Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
04.30 02:04
BEWERBUNG.pdf.htm
04.30 01:04
BEWERBUNG.pdf.htm
04.30 01:04
Adobe%20PDF.hta
04.30 01:04
VXCX.exe
04.30 01:04
test.ps1
04.30 01:04
rah.exe
04.30 01:04
Microsoft.hta
04.30 01:04
XZCADEEW22.exe
04.30 01:04
CZXZDTGS.exe
04.30 01:04
ui.exe

Latest News
04.30 02:04
노르마, UAE 알 파르단과 양자 R&a...
04.30 02:04
모니터랩, 인도 기업 ‘Velosting...
04.30 02:04
굿모닝아이텍, 클라우드 SaaS 사업부문 신설
04.30 02:04
Back to Reality with t...
04.30 02:04
넷앱, 스토리지 계층 사이버보안 표준 새...
04.30 02:04
Xiaomi Joins China AI ...
04.30 02:04
Toyota to Partner With...
04.30 02:04
한국핀테크지원센터, ‘2025년 핀테크 ...
04.30 02:04
KISA, 공공기관 고객만족도 조사 최고...
04.30 01:04
레퍼런스체크코리아, 커리어플랜과 전략적 ...

Dropped Files | ZeroBOX

Name	01324ef7228bc3a9_run.dat Submit file
Filepath	C:\Users\test22\AppData\Roaming\017BD04F-B3BF-45B6-8167-9E8F41FF87BF\run.dat
Size	8.0B
Processes	2280 (WINDOWS SECURITY NANO.EXE)
Type	data
MD5	`d889815128fa0130405d50b5b0ccfa5a`
SHA1	`91319e4142b30aa883f510a5ba5e264623c68b88`
SHA256	`01324ef7228bc3a976f3620c599b6eae95ff79fddfe6e5bd80a49976ec3f741e`
CRC32	`BA724E6D`
ssdeep	`3:ZEt:ZE`
Yara	None matched
VirusTotal	Search for analysis

Name	9df65940d3f2230b_ultime multihack reborn.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\ULTIME MULTIHACK REBORN.EXE
Size	86.5KB
Processes	1076 (file4.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`0739a4b039910c9ecc48661e25279e6e`
SHA1	`02bf3b0265850bc13e85ac9bb421b88b6babbcaf`
SHA256	`9df65940d3f2230b276e9ee989f15a94855e07cf2aa04210353f7a9e9a62db4a`
CRC32	`07665029`
ssdeep	`1536:b+XubIue9gN0IsqIMnrDjCZEGUtxL1lgFSqB4kR2Epww7P/jRHkOSod1GDtQCzIF:b+UIue9VMvjCZEGUhahB4kR2Eyw71HkW`
Yara	PE_Header_Zero - PE File Signature Admin_Tool_IN_Zero - Admin Tool Sysinternals Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult Is_DotNET_EXE - (no description) Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	f7e09ec11c6b1b16_VLC MEDIA.EXE Submit file
Filepath	C:\Users\test22\AppData\Roaming\VLC MEDIA.EXE
Size	658.5KB
Processes	1076 (file4.exe) 2460 (notepad.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`f5663c1c258aa7a0e7499bbb2c2ee792`
SHA1	`a2a14df757dcba8fd9558ec149a163f9d4be8d62`
SHA256	`f7e09ec11c6b1b16b27cce9b6af76e108c9567ae4982996dac2610cfa669136a`
CRC32	`C9D751DF`
ssdeep	`12288:+9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hV:KZ1xuVVjfFoynPaVBUR8f+kN10EBj`
Yara	PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer mzp_file_format - MZP(Delphi) file format Network_Downloader - File Downloader Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	4d1067b6c4d4e7b4_tmp47E7.tmp.bat Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmp47E7.tmp.bat
Size	151.0B
Processes	2236 (None) 948 (cmd.exe)
Type	DOS batch file, ASCII text, with CRLF line terminators
MD5	`b9d03709385fd13cbf6d54818f6de5dd`
SHA1	`f9c93596cd3498df2dc7bb582454a979498a0925`
SHA256	`4d1067b6c4d4e7b47e711f224563dee939c281b076c49405e253107c6f0b87a8`
CRC32	`2CA3F566`
ssdeep	`3:mKDDCMNqTtvL5omWxpcL4EaKC5AW0CIvmqRDmWxpcL4E2J5xAInTRI7j1ZPy:hWKqTtT6mQpcLJaZ5AW0Bvmq1mQpcLJO`
Yara	None matched
VirusTotal	Search for analysis

Name	f2e3e68a10f9f07b_csrss.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\csrss.exe
Size	47.5KB
Processes	2236 (None)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`96da127f30d555f809b5a781eeadb5d4`
SHA1	`6742daf92406b52d5b98fcf3c8b96aca2f691404`
SHA256	`f2e3e68a10f9f07b031e2fd3d7d73553ee4639a5e1c2a0775ac0a2ddbeff5e53`
CRC32	`932E4551`
ssdeep	`768:Zuu91TwQsOnFWUFN1/mo2qDsEwopu9CeNPIY2GK2eZ0bveSrQ4sUxSJdjGhehBDQ:Zuu91TwSb2ipugY2929bveSMFGSJdtfU`
Yara	PE_Header_Zero - PE File Signature Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult Malicious_Packer_Zero - Malicious Packer Is_DotNET_EXE - (no description) AsyncRat - AsyncRat Payload IsPE32 - (no description) OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	da01598ba05a9467_windows security nano.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\WINDOWS SECURITY NANO.EXE
Size	209.5KB
Processes	1076 (file4.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`172214b69dfbf053c83ff8e6b70842bc`
SHA1	`02e321757925f21b18c96d2e23d6e9a755df59ab`
SHA256	`da01598ba05a9467fa7cf76d9d212df75886eeeea30a633654dcdf29d8be90d9`
CRC32	`A112774E`
ssdeep	`3072:EzEqV6B1jHa6dtJ10jgvzcgi+oG/j9iaMP2s/HIHMT+GHDo8K0qILgPtFgOHn2gM:ELV6Bta6dtJmakIM53+6o8lqd7gEnRm`
Yara	PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer Is_DotNET_EXE - (no description) Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis