Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.05 04:11
VST32License.exe
11.05 03:11
VST32License.exe
11.03 01:11
DocTromTinNhan.exe
11.01 06:11
MPDW-constraints.vbs
11.01 06:11
87f3f2.exe
11.01 06:11
Client-built.exe
11.01 06:11
norm.exe
11.01 06:11
chrome_131.exe
11.01 06:11
kjrhjijawdkrjhh.exe
11.01 09:11
Calibre_Installer.exe

Latest News
11.05 01:11
메가존클라우드-파이오링크, 클라우드 보안...
11.05 01:11
프로페셔널 헤어케어 브랜드 레삐, ‘20...
11.05 01:11
Chinese Group Accused ...
11.05 01:11
25년 정보보호 전자공시시스템 고도화 및...
11.05 01:11
KISA, 민원 응대 보호시스템 전사 확대
11.05 01:11
아늑샵, 2024년 4분기 '한국소비자인...
11.05 01:11
크라운슬립, 프리미엄 구스 이불 론칭 기...
11.05 01:11
Google Warns of Active...
11.05 12:11
안랩, 2024년 3분기 매출 685억,...
11.05 12:11
Southeast Asia’s Digit...

Dropped Files | ZeroBOX

Name	e7e7525b2703f64a_wmisecure.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\Windows Objects\wmisecure.exe
Size	2.6MB
Processes	2628 (wmimic.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`0629440d232de64df747d0b43e10c400`
SHA1	`e711e5339bce8dd4c321ab48cc56f5c0dce244e4`
SHA256	`e7e7525b2703f64a83128a9e9474b04a7fcd096ad3b1e493b3cfefca416b1fc0`
CRC32	`CCF9BFBA`
ssdeep	`49152:0ZVkkANv494D83pYbN5qUHj1FhW825PlJ0TJcttcCmIf+u9YZrpk9BRVvdWaiic9:lHjTo82Pb0c0NZrq9BRVvUdoQ`
Yara	Malicious_Library_Zero - Malicious_Library Network_Downloader - File Downloader PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description) IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	a77315296dc58eda_maintenance.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\Maintenance\apps\maintenance.exe
Size	2.2MB
Processes	2540 (actives.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`73ad6d009f1c53c23f5d068caa805299`
SHA1	`f50493f49c3b2b3697b5eb571738dbc70383cac0`
SHA256	`a77315296dc58edac4959c9ed69ec96e9517883684edaeba3e64c48a44c186ae`
CRC32	`798BF29D`
ssdeep	`49152:uo7TN6XYwGRV1LCnO9DivWp1daCCN2eLF6I5YDPRrBdSm2610V+9dmhBafgE:uC6NIDLCCiO/dat6I5YPFBx0VmKafgE`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	6e3132c4606bee41_minha conta.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\Minha Conta.exe
Size	2.6MB
Processes	2904 (actives.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`73cea56d3f81767747c14bb58393c35c`
SHA1	`7941b041e894e804560c1c0c7bd4d00ae24eac7a`
SHA256	`6e3132c4606bee41469f5b40ca67166a927dd077d93d4efff9a974597bb08b2d`
CRC32	`794C9178`
ssdeep	`49152:TZVkkANv494D83pfbN5qUHj1FhW825PlJ0TJcttcCmIf+u9YZrpk9BRVvdWaiic9:lHjTo82Pb0c0NZrq9BRVvUdoQ`
Yara	Malicious_Library_Zero - Malicious_Library Network_Downloader - File Downloader PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description) IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	13c0968e576d0a9e_wmimic.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\Windows Objects\wmimic.exe
Size	2.6MB
Processes	2168 (wmihostwin.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`37c19933b8e70d5045c8688ebad9be7c`
SHA1	`b5e2c13568fb86487d531b57fa0ef8f902a17c2b`
SHA256	`13c0968e576d0a9ed0c2cdd6bc7d4b6953156ee1d2c0142b63557490d651b82f`
CRC32	`FF745353`
ssdeep	`49152:uZVkkANv494D83p4bN5qUHj1FhW825PlJ0TJcttcCmIf+u9YZrpk9BRVvdWaiic9:zHjTo82Pb0c0NZrq9BRVvUdoQ`
Yara	Malicious_Library_Zero - Malicious_Library Network_Downloader - File Downloader PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description) IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	5dd7da512241f11c_actives.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\actives.exe
Size	2.6MB
Processes	2540 (actives.exe) 2736 (cmd.exe) 3044 (Minha Conta.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`bcb34b6b0955f915cb44e7edc9bbb5e9`
SHA1	`d305a410f48c345798704fc893f43d1ede10ceeb`
SHA256	`5dd7da512241f11ce03c0c387cdcc37615642f3ae2bde0d9d83b5ee7737e893d`
CRC32	`F31F5FDE`
ssdeep	`49152:xZVkkANv494D83ppbN5qUHj1FhW825PlJ0TJcttcCmIf+u9YZrpk9BRVvdWaiic9:JHjTo82Pb0c0NZrq9BRVvUdoQ`
Yara	Malicious_Library_Zero - Malicious_Library Network_Downloader - File Downloader PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description) IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	6aa1bd6b5a42cb04_wmisecure64.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\Windows Objects\wmisecure64.exe
Size	2.6MB
Processes	2628 (wmimic.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`a588627a554a855b4cd0a91989867ead`
SHA1	`0338644d5b82f04fe0fd0bc1b533004aac13e698`
SHA256	`6aa1bd6b5a42cb04822c6a81a0898aab4a4b50478cae42f1e2cadd75d4e0ba50`
CRC32	`8FFF5C13`
ssdeep	`49152:LZVkkANv494D83p7bN5qUHj1FhW825PlJ0TJcttcCmIf+u9YZrpk9BRVvdWaiic9:pHjTo82Pb0c0NZrq9BRVvUdoQ`
Yara	Malicious_Library_Zero - Malicious_Library Network_Downloader - File Downloader PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description) IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	86c8e804eeb34d0f_actives.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\actives.exe
Size	2.6MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`51514245009764a9f3e9455c23711df8`
SHA1	`51202c8d2511fda33e76ffd55e3ce24880680515`
SHA256	`86c8e804eeb34d0f0aff2bacb297a0c0077a7e0e3ca423609a0970b5221c13bc`
CRC32	`CA77CEB7`
ssdeep	`49152:m7MDRZ9IBVL+s0ezJGd80SHMsThF35Hj1BzuQZVkkANv494D83ppbB:QMDtIXLr06AdfEThF35Pzug`
Yara	Malicious_Library_Zero - Malicious_Library Network_Downloader - File Downloader PE_Header_Zero - PE File Signature IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	c09082ea79f27d79_zb2024101632843703.bat Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\zb2024101632843703.bat
Size	540.0B
Processes	2540 (actives.exe) 2736 (cmd.exe)
Type	DOS batch file, ASCII text, with CRLF line terminators
MD5	`2e5cb5c11605b2e817a300765e7ec945`
SHA1	`fcafb3d9ea1d0b9f19b05538658df3a25c423173`
SHA256	`c09082ea79f27d79faf09cebbad948458bf8b3b4e9bc51d0d2fdaee41ec85e55`
CRC32	`BB4A00FE`
ssdeep	`12:KnOLMyOLMbZOLMZEOLMQ8EJOLMWIfOOLMsbGOLMRJy5OLMaJn:KR0bPAQ82WNQoXIWn`
Yara	None matched
VirusTotal	Search for analysis

Name	30707febba94a8bf_zbe2024101632843703.bat Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\zbe2024101632843703.bat
Size	411.0B
Processes	2540 (actives.exe) 2736 (cmd.exe)
Type	DOS batch file, ASCII text, with CRLF line terminators
MD5	`d7b5d2dade6cbd55b0f7f58283d953f8`
SHA1	`ccd2088b2dbc8bac10fb187711b0763e854f83ef`
SHA256	`30707febba94a8bf44b27bced90835b25984f5285c44aec3dc042e6189b0ec49`
CRC32	`5B8F9B10`
ssdeep	`12:yvoWJQ2BXELmhTvOMrfJW8OLMsb1YtjuxQwn:EoWJplvOMLpQ1YZXw`
Yara	None matched
VirusTotal	Search for analysis

Name	915cf1b2a6b8380f_zx2024101632843703.xml Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\zx2024101632843703.xml
Size	1.6KB
Processes	2540 (actives.exe) 2168 (wmihostwin.exe)
Type	XML 1.0 document, ASCII text, with CRLF line terminators
MD5	`5d2c59a7e714d921f86e5d6d50d88ee1`
SHA1	`d3435bab831781a02e7974b56220ffaac792b360`
SHA256	`915cf1b2a6b8380fd160d52f7b13f466fdde02a16df1354375e636ff318284a6`
CRC32	`E50948F3`
ssdeep	`24:3q4+SMHJUtMFQ/YeGlMuEMjnGpwjVgUYODOLBu9yJh7h8gmD15E15uMEB4a0iHtn:ofpUtQQ/uyqbzx3YODOLBbdqZsNEKDE`
Yara	None matched
VirusTotal	Search for analysis

Name	6fd46ced4deabc81_wmihostwin.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\Windows Objects\wmihostwin.exe
Size	2.6MB
Processes	1152 (wmiintegrator.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`f7e3e41a68b674a849943e72829e4226`
SHA1	`0abde7c95ee098192652d2b92b0df50a27e57b31`
SHA256	`6fd46ced4deabc813b82d2c808a459945858adfb7a9c118fb77113aff74508b4`
CRC32	`049A5AA7`
ssdeep	`49152:3ZVkkANv494D83pDbN5qUHj1FhW825PlJ0TJcttcCmIf+u9YZrpk9BRVvdWaiic9:hHjTo82Pb0c0NZrq9BRVvUdoQ`
Yara	Malicious_Library_Zero - Malicious_Library Network_Downloader - File Downloader PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description) IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	d9bf5215fd3470ce_6s5d4f65ds4g65d47gfd684gfd_0019.sys Submit file
Filepath	C:\Users\test22\AppData\Roaming\6s5d4f65ds4g65d47gfd684gfd_0019.sys
Size	14.0B
Processes	2904 (actives.exe)
Type	ASCII text, with no line terminators
MD5	`99c7315e03761ceafc2e151ae808f267`
SHA1	`799d0cb439a58d27b92cdf4a8f177aa3fa49d4af`
SHA256	`d9bf5215fd3470cebfaa8f90e670edd92e2192d7561f0fb0563d54fcfa6efdbe`
CRC32	`4C725D63`
ssdeep	`3:jBJzr4A:jBJf4A`
Yara	None matched
VirusTotal	Search for analysis