Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
04.22 12:04
cabalmain.exe
04.22 11:04
pOqYWAZ.exe
04.22 11:04
MoH%20Radiant.exe
04.22 10:04
Check.bat
04.22 10:04
njntos.exe
04.22 10:04
Explerer.exe
04.22 10:04
CPCUKHLQ.msi
04.22 10:04
ZQEIXDKC.msi
04.22 10:04
TCVBMALJ.msi
04.22 09:04
test

Latest News
04.22 11:04
(주)대양씨아이에스, 무선 IoT 솔루션...
04.22 11:04
PoX: Super-Fast Graphe...
04.22 11:04
Whistleblower: DOGE Si...
04.22 11:04
유지소방공사, 자영업자 철거비용부담 최소...
04.22 11:04
Sumitomo, SBI Holdings...
04.22 10:04
SK텔레콤 내부 시스템 해킹 시도, 고객...
04.22 10:04
마틴골프, '캐치! 티니핑'과 함께한 2...
04.22 10:04
디저트39, 저당 오리지널 도쿄롤 출시
04.22 10:04
비엣젯항공, 베트남 역사적 명소 ‘꼰다오...
04.22 10:04
린나이, 선셋 마라톤서 경품 행사 진행

Dropped Files | ZeroBOX

Name	37cc3ebff3b7b7e5_MindClient.dll Submit file
Filepath	C:\Windows\Temp\{E7FE4EAB-B64F-40DA-AB00-7CDDB0AF7161}\.ba\MindClient.dll
Size	467.3KB
Processes	2672 (hvof1h0.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`c058b36fb6b007c2920604229b1fa0a3`
SHA1	`1377c5c47f08ffabb6a3359cdc2c3b5c8df958bb`
SHA256	`37cc3ebff3b7b7e55e8a8cc8785449152c6b119d25bacc6671b089dca7998ca2`
CRC32	`771A5BF0`
ssdeep	`6144:Ia3CPnngkkrohdf/U8t65qIhWG1eywT3/vxC1+jeUwNv+:uPnnglohdf/UbSG1ey0nxlNwNv+`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsDLL - (no description) IsPE32 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	741b8250412fe40f_Vclx60.bpl Submit file
Filepath	C:\Windows\Temp\{E7FE4EAB-B64F-40DA-AB00-7CDDB0AF7161}\.ba\Vclx60.bpl
Size	208.5KB
Processes	2672 (hvof1h0.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`aad6f4b96f96dd5e52f7b4989e5c5103`
SHA1	`082d57c34f22ada75827539d2ca8873ec4d10dff`
SHA256	`741b8250412fe40fd3124de2814a506af94f65017e6c90ae2af27a9b54d81052`
CRC32	`E6E383FE`
ssdeep	`3072:6ygORvocdgkRLh3ALYoHISXtujXwpPfJuYjS5je9MM5zTfY/bgK0ROCvwtavEtAU:TgO5oWgO9TYIuojAzS4fYJev`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) mzp_file_format - MZP(Delphi) file format IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	473c0ff8c61eac94_hvof1h0.exe Submit file
Filepath	C:\Windows\Temp\{8AAC0582-87E2-4EE0-BDB2-D62C053E3C1E}\.cr\hvof1h0.exe
Size	8.3MB
Processes	2560 (hvof1h0.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`2bc55b40889aebf33b09a12e00b1b423`
SHA1	`ca3703e301a934878c3b62d86788b84fa6b0bbc5`
SHA256	`473c0ff8c61eac94deaa9a783d24b1694d0287e8d9852f9b8a0f9cb71003e823`
CRC32	`232C1FE5`
ssdeep	`196608:sfU8hBymkp/BrwhblGCFqSKQXCWBFAUEIxnhZrYWURteeEPg5w:8KZBrmBFqSQWPSIhCRgeE45w`
Yara	PE_Header_Zero - PE File Signature Admin_Tool_IN_Zero - Admin Tool Sysinternals Malicious_Library_Zero - Malicious_Library CAB_file_format - CAB archive file IsPE32 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	aa4a46b7921f2259_Rtl60.bpl Submit file
Filepath	C:\Windows\Temp\{E7FE4EAB-B64F-40DA-AB00-7CDDB0AF7161}\.ba\Rtl60.bpl
Size	669.0KB
Processes	2672 (hvof1h0.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`f5f25b8106dedaa22a053e4cba2cd9fc`
SHA1	`72e35d1eae68b9890d5a47c7b4294dc2bfc6c113`
SHA256	`aa4a46b7921f225910414422ec7ff5533cd5fad87e2fe2cca248f25eb9899480`
CRC32	`E10B18C0`
ssdeep	`12288:w146Fc5MU8sb70WgpeZQDJyx7W+AK1Oug2GWDKuX8oJTFrBdn+Md:w1rFZUDb741ydW+AK1a2GWDKus2prBVd`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsDLL - (no description) mzp_file_format - MZP(Delphi) file format DllRegisterServer_Zero - execute regsvr32.exe IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	150e7906b53d5949_wspconfig.dll Submit file
Filepath	C:\Windows\Temp\{E7FE4EAB-B64F-40DA-AB00-7CDDB0AF7161}\.ba\wspconfig.dll
Size	535.8KB
Processes	2672 (hvof1h0.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`ec0755e5f768fad2d6678ab7c6e267e7`
SHA1	`acd89c51ef12f5b7fbafa03bd5c70ab700edfb23`
SHA256	`150e7906b53d59492f5de43447ca3f2431bda839c866fe1763c7f92db125492c`
CRC32	`24ECBA1F`
ssdeep	`12288:XjwpfW0d+Bl1mb0hILXU1XC7ngmzN6bDG+:zeW0wX1LGLEQ7ngmzyD3`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsDLL - (no description) IsPE32 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	c5a22f4a98411b0b_Entropy.dll Submit file
Filepath	C:\Windows\Temp\{E7FE4EAB-B64F-40DA-AB00-7CDDB0AF7161}\.ba\Entropy.dll
Size	861.9KB
Processes	2672 (hvof1h0.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`2cac12de8dc6d1a2f4d28b33dd06c74b`
SHA1	`19cdaddfe5d7ae611574e5f6b7333fffe1850383`
SHA256	`c5a22f4a98411b0beab2e1a464b4d7f9741400b8525c2a345a062333b593088d`
CRC32	`63084F5E`
ssdeep	`24576:fl7MJk9qMhlQTnqFQaKn6ws2yBdyeI+y7i8NvuqmSJhNNI0q:9QJcQTqFQaKn6j2yBEeI+Ci8NvuqmSJI`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsDLL - (no description) Antivirus - Contains references to security software Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	34ff2954138e80e9_Install.dll Submit file
Filepath	C:\Windows\Temp\{E7FE4EAB-B64F-40DA-AB00-7CDDB0AF7161}\.ba\Install.dll
Size	844.3KB
Processes	2672 (hvof1h0.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`846ca4cb8076194724f5e884757b6048`
SHA1	`687e1e057b70bf43d84318def17dd8187bb9d96b`
SHA256	`34ff2954138e80e91d23c7fcfa9e071579897ec175840974768aecd527464eb5`
CRC32	`43B79439`
ssdeep	`12288:e5nXj3pfXrh2yydKIg641cgQNE9NtkCVtgIHgp4zU8uap:+TJdOKIm2bE9NjVtX/`
Yara	PE_Header_Zero - PE File Signature Admin_Tool_IN_Zero - Admin Tool Sysinternals Malicious_Library_Zero - Malicious_Library IsDLL - (no description) mzp_file_format - MZP(Delphi) file format IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	6bf976cde3d05fe1_Portal-Ech64.exe Submit file
Filepath	C:\Windows\Temp\{E7FE4EAB-B64F-40DA-AB00-7CDDB0AF7161}\.ba\Portal-Ech64.exe
Size	3.2MB
Processes	2672 (hvof1h0.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`92c4cb3d272c3189d625a21c84b7239d`
SHA1	`9e2df5c22498189c492b971ec2f17af5a1521272`
SHA256	`6bf976cde3d05fe1665c07e1e53f1fe46e7a195d224525f0fe5944a5ef03d5d3`
CRC32	`F156BF47`
ssdeep	`49152:n+CEOpdvVKzbBbFPWqSpGYZj1daV2wi9q872itsRPlJt75cX+yYTNuNcVWSMVQ/c:AtfNSmbvtoCT3pVLpVKQpVepVGbvW`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library mzp_file_format - MZP(Delphi) file format Antivirus - Contains references to security software IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	d2a651547a83723b_BorlndMm.dll Submit file
Filepath	C:\Windows\Temp\{E7FE4EAB-B64F-40DA-AB00-7CDDB0AF7161}\.ba\BorlndMm.dll
Size	29.0KB
Processes	2672 (hvof1h0.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`f2264abae9d3da4bd185f8177016c234`
SHA1	`2eb10ce6cc47443b67c4e1ce495dd8d8bb2a90e1`
SHA256	`d2a651547a83723be81fb4e87bd75fae6f95666050e072a30c22d7ace0cb5f20`
CRC32	`63869C07`
ssdeep	`768:eKF+Ki/ija+1IGm5fe+7GGXQ/ija+1IhyPXZl0Pi75:eKF+qmd7GGYyb0a75`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) mzp_file_format - MZP(Delphi) file format IsPE32 - (no description)
VirusTotal	Search for analysis

Name	3868ce9bd2cf15f1_StlpMt45.dll Submit file
Filepath	C:\Windows\Temp\{E7FE4EAB-B64F-40DA-AB00-7CDDB0AF7161}\.ba\StlpMt45.dll
Size	604.0KB
Processes	2672 (hvof1h0.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`94beb60d54d38e532619dcb5dd723fea`
SHA1	`75aa84d225e579928afc9db87898d9c45e40b6d1`
SHA256	`3868ce9bd2cf15f171655448060768c23a61ec366454e1eaa40dfe6da6f92041`
CRC32	`0CD35D7B`
ssdeep	`12288:vkn33ywLy8gz7IJ/Pd0/LRZxXlB1E34aN:vkmcJ/PSRZxXVE34`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) mzp_file_format - MZP(Delphi) file format IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	55f488bccca0d639_BootstrapperApplicationData.xml Submit file
Filepath	C:\Windows\Temp\{E7FE4EAB-B64F-40DA-AB00-7CDDB0AF7161}\.ba\BootstrapperApplicationData.xml
Size	5.1KB
Processes	2672 (hvof1h0.exe)
Type	XML 1.0 document, Little-endian UTF-16 Unicode text, with very long lines, with CRLF line terminators
MD5	`74aaba58476ef6a5869d9880f7d10fc9`
SHA1	`f2dfdd03e67aaac59499a9843ff2b65c5998e5fc`
SHA256	`55f488bccca0d639a68b7bbc3e47c5415e4a053269693e6e355b8da07a4a1308`
CRC32	`F008BE7A`
ssdeep	`96:XY9Zn6veYA0w8yciYfAn6kf80w+TycBgRCDn6CQm0wcycCRovgkT6WroDWr316kr:XyZsbMefAPmXGJeUjuxTAOe5fP/Xdri`
Yara	None matched
VirusTotal	Search for analysis

Name	c323a6f92277dd77_iconolatry_20250421224520.log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Iconolatry_20250421224520.log
Size	2.6KB
Processes	2672 (hvof1h0.exe)
Type	ASCII text, with CRLF line terminators
MD5	`e8d5ac3091ddd72c4a092441c458a278`
SHA1	`b26c2b47f58e4caab04f4b53819cfcc667cb79d8`
SHA256	`c323a6f92277dd77257a13672d8057c283f04b1ef50bec92b7afec09c3fab2f7`
CRC32	`2BAADC75`
ssdeep	`48:6vxuxLODuY0ukquO87V7edT7dTvdTj5GCxOZfy+BuPbFyOGPyGB8a5adTXz:As87vBN`
Yara	None matched
VirusTotal	Search for analysis

Name	914e6b0d9568dd17_Bouspous.hr Submit file
Filepath	C:\Windows\Temp\{E7FE4EAB-B64F-40DA-AB00-7CDDB0AF7161}\.ba\Bouspous.hr
Size	4.4MB
Processes	2672 (hvof1h0.exe)
Type	data
MD5	`591c9165073cdeb454bc311b9e7d9c69`
SHA1	`a50a9099d1cc00f1938695080081585ba6bf83bd`
SHA256	`914e6b0d9568dd17ba551e544b8d508b84cac2ca150f0d015bcc2ff349e4800f`
CRC32	`5004D23D`
ssdeep	`98304:xo1+eIqdQlfHCGywCe8LCYw/F1unQb97lxq/ZXLaX8BfWMmCFfcY04:xo8eIqkHCGYfw/FndjY+Cb04`
Yara	None matched
VirusTotal	Search for analysis

Name	94efefd99001182d_CC3260MT.dll Submit file
Filepath	C:\Windows\Temp\{E7FE4EAB-B64F-40DA-AB00-7CDDB0AF7161}\.ba\CC3260MT.dll
Size	1.4MB
Processes	2672 (hvof1h0.exe)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`e9802f07dd34a7b2a8164c51a098c4e7`
SHA1	`66cf432aa46c70f005c6d66544de129c47321395`
SHA256	`94efefd99001182d1f8f4e6dc5e2135a2da162344b5713ea2b43acbc6693b3fd`
CRC32	`271975AF`
ssdeep	`12288:iVXhBDFeZsk4B8lLLnP17XfUKMsG5I4S9X5/qfzKjJ3PmSruNXCwwwwwwwwwwwwx:iJhB7TqpLnPhPUKHYfSJ+SruBZqR`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsDLL - (no description) mzp_file_format - MZP(Delphi) file format IsPE32 - (no description) Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	92e2d1cf4df636af_Vcl60.bpl Submit file
Filepath	C:\Windows\Temp\{E7FE4EAB-B64F-40DA-AB00-7CDDB0AF7161}\.ba\Vcl60.bpl
Size	1.3MB
Processes	2672 (hvof1h0.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`3c54d0ca35ad94787fe3eb1efb76feb5`
SHA1	`952a4d86cc1721aff1dc2ef450f6e6afde66c8ba`
SHA256	`92e2d1cf4df636af37f4c50ad3a1f04d7e21eaeb7bfe8478ab7c23f68791826d`
CRC32	`88BB1A24`
ssdeep	`12288:bm+Qn2EwRdVI0Ine/pCz+2f3RAXNKEj0RJMiohzj/AQ1hRfSVW4gBeyYGmN:6+IMr0spuxJaHL1HaVpgBjYG`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsDLL - (no description) mzp_file_format - MZP(Delphi) file format Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet Network_Downloader - File Downloader IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	d729e48054c024a4_Gieckweagflog.bj Submit file
Filepath	C:\Windows\Temp\{E7FE4EAB-B64F-40DA-AB00-7CDDB0AF7161}\.ba\Gieckweagflog.bj
Size	50.6KB
Processes	2672 (hvof1h0.exe)
Type	data
MD5	`6125f343d07b7997b35aa4a8c886ddd4`
SHA1	`542b81402afcf3c6ef3827851ee1e932e7516715`
SHA256	`d729e48054c024a413eda120346a800da37104998699b892f49f712075ecb1b3`
CRC32	`B8A1D6FF`
ssdeep	`768:BXag5ZQhK5q6jZCVyGu7MCr4UN594eQyui2wAAymWlVoA0YW0wm1BEKec1f4uY2O:5aWyw9jZAylACV8WAAymQhwmTw2u9rl5`
Yara	None matched
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_Gieckweagflog.bj Empty file or file not found
Filepath	C:\Windows\Temp\{E7FE4EAB-B64F-40DA-AB00-7CDDB0AF7161}\.ba\Gieckweagflog.bj
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis