Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
01.31 01:01
29.exe
01.30 07:01
joiner.exe
01.30 07:01
stub.exe
01.30 07:01
fag.exe
01.30 07:01
rh_0-8_2025-01-23_15-0...
01.30 07:01
newest.exe
01.30 07:01
setup_64.msi
01.30 07:01
1.jar
01.30 07:01
enai2.exe
01.30 07:01
BQEHIQAG.exe

Latest News
01.31 01:01
에이드리븐, 수출지원기반사업 수행기업 선...
01.31 01:01
北 해커부대 라자루스, 오픈소스 프로젝트...
01.31 01:01
한국 IDC, 2025년 국내 및 글로벌...
01.31 01:01
Weekly Detection Rule ...
01.31 01:01
한국사회보장정보원, 2025년 사회보장정...
01.31 01:01
Weekly Detection Rule ...
01.31 01:01
Android Malware & ...
01.31 12:01
ISC Stormcast For Frid...
01.31 12:01
Patching Up Failing He...
01.31 11:01
DeepSeek’s Rise Shows ...

Dropped Files | ZeroBOX

Name	b5f1955fa5225f8c_skivy_20250130231044.log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Skivy_20250130231044.log
Size	995.0B
Processes	2656 (BQEHIQAG.exe)
Type	ASCII text, with CRLF line terminators
MD5	`1cb59e6aad63addfa665ab0e48fe82ca`
SHA1	`c4ee5345b7aae5056ccc8e964dee9ba514b8c990`
SHA256	`b5f1955fa5225f8c5575e0a44b03f3d257ea27ef628e41a10b00e8b9e6aedfa2`
CRC32	`7232E78E`
ssdeep	`24:86V6bAIcPmAOKS+6V2yr56V6cP2hs6V6cP29s6V6cP2VPI6V6cP2Y6V6cP2kv:86uxu168g56nYs6nks6nOg6nN6nZ`
Yara	None matched
VirusTotal	Search for analysis

Name	2aec41414aca38de_maddisasm_.bpl Submit file
Filepath	C:\Windows\Temp\{78E6D183-A10A-4256-B04E-AA03E751D459}\.ba\madDisAsm_.bpl
Size	64.5KB
Processes	2656 (BQEHIQAG.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`3936a92320f7d4cec5fa903c200911c7`
SHA1	`a61602501ffebf8381e39015d1725f58938154ca`
SHA256	`2aec41414aca38de5aba1cab7bda2030e1e2b347e0ae77079533722c85fe4566`
CRC32	`2F02DA86`
ssdeep	`1536:LNy3eqMne0sXB0IWtCLwEJhY0w1VmLPx5wdB3htW:LqMnfIB04LwEJhY0w16xAFW`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) mzp_file_format - MZP(Delphi) file format
VirusTotal	Search for analysis

Name	75542249fc08f439_dbdownloader.exe Submit file
Filepath	C:\Windows\Temp\{78E6D183-A10A-4256-B04E-AA03E751D459}\.ba\DBDownloader.exe
Size	823.5KB
Processes	2656 (BQEHIQAG.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`a3ccc65ae7d39d213250443588731af9`
SHA1	`489b07237cf951faca46c6f525d9c436957347f2`
SHA256	`75542249fc08f4392189a0807595f18580aa17487530bc5527bf928a0b78146c`
CRC32	`81EECE3E`
ssdeep	`24576:zJDclNQn4W0luDOmFwhdDh2TK+uLfplhyEXwC:tDvTVT94Rrx`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) Generic_Malware_Zero - Generic Malware mzp_file_format - MZP(Delphi) file format UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	5155ba4c5e46c898_zip.dll Submit file
Filepath	C:\Windows\Temp\{78E6D183-A10A-4256-B04E-AA03E751D459}\.ba\Zip.dll
Size	564.0KB
Processes	2656 (BQEHIQAG.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`27cf2e5fecbc9dd6f8a9bc866dc78e00`
SHA1	`3e11aaa9416d7702ace2176ef27230efd08ec5ab`
SHA256	`5155ba4c5e46c898a7cb9d619c67a1626636e7854200bbbeb698fb5af3b541f2`
CRC32	`D2AAA3CC`
ssdeep	`12288:XCLS4iujAs1+7lwEFbxGJKkUGBbl2+ZjuNPuiAcux3ZJF5:oZiu0s2lwEFbxGJKkUGBbl2+ZjuNPuiE`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) mzp_file_format - MZP(Delphi) file format UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	ee9a8633c78d7d55_theophobia.xml Submit file
Filepath	C:\Windows\Temp\{78E6D183-A10A-4256-B04E-AA03E751D459}\.ba\theophobia.xml
Size	807.5KB
Processes	2656 (BQEHIQAG.exe)
Type	data
MD5	`1fa471a09f4b7d85fc76545cca3a1961`
SHA1	`80ac45cb84b2d2da34c77a021d11f1b3ecd250f6`
SHA256	`ee9a8633c78d7d559cb20f52aa481699b2b26329e3f8cbd0e5e3d879a53ecb69`
CRC32	`05EE1682`
ssdeep	`12288:l+uSjgnv1DB6pXxIuIsY9/7q6HPVGvjuLm7epBnlaee6RVlPUZzCAJTfz:l+wv5BqXxisY9/9vVGaLQejoeizCYTr`
Yara	None matched
VirusTotal	Search for analysis

Name	c2df993943c87b1e_madbasic_.bpl Submit file
Filepath	C:\Windows\Temp\{78E6D183-A10A-4256-B04E-AA03E751D459}\.ba\madBasic_.bpl
Size	212.0KB
Processes	2656 (BQEHIQAG.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`641c567225e18195bc3d2d04bde7440b`
SHA1	`20395a482d9726ad80820c08f3a698cf227afd10`
SHA256	`c2df993943c87b1e0f07ddd7a807bb66c2ef518c7cf427f6aa4ba0f2543f1ea0`
CRC32	`BAAFA2C7`
ssdeep	`6144:XN/kSQxE6qeM/k4qTl5L5e5+53WCG1CbF/FrfPf:AqeM/k4qR5L5e5+53WulZn`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsDLL - (no description) IsPE32 - (no description) mzp_file_format - MZP(Delphi) file format
VirusTotal	Search for analysis

Name	9705f559a070e23c_bootstrapperapplicationdata.xml Submit file
Filepath	C:\Windows\Temp\{78E6D183-A10A-4256-B04E-AA03E751D459}\.ba\BootstrapperApplicationData.xml
Size	2.5KB
Processes	2656 (BQEHIQAG.exe)
Type	XML 1.0 document, Little-endian UTF-16 Unicode text, with very long lines, with CRLF line terminators
MD5	`38e972c408023999ccdf3105e4d14d86`
SHA1	`b1cc9522dd440c7b5eb542f549b2fecb040b4dba`
SHA256	`9705f559a070e23cb4c9bc9ff4096924d4d0de2261c00c285e15264b1f763b24`
CRC32	`8736DDAC`
ssdeep	`48:y+03qHhhO+g3spne1demcvuqaSQcxQ+Ji0wiyc4TEOonw6iLArpsi1EArRNDl:XHawn6demcmqp60wiycbsArOwEArRNR`
Yara	None matched
VirusTotal	Search for analysis

Name	572edb7d630e9b03_vcl120.bpl Submit file
Filepath	C:\Windows\Temp\{78E6D183-A10A-4256-B04E-AA03E751D459}\.ba\vcl120.bpl
Size	1.9MB
Processes	2656 (BQEHIQAG.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`c594d746ff6c99d140b5e8da97f12fd4`
SHA1	`f21742707c5f3fee776f98641f36bd755e24a7b0`
SHA256	`572edb7d630e9b03f93bd15135d2ca360176c1232051293663ec5b75c2428aec`
CRC32	`538B28E3`
ssdeep	`24576:j2gekcIlYas4GaAKBTZTkZbJ7YBRSjr2WLPcgjzTGlyz6F:jRvzfZT3XSmqcOTGc+F`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) mzp_file_format - MZP(Delphi) file format UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	d6dd7a4f46f2cfde_rtl120.bpl Submit file
Filepath	C:\Windows\Temp\{78E6D183-A10A-4256-B04E-AA03E751D459}\.ba\rtl120.bpl
Size	1.1MB
Processes	2656 (BQEHIQAG.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`adf82ed333fb5567f8097c7235b0e17f`
SHA1	`e6ccaf016fc45edcdadeb40da64c207ddb33859f`
SHA256	`d6dd7a4f46f2cfde9c4eb9463b79d5ff90fc690da14672ba1da39708ee1b9b50`
CRC32	`F812D517`
ssdeep	`24576:GbhVoNWbA1m6z1hGaMopv3RdaK6IPFf0DtDN9Tox0gc:vtQZPTtgc`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) DllRegisterServer_Zero - execute regsvr32.exe IsPE32 - (no description) mzp_file_format - MZP(Delphi) file format UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	91ee84d5ab6d3b3d_madexcept_.bpl Submit file
Filepath	C:\Windows\Temp\{78E6D183-A10A-4256-B04E-AA03E751D459}\.ba\madExcept_.bpl
Size	438.0KB
Processes	2656 (BQEHIQAG.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`e8818a6b32f06089d5b6187e658684ba`
SHA1	`7d4f34e3a309c04df8f60e667c058e84f92db27a`
SHA256	`91ee84d5ab6d3b3de72a5cd74217700eb1309959095214bd2c77d12e6af81c8e`
CRC32	`A38D3BBF`
ssdeep	`6144:hlAz49EKhEV30F8sl88nTjQ4Q50gEcW/jd+o72niVUNMa4Yn2Bq:hlG4ut30F8slzYlQcW/jd++2nJ6u2Y`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsDLL - (no description) IsPE32 - (no description) Generic_Malware_Zero - Generic Malware mzp_file_format - MZP(Delphi) file format UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	a5db93ad3d6e8b4d_glucocorticoid.txt Submit file
Filepath	C:\Windows\Temp\{78E6D183-A10A-4256-B04E-AA03E751D459}\.ba\glucocorticoid.txt
Size	51.5KB
Processes	2656 (BQEHIQAG.exe)
Type	data
MD5	`b14b27cad72654c3b49ab32aae9b80d1`
SHA1	`4304dbab114f5de0373b7a52eae484c577231741`
SHA256	`a5db93ad3d6e8b4d58ec25282583ca77f70f3a9629f4f23c3c72cbadfc5294ee`
CRC32	`6198C652`
ssdeep	`768:oXbxWUTYXk/9Xjp6+XmOO4cvPqUmoqsGWd8QZQkMMp8iGlP2VZhHFWDpUv8MbRM4:wxpMUFXpBaf9MgOu2ivxyDAR`
Yara	None matched
VirusTotal	Search for analysis

Name	1219792a1a5467bf_curette.dll Submit file
Filepath	C:\Windows\Temp\{78E6D183-A10A-4256-B04E-AA03E751D459}\.ba\Curette.dll
Size	64.6KB
Processes	2656 (BQEHIQAG.exe)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`571bd6140bb7c0daa429da0de6dc2ce1`
SHA1	`45e0e315767edf25fc5ce4a518a2d41f818c3290`
SHA256	`1219792a1a5467bf3ebcad4fe73838f89bf0608a61d987d9b72605d995829552`
CRC32	`83058467`
ssdeep	`768:6vvzUh2kXHTyrW/DUljNqWi3gTRQixHwUYvh33rh6kbzqTLvxLo3kDPw7d:6vbUvT+WbGBqWiQ1xIN7zqTl/MJ`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	9c26112798af8660_BQEHIQAG.exe Submit file
Filepath	C:\Windows\Temp\{8AAC0582-87E2-4EE0-BDB2-D62C053E3C1E}\.cr\BQEHIQAG.exe
Size	3.3MB
Processes	2560 (BQEHIQAG.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`32988cd64d1e643b30203cb3a99f01c6`
SHA1	`b706ad0b4995f09697bd562fa9fcec07d687ee33`
SHA256	`9c26112798af866022db506c5a8592bc6baf19a81dd600a67becfb581a0dae70`
CRC32	`BFDF58BD`
ssdeep	`98304:8fUbK7jkYWHLX4ntIAvQGRhXZlg4Rj9hrwq8jj6Y+Nj:8fUW7gYAL46AvQGRtZqmBhsq8KYYj`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature CAB_file_format - CAB archive file Admin_Tool_IN_Zero - Admin Tool Sysinternals Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis