Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
01.18 04:01
svc.exe
01.18 04:01
RemittanceForms.exe
01.18 04:01
Aristois-Free.jar
01.18 10:01
setup641.msi
01.18 10:01
Needle_Setup.exe
01.18 10:01
8734_5737.exe
01.18 10:01
CondoGenerator.exe
01.18 10:01
QGFQTHIU.exe
01.18 10:01
4909_7122.exe
01.18 10:01
Updater.exe

Latest News
01.18 06:01
A PDA From An ESP32
01.18 06:01
Whatsapp: Diese 4 neue...
01.18 06:01
KI-Nostalgie: Llama 2 ...
01.18 06:01
Paxton: Vertriebsleite...
01.18 05:01
Anzeige: IT-Sicherheit...
01.18 04:01
New tool: immutable.py...
01.18 03:01
U.S. Sanctions Chinese...
01.18 03:01
A Field Expedient Weld...
01.18 12:01
No Crystal Earpiece? N...
01.18 11:01
TikTok Says to ‘Go Dar...

Dropped Files | ZeroBOX

Name	257e6489f5b733f2_msidcrl40.dll Submit file
Filepath	C:\Windows\Temp\{1F95F2E3-5745-43A3-B048-DC3761728DAF}\.ba\msidcrl40.dll
Size	791.3KB
Processes	2668 (QGFQTHIU.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`ef66829b99bbfc465b05dc7411b0dcfa`
SHA1	`c6f6275f92053b4b9fa8f2738ed3e84f45261503`
SHA256	`257e6489f5b733f2822f0689295a9f47873be3cec5f4a135cd847a2f2c82a575`
CRC32	`11BF3BF0`
ssdeep	`12288:2qjIhzdNvajtjz38HkZIbKnxPxlJsk7aMClZE:2qjIhzdNvkjGKP1I+`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	13177433700e91c2_bray.xls Submit file
Filepath	C:\Windows\Temp\{1F95F2E3-5745-43A3-B048-DC3761728DAF}\.ba\bray.xls
Size	799.4KB
Processes	2668 (QGFQTHIU.exe)
Type	data
MD5	`ab2b9ef9cc48c63955a738881a8ca4cc`
SHA1	`28e5484e1d3cf98d56f764eed95a437c11621a86`
SHA256	`13177433700e91c2efaf3ec155efe30c1d53f9b5a1fd65e7931c789bf65ffb91`
CRC32	`955B5F88`
ssdeep	`12288:xcD76ufseR81g0FiwSvkcB7Is9msQwuICuHQkCGWERzOEawwcTWhg5MV+ShoD6sl:zVx4vnF9AwFhro8wcTWS5++goDpRf`
Yara	None matched
VirusTotal	Search for analysis

Name	fa384bfcfc9fe22a_BootstrapperApplicationData.xml Submit file
Filepath	C:\Windows\Temp\{1F95F2E3-5745-43A3-B048-DC3761728DAF}\.ba\BootstrapperApplicationData.xml
Size	2.3KB
Processes	2668 (QGFQTHIU.exe)
Type	XML 1.0 document, Little-endian UTF-16 Unicode text, with very long lines, with CRLF line terminators
MD5	`840058d4e9223cbe31b7e4b229e318b7`
SHA1	`e4d5ec77c1c39b376546034e38b92d80e93fe21d`
SHA256	`fa384bfcfc9fe22abcf224b62e44381145b2cc56b71b870c42a7ac5cfb28e492`
CRC32	`6E1A49E5`
ssdeep	`48:y+03N6hOlN8BOgdSkwcne1tAUIJS0wuiycfTegj1Hmi1tIBrzCi1tvBrzwl:2yO0wcn6tAUX0wuiycfTIWtIBrzCWtvk`
Yara	None matched
VirusTotal	Search for analysis

Name	6dc7275f2143d1de_msn.exe Submit file
Filepath	C:\Windows\Temp\{1F95F2E3-5745-43A3-B048-DC3761728DAF}\.ba\msn.exe
Size	5.5MB
Processes	2668 (QGFQTHIU.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`537915708fe4e81e18e99d5104b353ed`
SHA1	`128ddb7096e5b748c72dc13f55b593d8d20aa3fb`
SHA256	`6dc7275f2143d1de0ca66c487b0f2ebff3d4c6a79684f03b9619bf23143ecf74`
CRC32	`37F7C7E0`
ssdeep	`49152:ERUl697ngPTrho9J8kgdjbHNZ5PP/Re5m3mxVN6KEp0v7J7k66ZRkQTXw+sljVop:uAXqnhON8m3mzNHTdw6YSX+sleu5y`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet ASPack_Zero - ASPack packed file DllRegisterServer_Zero - execute regsvr32.exe IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	b040fd107e566c5e_QGFQTHIU.exe Submit file
Filepath	C:\Windows\Temp\{E039CF43-5A4F-4EE7-A7B6-A922B7D60560}\.cr\QGFQTHIU.exe
Size	4.8MB
Processes	2560 (QGFQTHIU.exe)
Type	PE32+ executable (GUI) x86-64, for MS Windows, InstallShield self-extracting archive
MD5	`74302d09606255cb10a7df3a744e6908`
SHA1	`c64b9de79b68cdd0531219c8be07110caee014bc`
SHA256	`b040fd107e566c5e4bbd3d84fc51ae33d393fd3a03b33d07772733e36a2eb25d`
CRC32	`0E71AC59`
ssdeep	`98304:UK/ZoaSs+bgcPlK+rSN2xeELJ4g1x3+FbdYapMDrEPxiJVwJyHLcnP6WS://uVs+bH9K+OGeIBSHqDIPI7WOLyyWS`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE64 - (no description) CAB_file_format - CAB archive file Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	c777b4d375643b20_cerebrotonia.aspx Submit file
Filepath	C:\Windows\Temp\{1F95F2E3-5745-43A3-B048-DC3761728DAF}\.ba\cerebrotonia.aspx
Size	54.4KB
Processes	2668 (QGFQTHIU.exe)
Type	data
MD5	`9982438cc8eb86ab120ef0a8241f8efc`
SHA1	`132ed9d13d612bc11ea45bcc8b25e5536e488d08`
SHA256	`c777b4d375643b20887e8b3dced8eb53d8dae98b94cfca4107da9f446b297e82`
CRC32	`729B56E1`
ssdeep	`768:Qvf3Jrvlc2ca7VQSmKipkkD2ZTZFZtjJbb/ZmlWPGgVTj3js3rWUz1qmlIZcVnhL:0fZR17VQSBRvTZ3tjJvnVTs7hAe`
Yara	None matched
VirusTotal	Search for analysis

Name	0abf68b8409046a1_contactsUX.dll Submit file
Filepath	C:\Windows\Temp\{1F95F2E3-5745-43A3-B048-DC3761728DAF}\.ba\contactsUX.dll
Size	331.9KB
Processes	2668 (QGFQTHIU.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`54ee6a204238313dc6aca21c7e036c17`
SHA1	`531fd1c18e2e4984c72334eb56af78a1048da6c7`
SHA256	`0abf68b8409046a1555d48ac506fd26fda4b29d8d61e07bc412a4e21de2782fd`
CRC32	`10170D8B`
ssdeep	`6144:zLU98dTLLPTtdO37tzHzjRzPSzHKBJupBzC8vAocIGhL99WP+gDjX5oOyOta3H/C:P9PLrtShzHzjRMcQpsSCTO2H/Kj`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) DllRegisterServer_Zero - execute regsvr32.exe IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	742781830261adb0_scutage_20250118175009.cleanroom.log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Scutage_20250118175009.cleanroom.log
Size	766.0B
Processes	2560 (QGFQTHIU.exe)
Type	ASCII text, with CRLF line terminators
MD5	`b0b6c2a5f8dc39e75b08ee7651ec4fe1`
SHA1	`ae49a2dd694c2c9d894d1a640de9a3370bfb36c3`
SHA256	`742781830261adb0f0e2525561748052e62d950909f2ecd5582e905ba32f4093`
CRC32	`F299E253`
ssdeep	`12:f4OX7uXNSX2W/xOLMlAOm6OnSRcP2EmRKYOLMk6OnSRcP2EWKYOLMt6OnSRcP2rO:A6YNSmAnSGbcP2hxbcP29wbcP2Vm70Mt`
Yara	None matched
VirusTotal	Search for analysis

Name	cb8928ff2faf2921_msvcr80.dll Submit file
Filepath	C:\Windows\Temp\{1F95F2E3-5745-43A3-B048-DC3761728DAF}\.ba\msvcr80.dll
Size	612.0KB
Processes	2668 (QGFQTHIU.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`43143abb001d4211fab627c136124a44`
SHA1	`edb99760ae04bfe68aaacf34eb0287a3c10ec885`
SHA256	`cb8928ff2faf2921b1eddc267dce1bb64e6fee4d15b68cd32588e0f3be116b03`
CRC32	`4A85CAC1`
ssdeep	`12288:mxzh9hH5RVKTp0G+vFhr46CI600yZmGyYG:mph9hHzVKOpt6MmGyY`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet IsDLL - (no description) IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	c63054e681f9acbe_Celesta.dll Submit file
Filepath	C:\Windows\Temp\{1F95F2E3-5745-43A3-B048-DC3761728DAF}\.ba\Celesta.dll
Size	1.4MB
Processes	2668 (QGFQTHIU.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`dad4d39ac979cf5c545116b4f459e362`
SHA1	`54632d73df4ddf43ab38ed66c00989ee55569f7d`
SHA256	`c63054e681f9acbec7e12a8ba691bc3657e3279825734517929ccd9f1e43db4d`
CRC32	`0C2B27E1`
ssdeep	`24576:e4REBfuEluHsfKYIhdg83FiTDSaEc99Xogpy:JazEi6hfFk3Ec9qgE`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsDLL - (no description) IsPE64 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	4173381b0a95219f_scutage_20250118175013.log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Scutage_20250118175013.log
Size	3.5KB
Processes	2668 (QGFQTHIU.exe)
Type	ASCII text, with CRLF line terminators
MD5	`3d9552b8f30fd442c308358a048ffdc0`
SHA1	`cdc60c04c3dae209027f468f45124d32eff1b15d`
SHA256	`4173381b0a95219f2f9cb27e770925353977c353003b4a3f3b91fe2a3b085cb6`
CRC32	`9F0ED4AB`
ssdeep	`48:S08NMmP0u50dYr0dkijOmsjDjkSjg1T/P391T/e1Ty1B6FGe8s/uSEj0KNgLWmBN:T8SmMtrzBd5axh0y`
Yara	None matched
VirusTotal	Search for analysis

Name	9b696ad0ec3b37ba_BundleExtensionData.xml Submit file
Filepath	C:\Windows\Temp\{1F95F2E3-5745-43A3-B048-DC3761728DAF}\.ba\BundleExtensionData.xml
Size	252.0B
Processes	2668 (QGFQTHIU.exe)
Type	XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
MD5	`a35990570afaa7d023fd2ebbe229afb8`
SHA1	`86688b13d3364adb90bba552f544d4d546afd63d`
SHA256	`9b696ad0ec3b37bac11da76bcd51ad907d31ee9638dad7bb8fdd5aef919ef621`
CRC32	`A09044DF`
ssdeep	`6:QFulcLk0YR5Ie8GcUlLulFwENeWlYmH1fMWGVUlLulFwEnk:QF/LXYRWe8OLqF3Ye1kWGaLqFhk`
Yara	None matched
VirusTotal	Search for analysis

Name	f73e3f3d3fea1a55_msncore.dll Submit file
Filepath	C:\Windows\Temp\{1F95F2E3-5745-43A3-B048-DC3761728DAF}\.ba\msncore.dll
Size	982.0KB
Processes	2668 (QGFQTHIU.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`ac97328f67d0877e526fb6ac131bf4be`
SHA1	`9f61ffe3f3ca2463929bfea3292ffe9ca003af18`
SHA256	`f73e3f3d3fea1a556b8a91680c13b3969136c2abdf9121604b9389bdd1fc58e9`
CRC32	`F33130BB`
ssdeep	`12288:dI4v4jlJYDBct3wTjlnkwMREiE0ICrNwfSTLRVDRAotTLkWg9wOW:d3E3wVkwmE9FCrN+STVV9AotTLkMOW`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) DllRegisterServer_Zero - execute regsvr32.exe IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis