Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.11 10:11
bxn.exe
11.11 10:11
glued.hta
11.11 10:11
MONDAYconstraints.vbs
11.11 10:11
tartarises.vbs
11.11 10:11
xwo.exe
11.11 10:11
comehomeconstraints.vbs
11.11 10:11
hello.exe
11.11 10:11
chrome_130.exe
11.11 10:11
s.exe
11.11 10:11
Citatfusk.vbe

Latest News
11.13 09:11
Weekly Detection Rule ...
11.13 09:11
그라스메디 ‘자유펫’, 2025 JKC ...
11.13 09:11
November Patch Tuesday...
11.13 09:11
WAV2VGM Plays Audio Vi...
11.13 09:11
로코모션뷰, 무료 AI 뉴스레터와 함께 ...
11.13 09:11
IT Sicherheitsnews tae...
11.13 09:11
Weekly Detection Rule ...
11.13 09:11
2025년 글로벌 인터넷플랫폼 동향 조사...
11.13 08:11
Amazon to Close Its Fr...
11.13 08:11
Millions of records fr...

Dropped Files | ZeroBOX

Name	e5a1d51c1cf7166d_method Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Method
Size	68.0KB
Processes	2888 (1.exe)
Type	data
MD5	`39b9b525de53692f76263bf22d9c31a2`
SHA1	`2f329f7307a71b1e2f3e25358033d26c26fab871`
SHA256	`e5a1d51c1cf7166dce5d1fd8445541138c4bed66c79a1d9b9ff08228a9316e8a`
CRC32	`AADBC18C`
ssdeep	`1536:/2AWyxm7QdZpa/ZGdjOPTeU8pc1oW5cJPWvIFy1Mm2ULeUkyZM3:eAWyQQQ/clOPakoXJuwFy1MeXkyZU`
Yara	None matched
VirusTotal	Search for analysis

Name	5be805c54b1c7dad_naughty Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Naughty
Size	93.0KB
Processes	2888 (1.exe)
Type	data
MD5	`fadf9285a594d2728d2cad1192fea076`
SHA1	`0b623187923eb74681a364284b0217228f6b1037`
SHA256	`5be805c54b1c7dadeb709b61d688b307cb268568ad1062e8f15d68f006bdb98f`
CRC32	`4FE63CF8`
ssdeep	`1536:aGlJeW9lgH7K3UrlHZ+oUIKjHnwg9f7Pv4UL6kgWQmURXo1t54Bvt4H2Owd6F4:FHq23AAIKjHwIj9RhOXGt5xwEm`
Yara	None matched
VirusTotal	Search for analysis

Name	8482b4995cbb66cd_weapons Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Weapons
Size	61.0KB
Processes	2888 (1.exe)
Type	data
MD5	`55287d9d47dfb98a4e9d896a83f16f95`
SHA1	`fcbd7b48117dfa898aa7df40b171b762da16dda7`
SHA256	`8482b4995cbb66cdb5ab91c479bb18707ec2b4d1b9c15332a5e2f1d27e518b01`
CRC32	`505DA58B`
ssdeep	`1536:qfDtjU0+l3G2sce/3LWvm0Nsvlgx3jDNZl3kV/0Xq4GWyIoOg6:qfDtjK/evLWF6l8DN3Cyq4HZoOg6`
Yara	None matched
VirusTotal	Search for analysis

Name	0d804d14e78cefaf_witness Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Witness
Size	870.4KB
Processes	2888 (1.exe)
Type	data
MD5	`69dfefa63c804a93f92eb1d38dca8863`
SHA1	`7478c298fa8b5817f37d393bea01d291dd8be582`
SHA256	`0d804d14e78cefafe2c25f522166ac3ece43d27d1d77c3ed8c4b5d369bfafcc9`
CRC32	`796EA042`
ssdeep	`12288:VpV0etV7qtINsegA/rMyyzlcqakvAfcN9b2MyZa31tqoPTdFbgawV2501:VTxz1JMyyzlohMf1tN70aw8501`
Yara	Malicious_Library_Zero - Malicious_Library Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	cf0eb9d9c98b37fb_dried Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Dried
Size	87.0KB
Processes	2888 (1.exe)
Type	data
MD5	`9eb7691874f4c94230b9963cdb4c1200`
SHA1	`bf1a1be634b5752aec70410d299077e51fb3ef33`
SHA256	`cf0eb9d9c98b37fb1a4e7a29fddc8758694fb7e62b6e666a647da8396bb4fdcc`
CRC32	`B295ED2D`
ssdeep	`1536:Bm3Iml5PS1t53M51EvnqssV/HiRurgVSwSQkyrZTvnLG3j52ro+ttHdTmKLcgGbu:YIsx6tVM5anqsu/HiRu7wm6ZnNltt9TT`
Yara	None matched
VirusTotal	Search for analysis

Name	daff91cfa98156cc_districts Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Districts
Size	76.8KB
Processes	2888 (1.exe)
Type	data
MD5	`8698949bc6f6661404e5bf2b9aeab97f`
SHA1	`6d6ae2f7127858408eb8415be64e1f3151a566b2`
SHA256	`daff91cfa98156cc39ccc24def6b5551e1b8ba7711156739105988693b0f2349`
CRC32	`AF57AEBB`
ssdeep	`1536:1F6cj+NQWSls4SkU1UWSYALMGXFkaUiI74QvJ853H395blKQrEzxOvPNv:1FNXWSq4SlpAL/6a/8JS3/mxOdv`
Yara	None matched
VirusTotal	Search for analysis

Name	38a9feb8a83bc98b_ultram Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Ultram
Size	52.0KB
Processes	2888 (1.exe)
Type	data
MD5	`3c162c776e59f6955d504a42df0321a4`
SHA1	`50766c644160c015ecd90a7731c31a1e2565446f`
SHA256	`38a9feb8a83bc98b3d79dcc92d24dd9190543f2e721066ce46487a32e433db58`
CRC32	`4112878A`
ssdeep	`1536:03uYOs4V2rQiwahlMhpzLYmZITjSybOsQP5MyZVdwsPUP:03cXAH9hlMhxLY3NznyJy`
Yara	None matched
VirusTotal	Search for analysis

Name	d8b7c7178fbadbf1_trade.pif Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\787871\Trade.pif
Size	872.7KB
Processes	3012 (cmd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`18ce19b57f43ce0a5af149c96aecc685`
SHA1	`1bd5ca29fc35fc8ac346f23b155337c5b28bbc36`
SHA256	`d8b7c7178fbadbf169294e4f29dce582f89a5cf372e9da9215aa082330dc12fd`
CRC32	`388D364B`
ssdeep	`12288:WpV0etV7qtINsegA/rMyyzlcqakvAfcN9b2MyZa31tqoPTdFbgawV2501:WTxz1JMyyzlohMf1tN70aw8501`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	fcdab9639af874cb_2.exe Submit file
Filepath	C:\Windows\Temp\2.exe
Size	435.5KB
Processes	2664 (66e095f996804_111.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`1f3cfcf8aad3e5e3164405d272aa213e`
SHA1	`96f1c646d19deab4ff071fbc6b3c73c87ce56e49`
SHA256	`fcdab9639af874cba780e20c21a9bc662b160dc313ddb75e5f82f779f1680101`
CRC32	`CD3F5CE7`
ssdeep	`6144:MDKW1Lgbdl0TBBvjc/2LBslU004yXs9bh1O5us/tkGGIpn4x3tp8:ah1Lk70Tnvjc+q07XsnI52n8`
Yara	Malicious_Library_Zero - Malicious_Library MALWARE_Win_VT_RedLine - Detects RedLine infostealer PE_Header_Zero - PE File Signature UltraVNC_Zero - UltraVNC IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14___tmp_rar_sfx_access_check_8461937 Empty file or file not found
Filepath	C:\Windows\Temp\__tmp_rar_sfx_access_check_8461937
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	94d3cbd47fed710e_glucose.bat Submit file
Filepath	c:\users\test22\appdata\local\temp\glucose.bat
Size	7.4KB
Processes	2888 (1.exe) 3012 (cmd.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`f0440985996553d8ec87c19769c9983e`
SHA1	`e899d1644c142908aef202f91528977f81d7cc4e`
SHA256	`94d3cbd47fed710edd6857ba839289bb560b5af8fd4f649e58590d119ff9ad9c`
CRC32	`46E0AB86`
ssdeep	`192:2zRocYKGJm1OR+Jlby6nNqdYBNCcmM7/e71IN80lwFeTMU0:29o1Vw1OQtyQAdQNCcFe7+NFlwFeTMU0`
Yara	None matched
VirusTotal	Search for analysis

Name	f5dbb1b4280665ed_1.exe Submit file
Filepath	C:\Windows\Temp\1.exe
Size	1.0MB
Processes	2664 (66e095f996804_111.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`5673f47783f3a8e794f6863f1a7c3c7d`
SHA1	`b637c700674c14a92517fd3e5f77075f1c7bfc9e`
SHA256	`f5dbb1b4280665ed5d85392c1f7050e4c15764ab222ccc2fbb63b0dcd7846507`
CRC32	`FD585BCC`
ssdeep	`24576:i9RYhVXyWZpWlT6m2PgCHFvlVTcgPmK3yPmla77sBhnGP/+fNpBk/rVN:ivRWZpLmn6FNVFmKiea3sLnGF/BN`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	f3327793e3fd1f3f_TmpF7BD.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\TmpF7BD.tmp
Size	2.6KB
Processes	2932 (2.exe)
Type	data
MD5	`1420d30f964eac2c85b2ccfe968eebce`
SHA1	`bdf9a6876578a3e38079c4f8cf5d6c79687ad750`
SHA256	`f3327793e3fd1f3f9a93f58d033ed89ce832443e2695beca9f2b04adba049ed9`
CRC32	`24D8A5AF`
ssdeep	`48:qJdHasMPAUha1DgSVVi59ca13MfyKjWwUmq9W2UgniDhiRhkjp9g:bhhEgSVVi59defyfW2sDgAj3g`
Yara	None matched
VirusTotal	Search for analysis

Name	e0d19f2acd253c52_ecological Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Ecological
Size	87.0KB
Processes	2888 (1.exe)
Type	data
MD5	`30c9ba4c92e3348f96edd184b8570c4c`
SHA1	`ac311c313f95ee43f42396fb8a17e7730703894b`
SHA256	`e0d19f2acd253c52878713975f8fab3323147fee7129725cc70cda7659bf0cb8`
CRC32	`ECDF0332`
ssdeep	`1536:y8u39rxdBGQXtqNP0Za0yd/+7AGdJHhSmOpYZ92r8Zt1UgQ6oFvXL7fGqmwfOhwy:y8C93UQdm0Z1o/Mlp/CYZ92rS/Ur/db2`
Yara	None matched
VirusTotal	Search for analysis

Name	aa6bb39371091987_a Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\787871\A
Size	524.8KB
Processes	2596 (cmd.exe)
Type	data
MD5	`0056b4747078117353c46095bbe20aae`
SHA1	`0e5a10241ad4ed6df29179a239a26df20f60bb47`
SHA256	`aa6bb39371091987dd65c72f70f9c8236a497f8d20c1d63e8180faddce3a5878`
CRC32	`E2375368`
ssdeep	`12288:Fax0uwnacUvGXz3x1Np6brBscLkfQEBiO5RNSI9aWX+HO/VsRkbDsr:FTaTIHEecooO5RNSIAn8QLr`
Yara	None matched
VirusTotal	Search for analysis

Name	ac60943be11ef18b_plate Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Plate
Size	2.3KB
Processes	2888 (1.exe)
Type	data
MD5	`876f6a0e60686537a816f62214f036ad`
SHA1	`7526c5091201a17ead9ff135aef94a5d5d029608`
SHA256	`ac60943be11ef18b98d37880d458526f668e9dfa592ed049cacad3474c53d5d3`
CRC32	`3C2B937A`
ssdeep	`48:In4xqtUzrCrt+ikNv9mJHWxPrhBlA1FygzqyIsJj/G09CAiT:9xgUzr4tgOwVAfBzDICS09CAiT`
Yara	Suspicious_Obfuscation_Script_2 - Suspicious obfuscation script (e.g. executable files)
VirusTotal	Search for analysis