Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
05.02 09:05
main.exe
05.02 09:05
pkbc.exe
05.02 09:05
knfl.exe
05.02 09:05
test2.ps1
05.02 09:05
pupa.pdf.lnk
05.02 09:05
ssasr.dll
05.02 08:05
가상자산 관련 외부평가위원 위촉 안내.h...
05.02 06:05
anchor.html
05.02 06:05
anchor.html
05.02 04:05
Synaptics.exe

Latest News
05.02 05:05
Russia – Assignment of...
05.02 05:05
Targeting and Compromi...
05.02 05:05
Malware development tr...
05.02 05:05
국정원, 역대 최대 규모로 NATO 국제...
05.02 05:05
“K-방산, 정부 끌고 민간 밀고”…중남...
05.02 05:05
[보안칼럼] ‘우리는 국가단위 해킹그룹의...
05.02 05:05
Microsoft Sets Passkey...
05.02 04:05
What Is Fog Ransomware?
05.02 04:05
FOG Ransomware Spread ...
05.02 04:05
FOG Ransomware Targets...

Dropped Files | ZeroBOX

Name	661ec03e9409e03e__iswctby.pdb Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_iswctby.pdb
Size	7.5KB
Processes	2284 (csc.exe) 1560 (powershell.exe)
Type	MSVC program database ver 7.00, 512*15 bytes
MD5	`0e75248ccefa6a1b5b9fc68da5312c85`
SHA1	`caa15d34969b26d1b34fd42abb4969bed1fdfe30`
SHA256	`661ec03e9409e03ea515ffceb2503306f4bc54f01b1a299919f01e4c31a25b78`
CRC32	`0DEABEFC`
ssdeep	`6:zz/BamfXllNS/+Gkll+Whf1mllxrS/77715KZYX1Gkll+WhXoGggksl/3YXBGQuT:zz/H1W/wllSXS/pwQlfmqRi`
Yara	None matched
VirusTotal	Search for analysis

Name	dd15b95a8a0a8a33_{a6acc700-5f84-11ef-ac50-94de278c3274}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A6ACC700-5F84-11EF-AC50-94DE278C3274}.dat
Size	4.5KB
Processes	3060 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`13075a75aab553a43390806b1cd27cbd`
SHA1	`2f5dfeac715d65ef4697a112951cce66ce6adb48`
SHA256	`dd15b95a8a0a8a33ce41e777b49573b72d4f2fb0e6b2f18519d0f03bb41dcf79`
CRC32	`1EAFBADC`
ssdeep	`12:rl0ZGFfOrEgmfAB76FgporEgmfN7qgONl08hbaxsv/Q1n4DNl/9baxdzKtHaK+wd:rSGkoGLONl0AfwANlFKmlh+`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	6a1e5e3e67941d17__iswctby.cmdline Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_iswctby.cmdline
Size	311.0B
Processes	1560 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`7105e7de59efd544937f7da05ad531b8`
SHA1	`6896c30834c40f7a7bcb8228323fa621961eb3c2`
SHA256	`6a1e5e3e67941d17d2b758f9d83d609614eec01fc32c435c2b868040bf636937`
CRC32	`C3F4D18D`
ssdeep	`6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23fD1nQmGsSAE2NmQpcLJ23fDdGWH:p37LvXOLMenPAE2xOLMLH`
Yara	None matched
VirusTotal	Search for analysis

Name	5568b88b2740c459__iswctby.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_iswctby.dll
Size	3.5KB
Processes	2284 (csc.exe) 1560 (powershell.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`d4296d7128310f74d9a0a182b3c16e85`
SHA1	`d9ac86d7c2cc448f957f73b754ced6a1aaf8b16a`
SHA256	`5568b88b2740c459f17039ad310e61846273a019a0015c650ef9dbc57c26a5ca`
CRC32	`38EF3594`
ssdeep	`24:etGSPN6G7wcLq/okKn7rU5gRB34UbdPtkZfaSgqi7OzC1KKmI+ycuZhNiakSqPNq:64O58W0MuJafqiyOY51ulia3Gq`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	e8b0be18b8fbeb74__iswctby.0.cs Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_iswctby.0.cs
Size	467.0B
Processes	1560 (powershell.exe)
Type	C++ source, UTF-8 Unicode (with BOM) text, with very long lines
MD5	`67e4777aa0535139652e6b862da2b9c3`
SHA1	`478bb159e9cb8439d599bb5bd532507bc9679db4`
SHA256	`e8b0be18b8fbeb74eb175a9af3e45671c16c22098ee64473b551b244b924a5c0`
CRC32	`4EC1E4F3`
ssdeep	`6:V/DsYLDS81zujWN04FHMmn/RQXReKJ8SRHy4Hi0J1m22pnRF/2o7ly:V/DTLDfuO5uXfHvVIRE8y`
Yara	None matched
VirusTotal	Search for analysis

Name	8387140f31905c69__iswctby.out Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_iswctby.out
Size	598.0B
Processes	1560 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`1e3418c9429c466d8e91128ce01d21d7`
SHA1	`70371298933ab9bc21e54d1e98baf4a91a73b433`
SHA256	`8387140f31905c6939de20334249e936eac85a690205f003278b86c2116eeae5`
CRC32	`88C4CC4D`
ssdeep	`12:K4X/NzR37LvXOLMenPAE2xOLMLOKai31bIKIMBj6I5BFR5y:KyNzd3BenIE2nSKai31bIKIMl6I5Dvy`
Yara	None matched
VirusTotal	Search for analysis

Name	0ed5b0823e71e0e3_590aee7bdd69b59b.customdestinations-ms Submit file
Filepath	c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\590aee7bdd69b59b.customdestinations-ms
Size	7.8KB
Processes	1560 (powershell.exe)
Type	data
MD5	`f4a8a3e56bca0190031a365f104571cf`
SHA1	`7a4eac7016b8feca961f757cfe05bfeb4b76c10f`
SHA256	`0ed5b0823e71e0e3262a8a73ff269499135b20c9c5aa71e34b57a9f43218ed41`
CRC32	`E95A2C69`
ssdeep	`96:QtuC6GCPDXBqvsqvJCwoFtuC6GCPDXBqvsEHyqvJCworQStDHXyWlUVul:QtbXoFtbbHnorFTyo`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	fc25f9d24c9ad7b4_RES40B9.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RES40B9.tmp
Size	1.2KB
Processes	2996 (cvtres.exe) 2284 (csc.exe)
Type	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5	`789c4221ba59677adf1c796b399e7cc1`
SHA1	`3356dc06c7dc35973b0acde87abb553a8b6a3eb2`
SHA256	`fc25f9d24c9ad7b458227a1f92ed71577a6ba86674975e4ef7df97dabf0aea1f`
CRC32	`74B34EC0`
ssdeep	`24:H1iJ9Yerno8ZmHYUnhKLI+ycuZhNiakSqPNnqjtd:V3ernFmznhKL1ulia3GqjH`
Yara	None matched
VirusTotal	Search for analysis

Name	ffbbc143d06787f9_recoverystore.{a6acc6ff-5f84-11ef-ac50-94de278c3274}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A6ACC6FF-5F84-11EF-AC50-94DE278C3274}.dat
Size	4.5KB
Processes	3060 (iexplore.exe) 2228 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`7498d8c505640943629a5cae4b255d50`
SHA1	`9765c65f040f90fec13af186e29846941657d045`
SHA256	`ffbbc143d06787f9329d1dd3722e5fa82432c7b73a7ab2feb0fc353f98562ee5`
CRC32	`E5B159FC`
ssdeep	`12:rlfF2ikHrEg5+IaCrI0F7+F2/tOrEg5+IaCrI0F7ugQNlTqbaxRNlTqbax:rqHH5/1g5/3QNlW4NlW`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14__iswctby.err Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\_iswctby.err
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	cc46beea96ffaccf_CSC405A.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\CSC405A.tmp
Size	652.0B
Processes	2284 (csc.exe)
Type	MSVC .res
MD5	`2f4ffee6569c18bc64d2dda29a7f617b`
SHA1	`fc2522b1938708e905b7798ece34c21c16de93ce`
SHA256	`cc46beea96ffaccf6f3f1ccd5b83c0b5fb500bfdb07e2d3597025f008aa41e57`
CRC32	`769F75E6`
ssdeep	`12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gry9czbak7YnqqGczUPN5Dlq5J:+RI+ycuZhNiakSqPNnqX`
Yara	None matched
VirusTotal	Search for analysis