Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
04.28 04:04
Purchase Order.pdf.msc
04.28 02:04
setup.exe
04.28 02:04
2025416-方案1-方案細節.pdf.lnk
04.28 10:04
Distribution Document....
04.28 10:04
pik.ps1
04.28 10:04
123.hta
04.28 10:04
verify-sec
04.28 10:04
nums.vbs
04.28 10:04
op.exe
04.28 10:04
cred.dll

Latest News
04.29 03:04
RSAC 2025: Reckless Ra...
04.29 03:04
Iran claims to repel c...
04.29 03:04
Forthcoming NIST profi...
04.29 03:04
Washington State Tax H...
04.29 03:04
Bundesdigitalminister:...
04.29 02:04
Falcon Next-Gen SIEM I...
04.29 02:04
CrowdStrike Partners w...
04.29 02:04
Anthropic Outlines Bad...
04.29 02:04
FBI Reports ₹1.38 Lakh...
04.29 02:04
US intensifies Salt Ty...

Dropped Files | ZeroBOX

Name	b4cba17e11233333_ICSharpCode.SharpZipLib.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\IXP000.TMP\ICSharpCode.SharpZipLib.dll
Size	184.0KB
Processes	2040 (update.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`70ecb43c490ed5b16dafaff662bf7653`
SHA1	`7306f3b64daf3cb0c4b96df281f0189af81c73f8`
SHA256	`b4cba17e1123333356bf7e80a20e3adffd8ec335c14da1a249d1b10f3d7cfd0b`
CRC32	`4F79E381`
ssdeep	`3072:rJ613DnPspO8dsZ4olHTfEVFU6Vuu0tzbCwzayDwVqSrgIN4fICG:RO8d6ljEV+6Vu/dW`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	051099983b896673_Ad.Credit Updater.exe.config Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\IXP000.TMP\Ad.Credit Updater.exe.config
Size	174.0B
Processes	2040 (update.exe)
Type	XML 1.0 document, ASCII text, with CRLF line terminators
MD5	`2a2df45a07478a1c77d5834c21f3d7fd`
SHA1	`f949e331f0d75ba38d33a072f74e2327c870d916`
SHA256	`051099983b896673909e01a1f631b6652abb88da95c9f06f3efef4be033091fa`
CRC32	`1681F272`
ssdeep	`3:vFWWMNHU8LdgCQcIMOoIRuQVK/FNURAmIRMNHjFHr0lUfEyhTRpFKGKWREBAW4QA:TMVBd1IffVKNC7VJdfEyFRpwIuAW4QIT`
Yara	None matched
VirusTotal	Search for analysis

Name	dc1c9337435fa372_Office.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\IXP000.TMP\Office.dll
Size	446.6KB
Processes	2040 (update.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`819a773f2e255e8d653174b5994f5454`
SHA1	`8d53158a611411131c17c6094c81e21c586b7f3d`
SHA256	`dc1c9337435fa37201dbb8c012e0397e0a1bae7273305ca397feed566ba0f9e9`
CRC32	`405D9D80`
ssdeep	`12288:kdibwbpYvAwcjOvNCsFHHEH0wLZ8rwGXQVcyjlNSOnR5:kdibwbpYvAwcjOvFE9ZkwGXQ/5`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	2196b89a00622534_Ad.Credit Updater.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\IXP000.TMP\Ad.Credit Updater.exe
Size	711.0KB
Processes	2040 (update.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`56cac3c7ce703f18405bf8033a5666cb`
SHA1	`5f9c973273784feab0be0b574076c36fb972bc5a`
SHA256	`2196b89a006225345decfb16e9acd292394d7931381198597e1b42e6d34b82af`
CRC32	`436FEF5D`
ssdeep	`3072:vSUutndGcyNq5tg2iO48NrsxzOrbrC2iO48NrsxzOrbrWx+3K6PPPPCU6pIZH/2w:aUmndGnq5koIoaxuKzUUI1VoxLmBD`
Yara	Admin_Tool_IN_Zero - Admin Tool Sysinternals Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult Is_DotNET_EXE - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	e1e27af7b07eeedf_Newtonsoft.Json.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\IXP000.TMP\Newtonsoft.Json.dll
Size	695.3KB
Processes	2040 (update.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`195ffb7167db3219b217c4fd439eedd6`
SHA1	`1e76e6099570ede620b76ed47cf8d03a936d49f8`
SHA256	`e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d`
CRC32	`B76210F4`
ssdeep	`12288:GBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTUO:GBjk38WuBcAbwoA/BkjSHXP36RMG/`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	d521fd8f381f5547_ADC_TASKBAR.ico Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\IXP000.TMP\ADC_TASKBAR.ico
Size	109.4KB
Processes	2040 (update.exe)
Type	MS Windows icon resource - 6 icons, 256x256 withPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 128x128, 32 bits/pixel
MD5	`b7010101f1738b951d46a06135b048d7`
SHA1	`87337e0c083b0e2a3931d2bacd6741089f9a2564`
SHA256	`d521fd8f381f5547c31f7664ea55d9d267ff449fc398d02f6b65bf34619bece0`
CRC32	`766366A2`
ssdeep	`768:X4FWP2iZElNPAUWh4F+IIDkiUzPs5Iu5iOsFNIIMsbmCAd:IFWP2iO48+I8WrsxzOS6bmCe`
Yara	icon_file_format - icon file format
VirusTotal	Search for analysis

Name	e8c88b0448083663_System.CodeDom.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\IXP000.TMP\System.CodeDom.dll
Size	30.3KB
Processes	2040 (update.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`59c830ac0d99f8c906292de85f804b84`
SHA1	`68b6740e6ce97de8b1398f3a6e320940a0e16458`
SHA256	`e8c88b0448083663910587efeacb6a1977749fe3ffe83b263fc01f7b63d7dfd2`
CRC32	`E40E2605`
ssdeep	`384:FuE8ujCiLMTPji3h8241EEqYC0iIcwBxehzsCtZ7U6r1fDMqyt5/WduWTTb2HRNq:FDBCi4TWaveEqYChzZpgRoj/iP9zgBV`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis