Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe
11.13 02:11
nb.exe
11.13 02:11
svcyr.exe
11.13 02:11
Ghost_1.5.11.5.exe
11.13 02:11
PowderGpl.exe
11.13 02:11
goodlabel%E6%89%93%E5%...

Latest News
11.15 06:11
Malware Spotlight: A ...
11.15 06:11
Disney's Streaming Suc...
11.15 06:11
Applied Materials Fore...
11.15 06:11
Bluetooth Dongle Gives...
11.15 06:11
North Korea's Lazarus ...
11.15 06:11
Malone Makes Pitch for...
11.15 05:11
SpaceX Scraps Texas La...
11.15 05:11
Warum dieses Startup M...
11.15 05:11
Mal wieder: EU-Kommiss...
11.15 05:11
Google bringt Gemini-A...

Dropped Files | ZeroBOX

Name	778bdfe9f4418e7e_15660687.temp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\2556eef612\15660687.temp
Size	1.1MB
Processes	2556 (%e5%8d%a1%e5%af%86%e7%94%9f%e6%88%90%e5%99%a8.exe)
Type	7-zip archive data, version 0.3
MD5	`4aef8349f5fcb19d226b347634f6c15f`
SHA1	`feedf70a7f79731a560723b8bd43d184c4195726`
SHA256	`778bdfe9f4418e7ed9fce1c3cc50d71e078be69f207c56f47ea813cd1a06a5c6`
CRC32	`5B1A8861`
ssdeep	`24576:A/EtbRxg1oJSL2fG0IofVcUN8hQtmBGjaPY9i+TH6x6c:lRxgaJSLYGYfV98+UBGjaQFHJc`
Yara	None matched
VirusTotal	Search for analysis

Name	960fdf8a31e985b7_t_baibaoyun_win32.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\2556eef612\t_baibaoyun_win32.dll
Size	1.2MB
Processes	2556 (%e5%8d%a1%e5%af%86%e7%94%9f%e6%88%90%e5%99%a8.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`22fb4088016272b0284a927187d89808`
SHA1	`ced1857001bb07529f3e4d5d66a00fca586081a3`
SHA256	`960fdf8a31e985b7c69b934ad3f19b55f4d52804113401060a7b7a7cf79391df`
CRC32	`A4777DB3`
ssdeep	`24576:Xybf1tSl87l5pWXv1SDpg6UjaePfwuT+ayux8Eugw+a/HPfmSsVHxeGMSC25n9oP:Xa1glWk9ke3VjIwm6V2`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	b8ab64b00c2cb719_tlib.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\2556eef612\TLib.dll
Size	707.5KB
Processes	2556 (%e5%8d%a1%e5%af%86%e7%94%9f%e6%88%90%e5%99%a8.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`84d18da644ec2559aa8a9f5cdc3948c0`
SHA1	`660c10a221ace21b418e526de45453ef972e66c1`
SHA256	`b8ab64b00c2cb719d7dabdacf17187ff75e053aad1aeae7298b4e596a6edf354`
CRC32	`33A45241`
ssdeep	`12288:2Xy3qmE8T7+E3CraIYXgDTqYON+lP5YbLAV81p8PW/ZBm2OkK6:2Xy3qmWE36aIYXgDTq5iP5YbMV8QoZHP`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	1244be9ba9acace6_main.twin Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\2556eef612\main.twin
Size	418.0B
Processes	2556 (%e5%8d%a1%e5%af%86%e7%94%9f%e6%88%90%e5%99%a8.exe)
Type	Little-endian UTF-16 Unicode text
MD5	`c2b851fe1d8e7f8581857f6e23b8843f`
SHA1	`d822bb3862497b077444b2bacd3c6bc29efca9e2`
SHA256	`1244be9ba9acace6353ff15c8d52db35e97b389ed6e3412e1890ddbaf9fba8bd`
CRC32	`22BB9673`
ssdeep	`6:QGkF9ubb6RGmJDpubYmEg/aErDpzVCMZ6OjWS7q8W+lFkFM4ZJlMh8T:QGKoP6RXJDM0krDp5CMtpHkFM4ZrMm`
Yara	None matched
VirusTotal	Search for analysis

Name	e3a682bc9ab15846_tapi.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\2556eef612\TApi.dll
Size	1.8MB
Processes	2556 (%e5%8d%a1%e5%af%86%e7%94%9f%e6%88%90%e5%99%a8.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`20a87544961d0189b6f180fb330e96bd`
SHA1	`4eb6d4edecad1472ede74989753043704b754300`
SHA256	`e3a682bc9ab15846da7105c819b138c9aee29fbf43ab4c9d349ea9bac9ed6773`
CRC32	`05289C3A`
ssdeep	`49152:zpqt05Rp4dTA56+KEr/rkrmPblHtImQJfvJ1FRJJMBLCGdZO36P3ouNk8B/qZQvK:7rkrmPblHtImQJfvJxMBLCGdOU37RSPn`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) DllRegisterServer_Zero - execute regsvr32.exe IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	39b5b458eeb6bcd6_intermediate.tis Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\2556eef612\intermediate.tis
Size	2.0KB
Processes	2556 (%e5%8d%a1%e5%af%86%e7%94%9f%e6%88%90%e5%99%a8.exe)
Type	data
MD5	`c029362a6ab49f7232c11b3c70c5632b`
SHA1	`86ef3862cd9398471ba7e59552ee406798e07a9c`
SHA256	`39b5b458eeb6bcd6d2269794c58c38734538f7e3dcdf5c003a1fc788633ee2c0`
CRC32	`A397CD61`
ssdeep	`48:b/Af6b8INtLU3we8/jCcs8/HBFqmupsf8KoWpSYQfbTG+Z:bmZINdehcbHBEmupHCSft`
Yara	None matched
VirusTotal	Search for analysis