Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
04.27 06:04
8937.e9c8f83d94118188....
04.27 06:04
7914.753c477fc6135f24....
04.27 06:04
gtm.js.pobrane
04.27 06:04
7d0bf13e-79a638a0b87a8...
04.27 06:04
webpack-6751726d88b2d8...
04.27 06:04
6814.91bf0d11abffee40....
04.27 06:04
main-292e27553c8f5cb8....
04.27 06:04
framework-ca706bf673a1...
04.27 06:04
ee8b1517-cc4d7300db272...
04.27 06:04
75fc9c18-02b28d24f737c...

Latest News
04.27 08:04
YKK’s Self-Propelled Z...
04.27 07:04
Vorsicht beim KI-Chat:...
04.27 07:04
Gen Z und KI: Warum 44...
04.27 05:04
Remembering Heathkit
04.27 02:04
Quantum Random Number ...
04.27 01:04
SKT 통신사 해킹 파일 관련 dbus-...
04.27 01:04
Unsichtbare Zeichen in...
04.27 01:04
KI im Klassenzimmer: L...
04.27 01:04
Heimliches LLM-Groomin...
04.27 01:04
Datenschutz-Albtraum: ...

Dropped Files | ZeroBOX

Name	9a2a753b2fc01dea_microsoft.visualstudio.designtools.diagnostics.dll Submit file
Filepath	c:\users\test22\appdata\roaming\{2836644d-224c-4c95-892d-5d57ddc11073}\microsoft.visualstudio.designtools.diagnostics.dll
Size	838.9KB
Processes	2792 (lem.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`e20d99828a150725a3919e6ab5d087ec`
SHA1	`9baa800cd24c9fd04f6323da7a15ce3509124854`
SHA256	`9a2a753b2fc01deacc1dd08b95a3c93a7ac24e3fd71a29e2a1ca72ff5ace0845`
CRC32	`F0DFB447`
ssdeep	`12288:Qlu0ZY5G68xbbiHptCSvcwPps+3DbWWvSxemb5ATNzN13lBdHRZB:Q40S5G66iiSv5e+zzlBdHbB`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	e19781aabe466dd8__isdecmp.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-NUUPI.tmp\_isetup\_isdecmp.dll
Size	13.0KB
Processes	2620 (lem.tmp)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`a813d18268affd4763dde940246dc7e5`
SHA1	`c7366e1fd925c17cc6068001bd38eaef5b42852f`
SHA256	`e19781aabe466dd8779cb9c8fa41bbb73375447066bb34e876cf388a6ed63c64`
CRC32	`03FC4C88`
ssdeep	`384:BXvhMwoSitz/bjx7yxnbdn+EHvbsHoOODCg:BZ7FEAbd+EDsIO`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	a9e161712391bdf6_gss-server.exe Submit file
Filepath	c:\users\test22\appdata\roaming\{2836644d-224c-4c95-892d-5d57ddc11073}\bin\gss-server.exe
Size	28.6KB
Processes	2792 (lem.tmp)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`6c2b5af124b944ffc75ba02e95478a11`
SHA1	`dcfeac5fd75bcc5f9029fd14b5a431cf20f39bac`
SHA256	`a9e161712391bdf611737b538540b4446c252c3d6b0ad0865d0ee23f1ad06e95`
CRC32	`617EBFD0`
ssdeep	`384:zYSVhjNHp2A5C5YsHW6UgB70fQ6UC3TkVnYPLN0bCFk1M6j6Jjf:zYSVhK3eKWPgB7ipOvbCFgMmif`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) anti_vm_detect - Possibly employs anti-virtualization techniques UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	e1c5ba7d9f47e7a3_microsoft.visualstudio.workspace.implementation.dll Submit file
Filepath	c:\users\test22\appdata\roaming\{2836644d-224c-4c95-892d-5d57ddc11073}\microsoft.visualstudio.workspace.implementation.dll
Size	802.0KB
Processes	2792 (lem.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`092511f04bdffc816b97f1516f96b69a`
SHA1	`869e75fd4660dd815bc168fef4c971673ac43a92`
SHA256	`e1c5ba7d9f47e7a3641cef8591886c1ea293528573f4960d408a5a1087dd025d`
CRC32	`B9565938`
ssdeep	`12288:vImTZ+0da0JyrptoC/j3JpAhcByJTHAoT:wA+Syrp/DJpAhcByJTHAoT`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	1799854d01a89d14_netstandard.dll Submit file
Filepath	c:\users\test22\appdata\roaming\{2836644d-224c-4c95-892d-5d57ddc11073}\netstandard.dll
Size	1.3MB
Processes	2792 (lem.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`ba3408bebbcd7eb67ec979cee7b60498`
SHA1	`2a9110892b7ab0b2eb20cd737414f69d26c77317`
SHA256	`1799854d01a89d141fecc4c4548b01e51fa57118c9b18eac66a752f3bbe98c02`
CRC32	`4DF7736E`
ssdeep	`24576:YJBrYUiTAVnKcdNk4pjkzdLnIHluUXc3QS6BYtJR:y4I1viQS6BYHR`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	a7dc4a86fe7b16f3_system.data.sqlite.dll Submit file
Filepath	c:\users\test22\appdata\roaming\{2836644d-224c-4c95-892d-5d57ddc11073}\system.data.sqlite.dll
Size	377.1KB
Processes	2792 (lem.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`ce5a918d9ce213b5e84815733455ae32`
SHA1	`69997baf4402069ca571a5b82188f7d628f08f49`
SHA256	`a7dc4a86fe7b16f330d02683589e4bfc79306b5ff08ebf40a9a8135bc2767986`
CRC32	`36794095`
ssdeep	`6144:I4xQyi31FNFaFeFOFwcGF6cmFWc0FWc8cIcKcUFJFpcNcHc7cbchFFc5cbc1czcl:rQZ31FNFaFeFOFwcGF6cmFWc0FWc8cIz`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	49a56387ba47d530_sexp-conv.exe Submit file
Filepath	c:\users\test22\appdata\roaming\{2836644d-224c-4c95-892d-5d57ddc11073}\bin\sexp-conv.exe
Size	62.6KB
Processes	2792 (lem.tmp)
Type	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5	`28dfa4942f159d4078c8d59abfbb0d15`
SHA1	`1189807666fb4cbb131a54c4e73a16d536a84041`
SHA256	`49a56387ba47d53025b2e78cd957fc465e5a8fddfc771d776f87ec2ca455764c`
CRC32	`ED2F9DBC`
ssdeep	`1536:MPFyB6stCaVPd6k2IAN7BGdpFuzTFrhh3+y0d0GcWDFF:MPFS6snj2xNGdKFuy0dnZDFF`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	741a3e261d1b07f2_wzaddrycts64.dll Submit file
Filepath	c:\users\test22\appdata\roaming\{2836644d-224c-4c95-892d-5d57ddc11073}\wzaddrycts64.dll
Size	203.6KB
Processes	2792 (lem.tmp)
Type	PE32+ executable (DLL) (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5	`b79ea9ceca29aece47e07100c85d2776`
SHA1	`1bb4e41f0806d5e30c37982ad8aa92f5f4564943`
SHA256	`741a3e261d1b07f2d6e8746d1adf3f6c2b8ac8e414ee62b62b772ac3fcb6100c`
CRC32	`8BE5BD39`
ssdeep	`3072:Y8fwXZ/AWG8hqJ4RkNfyOlS0aJisT0gJgdYOMl0Zz1ovKahXfShe:uZoWGXWRaqOlS1`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) UPX_Zero - UPX packed file Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	13b1266ff41b62bf_ieawsdc.dll Submit file
Filepath	c:\users\test22\appdata\roaming\{2836644d-224c-4c95-892d-5d57ddc11073}\ieawsdc.dll
Size	236.3KB
Processes	2792 (lem.tmp)
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`aa1053b3c22fe6f99986af864d61675d`
SHA1	`6343cb4d9e19df14941caff49bb023bee3f37634`
SHA256	`13b1266ff41b62bf19ca1b30424317aa16ed1b38391f349b3b7cda7718a206d6`
CRC32	`A5E05D63`
ssdeep	`3072:pdJvFpAFjTJIX5pROIRroZGQpX1zrE5cEhdbsnxntFI4OkkaYM5/bCHDLhnk1w9X:bIJSpROIRroZGQplv6cEUnDT1CPhkSX`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) Network_Downloader - File Downloader DllRegisterServer_Zero - execute regsvr32.exe Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	3f0d9d8b94ae07a4_p11-kit.exe Submit file
Filepath	c:\users\test22\appdata\roaming\{2836644d-224c-4c95-892d-5d57ddc11073}\bin\p11-kit.exe
Size	78.4KB
Processes	2792 (lem.tmp)
Type	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5	`8dcb2d2e4bbe3b57bea6f9ce03579a3b`
SHA1	`32751471ddadd3a1e0d258e81fa8aeaf74631118`
SHA256	`3f0d9d8b94ae07a4147069541fb4a1e581632841e3067e67a788706e82d31510`
CRC32	`BCA8D179`
ssdeep	`1536:cB/gLD82ZvFBUNwJOkaSGwzGug4ya0r9nFM+VGW6F8i:cc9BHJfakzGui7FMK6F8i`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE64 - (no description) OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	085848a20d552ed1_bcsruntime.dll Submit file
Filepath	c:\users\test22\appdata\roaming\{2836644d-224c-4c95-892d-5d57ddc11073}\bcsruntime.dll
Size	599.4KB
Processes	2792 (lem.tmp)
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`20f4d473f6e94c2d21fb1ee390af99db`
SHA1	`314f3ff07767389e5d80dedf89fa01bbd1d2cd13`
SHA256	`085848a20d552ed16ff8d7ed73b1db90c9ff39fe0391820b376857d6678d7801`
CRC32	`027C8661`
ssdeep	`12288:FYvGLSSYKd+LySo8nNyIGtWY8ZY4VufdHHxnXkwHlkGO:FdWUXMnNyIGtWY8ZY4VufvXkwHlkGO`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) DllRegisterServer_Zero - execute regsvr32.exe Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	18ff47cd790b9079_wintoast.exe Submit file
Filepath	c:\users\test22\appdata\roaming\{2836644d-224c-4c95-892d-5d57ddc11073}\bin\wintoast.exe
Size	348.4KB
Processes	2792 (lem.tmp)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`b412b24330409e5917080d3aa961789c`
SHA1	`78b29c6322f7233020d17b2e65906fb476bb068d`
SHA256	`18ff47cd790b9079dac609b1bc69b139bc28963a7ea67d4668eb4ffed18f1d78`
CRC32	`4182CA5A`
ssdeep	`6144:LnbM/cNNCM73sOMHjTMVq2dkNBlQhEtqGaNnCohoE+rsrw:9N9kjkq2yZntq5NnCo8oE`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE64 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	fadddc16ba83fd92_presentationbuildtasks.dll Submit file
Filepath	c:\users\test22\appdata\roaming\{2836644d-224c-4c95-892d-5d57ddc11073}\presentationbuildtasks.dll
Size	1.3MB
Processes	2792 (lem.tmp)
Type	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
MD5	`271a908eace32c2ae55d5fb25732818f`
SHA1	`c573dcb589d8439648c4240e2c185454b0a010b1`
SHA256	`fadddc16ba83fd929a8c4692163e284363e7506fd81807bc58ff837dba08958a`
CRC32	`3F66E1D7`
ssdeep	`24576:+lhX7DWMvYF9fzktKWTXCG0r3e/76FRvd:+PXfWMvYFdg4qXU3FR1`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	b62ab6234fc8fbae_microsoft.programsynthesis.transformation.tree.dll Submit file
Filepath	c:\users\test22\appdata\roaming\{2836644d-224c-4c95-892d-5d57ddc11073}\microsoft.programsynthesis.transformation.tree.dll
Size	462.4KB
Processes	2792 (lem.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`0e72bc1dcf7337c6e35a0ca9e5f965e8`
SHA1	`067a5712d4e1ec03c2138c689bdae19dced4b209`
SHA256	`b62ab6234fc8fbae2eaacaf4b278dd1ed455e67ac35ae5c5f2a653c664795323`
CRC32	`6A1C27E5`
ssdeep	`12288:2miYgwxdJRDwuXoNkioRLCAUJFBPP93ciZKqVMDW7xJlJ4vUUQXNm1XArPGPpWDj:foprI2lGdM`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	9884e9d1b4f8a873__shfoldr.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-NUUPI.tmp\_isetup\_shfoldr.dll
Size	22.8KB
Processes	2620 (lem.tmp)
Type	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`92dc6ef532fbb4a5c3201469a5b5eb63`
SHA1	`3e89ff837147c16b4e41c30d6c796374e0b8e62c`
SHA256	`9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87`
CRC32	`AE2C3EC2`
ssdeep	`384:+Vm08QoKkiWZ76UJuP71W55iWHHoSHigH2euwsHTGHVb+VHHmnH+aHjHqLHxmoq1:2m08QotiCjJuPGw4`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	2ffabb0018d33526_lem.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-7M6B2.tmp\lem.tmp
Size	1.1MB
Processes	2556 (lem.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`b1f9d665e52c29972b50d7145d88dce1`
SHA1	`df2c67a5c32a19bb110ec8372134522c0dab9ac2`
SHA256	`2ffabb0018d335267d2d0101a41cac7ac7d1aa80956fae91825e46aaa85c0787`
CRC32	`7EF412CC`
ssdeep	`24576:nKbqslNoiGO+h84C6f8HSCNFfoJMbNOED5TOzuRdTxyt:KwY6fUVNvN1j`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet IsPE32 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check mzp_file_format - MZP(Delphi) file format UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	c539491758b837f6_openssl.exe Submit file
Filepath	c:\users\test22\appdata\roaming\{2836644d-224c-4c95-892d-5d57ddc11073}\bin\openssl.exe
Size	702.2KB
Processes	2792 (lem.tmp)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`a424b40a2d2fce27a557b2ed5cabeefb`
SHA1	`bbb384e8e9311aa8635d46fa8ab366ab76ed3839`
SHA256	`c539491758b837f60b50ff6ec1837bd38477edd6f5682be94d46c5fdeda3757a`
CRC32	`9A52237E`
ssdeep	`12288:HuNUphWq0w4iX3XK6lJl70mcL6S7/W8cWiruBVlr7orW9G1:HuOphWqtX3Xr2W3We4Vlr7KW9G1`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	c037da2ec4fc5343_adobexmpfiles.dll Submit file
Filepath	c:\users\test22\appdata\roaming\{2836644d-224c-4c95-892d-5d57ddc11073}\adobexmpfiles.dll
Size	1.1MB
Processes	2792 (lem.tmp)
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`14e083d442722f011457581fb9ce6217`
SHA1	`a1c57b6f2863ee0edec183e9ea9fb3040a8e3d30`
SHA256	`c037da2ec4fc5343abd28992b31e5a097a47c28ba764282d1cedd73d2f466d57`
CRC32	`16D043AD`
ssdeep	`24576:IyHA8JxLLhwlS0kPo5oqako1Msbq5JtSMxURCkBCDTD0o1y9Rf63n9:IuJx3yHk8aN1Msbo8OURCkBkT4o1yff+`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	b48d3f9207524ac6_xvidcore.dll Submit file
Filepath	c:\users\test22\appdata\roaming\{2836644d-224c-4c95-892d-5d57ddc11073}\xvidcore.dll
Size	767.5KB
Processes	2792 (lem.tmp)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`852a010d6c2acfbf1bda662c43eb074a`
SHA1	`2bfa368f58290552fbb0393cb5206623963707e0`
SHA256	`b48d3f9207524ac6f36a73d246ce1e6d16724a7078eace2e0cd498af3642fc0a`
CRC32	`A98E9CFF`
ssdeep	`12288:mBuqB5jbRFL1ZJ/InCIKDx50mKn1Vjbc+eCIrFREx8oNL5/5+:mBuqBdbRFLtVIY6mKn1VjbcCIZRVmR5+`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	2fae26a74243aee9_klist.exe Submit file
Filepath	c:\users\test22\appdata\roaming\{2836644d-224c-4c95-892d-5d57ddc11073}\bin\klist.exe
Size	30.6KB
Processes	2792 (lem.tmp)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`67f1877ee5e0cf2aca0d29a04691315c`
SHA1	`572b30f193a178a11b8a58b2b2305fddc48defdf`
SHA256	`2fae26a74243aee9faa6566bf3be1fbea356329810e13a9e73cbae859827857f`
CRC32	`7761F3D0`
ssdeep	`768:0QsNbEozw0g7Z8i9xoRK56tChPn8UlTwvbCFgMmZ:NYg7Z8oJ56tCaWTsCSDZ`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) anti_vm_detect - Possibly employs anti-virtualization techniques UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	0d5280699c5b551c_start10themeedit.exe Submit file
Filepath	c:\users\test22\appdata\roaming\{2836644d-224c-4c95-892d-5d57ddc11073}\start10themeedit.exe
Size	128.0MB
Processes	2792 (lem.tmp)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`3e2a65379290add203975755cce686a2`
SHA1	`cb3e634bfc0aa5d9cf4d018b06da9fc99fe363c9`
SHA256	`78be6747ae7c4e62329ada51799042ac69354e3522eb52bbc45a563891ef957c`
CRC32	`90F2CDFC`
ssdeep	`98304:fcGuwWUxXnq56h4uSrFY9XWQLC5LNFwiq:fcPQpun5LNFwiq`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Win32_Trojan_Emotet_1_Zero - Win32 Trojan Emotet Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet IsPE32 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	2a2dade9c947779c_mssp7es.dll Submit file
Filepath	c:\users\test22\appdata\roaming\{2836644d-224c-4c95-892d-5d57ddc11073}\mssp7es.dll
Size	951.4KB
Processes	2792 (lem.tmp)
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`c30b1a79cdba049677cb830a1a3ec550`
SHA1	`deb77a55d602b99aab020399545cdf266be267d5`
SHA256	`2a2dade9c947779cb954e3a4664c136c977b886263e60e1e1acdfb5fda1e6f6f`
CRC32	`EFA8A365`
ssdeep	`12288:mTyhMDcQsoQCkdCMs0lkeHXOkaLjt+7X+9HjmC/j5qPG7/saXxt:mTyhU7QClEz3OkaLjt+7X+F5tqWXxt`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	787718f9d3b40102_virtualboxvm.dll Submit file
Filepath	c:\users\test22\appdata\roaming\{2836644d-224c-4c95-892d-5d57ddc11073}\virtualboxvm.dll
Size	1.3MB
Processes	2792 (lem.tmp)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`efb4c42931a04beaba821f7aa42d1db3`
SHA1	`d4ef7610b1f86fc21cb02260c40e5ed54c636215`
SHA256	`787718f9d3b401023535e96c6ab15b42362882579499fc972c8fa225c9741c24`
CRC32	`8D472E06`
ssdeep	`12288:NBS2D0gRfHYGIw1hFIcnBUXDBHLW+QBBD+e7SeZfn0VFCIfsPJWjQKjC6UfHlf8b:NBS2wJ+DBUXDBHLwnGe6cJWdm6UdfGN7`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	fc199ee77bc8ab13_wish.exe Submit file
Filepath	c:\users\test22\appdata\roaming\{2836644d-224c-4c95-892d-5d57ddc11073}\bin\wish.exe
Size	65.1KB
Processes	2792 (lem.tmp)
Type	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5	`04e5e2f8ad46008a4691874bfc4a7a5d`
SHA1	`94a08eee1b13612cc11b77ebf44ece901362df31`
SHA256	`fc199ee77bc8ab131cf21ba332fafcc8a7132e7006d69a6e4195d48962c87fa0`
CRC32	`B2BCA317`
ssdeep	`768:Mdxh9v8kTSnTUT0KV/+wawI+JbQiO8kApYLwjjCHd:uL8kWnTUTr25kJQixgwjjC9`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	d5f90ab53623307d_git-upload-archive.exe Submit file
Filepath	c:\users\test22\appdata\roaming\{2836644d-224c-4c95-892d-5d57ddc11073}\bin\git-upload-archive.exe
Size	3.6MB
Processes	2792 (lem.tmp)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`78befd2ee60a3efd6b822147f75766bf`
SHA1	`ef9e1d1b229d910d5b3ed36454407bdf3e170707`
SHA256	`d5f90ab53623307d3db6c294647bf106d9f5189432cec88fe73968be44a4c506`
CRC32	`82758ACE`
ssdeep	`49152:K3spuwzNX19ZI3jeP9LcX8fIhiPD1m4SbLjRSpWgNWyL77tTnNqX15PAjudp1nys:WWNXtIzedcXK0igBL9SpDND73ql/n`
Yara	PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE64 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	9bba274c0de7d275_microsoft.teamfoundation.workitemtracking.controls.dll Submit file
Filepath	c:\users\test22\appdata\roaming\{2836644d-224c-4c95-892d-5d57ddc11073}\microsoft.teamfoundation.workitemtracking.controls.dll
Size	1.3MB
Processes	2792 (lem.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`9563113c8e37e93579c4714a10ab4e70`
SHA1	`2e88f872bc18a39e6450a3357c39e23fe83863af`
SHA256	`9bba274c0de7d275d20ce14ba4196ff932616f2cd7e09a76abd12ee8e89c5e6e`
CRC32	`7643F5AF`
ssdeep	`24576:teq5qkhLZNLK9PmhHxJs/bFn3ysQjPwcpBLXGRqUtmGu09pM:teqwkhLZNLK9PU+3y5jPwcpoxsKe`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	2f6294f9aa09f59a__iscrypt.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-NUUPI.tmp\_isetup\_iscrypt.dll
Size	2.5KB
Processes	2620 (lem.tmp)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`a69559718ab506675e907fe49deb71e9`
SHA1	`bc8f404ffdb1960b50c12ff9413c893b56f2e36f`
SHA256	`2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc`
CRC32	`FB05FA3A`
ssdeep	`24:e1GSgDIX566lIB6SXvVmMPUjvhBrDsqZ:SgDKRlVImgUNBsG`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	95a65f1203e444c8_trust.exe Submit file
Filepath	c:\users\test22\appdata\roaming\{2836644d-224c-4c95-892d-5d57ddc11073}\bin\trust.exe
Size	229.2KB
Processes	2792 (lem.tmp)
Type	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5	`f825cf140156703f5b0119dd32f13fe3`
SHA1	`927e207d484ffe3271f98e7a91d5d2250e690357`
SHA256	`95a65f1203e444c80fde62f10d3b6f24ff7ca2ab14a253cbdbccce1e2ac58462`
CRC32	`848CE37F`
ssdeep	`6144:SkKkDol2hRzlT2pR0RQGQQU7k1TAH1OobTrLPvfVYpm3xj8vp:Rol2h9V2AQ9PvfVcm3xj8vp`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE64 - (no description) OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	2d148cdc713ffbe2_microsoft.visualstudio.qualitytools.executioncommon.dll Submit file
Filepath	c:\users\test22\appdata\roaming\{2836644d-224c-4c95-892d-5d57ddc11073}\microsoft.visualstudio.qualitytools.executioncommon.dll
Size	490.4KB
Processes	2792 (lem.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`61b41957ad7cd3427dcce85274dbf0c3`
SHA1	`5760ff4a66edcf622426f10de98da55243a435b6`
SHA256	`2d148cdc713ffbe238d60c695b90c5fd1ec1d6bbd0459d9bb980699832e13765`
CRC32	`5F23F3B6`
ssdeep	`6144:I2cEV+y2OZFRPXJS+a3Zo+dSaD5TKDcwDwxOrxnLsmObSIBU5nn6Sfc2BFuHO8lA:IvEV+z8FFkZIctKMwnL6BU5Wu+`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	305ecc153eaa9aaa_microsoft.developer.identityservice.dll Submit file
Filepath	c:\users\test22\appdata\roaming\{2836644d-224c-4c95-892d-5d57ddc11073}\microsoft.developer.identityservice.dll
Size	1.3MB
Processes	2792 (lem.tmp)
Type	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
MD5	`a1903afdbbcc95d5311d2e640524bcb9`
SHA1	`ff7996435d62934c40bc3a8f43fb8d9fdff529c1`
SHA256	`305ecc153eaa9aaa786a3c85efc6e7d50c41b8cfdcb3292988da375c7deec91e`
CRC32	`01B9CF04`
ssdeep	`24576:7DjmtE9tmRfiif5nAXCCJtl06WTgZpqiv4eKGGUIATmznHQ6JhcOEqmaJV:fjmtE9YRfiif5nASCJtl06jfqy7K`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	b51eb89d1dfb7940_kvno.exe Submit file
Filepath	c:\users\test22\appdata\roaming\{2836644d-224c-4c95-892d-5d57ddc11073}\bin\kvno.exe
Size	22.1KB
Processes	2792 (lem.tmp)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`b7e5d9a2dc7e37d13dcfa24e7c81c0f8`
SHA1	`f87bdda9ff570ff3d53cdfa3393b7a2d826b8dda`
SHA256	`b51eb89d1dfb794095e98fbf1b87373006a1bc6dda6fcebfc86402804c32f7c6`
CRC32	`9B8B98C7`
ssdeep	`384:J51BxrARWXSHqsWcznN8ZOPZypEmGBnYPLN0bCFk1M6jxc:J51BxrA7Hqs5SZOPZypiBvbCFgMmxc`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) anti_vm_detect - Possibly employs anti-virtualization techniques UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	a9dcb081cea11b01_microsoft.build.engine.dll Submit file
Filepath	c:\users\test22\appdata\roaming\{2836644d-224c-4c95-892d-5d57ddc11073}\microsoft.build.engine.dll
Size	642.6KB
Processes	2792 (lem.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`7ddeea4b969afca6c75bdbcb9554f371`
SHA1	`7f39a7e7fb6dca403e539da1da94fcc8cdd735d6`
SHA256	`a9dcb081cea11b01dbbbbb24b82781ff2394313c49410ba2a9d5f508446b52c3`
CRC32	`8B5692BE`
ssdeep	`12288:/LShyRRkZqFs8TK0sa/mRSrde4nUbvXje3+PFfuPAgbRrSdHB2iZWq:/2wsFT4nUba3+dRg9rSR`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	ad1d15d21b38849e_microsoft.visualstudio.cmake.project.dll Submit file
Filepath	c:\users\test22\appdata\roaming\{2836644d-224c-4c95-892d-5d57ddc11073}\microsoft.visualstudio.cmake.project.dll
Size	366.4KB
Processes	2792 (lem.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`528db99656e947e9908d535bfd8b8958`
SHA1	`185ecb7e1cc275a574be164056a916ec6861e9df`
SHA256	`ad1d15d21b38849ec2edc7f08e2f34993bfe7d0f67c4ce789bf03f83c510a67f`
CRC32	`BCD7493E`
ssdeep	`6144:de0nXOuzchU7U6FNvYUui9+Diu4wk8UhQQUGsmu:de0nXOupNvYUQenw4bUGFu`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature ftp_command - ftp command IsDLL - (no description) IsPE32 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	278bb90ea280f68f_wzwxfog64.dll Submit file
Filepath	c:\users\test22\appdata\roaming\{2836644d-224c-4c95-892d-5d57ddc11073}\wzwxfog64.dll
Size	589.6KB
Processes	2792 (lem.tmp)
Type	PE32+ executable (DLL) (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5	`725f8e65c74c77400adcad66c1b4bfcf`
SHA1	`7549fc0375a7f504e08ae7824051bc0acefb4157`
SHA256	`278bb90ea280f68f6c6de0015f075f86c534fcd6157d35e356c30c8eef596d5a`
CRC32	`75DC66FC`
ssdeep	`6144:B6fk6z8ucORdzdmMFFFFFFFFFFFFFFr4zrK:Ek6bzdmMFFFFFFFFFFFFFFr4zrK`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) UPX_Zero - UPX packed file Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	388a796580234efc__setup64.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-NUUPI.tmp\_isetup\_setup64.tmp
Size	6.0KB
Processes	2620 (lem.tmp)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`e4211d6d009757c078a9fac7ff4f03d4`
SHA1	`019cd56ba687d39d12d4b13991c9a42ea6ba03da`
SHA256	`388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95`
CRC32	`2CDCC338`
ssdeep	`96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	a30b7138b1cb7048_edit_test.exe Submit file
Filepath	c:\users\test22\appdata\roaming\{2836644d-224c-4c95-892d-5d57ddc11073}\bin\edit_test.exe
Size	44.8KB
Processes	2792 (lem.tmp)
Type	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5	`43d8fef55d24d8323774db4e07a0a676`
SHA1	`edf90569d68b951e39c698b678ff89aa0cbfb207`
SHA256	`a30b7138b1cb7048f1f525dd18de68951cba9a2b7e071bfa52a1275f8af42464`
CRC32	`F9B45561`
ssdeep	`768:AKw1xRk8OngJNmTuGm1AyGuuorpBWygmwJJV0Kt5T6jxWWAjF6Z:QxRkdnguaGmGyG7orpBWywt3W6FQ`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis