Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.05 04:11
VST32License.exe
11.05 03:11
VST32License.exe
11.03 01:11
DocTromTinNhan.exe
11.01 06:11
MPDW-constraints.vbs
11.01 06:11
87f3f2.exe
11.01 06:11
Client-built.exe
11.01 06:11
norm.exe
11.01 06:11
chrome_131.exe
11.01 06:11
kjrhjijawdkrjhh.exe
11.01 09:11
Calibre_Installer.exe

Latest News
11.05 01:11
메가존클라우드-파이오링크, 클라우드 보안...
11.05 01:11
프로페셔널 헤어케어 브랜드 레삐, ‘20...
11.05 01:11
Chinese Group Accused ...
11.05 01:11
25년 정보보호 전자공시시스템 고도화 및...
11.05 01:11
KISA, 민원 응대 보호시스템 전사 확대
11.05 01:11
아늑샵, 2024년 4분기 '한국소비자인...
11.05 01:11
크라운슬립, 프리미엄 구스 이불 론칭 기...
11.05 01:11
Google Warns of Active...
11.05 12:11
안랩, 2024년 3분기 매출 685억,...
11.05 12:11
Southeast Asia’s Digit...

Dropped Files | ZeroBOX

Name	97b39ac28794a761_servpw64.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\servpw64.exe
Size	68.0KB
Processes	1448 (fgdump.exe)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`981e82f907d1943f3ee06e05aecf7c31`
SHA1	`bbbfb6a24db8b284117b5af621829086d808cf7d`
SHA256	`97b39ac28794a7610ed83ad65e28c605397ea7be878109c35228c126d43e2f46`
CRC32	`B26A00B1`
ssdeep	`1536:WpI+L0hyaixk6moFooI/yQL6R7JHCrrZ9LC1:zhf0k6monI/yQQorF9LC`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE64 - (no description) Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	efa66f6391ec471c_lsremora64.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\lsremora64.dll
Size	79.0KB
Processes	1448 (fgdump.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`3fed6dc4ba33df1eadcbc50d88dcef7a`
SHA1	`321056f98ddcb005dd84ddab730175d81f8b6213`
SHA256	`efa66f6391ec471ca52cd053159c8a8778f11f921da14e6daf76387f8c9afcd5`
CRC32	`68618E38`
ssdeep	`1536:OXApvTyJ0gM3M0FGvLJuPS7ZRouLLaYfhr01LdLOZ1:OXumJ0gM3M0iuPSbo1YfV01Ldy`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	0f340b471ef34c69_servpw.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\servpw.exe
Size	56.0KB
Processes	1448 (fgdump.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`3d7c06d9a0151e6c1433d61988cbe9f2`
SHA1	`ffa4f23af81524caa6061d8a7f46836f807345cb`
SHA256	`0f340b471ef34c69f5413540acd3095c829ffc4df38764e703345eb5e5020301`
CRC32	`AE4CB639`
ssdeep	`768:RYKclqfQzq8sEB9qc9xAeylPwDYSSLu2kN3Ovfm99tn:RYK/0qSqiGPw8Sapk432tn`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	368c10795de10e98_pstgdump.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\pstgdump.exe
Size	56.0KB
Processes	1448 (fgdump.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`9dfb61c0601eb935872d9a0639c44110`
SHA1	`946f64ac47e1b394c80cc2921a61e1cf6b136c5b`
SHA256	`368c10795de10e988381b5de5c7cd8b2d4b9718dcd4e5590adc2556cbe9d13c1`
CRC32	`07BAFE33`
ssdeep	`768:MXhHZwyUyeWn6fEo1ahLCO0lLJsP9RO4uUtdFaBLyH4nW/KNlFUK:MpZwyqW6fjYf0l9nWt6yiWAlF`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	e0327c1218fd3723_lsremora.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\lsremora.dll
Size	76.0KB
Processes	1448 (fgdump.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`618e588a8ccfa331dab8279a82a3e2d9`
SHA1	`f9100e657b03558fe6d2295c02e91a3bbbbd8a6d`
SHA256	`e0327c1218fd3723e20acc780e20135f41abca35c35e0f97f7eccac265f4f44e`
CRC32	`D696477A`
ssdeep	`1536:KoUFq9bNFYloBDJvt/2zYMkRLfLaSg2tqr:K2nbuzsCSTtW`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	5aa041a635e36da7_127.0.0.1.pwdump Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\127.0.0.1.pwdump
Size	340.0B
Processes	2056 (pwdump.exe)
Type	ASCII text, with CRLF line terminators
MD5	`dceef72173842f859f4e34354b2a6968`
SHA1	`15d19bd3d9469f4cfced616fbd3fcccfc4ca9c88`
SHA256	`5aa041a635e36da733f1501be0ef0b8c1cd2bfc07326642ded1418055054f8a8`
CRC32	`496697F8`
ssdeep	`6:IwVt53JSo53J1lP+53JSo53JWaRRWJ53JMY8SkcwRqK+53JSo53Jq:Iw3pJ9pJ1d+pJ9pJW3JpJMlSkBJ+pJ9K`
Yara	None matched
VirusTotal	Search for analysis

Name	cf58ca5bf8c4f87b_cachedump.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\cachedump.exe
Size	124.0KB
Processes	1448 (fgdump.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`9de5b79050879af333d8a0ec555d6b57`
SHA1	`645ef72ca81627c351b5e8f9652b7a3399ac815f`
SHA256	`cf58ca5bf8c4f87bb67e6a4e1fb9e8bada50157dacbd08a92a4a779e40d569c4`
CRC32	`980E1B71`
ssdeep	`3072:C4HNw571LQrs4ZH0hioqKLivy8QXXBJ2Onkt5:7ukrs2Uhij3suF`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	8697897bee415f21_fgexec.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\fgexec.exe
Size	48.0KB
Processes	1448 (fgdump.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`a761bea93c900044b9e67364f3c7b06f`
SHA1	`8aac7ea0469fe3bfcb12e1b3e105821946054ba0`
SHA256	`8697897bee415f213ce7bc24f22c14002d660b8aaffab807490ddbf4f3f20249`
CRC32	`88A08167`
ssdeep	`768:4be5tVvX5fyNYA9dL44XWMQDcrVSeTLMai1NsdlA:QebN5EYpCWMQ41HMF2lA`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	3c796092f42a9480_pwdump.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\pwdump.exe
Size	144.0KB
Processes	1448 (fgdump.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`f959f07a120d759ddd1ae4aa9ff32c75`
SHA1	`91e0b49044f004618ffa777b503f7d392dc660be`
SHA256	`3c796092f42a948018c3954f837b4047899105845019fce75a6e82bc99317982`
CRC32	`A0B46AB8`
ssdeep	`1536:t7AIaRA3qQs8IH6We3lwJt9MXNzUWaLtNC/3sipiFspgfwXLaFeNRa+SkDtX:La8oe3RlmNtipbpUXFevV5DtX`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	130357cd4038bcbf_2024-10-20-00-50-41.fgdump-log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\2024-10-20-00-50-41.fgdump-log
Size	206.0B
Processes	1448 (fgdump.exe)
Type	ASCII text, with CRLF line terminators
MD5	`455f0e7f8b57d0061d6869a046bd361a`
SHA1	`9227b898b7bbd17e5de7f9eafbe46caccab7faae`
SHA256	`130357cd4038bcbfd593007b25718581e501387a2e524cd7789541108c8c7a37`
CRC32	`35B95622`
ssdeep	`6:Mzs6k61Iy1M+h1oNmQpcLJ23fkOIy1g0Y0MuZnx:Mzs6qvOLMMntuZnx`
Yara	None matched
VirusTotal	Search for analysis