Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
07.02 08:07
log2.exe
07.02 08:07
log1.exe
07.02 07:07
svchost.exe
07.02 07:07
asec.exe
07.02 07:07
kdmapper.exe
07.02 07:07
buildcr.exe
07.02 07:07
csrss.exe
07.02 07:07
IHBHXXQF.exe
07.02 07:07
snukingorig2.5.exe
07.02 07:07
igccu.exe

Latest News
07.02 08:07
Infostealers on the Ri...
07.02 07:07
A Playbook for Detecti...
07.02 07:07
The Evolution of Phish...
07.02 07:07
CISA Report Finds Most...
07.02 06:07
Cyber A.I. Group Annou...
07.02 06:07
Despite adoption hurdl...
07.02 06:07
The importance of inte...
07.02 06:07
regreSSHion: Critical ...
07.02 06:07
ポルシェカレラカップブラジル、Microso...
07.02 06:07
Celebrate Repair Indep...

Dropped Files | ZeroBOX

Name	ea1e16247c848c8c_4DD3.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\4DD3.tmp
Size	1.2MB
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`d124f55b9393c976963407dff51ffa79`
SHA1	`2c7bbedd79791bfb866898c85b504186db610b5d`
SHA256	`ea1e16247c848c8c171c4cd1fa17bc5a018a1fcb0c0dac25009066b6667b8eef`
CRC32	`6E5DAD5F`
ssdeep	`24576:gwS6Xkd14PpBi6vPfdviHPZ2jslseW64AcECwA:lUd1ypBLPdmZ2Ox4AcECwA`
Yara	Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen PE_Header_Zero - PE File Signature Zero OS_Processor_Check_Zero - OS Processor Check Signature Zero IsPE32 - (no description) IsDLL - (no description) IsConsole - (no description) HasOverlay - Overlay Check HasDebugData - DebugData Check ImportTableIsBad - ImportTable Check HasRichSignature - Rich Signature Check
VirusTotal	Search for analysis

Name	963ce4af796ddcef_queem2cqn445sp3z3dnfjmv7.exe Submit file
Filepath	C:\Users\test22\Documents\queeM2cQn445sP3z3DNfJmv7.exe
Size	311.0KB
Processes	5032 (PlayerUI5.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`4e5e3934b9efc41e7eaf84516668dfbd`
SHA1	`5c07c5b85ff55c1d5293d88977c38b3d12f07a54`
SHA256	`963ce4af796ddcef59ad7b1676ca5ddf7f437fee9c97d96a3aad99781f268e89`
CRC32	`F700A902`
ssdeep	`6144:RyZ5DZtIlHWWibmJCF2UMwVkklLGEtggjuzN:Ry7DZmoWom0I1i99t5uzN`
Yara	PE_Header_Zero - PE File Signature Zero OS_Processor_Check_Zero - OS Processor Check Signature Zero win_files_operation - Affect private profile IsPE32 - (no description) IsWindowsGUI - (no description) IsPacked - Entropy Check
VirusTotal	Search for analysis

Name	cfce285cacd32aaa_o4ow4y9aguauaw2rblb55mcu.exe Submit file
Filepath	C:\Users\test22\Documents\o4ow4y9aGUAUAw2RBlB55McU.exe
Size	5.5MB
Processes	5032 (PlayerUI5.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`f0bc65a05ad0a598375cfcd88cebf2f7`
SHA1	`a293f92d4f7377b31e06ee0377d4f8069d923938`
SHA256	`cfce285cacd32aaa2b142c7cb7c23643a8d57825daaa51ea69df4d61ff3a819f`
CRC32	`D5E811D9`
ssdeep	`98304:xhp+G9io0N+3FDOlDEDXYcn4/y3xUbkoP11vwoo/ZgG81Dkpum:xybot3BOlDEDXRthXoPLvw321D`
Yara	Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen PE_Header_Zero - PE File Signature Zero OS_Processor_Check_Zero - OS Processor Check Signature Zero screenshot - Take screenshot win_registry - Affect system registries win_files_operation - Affect private profile IsPE32 - (no description) IsWindowsGUI - (no description) IsPacked - Entropy Check HasDebugData - DebugData Check HasRichSignature - Rich Signature Check Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet
VirusTotal	Search for analysis

Name	9379db9909eb90bc_r5obpwktpid3jhilhponzkts.exe Submit file
Filepath	C:\Users\test22\Documents\R5OBPWKTPiD3JhILHPonZKTs.exe
Size	590.5KB
Processes	5032 (PlayerUI5.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`0e5986c256d2611294f5ef8b6d9ea73f`
SHA1	`1df628e4e063c068896e3d316b364ae6acf3554c`
SHA256	`9379db9909eb90bc81cdb07b2d7dcbef69e5b1374e93b30153270ef2e58afe28`
CRC32	`11E58CC1`
ssdeep	`12288:X/BH1HkqCuWJLBvcoggYK55dtrDElP3+x+ysvrU31wiaVMeXI5+r9Q6jgS:Xp1HBCjJF0ZKXdpQlv+AhjUfj+r9Q6jg`
Yara	PE_Header_Zero - PE File Signature Zero OS_Processor_Check_Zero - OS Processor Check Signature Zero win_files_operation - Affect private profile IsPE32 - (no description) IsWindowsGUI - (no description) IsPacked - Entropy Check
VirusTotal	Search for analysis

Name	f6f83e9d687e6211_gjeewcexwkagzpf5f38xdlur.exe Submit file
Filepath	C:\Users\test22\Documents\gJeEWceXwkagZPf5F38xDLuR.exe
Size	254.5KB
Processes	5032 (PlayerUI5.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`8a872bafad1d9fdf74ecd68b65c2f6ea`
SHA1	`2026b4445deb7465c5d0738d7052b5e18e5c3121`
SHA256	`f6f83e9d687e621181690a4782cba87f280b0659d2a4f20a837156525e264b91`
CRC32	`E4539C49`
ssdeep	`3072:GphWlisMyxnrNSgUJimgz6Nxvnw1xF2ERQ8go36fQjDLDbDgXA55MVzfxBe:OhWPMyxnJdzaxvnAF2MQbG6fYVY`
Yara	PE_Header_Zero - PE File Signature Zero OS_Processor_Check_Zero - OS Processor Check Signature Zero win_files_operation - Affect private profile IsPE32 - (no description) IsWindowsGUI - (no description)
VirusTotal	Search for analysis

Name	ff9025462f9cadc6_urwyil4ektcvig3xj72ffehx.exe Submit file
Filepath	C:\Users\test22\Documents\URwyiL4EKtcvIg3XJ72FfEhX.exe
Size	4.2KB
Processes	5032 (PlayerUI5.exe)
Type	HTML document, ASCII text
MD5	`e452642a21db790d12810040a8be1e4e`
SHA1	`1c67730510216c7fc21980730ee3b9eec6e6b5a6`
SHA256	`ff9025462f9cadc654e2d41fff3a8d154dbd5fd4cedb6f0c15c2824988b2def3`
CRC32	`750063B9`
ssdeep	`96:1j9jwIjYjyDK/DZD8jH+k1UvJADh/pRsisgszbGD:1j9jhjYjWK/lyH+kURADh/pmisgsfGD`
Yara	None matched
VirusTotal	Search for analysis