Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
07.02 08:07
log2.exe
07.02 08:07
log1.exe
07.02 07:07
svchost.exe
07.02 07:07
asec.exe
07.02 07:07
kdmapper.exe
07.02 07:07
buildcr.exe
07.02 07:07
csrss.exe
07.02 07:07
IHBHXXQF.exe
07.02 07:07
snukingorig2.5.exe
07.02 07:07
igccu.exe

Latest News
07.02 08:07
Infostealers on the Ri...
07.02 07:07
A Playbook for Detecti...
07.02 07:07
The Evolution of Phish...
07.02 07:07
CISA Report Finds Most...
07.02 06:07
Cyber A.I. Group Annou...
07.02 06:07
Despite adoption hurdl...
07.02 06:07
The importance of inte...
07.02 06:07
regreSSHion: Critical ...
07.02 06:07
ポルシェカレラカップブラジル、Microso...
07.02 06:07
Celebrate Repair Indep...

Dropped Files | ZeroBOX

Name	ea1e16247c848c8c_4DD3.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\4DD3.tmp
Size	1.2MB
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`d124f55b9393c976963407dff51ffa79`
SHA1	`2c7bbedd79791bfb866898c85b504186db610b5d`
SHA256	`ea1e16247c848c8c171c4cd1fa17bc5a018a1fcb0c0dac25009066b6667b8eef`
CRC32	`6E5DAD5F`
ssdeep	`24576:gwS6Xkd14PpBi6vPfdviHPZ2jslseW64AcECwA:lUd1ypBLPdmZ2Ox4AcECwA`
Yara	Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen PE_Header_Zero - PE File Signature Zero OS_Processor_Check_Zero - OS Processor Check Signature Zero IsPE32 - (no description) IsDLL - (no description) IsConsole - (no description) HasOverlay - Overlay Check HasDebugData - DebugData Check ImportTableIsBad - ImportTable Check HasRichSignature - Rich Signature Check
VirusTotal	Search for analysis

Name	fd4dee62f56bc0a4_amvgfsk0ptjjy516sxcemcgd.exe Submit file
Filepath	C:\Users\test22\Documents\AMvgFsk0Ptjjy516sXCEMCgD.exe
Size	254.5KB
Processes	812 (KG5pc5F7jZu3r0hr7kiig97u.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`ec985b6c0e37ce218fe0ffcceb80cb9c`
SHA1	`c4004d1ea3c9b91a370f7b71c012ed3594ab341c`
SHA256	`fd4dee62f56bc0a4190b21129deb69858b6ca22bc349a9cb9a3121b8dfbb111e`
CRC32	`73A99CFF`
ssdeep	`3072:4zu64zk/TuByIwygkJi4RssfdYiXNV+C7SKc9bmZTj2rUiLDLz55n5YPYxR8WTba:4zudATuBSMmsfdJXyC7abMyo7Pu8M`
Yara	PE_Header_Zero - PE File Signature Zero OS_Processor_Check_Zero - OS Processor Check Signature Zero win_files_operation - Affect private profile IsPE32 - (no description) IsWindowsGUI - (no description)
VirusTotal	Search for analysis

Name	e80db3924627a796_p3huhaxiiildoaewuuyiwrng.exe Submit file
Filepath	C:\Users\test22\Documents\P3HUHaXIIiLdOaEwuuyiwRng.exe
Size	524.0KB
Processes	812 (KG5pc5F7jZu3r0hr7kiig97u.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`bcd2583086d55ae0e1444378c2892c1d`
SHA1	`e56ae93e35c7fe70e1cadf126849bf97200868a6`
SHA256	`e80db3924627a7961f6bbb34a4d6849546d544620ea77f12b1b3dd8ed024ef4d`
CRC32	`7E1FA6A8`
ssdeep	`12288:TDl53CNKU4kET3oPSPe6v4WgZeajrzQ1bWON2Tu:TPCNKU4f7oPodvzOrzebWm2T`
Yara	PE_Header_Zero - PE File Signature Zero OS_Processor_Check_Zero - OS Processor Check Signature Zero win_files_operation - Affect private profile IsPE32 - (no description) IsWindowsGUI - (no description) IsPacked - Entropy Check
VirusTotal	Search for analysis

Name	2741dd4405e19e55_oe0njiosxcniwlmy2p2qbfax.exe Submit file
Filepath	C:\Users\test22\Documents\oE0nJiOSXCnIWlMy2P2qBFaX.exe
Size	589.5KB
Processes	812 (KG5pc5F7jZu3r0hr7kiig97u.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`02a17a799a3d0c5cf1c11099eebeb3c4`
SHA1	`98ba3eb0a939ba2ec356ffb039bf25612e01e428`
SHA256	`2741dd4405e19e5508adafb27ccc16460777cba41e79e4f0ece549c69e482008`
CRC32	`38ADEBC9`
ssdeep	`12288:B1kg9ClBinbCO1CgGOuHlVeLZPwHF7qDVN4416OvSsEpn1S:Bx9ClknbCO1Cg1uCO1Eu41x`
Yara	PE_Header_Zero - PE File Signature Zero OS_Processor_Check_Zero - OS Processor Check Signature Zero win_files_operation - Affect private profile IsPE32 - (no description) IsWindowsGUI - (no description) IsPacked - Entropy Check
VirusTotal	Search for analysis

Name	4a8b0c85bf9e1f2f_2grgcsrwhuua0rwpknz0yhvg.exe Submit file
Filepath	C:\Users\test22\Documents\2gRgCSRWhUUA0rwPknZ0YhVG.exe
Size	310.5KB
Processes	812 (KG5pc5F7jZu3r0hr7kiig97u.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`d2f03aa350d2d49970915744f8715fe5`
SHA1	`c3edf36ade8a9ffe326fb87ad33305877f1554d7`
SHA256	`4a8b0c85bf9e1f2ff735f75af6f8ac2d3bbb928b456c50cf8e91cedd8b26c9fe`
CRC32	`A18DA43B`
ssdeep	`6144:FFRQF8Zx6owfLA88BhJ7Nbr7kr20VoFUX4UqAmhjBL5:FFa8ZoTDARtr7WVoFZXjBl`
Yara	PE_Header_Zero - PE File Signature Zero OS_Processor_Check_Zero - OS Processor Check Signature Zero win_files_operation - Affect private profile IsPE32 - (no description) IsWindowsGUI - (no description) IsPacked - Entropy Check
VirusTotal	Search for analysis

Name	292f7e67e563adf9_gkgiunkmqgjlwgz5q5ydssyr.exe Submit file
Filepath	C:\Users\test22\Documents\GkgIuNKmQgJLWGz5Q5ydssYr.exe
Size	4.2KB
Processes	812 (KG5pc5F7jZu3r0hr7kiig97u.exe)
Type	HTML document, ASCII text
MD5	`c04ebea6c21b69a7426348f89f8d6e27`
SHA1	`dd67f98011fb3afb8e2d93bdc6c5ed62ba73b17b`
SHA256	`292f7e67e563adf9cf77061209b7d4caef1c74ae90de8db520ed957f4bfbd5e3`
CRC32	`143A737D`
ssdeep	`96:1j9jwIjYjyDK/DZD8jH+k1UvJADh/pRswsgszbGD:1j9jhjYjWK/lyH+kURADh/pmwsgsfGD`
Yara	None matched
VirusTotal	Search for analysis

Name	cfce285cacd32aaa_ze9xdda0nar8upaujsdfmth5.exe Submit file
Filepath	C:\Users\test22\Documents\Ze9XdDa0NAR8UpAujSDfMtH5.exe
Size	5.5MB
Processes	812 (KG5pc5F7jZu3r0hr7kiig97u.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`f0bc65a05ad0a598375cfcd88cebf2f7`
SHA1	`a293f92d4f7377b31e06ee0377d4f8069d923938`
SHA256	`cfce285cacd32aaa2b142c7cb7c23643a8d57825daaa51ea69df4d61ff3a819f`
CRC32	`D5E811D9`
ssdeep	`98304:xhp+G9io0N+3FDOlDEDXYcn4/y3xUbkoP11vwoo/ZgG81Dkpum:xybot3BOlDEDXRthXoPLvw321D`
Yara	Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen PE_Header_Zero - PE File Signature Zero OS_Processor_Check_Zero - OS Processor Check Signature Zero screenshot - Take screenshot win_registry - Affect system registries win_files_operation - Affect private profile IsPE32 - (no description) IsWindowsGUI - (no description) IsPacked - Entropy Check HasDebugData - DebugData Check HasRichSignature - Rich Signature Check Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet
VirusTotal	Search for analysis