bd01e07c31e73796fcba61c526f0f9b88`
CRC32	`36A99214`
ssdeep	`96:3fx3spmPEbhEHssT77yPIfttP5OQOcs2iqFDHinbI:3Zcp4EbhEMsT77SIftR5/GFqWs`
Yara	Antivirus - Contains references to security software
VirusTotal	Search for analysis

Name	cdcd3fa3cb1ebfaf_configure.xml Submit file
Filepath	C:\files\Configure.xml
Size	836.0B
Processes	2544 (setup64.exe)
Type	exported SGML document, ASCII text, with CRLF line terminators
MD5	`f693e4fb8d3907e6cc44a34e1cc87296`
SHA1	`e3b646ddeeb72d1e2fd9e6ea654aca44d61feb5f`
SHA256	`cdcd3fa3cb1ebfafc98273ae52632f80b95cb9d25933ee1c7d2fdec640b264d0`
CRC32	`2F2D0BE4`
ssdeep	`12:9MFVrwGC1soAoEZ41soAoELK41soAoZJ1rnVpSd6BkO5ekSC5wWZVg5odjciLe4a:2aldl2ldH5pSNWZPi9p`
Yara	None matched
VirusTotal	Search for analysis

Name	edf85f4e2ef1a427_cleanospp.exe Submit file
Filepath	C:\files\x64\cleanospp.exe
Size	28.3KB
Processes	2816 (files.dat)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`d3467cb7b83b654c2d05407dc7ba2360`
SHA1	`af7b4fdde21434f9e8d2e90fbff7b1d64af8a0a3`
SHA256	`edf85f4e2ef1a427b34265a22f261d664ec78de90c3b5da4174ef28558c8522a`
CRC32	`52868DC0`
ssdeep	`384:AQAInWKpEFFzpjq37oIOU6GHq33QPiu431VPjdOKV1TQilrkK:AxWTpOFagUb2qiu43P7PV1D`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	4e3b13b56bec0e41_files.dat Submit file
Filepath	C:\files\files.dat
Size	765.8KB
Processes	2544 (setup64.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`bb5569b15d68c10b7ff2d96b45825120`
SHA1	`d6d2ed450aae4552f550f59bffe3dd42d8377835`
SHA256	`4e3b13b56bec0e41778e6506430282bbbd75ccaa600fd4b645ce37dd95b44c8e`
CRC32	`2CB81075`
ssdeep	`12288:qXRqml2fcarViUC6TViXyKxhqahbqiR6WEttE6iITi44eKwV3uSI:ygEGcarV7CqViXtxAadq/WEtO8O/en9S`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	09d5b42140bab131_uninstall.xml Submit file
Filepath	C:\files\Uninstall.xml
Size	59.0B
Processes	2816 (files.dat)
Type	ASCII text, with CRLF line terminators
MD5	`364f86f97324ea82fe0d142cd01cf6dd`
SHA1	`fc2a45da2ede0c018ab8e46044e6a25765c27d99`
SHA256	`09d5b42140bab13165ba97fbd0e77792304c3c93555be02c3dce21a7a69c66dd`
CRC32	`00963AB4`
ssdeep	`3:3NMOoytn5HHQbyi9MOov:3NL5HHa9m`
Yara	None matched
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_nsbD0F7.tmp Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\nsbD0F7.tmp
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	d6431d5645fffd05_d93f411851d7c929.customDestinations-ms~RF17089a4.TMP Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF17089a4.TMP
Size	7.8KB
Processes	2356 (powershell.exe) 2160 (powershell.exe)
Type	data
MD5	`260d23ce04a8f8555a73b7d2dc15e911`
SHA1	`ebad746fb7de847c50f7502a44f6e35534733efd`
SHA256	`d6431d5645fffd05a23166d630253bc7ce8c099cf6e9c956f8ae5e1249ee8588`
CRC32	`11D6B213`
ssdeep	`96:ctuCeGCPDXBqvsqvJCwo5tuCeGCPDXBqvsEHyqvJCworSP7Hwxf2lUVul:ctvXo5tvbHnorrxQ`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	a9220271c0eb79e5_d93f411851d7c929.customDestinations-ms~RF1701df9.TMP Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF1701df9.TMP
Size	7.8KB
Type	data
MD5	`b0c9ff441742f3847ea27da9dee7f2cd`
SHA1	`c42a1eb32ba953a0ce5d8635caabf71b5b281495`
SHA256	`a9220271c0eb79e5750e0d0e62058ecac560e09cdf9e82ef61aeeabada5d48a4`
CRC32	`0BBCAB1A`
ssdeep	`96:RutuCOGCPDXBqvsqvJCwo+utuCOGCPDXBqvsEHyqvJCworSP7Hwxf2lUVul:UtvXoxtvbHnorrxQ`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	2ff9f800cfe3e450_setup64.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\sibD1F3.tmp\0\setup64.exe
Size	18.7MB
Processes	2096 (OInstall_x64.exe)
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`80f8a2ffd54a73c6cc17f427d10dd1da`
SHA1	`099b916641cdb3cb66aa9242bcb92b00ebce8475`
SHA256	`2ff9f800cfe3e450b9feb25c171c6813c6e100506068fd4da25a5c7255d6b0dc`
CRC32	`F5309C8D`
ssdeep	`393216:gCqFTywoCkhfO/zFXGW/F/P9wXiXzThRmeC/+pWt0p+:gXFTXRkdObGXYztRyMa0c`
Yara	PhysicalDrive_20181001 - (no description) Malicious_Library_Zero - Malicious_Library Network_Downloader - File Downloader Admin_Tool_IN_Zero - Admin Tool Sysinternals PE_Header_Zero - PE File Signature ftp_command - ftp command Malicious_Packer_Zero - Malicious Packer IsPE64 - (no description) VBScript_Check_OS - VBScript Check OS DllRegisterServer_Zero - execute regsvr32.exe Antivirus - Contains references to security software anti_vm_detect - Possibly employs anti-virtualization techniques Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	dbd8412d2109210c_sibuia.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nsqD107.tmp\Sibuia.dll
Size	534.2KB
Processes	2096 (OInstall_x64.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`3c6305db9e44895e77393a81620cfda0`
SHA1	`e8bd8df743f2366440d9af1d39803c80b8d2b326`
SHA256	`dbd8412d2109210c19bb3d3d6a2aa7810b4d0390edef2b8f6445849fe3d44c81`
CRC32	`7AE7C610`
ssdeep	`12288:n1wZo0Mb8ddmou3zlNn1EbIpQ3sXfvh8c7:n1Zb8dfuibIvXfvec7`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsDLL - (no description) Win32_Trojan_Emotet_1_Zero - Win32 Trojan Emotet IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	1d1a1ae540ba132f_msvcr100.dll Submit file
Filepath	C:\files\x64\msvcr100.dll
Size	809.8KB
Processes	2816 (files.dat)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`df3ca8d16bded6a54977b30e66864d33`
SHA1	`b7b9349b33230c5b80886f5c1f0a42848661c883`
SHA256	`1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36`
CRC32	`EDAC09D7`
ssdeep	`12288:3gzGPEett9Mw9HfBCddjMb2NQVmTW752fmyyKWeHQGokozS:QzJetPMw9HfBCrMb2Kc6ymyyKWewGzUS`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	60c06e0fa4449314_msvcr100.dll Submit file
Filepath	C:\files\x86\msvcr100.dll
Size	755.8KB
Processes	2816 (files.dat)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`bf38660a9125935658cfa3e53fdc7d65`
SHA1	`0b51fb415ec89848f339f8989d323bea722bfd70`
SHA256	`60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa`
CRC32	`14EE1F12`
ssdeep	`12288:yMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BV0eAI:dmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV4I`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis