Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
05.02 09:05
main.exe
05.02 09:05
pkbc.exe
05.02 09:05
knfl.exe
05.02 09:05
test2.ps1
05.02 09:05
pupa.pdf.lnk
05.02 09:05
ssasr.dll
05.02 08:05
가상자산 관련 외부평가위원 위촉 안내.h...
05.02 06:05
anchor.html
05.02 06:05
anchor.html
05.02 04:05
Synaptics.exe

Latest News
05.02 04:05
Injection as a way of ...
05.02 03:05
SGA그룹, 창립 22주년 ‘SGA 3....
05.02 03:05
아우토크립트, 중장비-로봇 보안 시장 수...
05.02 03:05
팔로알토 네트웍스, SASE 기반 보안 ...
05.02 03:05
Temu Ditches Chinese I...
05.02 03:05
윈스테크넷-으뜸정보기술, 클라우드 서비스...
05.02 03:05
Auslegungssache 133: T...
05.02 03:05
렙타일페어, 경상북도 경주시 HICO에서 개최
05.02 03:05
안랩, 세계 최대 사이버 보안 컨퍼런스 ...
05.02 03:05
국정원, 세계 최대 사이버 방어훈련 ‘락...

Dropped Files | ZeroBOX

Name	777917d30f277a9e_qt5opengl.dll Submit file
Filepath	c:\users\test22\appdata\local\jackpot cam\qt5opengl.dll
Size	327.0KB
Processes	1720 (off.tmp)
Type	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`c1d465e061d7d02895daeb19bdb28ac9`
SHA1	`5e729ee51df080545c7031d771b85094a2b2d4e9`
SHA256	`777917d30f277a9e88d8fc04e69b955a2b0bd3f2bcf2e36f7f9cffef2583ee60`
CRC32	`57BBC796`
ssdeep	`6144:JmuFcP82IqE5RSbvQpYVgMW2i32blpDW2pmoZ1:JmuFc02IqE7SbLVgR1O`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	13c12a3ee093d20f_unins000.dat Submit file
Filepath	C:\Users\test22\AppData\Local\JackPot Cam\unins000.dat
Size	4.2KB
Processes	1720 (off.tmp)
Type	data
MD5	`e26a1dc7c98a08f67bdda79a2d4d3a07`
SHA1	`0da47e62123f2d39a9b8c13b5e38f150705ee04c`
SHA256	`13c12a3ee093d20f65663ea46fa87508b6542b4190f05ed694099e1dd360a8cc`
CRC32	`D0EA1454`
ssdeep	`96:I1XEW1l4RrpcJKl9t+eOIhPM04cVSQs0LNqu:sEWv4BpcJjHIh6cVSQ1j`
Yara	None matched
VirusTotal	Search for analysis

Name	8198e21afaf1ce44_off.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-G2RP7.tmp\off.tmp
Size	690.0KB
Processes	2004 (off.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`087b90d06d5df6b2c75fb277776a8dbd`
SHA1	`ec5b7f4b7d07c6b3c1b1a815274f7b7b62d4e53e`
SHA256	`8198e21afaf1ce449b7c206f4041efbb16e2a30be02007a7f43884c449f32715`
CRC32	`86BEF842`
ssdeep	`12288:yTPcYn5c/rPx37/zHBA6a5UeYpthr1CERAgrNuR+3Iq5MRxyF:6PcYn5c/rPx37/zHBA6pFptZ1CEKqMRU`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet IsPE32 - (no description) UPX_Zero - UPX packed file mzp_file_format - MZP(Delphi) file format OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	8094af5ee310714c_msvcr71.dll Submit file
Filepath	c:\users\test22\appdata\local\jackpot cam\msvcr71.dll
Size	340.0KB
Processes	1720 (off.tmp)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`86f1895ae8c5e8b17d99ece768a70732`
SHA1	`d5502a1d00787d68f548ddeebbde1eca5e2b38ca`
SHA256	`8094af5ee310714caebccaeee7769ffb08048503ba478b879edfef5f1a24fefe`
CRC32	`35563170`
ssdeep	`6144:OcV9z83OtqxnEYmt3NEnvfF+Tbmbw6An8FMciFMNrb3YgxxpbCAOxO2ElvlE:Ooz83OtIEzW+/m/AyF7bCrO/E`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet IsPE32 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	e4fc574a01b272c2__setup64.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-9CC7J.tmp\_isetup\_setup64.tmp
Size	6.0KB
Processes	1720 (off.tmp)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`c8871efd8af2cf4d9d42d1ff8fadbf89`
SHA1	`d0eacd5322c036554d509c7566f0bcc7607209bd`
SHA256	`e4fc574a01b272c2d0aed0ec813f6d75212e2a15a5f5c417129dd65d69768f40`
CRC32	`35445B19`
ssdeep	`48:Sv1LfWvPcXegCPUo1vlZQrAxoONfHFZONfH3d1xCWMBFNL2pGSS4k+bkg6j0KHc:wfkcXegaJ/ZAYNzcld1xaX12pfSKvkc`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	7a16e6ed0c0a49ae_libssl-1_1.dll Submit file
Filepath	c:\users\test22\appdata\local\jackpot cam\libssl-1_1.dll
Size	702.9KB
Processes	1720 (off.tmp)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`20b6b06bbd211a8acfe51193653e4167`
SHA1	`817d442b46dd6f35fd9641e0c7262c934ed76848`
SHA256	`7a16e6ed0c0a49aeb8ea4972600a7a1422c92550602a150634b1c221f79300b4`
CRC32	`4B68F22F`
ssdeep	`12288:ST+z0ucMr64M+yiwUqfWY/EThHzgOXfpwN9Cu66vLHL1e13XYFU8HtUDsMBPxtFe:FPAeKLL1e6kpqsookesEiU1xJycD4R1z`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	b6192300d3c1476e_ssleay32.dll Submit file
Filepath	c:\users\test22\appdata\local\jackpot cam\ssleay32.dll
Size	382.9KB
Processes	1720 (off.tmp)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`ee856a00410eced8cc609936d01f954e`
SHA1	`705d378626aec86fecfdf04c86244006bc3af431`
SHA256	`b6192300d3c1476ef3c25a368d055aa401035e78f9f6dbe5f93c84d36ef1fa62`
CRC32	`CA35C8B6`
ssdeep	`6144:1eIwnft+S34NVSTjMFR+oVbKQfbno1/1oz6i2EDSD4I+XdtQXGMiFcoOjAWcIhbl:1eIwnft+S34NVSTQD+oVbKQfrC/1ct25`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	63aa600a7c914c2d_libeay32.dll Submit file
Filepath	c:\users\test22\appdata\local\jackpot cam\libeay32.dll
Size	1.4MB
Processes	1720 (off.tmp)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`a236287c42f921d109475d47e9dcac2b`
SHA1	`6d7c177a0ac3076383669bce46608eb4b6b787ec`
SHA256	`63aa600a7c914c2d59280069169cc93e750e42c9a1146e238c9128e073d578fd`
CRC32	`BCC879FE`
ssdeep	`24576:6PQ+KpPa3kPjWWJy+0PX7PM6ZB9In8QmMMWwI6/I+no9R2aFVWKZxPo89/xc3lRc:brWW0jnMVpUBuwemQnGP8RqYr1mpbk3`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	9884e9d1b4f8a873__shfoldr.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-9CC7J.tmp\_isetup\_shfoldr.dll
Size	22.8KB
Processes	1720 (off.tmp)
Type	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`92dc6ef532fbb4a5c3201469a5b5eb63`
SHA1	`3e89ff837147c16b4e41c30d6c796374e0b8e62c`
SHA256	`9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87`
CRC32	`AE2C3EC2`
ssdeep	`384:+Vm08QoKkiWZ76UJuP71W55iWHHoSHigH2euwsHTGHVb+VHHmnH+aHjHqLHxmoq1:2m08QotiCjJuPGw4`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	df96156f6a548fd6_msvcp71.dll Submit file
Filepath	c:\users\test22\appdata\local\jackpot cam\msvcp71.dll
Size	488.0KB
Processes	1720 (off.tmp)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`561fa2abb31dfa8fab762145f81667c2`
SHA1	`c8ccb04eedac821a13fae314a2435192860c72b8`
SHA256	`df96156f6a548fd6fe5672918de5ae4509d3c810a57bffd2a91de45a3ed5b23b`
CRC32	`5A3B11D4`
ssdeep	`12288:fJzxYPVsBnxO/R7krZhUgiW6QR7t5k3Ooc8iHkC2eq:fZxvBnxOJ7ki3Ooc8iHkC2e`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	62c050b622f1d9f3_unins000.exe Submit file
Filepath	c:\users\test22\appdata\local\jackpot cam\unins000.exe
Size	701.2KB
Processes	1720 (off.tmp)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`00ea9c2cc8f0663ea0920f9980c95da6`
SHA1	`68e7f0fa273e0d7bd232af6c4fce53044d308809`
SHA256	`62c050b622f1d9f3b90d0a53842405c7393fa293c057b9eff3bc95a6fef559b0`
CRC32	`08A9AE58`
ssdeep	`12288:6TPcYn5c/rPx37/zHBA6a5UeYpthr1CERAgrNuR+3Iq5MRxyFM:SPcYn5c/rPx37/zHBA6pFptZ1CEKqMRx`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet IsPE32 - (no description) UPX_Zero - UPX packed file mzp_file_format - MZP(Delphi) file format OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	20ee137983f4ff03_jackpotcam32_64.exe Submit file
Filepath	c:\users\test22\appdata\local\jackpot cam\jackpotcam32_64.exe
Size	2.7MB
Processes	1720 (off.tmp)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`f40a6f8af963ea2e3274b5581cae112a`
SHA1	`db26e5d3e177689cb3d4d345bdd422c1aaa31973`
SHA256	`20ee137983f4ff0363015ea54a2e158e1ed835f27fd17ae115f73536662e1646`
CRC32	`3E1811CB`
ssdeep	`49152:lSRQimMX+9372EWL0lHZi4oJIcFe9mVOxLORRNz7:ISimtZi4YIcFsmVO1OTNH`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	2f6294f9aa09f59a__iscrypt.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-9CC7J.tmp\_isetup\_iscrypt.dll
Size	2.5KB
Processes	1720 (off.tmp)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`a69559718ab506675e907fe49deb71e9`
SHA1	`bc8f404ffdb1960b50c12ff9413c893b56f2e36f`
SHA256	`2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc`
CRC32	`FB05FA3A`
ssdeep	`24:e1GSgDIX566lIB6SXvVmMPUjvhBrDsqZ:SgDKRlVImgUNBsG`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis