Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
10.09 01:10
People Australia - 25 ...
10.08 10:10
legendaryy.exe
10.08 09:10
Journal-http.hta
10.08 09:10
f2e7fcb20146.exe#sp_sl
10.08 09:10
g2m.dll
10.08 09:10
CCRNC.txt.exe
10.08 09:10
04a4f32fae41.exe#d16
10.08 09:10
am10.exe
10.08 09:10
956d73b7f041.exe#defau...
10.08 09:10
salluireallymissyousal...

Latest News
10.09 01:10
Security provider ADT ...
10.09 01:10
Credit monitoring and ...
10.09 01:10
Why the Sysdig Windows...
10.09 01:10
Exposing the Facebook ...
10.09 01:10
What Google's U-Turn o...
10.09 12:10
Foreign adversaries wi...
10.09 12:10
Exposing the Facebook ...
10.09 12:10
Running Game Boy Games...
10.09 12:10
Microsoft Cut as Oppen...
10.09 12:10
아이폰 터치 스크린 문제 및 성능 문제 ...

Dropped Files | ZeroBOX

Name	ac9dfe3b35ea4b89_System.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nsl313.tmp\System.dll
Size	11.5KB
Processes	4748 (sinqqhd.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`0063d48afe5a0cdc02833145667b6641`
SHA1	`e7eb614805d183ecb1127c62decb1a6be1b4f7a8`
SHA256	`ac9dfe3b35ea4b8932536ed7406c29a432976b685cc5322f94ef93df920fede7`
CRC32	`B233B75E`
ssdeep	`192:qPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4U:F7VpNo8gmOyRsVc4`
Yara	IsPE32 - (no description) IsDLL - (no description) IsWindowsGUI - (no description) HasRichSignature - Rich Signature Check PE_Header_Zero - PE File Signature Zero
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_nsq294.tmp Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\nsq294.tmp
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	21dae0a9a39ee140_burden_17.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\Software\Burden_17.exe
Size	4.2MB
Processes	4748 (sinqqhd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`d725aefd29a5933c26beff053aa08422`
SHA1	`16c0adbb1965acce6bb5e56d91348db1867bfade`
SHA256	`21dae0a9a39ee1405636ddfa72db039d49aeeb33de5ea500835055aea6daccc2`
CRC32	`026F4592`
ssdeep	`98304:7rfLN1DUx1ec13DoNwiLYwHWn+rIIF2n4DGR6A+oR2GFQZU:XDP4JUOiM7nrPT+oR21U`
Yara	IsPE32 - (no description) IsWindowsGUI - (no description) IsPacked - Entropy Check HasOverlay - Overlay Check HasDigitalSignature - DigitalSignature Check HasRichSignature - Rich Signature Check anti_vm_detect - Possibly employs anti-virtualization techniques PE_Header_Zero - PE File Signature Zero
VirusTotal	Search for analysis

Name	6798a0804dc3b40e_boat_63.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\Software\Boat_63.exe
Size	8.8MB
Processes	4748 (sinqqhd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c08ffaa685dacc1e099ae60f57779dbc`
SHA1	`bb04eb3fc00e59b66cb534e1ba101469adff5339`
SHA256	`6798a0804dc3b40efaf20f4f3be4f79d8560f5ba3993a75295ba58be4f5fb3ce`
CRC32	`40F46D04`
ssdeep	`196608:FRuXj+JhASlf+NOne3hQd0JuoT5IAP3bmPfYQbzoGg3vsW060Zd:OyJhv+5y83bmXYnZY60Zd`
Yara	IsPE32 - (no description) IsWindowsGUI - (no description) IsPacked - Entropy Check HasOverlay - Overlay Check HasDigitalSignature - DigitalSignature Check HasRichSignature - Rich Signature Check win_mutex - Create or check mutex PE_Header_Zero - PE File Signature Zero
VirusTotal	Search for analysis

Name	cff1eff592131d7b_realteksb.lnk Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RealtekSb.lnk
Size	1.0KB
Processes	4892 (Pigeon_50.exe) 7400 (Boat_63.exe)
Type	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Archive, ctime=Mon Mar 8 21:21:39 2021, mtime=Mon Mar 8 21:21:39 2021, atime=Tue Jul 21 05:13:30 2020, length=9194152, window=hide
MD5	`31b961906c6ad4b870d1cdbca0277678`
SHA1	`b686ce484e2afd116d15e3ddad0a450ca7ced4b0`
SHA256	`cff1eff592131d7bfb2c87417234410344a5cda4ae1233c6632f710ce9cd6128`
CRC32	`578EF77A`
ssdeep	`24:8zsERd4wb/yTp/c8SrNzNf+gyCySYEcW1:8zsgbQpkfrNpfY2`
Yara	Lnk_Format_Zero - LNK Format
VirusTotal	Search for analysis

Name	22beccc542b0d6fa_software.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\Software\software.exe
Size	287.0KB
Processes	4748 (sinqqhd.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`86503b51f7591c77378f67f4555c3f6f`
SHA1	`1805c4ce6c71db2d35df1a635cdeacf47f8f3797`
SHA256	`22beccc542b0d6fa989a6d2b7196ef6c7830c4172d019f21725e34f4cfea7a00`
CRC32	`73929693`
ssdeep	`6144:/pMBB8B/zowpTip56/UNhCFmk4Y/4ijrPctMD+:B8B4/95ip56/UE74YRjkp`
Yara	IsPE32 - (no description) IsConsole - (no description) HasOverlay - Overlay Check HasRichSignature - Rich Signature Check win_mutex - Create or check mutex win_files_operation - Affect private profile PE_Header_Zero - PE File Signature Zero OS_Processor_Check_Zero - OS Processor Check Signature Zero
VirusTotal	Search for analysis

Name	8f27f6ec527cad15_pigeon_50.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\Knee\Pigeon_50.exe
Size	8.8MB
Processes	4748 (sinqqhd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`96c4f4c5cb52513a9948e29327788813`
SHA1	`1fce2ab52bddd0fec9dc077aa2b5ca98b68ec302`
SHA256	`8f27f6ec527cad1507bb45c7cd07051d51c7810d44bec482d799d651e67362f5`
CRC32	`ABC27774`
ssdeep	`196608:yercBI4CP0PASsYK10uYOGKXVI/Tryssfoa/esGJPCA+nTn9g:yDS4TPoYKa0S2fDGsKrw9g`
Yara	IsPE32 - (no description) IsWindowsGUI - (no description) IsPacked - Entropy Check HasOverlay - Overlay Check HasDigitalSignature - DigitalSignature Check HasRichSignature - Rich Signature Check win_mutex - Create or check mutex PE_Header_Zero - PE File Signature Zero
VirusTotal	Search for analysis