Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.05 04:11
VST32License.exe
11.05 03:11
VST32License.exe
11.03 01:11
DocTromTinNhan.exe
11.01 06:11
MPDW-constraints.vbs
11.01 06:11
87f3f2.exe
11.01 06:11
Client-built.exe
11.01 06:11
norm.exe
11.01 06:11
chrome_131.exe
11.01 06:11
kjrhjijawdkrjhh.exe
11.01 09:11
Calibre_Installer.exe

Latest News
11.05 01:11
메가존클라우드-파이오링크, 클라우드 보안...
11.05 01:11
프로페셔널 헤어케어 브랜드 레삐, ‘20...
11.05 01:11
Chinese Group Accused ...
11.05 01:11
25년 정보보호 전자공시시스템 고도화 및...
11.05 01:11
KISA, 민원 응대 보호시스템 전사 확대
11.05 01:11
아늑샵, 2024년 4분기 '한국소비자인...
11.05 01:11
크라운슬립, 프리미엄 구스 이불 론칭 기...
11.05 01:11
Google Warns of Active...
11.05 12:11
안랩, 2024년 3분기 매출 685억,...
11.05 12:11
Southeast Asia’s Digit...

Dropped Files | ZeroBOX

Name	9e6e4772050998a5_readme.txt Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_Files_\readme.txt
Size	10.0B
Type	ASCII text, with no line terminators
MD5	`eb6b6c90251ab33cee784713c451e6d8`
SHA1	`451685e9efac4a6dc1fee73ec53ffb6b2c4c38b5`
SHA256	`9e6e4772050998a5c0dc3c61acf3dab0a7e594566171fa5746d6b62f9598efb6`
CRC32	`22598B08`
ssdeep	`3:IS:7`
Yara	None matched
VirusTotal	Search for analysis

Name	44e8aa0601fffe82_590aee7bdd69b59b.customdestinations-ms Submit file
Filepath	c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\590aee7bdd69b59b.customdestinations-ms
Size	7.8KB
Processes	2052 (powershell.exe)
Type	data
MD5	`ee6cfd78f72f03663db2a7df0c696dd7`
SHA1	`56126e81a5f6577f8e24a890185d0c9eb600fa02`
SHA256	`44e8aa0601fffe82c494bbc7d7280aa3bc5e90effe2aee2d716d5716e1d6b568`
CRC32	`F27137C4`
ssdeep	`96:EtuCcBGCPDXBqvsqvJCwoRtuCcBGCPDXBqvsEHyqvJCworu4tDHXyGlUVul:EtCgXoRtCgbHnorBTyY`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	b73e56c0be37a79c_hkbsse.job Submit file
Filepath	C:\Windows\Tasks\Hkbsse.job
Size	270.0B
Processes	2544 (Hkbsse.exe)
Type	VAX-order 68k Blit mpx/mux executable
MD5	`55f9b1d0cebab1dc9f87b5dd1f967ced`
SHA1	`07663a0c8850b079fb45f2386c0da4a58554da6b`
SHA256	`b73e56c0be37a79c8809782ddc306dac002fb321478ed4ffa124577e3c83605f`
CRC32	`92EBAD58`
ssdeep	`6:8HtJgZN1YU/UEZ+lX1CblWUXEetI4y0lbY1:WWYU/Q1CBu4V81`
Yara	None matched
VirusTotal	Search for analysis

Name	4c6f323142d184d3_hkbsse.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\063c9e1716\Hkbsse.exe
Size	434.5KB
Processes	2544 (Hkbsse.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`e4f3ed3daf21363918afbc91db6f775b`
SHA1	`f133dd9e4e436e7b63d6f801de8c9eb0cffaf3e8`
SHA256	`4c6f323142d184d3021fce521628676badac99d1664d8ec208e6d2fb298e65b4`
CRC32	`42292343`
ssdeep	`12288:iAHIqeXuOre8e8lHcafb1eVL5u2OUtkr:nIqeXu2ewWqb1w7tkr`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	df51bdaca644549a_cred64.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\8cadd6e0860cae\cred64.dll
Size	1.2MB
Processes	2664 (Hkbsse.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`9bafe5c5cfe47a1ed2e15f2748986d92`
SHA1	`aa1cc6e70da28c8b6ca934ea84a5d2b943772742`
SHA256	`df51bdaca644549a634853e15b0a22b03fbc44915da4a716cc22b55c3c93bd37`
CRC32	`86A7F0B6`
ssdeep	`24576:cjm1sk9lP6nWZJaIOo/QHtH9YZ0yNJW+6Jvsb:v96nWerAQHB9yjWzd`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	b74379f7e5311a5c_832866432405 Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\832866432405
Size	23.8KB
Processes	2664 (Hkbsse.exe)
Type	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1024x768, frames 3
MD5	`7e5727ec02526bd1bb98963bb36d6d4a`
SHA1	`af94b8b89b10459ddc8b57a9e41bff6cb2807d93`
SHA256	`b74379f7e5311a5c7e988b29e3eb4283eb40ca4f4504654183ec11541650fa05`
CRC32	`E7328227`
ssdeep	`192:WfJaLyOeTVezoJqNdIheZH18isdgVM/cBhjeEKm3RDNLhMpXymdWCJ2f4In:0JaiPk7vZAq6UhjRpSwcHa`
Yara	JPEG_Format_Zero - JPEG Format
VirusTotal	Search for analysis

Name	27a75d2c9b14504b_clip64.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\8cadd6e0860cae\clip64.dll
Size	127.5KB
Processes	2664 (Hkbsse.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`b865aac4da61f8cc682d090819d12dd6`
SHA1	`f626d2e34d1fad090b3bec8f1851ccf2bf3ebd7d`
SHA256	`27a75d2c9b14504bd050efad65a47195ef3d79a8b5f6338c1d022607897b17f3`
CRC32	`64D89855`
ssdeep	`3072:sDrG/eLj+t+YpqUjWouVPkrH3/U9ajw62xm4+5j:+aeL6g2jfuVPqOA5j`
Yara	Win_Amadey_Zero - Amadey bot Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis