Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe
11.13 02:11
nb.exe
11.13 02:11
svcyr.exe
11.13 02:11
Ghost_1.5.11.5.exe
11.13 02:11
PowderGpl.exe
11.13 02:11
goodlabel%E6%89%93%E5%...

Latest News
11.15 07:11
FCC to soon announce l...
11.15 07:11
Michael Burry Boosts C...
11.15 07:11
Thomas Kurtz, Co-Creat...
11.15 06:11
Malware Spotlight: A ...
11.15 06:11
Disney's Streaming Suc...
11.15 06:11
Applied Materials Fore...
11.15 06:11
Bluetooth Dongle Gives...
11.15 06:11
North Korea's Lazarus ...
11.15 06:11
Malone Makes Pitch for...
11.15 05:11
SpaceX Scraps Texas La...

Dropped Files | ZeroBOX

Name	3ae4eccb218817f8_dragon Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Dragon
Size	13.9KB
Processes	1460 (PowderGpl.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`8f99511bc647d62d0ab24676ffbf1f81`
SHA1	`ee9c17c288b3ecd7984edd8f5d3f3c2806c28beb`
SHA256	`3ae4eccb218817f804f188b17cdab5f2d5a46e4b01f61992522c687cb265b8a6`
CRC32	`731C6B3C`
ssdeep	`384:/T48bEoSmCD+rFM9SUmaB0LKnmVp/bvVXBghxKL:/QRmCDuFM9SUmCqKnmT/bdxZL`
Yara	None matched
VirusTotal	Search for analysis

Name	81887327e72b9233_combine Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Combine
Size	85.0KB
Processes	1460 (PowderGpl.exe)
Type	data
MD5	`dad5d9394613487c0825ad87374a4a96`
SHA1	`806d908a747487b4693b1dc7598c66670b342cac`
SHA256	`81887327e72b9233e2a002ed8d4557669f3305a60fc4ab45b3cb37257798c42c`
CRC32	`F6C5FDEB`
ssdeep	`1536:zHRIQeiX+nna2eoxtc3zpBJRt2QYKcROSMlneus3Vrvtsc33ns3yF:zHRJ+nneoxtc3FHRtLlSMlXs3Vbp`
Yara	None matched
VirusTotal	Search for analysis

Name	8faea441687488ed_chef Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Chef
Size	64.1KB
Processes	1460 (PowderGpl.exe)
Type	data
MD5	`4929feb5427b3e00555c7cebeb73ab46`
SHA1	`a48cf5e4a6e44bba30589f5cf96536a3a007141b`
SHA256	`8faea441687488ed8da8773c1acf4f6ba847b42359716d1275fe44100fc46cd9`
CRC32	`DAD85CD6`
ssdeep	`1536:/mdRT9kEQQ9GvMxPgAqrEZl0ZLt8aHqoX2vCp+S4tqelX:/mhlsUaAqo/kBZHB2qiqelX`
Yara	None matched
VirusTotal	Search for analysis

Name	5b264df9d00b5df6_transportation Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Transportation
Size	74.0KB
Processes	1460 (PowderGpl.exe)
Type	data
MD5	`30a3404783a2d7652e29d645628b04c9`
SHA1	`aaf37b72d13c697276b34e323ca1bd00fc243cdf`
SHA256	`5b264df9d00b5df6d976a76cca68f3fd70bc1c277344d6d8c16a024cebbcb9a6`
CRC32	`4101CDD3`
ssdeep	`1536:TJLqjAF/Ydq/lz2RM2jbcgYiDGcOiISEN6x0FDJrIKQfh:TJLOA9phAZj7YiqcOiVE5FDCKQfh`
Yara	None matched
VirusTotal	Search for analysis

Name	08e08296d2da025e_k Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\609587\k
Size	223.1KB
Processes	2588 (cmd.exe)
Type	data
MD5	`9c3ccfc1b85ec90de741f82334ec5c13`
SHA1	`cdb55d03f47197ac3c1556de854384e25a161285`
SHA256	`08e08296d2da025e5fd84c3ad002a83af525149d56b5d9a24f75a6d080bbea58`
CRC32	`0733AEFA`
ssdeep	`6144:LRJsefVHPky+Dx4j7YRpFQUhOjogZHYgs:L3sedHPkyCx4YR/QXsgZXs`
Yara	None matched
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_nsxC0BB.tmp Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\nsxC0BB.tmp
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	d8b7c7178fbadbf1_horizon.pif Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\609587\Horizon.pif
Size	872.7KB
Processes	2168 (cmd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`18ce19b57f43ce0a5af149c96aecc685`
SHA1	`1bd5ca29fc35fc8ac346f23b155337c5b28bbc36`
SHA256	`d8b7c7178fbadbf169294e4f29dce582f89a5cf372e9da9215aa082330dc12fd`
CRC32	`388D364B`
ssdeep	`12288:WpV0etV7qtINsegA/rMyyzlcqakvAfcN9b2MyZa31tqoPTdFbgawV2501:WTxz1JMyyzlohMf1tN70aw8501`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	ade4df61ada81439_traveling Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Traveling
Size	864.9KB
Processes	1460 (PowderGpl.exe)
Type	data
MD5	`4546bdeea370b865f80ba3e523b3ade7`
SHA1	`7118f8844c1f938d3e00b5c50624d995ee01236a`
SHA256	`ade4df61ada81439b176e2b32f970ec6a0697c959e3d75c0e40eea07813ed930`
CRC32	`95F8F990`
ssdeep	`12288:QV0etV7qtINsegA/rMyyzlcqakvAfcN9b2MyZa31tqoPTdFbgawV2501:yxz1JMyyzlohMf1tN70aw8501`
Yara	Malicious_Library_Zero - Malicious_Library Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	d0fa12b632138bae_sufficient Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Sufficient
Size	7.8KB
Processes	1460 (PowderGpl.exe)
Type	data
MD5	`b3b46c8e223bde8e40e6628db25523c9`
SHA1	`b1fe51169b519463044c613d4f3edf9c26115dac`
SHA256	`d0fa12b632138baed0239d8da41e60ae5e9d08c4ab7de774bea56741e8bd9a09`
CRC32	`738DC995`
ssdeep	`192:qHAeOqAFDw09CV/2nPvj6DdMP3r1HI5jMlbN+G3ygxj:qHAHhww+/2nlP3r1WAL3yQj`
Yara	None matched
VirusTotal	Search for analysis