Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.05 04:11
VST32License.exe
11.05 03:11
VST32License.exe
11.03 01:11
DocTromTinNhan.exe
11.01 06:11
MPDW-constraints.vbs
11.01 06:11
87f3f2.exe
11.01 06:11
Client-built.exe
11.01 06:11
norm.exe
11.01 06:11
chrome_131.exe
11.01 06:11
kjrhjijawdkrjhh.exe
11.01 09:11
Calibre_Installer.exe

Latest News
11.05 01:11
메가존클라우드-파이오링크, 클라우드 보안...
11.05 01:11
프로페셔널 헤어케어 브랜드 레삐, ‘20...
11.05 01:11
Chinese Group Accused ...
11.05 01:11
25년 정보보호 전자공시시스템 고도화 및...
11.05 01:11
KISA, 민원 응대 보호시스템 전사 확대
11.05 01:11
아늑샵, 2024년 4분기 '한국소비자인...
11.05 01:11
크라운슬립, 프리미엄 구스 이불 론칭 기...
11.05 01:11
Google Warns of Active...
11.05 12:11
안랩, 2024년 3분기 매출 685억,...
11.05 12:11
Southeast Asia’s Digit...

Dropped Files | ZeroBOX

Name	84e46fdc10d4492e_sfw-ne8j.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\sfw-ne8j.dll
Size	3.5KB
Processes	148 (csc.exe) 2992 (powershell.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`ee408d2ba1344260e1790223b1ef7abe`
SHA1	`56bf7d7b9cd281964c49ddff1102e1bf1cff00ed`
SHA256	`84e46fdc10d4492e9ab92421636011e5617e4197f43c60dab85389c3f0115481`
CRC32	`B8CB2BAD`
ssdeep	`24:etGS7da2SEnfPUE8qRkZbbdPtkZfs9W7amYQmI+ycuZhNPKakS27PNnq:6U5vNtZduJs9WOTb1ulPKa32xq`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	377e7844a206b7aa_CSCB9D5.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\CSCB9D5.tmp
Size	652.0B
Processes	148 (csc.exe)
Type	MSVC .res
MD5	`af3cf4dc59f8840be724bf53be4b1492`
SHA1	`64d5326c00d9d5be70eade599cbb9816c09483ea`
SHA256	`377e7844a206b7aa4bfe5e8a2dd729d067f48d0bcc14c9fb37c34d85f5331ee9`
CRC32	`D531E0F3`
ssdeep	`12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryFKak7Ynqq27PN5Dlq5J:+RI+ycuZhNPKakS27PNnqX`
Yara	None matched
VirusTotal	Search for analysis

Name	0b18443b92edf92e_f84c.bat Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\F84A.tmp\F84B.tmp\F84C.bat
Size	21.3KB
Processes	2564 (Superweaponcrack_nohwid.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`bc3d95a52529c30513d5429fa7ac1da9`
SHA1	`ab122fd465c61b8cb9e337c355392ff2e2b8ffab`
SHA256	`0b18443b92edf92e013e4751d32c48bc7a34a37d13e53a74d537d3a323ff4ce6`
CRC32	`1049CBB7`
ssdeep	`192:Z4Yk4EVw9g8heKAuDAlg46M/kZgFe9yVq2fPWknkd9yj3Przr5tmCar7qKZ/vwF7:ZlgkAuDA5pe9ylkPI3Pr4vwXrOOTEy`
Yara	Antivirus - Contains references to security software
VirusTotal	Search for analysis

Name	d166ab3a4c8ada63_RESBA43.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RESBA43.tmp
Size	1.2KB
Processes	2368 (cvtres.exe) 148 (csc.exe)
Type	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5	`0b9c3e17baa6298babb64f6b690b4fdc`
SHA1	`c67b13ee457cd9896b96a1266027228fe87f4639`
SHA256	`d166ab3a4c8ada6316ae5e6bdcfa3237fdc8c12f2b96ecdb27d84d41faeb415a`
CRC32	`97DC37EF`
ssdeep	`24:HVJ9YernnGkMmHXUnhKLI+ycuZhNPKakS27PNnqjtd:6ernGrmEnhKL1ulPKa32xqjH`
Yara	None matched
VirusTotal	Search for analysis

Name	b3d510ef04275ca8_ip.txt Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ip.txt
Size	2.0B
Processes	2992 (powershell.exe)
Type	Little-endian UTF-16 Unicode text, with no line terminators
MD5	`f3b25701fe362ec84616a93a45ce9998`
SHA1	`d62636d8caec13f04e28442a0a6fa1afeb024bbb`
SHA256	`b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209`
CRC32	`88F83096`
ssdeep	`3:Qn:Qn`
Yara	None matched
VirusTotal	Search for analysis

Name	4ca00445c2082dc2_sfw-ne8j.out Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\sfw-ne8j.out
Size	609.0B
Processes	2992 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`0c03f85e8071baabd22bf85b477a51ec`
SHA1	`42e1fbd041b6c2f93d307972d10273b0fee082f9`
SHA256	`4ca00445c2082dc22b8921c4d5fbc072b188f227e2146561826fa70d9c5e5f17`
CRC32	`4257E59C`
ssdeep	`12:K4OLM9NzR37LvXOLMdqnPAE2xOLMddUKai31bIKIMBj6I5BFR5y:K+9Nzd3BInIE2nvUKai31bIKIMl6I5Da`
Yara	None matched
VirusTotal	Search for analysis

Name	997cfaa351ff26ba_powershell123.ps1 Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\powershell123.ps1
Size	14.1KB
Processes	2660 (cmd.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`26e556f26068e8af4aed0c3e7367df1d`
SHA1	`44e37113d555f8f9eb9d98ec21de4183843155ce`
SHA256	`997cfaa351ff26baccbba694ae27ab25119142935dc70bc941cba2721ad58c40`
CRC32	`AB2BAEEC`
ssdeep	`192:G4EViN0/bRmggaelObG9i2K7N2rH+zvJiZr5YmYarhcAP5TkPzLUZSQcL/QsFC:r0jRmCeQG9i3vs1RTkrv/QkC`
Yara	Antivirus - Contains references to security software
VirusTotal	Search for analysis

Name	f9484aa356680353_sfw-ne8j.pdb Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\sfw-ne8j.pdb
Size	7.5KB
Processes	148 (csc.exe) 2992 (powershell.exe)
Type	MSVC program database ver 7.00, 512*15 bytes
MD5	`2d3ba7bd8945fefab5a42a76e764bdcd`
SHA1	`b1db5b222d3b373d29444b8a00656e4e78a2372a`
SHA256	`f9484aa35668035332b73a52d230fcac023489febd99d82a150269d6fb603945`
CRC32	`5E4DFD01`
ssdeep	`6:zz/BamfXllNS/7eK8/31mllxrS/77715KZYX8eKaldoGggksl/3YXBGQu+e0KWEb:zz/H1W/KK8/lSXS/pwqKaldmqRi`
Yara	None matched
VirusTotal	Search for analysis

Name	e68f0f2e674e63c9_sfw-ne8j.cmdline Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\sfw-ne8j.cmdline
Size	311.0B
Processes	2992 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`0fc80408efc3d6279da5d0aab8575b38`
SHA1	`f1df72d53ce429e8f056c035af66e0acafce9cb4`
SHA256	`e68f0f2e674e63c9e1a491fefc87461be4577530eef0c2c47b8255aab9baf2c5`
CRC32	`1AA04EF3`
ssdeep	`6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23feANqmGsSAE2NmQpcLJ23feANdGA:p37LvXOLMdqnPAE2xOLMddx`
Yara	None matched
VirusTotal	Search for analysis

Name	220878d191796f09_sfw-ne8j.0.cs Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\sfw-ne8j.0.cs
Size	301.0B
Processes	2992 (powershell.exe)
Type	C++ source, UTF-8 Unicode (with BOM) text, with CRLF, LF line terminators
MD5	`e44b2bb96f64896e9a494a21edf72e33`
SHA1	`70c471bf0f7a05708f36eaefe18c8d33d2d9da34`
SHA256	`220878d191796f09967e71d02b71597cf1af7e34199dad53640f87339574c9e2`
CRC32	`23C21ED2`
ssdeep	`6:V/DsYLDS81zu+VMCL+tSRaigstSRkoSoODxLjYy:V/DTLDfugMGg59OxPYy`
Yara	None matched
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_F84A.tmp Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\F84A.tmp
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	44e8aa0601fffe82_590aee7bdd69b59b.customDestinations-ms~RF1a6a4d6.TMP Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF1a6a4d6.TMP
Size	7.8KB
Processes	2828 (powershell.exe) 2992 (powershell.exe)
Type	data
MD5	`ee6cfd78f72f03663db2a7df0c696dd7`
SHA1	`56126e81a5f6577f8e24a890185d0c9eb600fa02`
SHA256	`44e8aa0601fffe82c494bbc7d7280aa3bc5e90effe2aee2d716d5716e1d6b568`
CRC32	`F27137C4`
ssdeep	`96:EtuCcBGCPDXBqvsqvJCwoRtuCcBGCPDXBqvsEHyqvJCworu4tDHXyGlUVul:EtCgXoRtCgbHnorBTyY`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis