Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe
11.13 02:11
nb.exe
11.13 02:11
svcyr.exe
11.13 02:11
Ghost_1.5.11.5.exe
11.13 02:11
PowderGpl.exe
11.13 02:11
goodlabel%E6%89%93%E5%...

Latest News
11.15 07:11
FCC to soon announce l...
11.15 07:11
Michael Burry Boosts C...
11.15 07:11
Thomas Kurtz, Co-Creat...
11.15 06:11
Malware Spotlight: A ...
11.15 06:11
Disney's Streaming Suc...
11.15 06:11
Applied Materials Fore...
11.15 06:11
Bluetooth Dongle Gives...
11.15 06:11
North Korea's Lazarus ...
11.15 06:11
Malone Makes Pitch for...
11.15 05:11
SpaceX Scraps Texas La...

Dropped Files | ZeroBOX

Name	7bf20f5902436cb9_Readme.txt Submit file
Filepath	C:\Windows\SysWOW64\Readme.txt
Size	1.3KB
Processes	2560 (Ghost_1.5.11.5.exe)
Type	Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
MD5	`51f89930257df2da61e68e29f331cb29`
SHA1	`6945afe2a7154b04d6940fd6105d6b45eb60b872`
SHA256	`7bf20f5902436cb98093c83135e6daaf9a31d8dd09191b8802dc75b83341a244`
CRC32	`FDAA7C83`
ssdeep	`24:Q1Cwe2Sy5+WVi1b+4LDVdaSDVnUoqDVfMkKDC+aCm2fC6uHurw4ni6FCKXQHhpRI:gCweeYR7d9UoyUa+buHqwMFCKX6pKkOp`
Yara	None matched
VirusTotal	Search for analysis

Name	e07c8fd73b905fbf_omnifs32.dmp Submit file
Filepath	C:\Windows\SysWOW64\omnifs32.dmp
Size	26.9MB
Processes	2892 (omnifs32.EXE) 1964 (omnifs32.EXE)
Type	Mini DuMP crash report, 8 streams, Wed Nov 13 05:17:48 2024, 0x2 type
MD5	`bb013fed9fc00153bd2eef781b086e73`
SHA1	`996da190e3ac65cd4f29dfa884a229c12ffbbf42`
SHA256	`e07c8fd73b905fbf76dc6e0f4420f394a9ac147cf01ecd8f0a45a04c5f6d4836`
CRC32	`FA4E2BC1`
ssdeep	`393216:eD17JxYrSuyz0bo2CKkwBrVX0qFIb2uk9Vt9v0GmFT:IJuSubo2CKkwBrVXFCHF`
Yara	Microsoft_Office_File_Downloader_Zero - Microsoft Office File Downloader Malicious_Library_Zero - Malicious_Library Network_Downloader - File Downloader Admin_Tool_IN_Zero - Admin Tool Sysinternals ASPack_Zero - ASPack packed file DllRegisterServer_Zero - execute regsvr32.exe Antivirus - Contains references to security software IAmTheKing_Family - IAmTheKing Family Microsoft_Office_File_Zero - Microsoft Office File Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	c1863cecf48d4e0d_showdrive.exe Submit file
Filepath	C:\Windows\SysWOW64\SHOWDRIVE.EXE
Size	28.0KB
Processes	2560 (Ghost_1.5.11.5.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`9dcc76e36021f25312903377500566e2`
SHA1	`c74d638a38e3b842b8a06958e96b11081de8d1e4`
SHA256	`c1863cecf48d4e0dc26326081a6bc6d6975e86d9b395fa6e49eaec632ad1c5b7`
CRC32	`18108A83`
ssdeep	`384:+i2eLT45S78RGml9eZGtOeOcR+wScyK+ivfAW5oZV:+i2c45ZRcuPtV+efF5oZ`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	ed1f0c01a20b9943_omnifs32.exe Submit file
Filepath	C:\Windows\SysWOW64\omnifs32.EXE
Size	2.3MB
Processes	2560 (Ghost_1.5.11.5.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`70b6a76178479d237a2c23b86d6c06d9`
SHA1	`3bfd492082e3958a1038685ad9e17800510e94e1`
SHA256	`ed1f0c01a20b99435c9f6a233bf3a766e756c866db1dda460822424d228ec5d7`
CRC32	`618AF63E`
ssdeep	`49152:GLsbjD/08Vv/VX2nSlsLm8A2kNxyqGRH8pIoB/z:B//xplsHPrcuW`
Yara	PhysicalDrive_20181001 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_efi.txt Empty file or file not found
Filepath	C:\Windows\efi.txt
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	c4e87136d140c22b_autF0BA.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\autF0BA.tmp
Size	479.5KB
Processes	2560 (Ghost_1.5.11.5.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`ae1b31ab58dbb8e65cc261b527a0a5dd`
SHA1	`502505378077bdcc4286907b39808476da2df3fd`
SHA256	`c4e87136d140c22b097ec6ae608d4056327eb4eb45299e92032f1cb6ec279811`
CRC32	`6053DD10`
ssdeep	`12288:buRFx94Xug32zv28b5jIzXpDEyI3c/jA4plA1y7:bYxLg32zxbqEytLDai`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	9b8ff02892da8b95_autF30C.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\autF30C.tmp
Size	1.3MB
Processes	2560 (Ghost_1.5.11.5.exe)
Type	data
MD5	`30d137333802d00ab86ec6dfec8f96f0`
SHA1	`a492153e4456b7c5fdf121ad3c05eb158e32db43`
SHA256	`9b8ff02892da8b9598402b1ace6c4c3089ecf3610277e7bdee7421a8b45ade5c`
CRC32	`04406123`
ssdeep	`24576:QAJkF0W8Ic5LygKoCtqWbras+6GTGAkZbk3DtPMzZYTy+9lfQO4slJM6p8bI/LNs:ngqPaas+6eka3CziTLf6CoI/yu8`
Yara	None matched
VirusTotal	Search for analysis

Name	34ad1977593a3806_aut9C4.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\aut9C4.tmp
Size	786.0B
Processes	2560 (Ghost_1.5.11.5.exe)
Type	data
MD5	`a9315d72dd5f798de42d61e0293f1458`
SHA1	`e28962a8e12981a1f1be7d77300b503fbdc053b8`
SHA256	`34ad1977593a38066dfb5867742ada5cf9743fd5a6824015b3ffbb268056d2a0`
CRC32	`44D8771F`
ssdeep	`24:nAamCCcKCdYhE7+MVZvfwS5djr7yoHGB7Mb:JLNBdY417HrDHJmc`
Yara	None matched
VirusTotal	Search for analysis

Name	9b0890a86fb439f5_dspt1.txt Submit file
Filepath	C:\Windows\SysWOW64\dspt1.txt
Size	239.0B
Type	ASCII text, with CRLF line terminators
MD5	`931a56f1aad7ab79c0bad2bbd7ff8d48`
SHA1	`145f1781a0e5e4b8ff1fa6f7b491f4b1b364607c`
SHA256	`9b0890a86fb439f51234060f92b7820647c035c949277d24be195653ec71c3f7`
CRC32	`F5C6E26D`
ssdeep	`6:rFFG0iEQ/QW/mdNPHNxjy/YFW0NNxjy/2PXg:jGP5/QWeHtxjyQW0jxjyQg`
Yara	None matched
VirusTotal	Search for analysis

Name	6ced65625022285a_dspt.txt Submit file
Filepath	C:\Windows\SysWOW64\dspt.txt
Size	158.0B
Type	ASCII text, with CRLF line terminators
MD5	`f763fd50a3d264fc2af6b2440523d1b0`
SHA1	`8bc40b4274c86ec20207c29a86c0797df096a809`
SHA256	`6ced65625022285a5e49494a47a99ca3203df833964c39ba3827605d075ca9d9`
CRC32	`6E08AFA3`
ssdeep	`3:ybRQFXpSAFVTYA3XrUMV16MFFFF1QdfUg49UFWUaaXFy/FWn/Fjn:T/pV06rIEUba6Fy/FW/Z`
Yara	None matched
VirusTotal	Search for analysis

Name	9f8439a9217a1f1e_aut398.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\aut398.tmp
Size	23.5KB
Processes	2560 (Ghost_1.5.11.5.exe)
Type	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`c3429879521305de064a0952dab5eb6a`
SHA1	`167e21603daacb16801e0e3cc1693d2da4d65cc4`
SHA256	`9f8439a9217a1f1e2aa46e611a8e38b591500f986c484ec179cfef712cbff707`
CRC32	`E9E5E92A`
ssdeep	`384:3kc5/kH+JAPqtaYTAx6LyZdp1dwlenlvj2WeXxRD8aKdedTdL9/nxyXEnbKBkMHr:3ka/7OPH0Ax7/p1dM1BRDbKoTdL9/gU+`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	146b405db66dd18f_autF01C.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\autF01C.tmp
Size	14.4KB
Processes	2560 (Ghost_1.5.11.5.exe)
Type	data
MD5	`0552114ba58126ec9c74e9cb8a77773d`
SHA1	`d246d52cc5f189c23b2e22894766f48d6f6a6c2f`
SHA256	`146b405db66dd18f06986d6112349024dcb0d8dc5c6ad1e5672c5245dfcc0251`
CRC32	`234B2F04`
ssdeep	`384:zLGeymV4qt5X7xX1KaXbQn2vbMU1y9FA5195rWPw:SmuuDKObQ2NkFAfww`
Yara	None matched
VirusTotal	Search for analysis