Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe
11.13 02:11
nb.exe
11.13 02:11
svcyr.exe
11.13 02:11
Ghost_1.5.11.5.exe
11.13 02:11
PowderGpl.exe
11.13 02:11
goodlabel%E6%89%93%E5%...

Latest News
11.15 08:11
Lenovo Profit Beats Es...
11.15 08:11
Self-Driving Startup P...
11.15 08:11
Kein Ausschluss: EU lo...
11.15 08:11
IT Sicherheitsnews tae...
11.15 08:11
Indonesia's Prabowo: N...
11.15 08:11
HackerOne urges U.S. t...
11.15 08:11
에크레레코리아, 출장 사진 촬영 플랫폼 ...
11.15 08:11
Fake North Korean IT W...
11.15 08:11
122 million people’s b...
11.15 08:11
Angry Judge Questions ...

Dropped Files | ZeroBOX

Name	7bf20f5902436cb9_Readme.txt Submit file
Filepath	C:\Windows\SysWOW64\Readme.txt
Size	1.3KB
Processes	2084 (ghost.exe)
Type	Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
MD5	`51f89930257df2da61e68e29f331cb29`
SHA1	`6945afe2a7154b04d6940fd6105d6b45eb60b872`
SHA256	`7bf20f5902436cb98093c83135e6daaf9a31d8dd09191b8802dc75b83341a244`
CRC32	`FDAA7C83`
ssdeep	`24:Q1Cwe2Sy5+WVi1b+4LDVdaSDVnUoqDVfMkKDC+aCm2fC6uHurw4ni6FCKXQHhpRI:gCweeYR7d9UoyUa+buHqwMFCKX6pKkOp`
Yara	None matched
VirusTotal	Search for analysis

Name	30c1749086634548_autDED7.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\autDED7.tmp
Size	786.0B
Processes	2084 (ghost.exe)
Type	data
MD5	`7d85006156fd4d12f821e5efa04242ac`
SHA1	`ea119c897c242aea4d648be58246cd4ef2802c3b`
SHA256	`30c17490866345484249a7d0da14bafa5a092f31b45d6003e141026d80d4585e`
CRC32	`3E7FC301`
ssdeep	`24:nWAamCCcKCdYhE7+MVZvfwS5djr7yoHGB7Mb:OLNBdY417HrDHJmc`
Yara	None matched
VirusTotal	Search for analysis

Name	c1863cecf48d4e0d_showdrive.exe Submit file
Filepath	C:\Windows\SysWOW64\SHOWDRIVE.EXE
Size	28.0KB
Processes	2084 (ghost.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`9dcc76e36021f25312903377500566e2`
SHA1	`c74d638a38e3b842b8a06958e96b11081de8d1e4`
SHA256	`c1863cecf48d4e0dc26326081a6bc6d6975e86d9b395fa6e49eaec632ad1c5b7`
CRC32	`18108A83`
ssdeep	`384:+i2eLT45S78RGml9eZGtOeOcR+wScyK+ivfAW5oZV:+i2c45ZRcuPtV+efF5oZ`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	ed1f0c01a20b9943_omnifs32.exe Submit file
Filepath	C:\Windows\SysWOW64\omnifs32.EXE
Size	2.3MB
Processes	2084 (ghost.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`70b6a76178479d237a2c23b86d6c06d9`
SHA1	`3bfd492082e3958a1038685ad9e17800510e94e1`
SHA256	`ed1f0c01a20b99435c9f6a233bf3a766e756c866db1dda460822424d228ec5d7`
CRC32	`618AF63E`
ssdeep	`49152:GLsbjD/08Vv/VX2nSlsLm8A2kNxyqGRH8pIoB/z:B//xplsHPrcuW`
Yara	PhysicalDrive_20181001 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_efi.txt Empty file or file not found
Filepath	C:\Windows\efi.txt
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	ea4462900c1c91b3_autC3D7.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\autC3D7.tmp
Size	14.4KB
Processes	2084 (ghost.exe)
Type	data
MD5	`3bb5717a144bbe6f55a957fddfc05509`
SHA1	`b7dfb0573f3146bd6f962cca6467cc693c02ea31`
SHA256	`ea4462900c1c91b3143733b07720e8f9d8f52f016d85f36aa7ee99897545dc2a`
CRC32	`743E4993`
ssdeep	`384:KLGeymV4qt5X7xX1KaXbQn2vbMU1y9FA5195rWPw:nmuuDKObQ2NkFAfww`
Yara	None matched
VirusTotal	Search for analysis

Name	c4eca8e774e776cb_autC706.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\autC706.tmp
Size	1.3MB
Processes	2084 (ghost.exe)
Type	data
MD5	`0b200debfa6f6d70376013407ac4debc`
SHA1	`fda92c925e8deb50310939fbd0ee9fd0c8273cfe`
SHA256	`c4eca8e774e776cbfd868ec4afbb495e3c9bf3395fc7bed7855f107a0f4a43c8`
CRC32	`63AD8DB8`
ssdeep	`24576:3AJkF0W8Ic5LygKoCtqWbras+6GTGAkZbk3DtPMzZYTy+9lfQO4slJM6p8bI/LNs:QgqPaas+6eka3CziTLf6CoI/yu8`
Yara	None matched
VirusTotal	Search for analysis

Name	909159476c253c57_dspt.txt Submit file
Filepath	C:\Windows\SysWOW64\dspt.txt
Size	158.0B
Type	ASCII text, with CRLF line terminators
MD5	`d78766a5a82e6cf13761659833d4730a`
SHA1	`c77efaf03eb69a0d6d7090cca276d5fba24e6c0c`
SHA256	`909159476c253c576d7bc2b8347cc071fae8ee51b457fd78433b730317e6c47d`
CRC32	`8E634FD5`
ssdeep	`3:ybRQFXpSAFVTYA3XrUMV16MFFFF1QzWV/SOUFWUaaXFy/FWn/Fjn:T/pV06rHUba6Fy/FW/Z`
Yara	None matched
VirusTotal	Search for analysis

Name	9f8439a9217a1f1e_autD947.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\autD947.tmp
Size	23.5KB
Processes	2084 (ghost.exe)
Type	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`c3429879521305de064a0952dab5eb6a`
SHA1	`167e21603daacb16801e0e3cc1693d2da4d65cc4`
SHA256	`9f8439a9217a1f1e2aa46e611a8e38b591500f986c484ec179cfef712cbff707`
CRC32	`E9E5E92A`
ssdeep	`384:3kc5/kH+JAPqtaYTAx6LyZdp1dwlenlvj2WeXxRD8aKdedTdL9/nxyXEnbKBkMHr:3ka/7OPH0Ax7/p1dM1BRDbKoTdL9/gU+`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	da420b39a1c9a3c0_omnifs32.dmp Submit file
Filepath	C:\Windows\SysWOW64\omnifs32.dmp
Size	25.1MB
Processes	2424 (omnifs32.EXE) 2684 (omnifs32.EXE)
Type	Mini DuMP crash report, 8 streams, Wed Nov 13 07:57:55 2024, 0x2 type
MD5	`976e0dd0acc854e8c837dd4b7249458d`
SHA1	`7475f9a6924f245a2ba96d5488c3ede0aecc82a9`
SHA256	`da420b39a1c9a3c0614205f108cbf991dbff99892527a41b5b493b2b79e9ef3f`
CRC32	`B2E5A48A`
ssdeep	`393216:gDdh5TPsK3Zi0rCYJp3ExaycBhIWOpdPXm+q:adh5TJ3JCYJp3Eky0IWO/W+`
Yara	Microsoft_Office_File_Downloader_Zero - Microsoft Office File Downloader Malicious_Library_Zero - Malicious_Library Network_Downloader - File Downloader Admin_Tool_IN_Zero - Admin Tool Sysinternals ASPack_Zero - ASPack packed file DllRegisterServer_Zero - execute regsvr32.exe Antivirus - Contains references to security software IAmTheKing_Family - IAmTheKing Family Microsoft_Office_File_Zero - Microsoft Office File Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	1cd74320711e8cea_dspt1.txt Submit file
Filepath	C:\Windows\SysWOW64\dspt1.txt
Size	238.0B
Type	ASCII text, with CRLF line terminators
MD5	`ab4d1b72fc070e3fea743be92860eafa`
SHA1	`54ff23619a6e9d1ca078001622a1af895ac4d3ed`
SHA256	`1cd74320711e8ceac8e0697e58178fa404143bfeceb8601386222ecef9b20e7b`
CRC32	`C763521F`
ssdeep	`6:rFFG0iEQ/QW/mdNPHNxjy/YFW0NNxjy/2HRba:jGP5/QWeHtxjyQW0jxjyca`
Yara	None matched
VirusTotal	Search for analysis

Name	c4e87136d140c22b_autC494.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\autC494.tmp
Size	479.5KB
Processes	2084 (ghost.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`ae1b31ab58dbb8e65cc261b527a0a5dd`
SHA1	`502505378077bdcc4286907b39808476da2df3fd`
SHA256	`c4e87136d140c22b097ec6ae608d4056327eb4eb45299e92032f1cb6ec279811`
CRC32	`6053DD10`
ssdeep	`12288:buRFx94Xug32zv28b5jIzXpDEyI3c/jA4plA1y7:bYxLg32zxbqEytLDai`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis