Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Dropped Files | ZeroBOX

Name	d6431d5645fffd05_d93f411851d7c929.customdestinations-ms Submit file
Filepath	c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size	7.8KB
Processes	2964 (powershell.exe)
Type	data
MD5	`260d23ce04a8f8555a73b7d2dc15e911`
SHA1	`ebad746fb7de847c50f7502a44f6e35534733efd`
SHA256	`d6431d5645fffd05a23166d630253bc7ce8c099cf6e9c956f8ae5e1249ee8588`
CRC32	`11D6B213`
ssdeep	`96:ctuCeGCPDXBqvsqvJCwo5tuCeGCPDXBqvsEHyqvJCworSP7Hwxf2lUVul:ctvXo5tvbHnorrxQ`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	37cc3ebff3b7b7e5_MindClient.dll Submit file
Filepath	C:\Windows\Temp\{DD44DF47-B1D2-4CCE-B7A7-2E9D94F17EDB}\.ba\MindClient.dll
Size	467.3KB
Processes	1704 (hvof1h0.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`c058b36fb6b007c2920604229b1fa0a3`
SHA1	`1377c5c47f08ffabb6a3359cdc2c3b5c8df958bb`
SHA256	`37cc3ebff3b7b7e55e8a8cc8785449152c6b119d25bacc6671b089dca7998ca2`
CRC32	`771A5BF0`
ssdeep	`6144:Ia3CPnngkkrohdf/U8t65qIhWG1eywT3/vxC1+jeUwNv+:uPnnglohdf/UbSG1ey0nxlNwNv+`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsDLL - (no description) IsPE32 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	741b8250412fe40f_Vclx60.bpl Submit file
Filepath	C:\Windows\Temp\{DD44DF47-B1D2-4CCE-B7A7-2E9D94F17EDB}\.ba\Vclx60.bpl
Size	208.5KB
Processes	1704 (hvof1h0.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`aad6f4b96f96dd5e52f7b4989e5c5103`
SHA1	`082d57c34f22ada75827539d2ca8873ec4d10dff`
SHA256	`741b8250412fe40fd3124de2814a506af94f65017e6c90ae2af27a9b54d81052`
CRC32	`E6E383FE`
ssdeep	`3072:6ygORvocdgkRLh3ALYoHISXtujXwpPfJuYjS5je9MM5zTfY/bgK0ROCvwtavEtAU:TgO5oWgO9TYIuojAzS4fYJev`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) mzp_file_format - MZP(Delphi) file format IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	688c69813d893bed_xztoh3r.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\10013260101\xztOH3r.exe
Size	1.3MB
Processes	2276 (namez.exe)
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`a49112e2fa5ae8eea5175f166ada0169`
SHA1	`149e2cf053d633effcc37eb57011487e9219a98d`
SHA256	`688c69813d893bedfda6276f839ed871cf47c2b306debb0644091969691051da`
CRC32	`F07C1944`
ssdeep	`24576:U5jJoCftrTSfMwnFOQtbuxw8uDSfHgTSfMwnFOQtbuxw8uDSfHJ:UNlftr2E/QxuwXaHg2E/QxuwXaHJ`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsPE64 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	f1ca50c7a6a48e57_235t1ts.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\10004650101\235T1TS.exe
Size	1.2MB
Processes	2276 (namez.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`5a9090bff9c4d9f1bd51392d6567b66c`
SHA1	`b62ee4951f7fe1f23c6cd1ab5a6dd2a567f0f5cf`
SHA256	`f1ca50c7a6a48e57dc3088333f9c79f8732a55bb1eba3e73a51edd4e97cf8b72`
CRC32	`614C1E8B`
ssdeep	`24576:R3jTq82py/9REMsYuimdVuyvunXO1cH1OiDPvDoFRgKYSniUr8GkbQjI/zEfi:R3B2pm9RKYuHdsyvuX7HU6XDQMSnmGki`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	473c0ff8c61eac94_hvof1h0.exe Submit file
Filepath	C:\Windows\Temp\{C114507B-F32B-4B28-B4B2-1318F2E1E559}\.cr\hvof1h0.exe
Size	8.3MB
Processes	2156 (hvof1h0.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`2bc55b40889aebf33b09a12e00b1b423`
SHA1	`ca3703e301a934878c3b62d86788b84fa6b0bbc5`
SHA256	`473c0ff8c61eac94deaa9a783d24b1694d0287e8d9852f9b8a0f9cb71003e823`
CRC32	`232C1FE5`
ssdeep	`196608:sfU8hBymkp/BrwhblGCFqSKQXCWBFAUEIxnhZrYWURteeEPg5w:8KZBrmBFqSQWPSIhCRgeE45w`
Yara	PE_Header_Zero - PE File Signature Admin_Tool_IN_Zero - Admin Tool Sysinternals Malicious_Library_Zero - Malicious_Library CAB_file_format - CAB archive file IsPE32 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	c655dd671aeb2ff2_sysdrv.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\SystemService\sysdrv.exe
Size	6.1MB
Processes	2808 (pOqYWAZ.exe)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`b0f3492b4fbfb6500bfaeba5a66de632`
SHA1	`6d33c2c1190997c4567fcad3aea15e64c15423e9`
SHA256	`c655dd671aeb2ff28f0a0fc53d8aa0f48d4a8168b8bfc5de14ab10399ed088f8`
CRC32	`D20438E3`
ssdeep	`98304:qtRK2Xvf49fuI0nBkLuFvJr4XGCkc/zF2fz5IZ4ePzpS+KdbjrD/6K+TU3nA:B2Xv42VKzYz6Z4qSndf3D+TU3A`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library XMRig_Miner_IN - XMRig Miner IsPE64 - (no description) Antivirus - Contains references to security software Malicious_Packer_Zero - Malicious Packer Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	7fdd19d4cddff51a_miner_loop.bat Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\SystemService\miner_loop.bat
Size	812.0B
Processes	2808 (pOqYWAZ.exe)
Type	DOS batch file, ASCII text, with very long lines, with CRLF line terminators
MD5	`ac95ed66d32bf5b738b148ffe51d12d7`
SHA1	`7a9b35e7d64f2208281296c8888fdbbf4a687053`
SHA256	`7fdd19d4cddff51aa75d30843eb34892b3eedf8f8556031b0c177db347c0de15`
CRC32	`67FB5AD6`
ssdeep	`24:wLDHkXDRv/vx5BsUgFDZtxxHWpDRv/vx5BsUgFDZ/2x2m:WEXDRPTBshPxxHWpDRPTBshEx2m`
Yara	None matched
VirusTotal	Search for analysis

Name	b9d4f569fb530f50_namez.job Submit file
Filepath	C:\Windows\Tasks\namez.job
Size	268.0B
Processes	2144 (1o76j7.exe)
Type	VAX-order 68k Blit mpx/mux executable
MD5	`96a9b3d6c4232b9337beac750348c2fa`
SHA1	`09795849e67d82ff85887f4b64708b9dc836a04a`
SHA256	`b9d4f569fb530f50979b7dcc8ccd7ec31c1527bf355e25ae340c0c243ed07b4b`
CRC32	`B45DCB1B`
ssdeep	`6:u6VXE/MlN+/UEZ+lX1PGsflG6AtI4y0lddEt0:/RkMm/Q1P1lG6F4VdWt0`
Yara	None matched
VirusTotal	Search for analysis

Name	2aff31bdceed490b_i5kz53x.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\10074660101\i5Kz53x.exe
Size	1006.5KB
Processes	2276 (namez.exe)
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`5a1a6fed1e75e7d16f2911cb5177e5fc`
SHA1	`54dffe098c542215caf8fd4cfee25cdf44a0403a`
SHA256	`2aff31bdceed490bef990645260e7a5f04fa1742e377cf0b1724e2c4103c5f9f`
CRC32	`9EAA3389`
ssdeep	`24576:JmfZxGTSfMwnFOQtbuxw8uDSfngTSfMwnFOQtbuxw8uDSfn3t:JmfDG2E/QxuwXang2E/QxuwXand`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet IsPE64 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	aa4a46b7921f2259_Rtl60.bpl Submit file
Filepath	C:\Windows\Temp\{DD44DF47-B1D2-4CCE-B7A7-2E9D94F17EDB}\.ba\Rtl60.bpl
Size	669.0KB
Processes	1704 (hvof1h0.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`f5f25b8106dedaa22a053e4cba2cd9fc`
SHA1	`72e35d1eae68b9890d5a47c7b4294dc2bfc6c113`
SHA256	`aa4a46b7921f225910414422ec7ff5533cd5fad87e2fe2cca248f25eb9899480`
CRC32	`E10B18C0`
ssdeep	`12288:w146Fc5MU8sb70WgpeZQDJyx7W+AK1Oug2GWDKuX8oJTFrBdn+Md:w1rFZUDb741ydW+AK1a2GWDKus2prBVd`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsDLL - (no description) mzp_file_format - MZP(Delphi) file format DllRegisterServer_Zero - execute regsvr32.exe IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	4830c72e71580470_install.bat Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\SystemService\install.bat
Size	603.0B
Processes	2808 (pOqYWAZ.exe)
Type	DOS batch file, ASCII text, with CRLF line terminators
MD5	`2a3a3f3abf44f7c25b86633880a74aa6`
SHA1	`300f7deac169636eec1101297d06e097cdda22c3`
SHA256	`4830c72e71580470a8508bb34f8d3c426db4485e5ea5021119c2ff65f8979664`
CRC32	`672B9F1E`
ssdeep	`12:w/2jaQdFr8XM4z2fYnVr0NA7uF4UKPS6pGzKWpwNA:w/WblaAGVgF0S6p9qX`
Yara	None matched
VirusTotal	Search for analysis

Name	6bc903c9bd2a7f1a_iconolatry_20250421170045.log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Iconolatry_20250421170045.log
Size	2.6KB
Processes	1704 (hvof1h0.exe)
Type	ASCII text, with CRLF line terminators
MD5	`307a65a1ad60b9e7067daebf3655d75b`
SHA1	`5b2f7b9f9173819c34d633598b0601d6885d4a89`
SHA256	`6bc903c9bd2a7f1a5f87a1585e77115b2db585838979b2af2dcb67875d9edc58`
CRC32	`57AFDD65`
ssdeep	`48:QzxuP8XBh63YB863kBS63Ob4jlXjlUHTBHT1HTj7mcDQJ/iMBRYBPVHMOGBPMGBt:KsiPCYr4cNh4Bt`
Yara	None matched
VirusTotal	Search for analysis

Name	a0f5668c18f6c7a5_690brum.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\10049091121\690BRuM.cmd
Size	3.0MB
Processes	2276 (namez.exe)
Type	ASCII text, with very long lines, with CRLF, LF line terminators
MD5	`caadb56c3f4ba5dac75e2d1a4ca66382`
SHA1	`65e681ed05b3be7205139e084fe93e05f42d29a5`
SHA256	`a0f5668c18f6c7a54b8cb5bddcf817bf875f8e18fded60fc0fe9218364684ac9`
CRC32	`295B3EA7`
ssdeep	`24576:T1FXSmogP/o2LiywNxfGy99jmun8oQsuIkgg5PFN6684Rr5MKaW066GOYDW72oJq:T1FXZBQDOucXd7wkxV0hg1J3+k3d`
Yara	anti_vm_detect - Possibly employs anti-virtualization techniques
VirusTotal	Search for analysis

Name	150e7906b53d5949_wspconfig.dll Submit file
Filepath	C:\Windows\Temp\{DD44DF47-B1D2-4CCE-B7A7-2E9D94F17EDB}\.ba\wspconfig.dll
Size	535.8KB
Processes	1704 (hvof1h0.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`ec0755e5f768fad2d6678ab7c6e267e7`
SHA1	`acd89c51ef12f5b7fbafa03bd5c70ab700edfb23`
SHA256	`150e7906b53d59492f5de43447ca3f2431bda839c866fe1763c7f92db125492c`
CRC32	`24ECBA1F`
ssdeep	`12288:XjwpfW0d+Bl1mb0hILXU1XC7ngmzN6bDG+:zeW0wX1LGLEQ7ngmzyD3`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsDLL - (no description) IsPE32 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	749197db4a32523b_lac2heq.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\10001030101\LAc2heq.exe
Size	1.3MB
Processes	2276 (namez.exe)
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`992d59b995988f975f177b9fdd9f6e7f`
SHA1	`cb2b76ff2d584d0dd4e7b48041765b19b762c56e`
SHA256	`749197db4a32523bed2d958af38e95fec63e3401aafa80643119c374b080a573`
CRC32	`2C82318F`
ssdeep	`24576:U5jJoCftrTSfMwnFOQtbuxw8uDSfLgTSfMwnFOQtbuxw8uDSfLJ:UNlftr2E/QxuwXaLg2E/QxuwXaLJ`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsPE64 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	c5a22f4a98411b0b_Entropy.dll Submit file
Filepath	C:\Windows\Temp\{DD44DF47-B1D2-4CCE-B7A7-2E9D94F17EDB}\.ba\Entropy.dll
Size	861.9KB
Processes	1704 (hvof1h0.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`2cac12de8dc6d1a2f4d28b33dd06c74b`
SHA1	`19cdaddfe5d7ae611574e5f6b7333fffe1850383`
SHA256	`c5a22f4a98411b0beab2e1a464b4d7f9741400b8525c2a345a062333b593088d`
CRC32	`63084F5E`
ssdeep	`24576:fl7MJk9qMhlQTnqFQaKn6ws2yBdyeI+y7i8NvuqmSJhNNI0q:9QJcQTqFQaKn6j2yBEeI+Ci8NvuqmSJI`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsDLL - (no description) Antivirus - Contains references to security software Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	3a255c0024916f19_590aee7bdd69b59b.customDestinations-ms~RF183e8fe.TMP Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF183e8fe.TMP
Size	7.8KB
Processes	2224 (powershell.exe) 1168 (powershell.exe)
Type	data
MD5	`6fd29def73b2779e0ae71c4eecd304f7`
SHA1	`4ba660e4db856e04eb93a01c59ee764259ec55e7`
SHA256	`3a255c0024916f19c5b3f5d4aa5cde453cc5d90b0784a15f0456e57e71a764b6`
CRC32	`1F966CD8`
ssdeep	`96:ctuCeGCPDXBqvsqvJCwo5tuCeGCPDXBqvsEHyqvJCworDPtDHXyf2lUVul:ctvXo5tvbHnorxTyQ`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	5e56a1d101ce774a_de854920e3.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\10000260101\de854920e3.exe
Size	975.0KB
Processes	2276 (namez.exe)
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`8297e2c2b056e559b35adef31360c497`
SHA1	`9c9b78dc5ce2e2c6458f8668cf2e5dc03d180b8e`
SHA256	`5e56a1d101ce774af1b1cc3a4f6d23dc94acfc4c4d87c2a3be6803db71c20111`
CRC32	`790B38BF`
ssdeep	`24576:xgvFaKQdEtE191kc97IS+/VkAUwE191kc97IS+/VkAU:mFJnC9kc97FPAUF9kc97FPAU`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet IsPE64 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	0775e8cd43f856f1_poqywaz.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\10068930101\pOqYWAZ.exe
Size	2.6MB
Processes	2276 (namez.exe)
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`8c2df7e94aecf922bac33303693edc40`
SHA1	`543f4c3d3fde073917bb0a930bfca91ac84b20cd`
SHA256	`0775e8cd43f856f12da4aa77fcef506b45c1da669bd37a93ddcb1a1a1f1d4aa3`
CRC32	`2FDF1BFB`
ssdeep	`49152:kDjlabwz922E1G8hl3INPHfdBcZiyuNFBAkpVOZgyo2upnA4yOQC2:0qwE2E1G4ONHdBcMyuNFBAkHOZNoBA4m`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsPE64 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	e39ed20a21059612_crypted.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\SystemService\crypted.exe
Size	300.5KB
Processes	2808 (pOqYWAZ.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`63a32242ef09abfc8528a6e3eb5b7497`
SHA1	`21f9b816792cd900ffad3aa84e097a0a865ffd72`
SHA256	`e39ed20a21059612613bf65ddb48f9b7e2a91e598ae84900c0611972b24c6d07`
CRC32	`98195261`
ssdeep	`3072:ecZqf7D340p/0+mAKky4iSQIgl+B1fA0PuTVAtkxzX3RweqiOL2bBOA:ecZqf7DIMnSR8B1fA0GTV8kRQL`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library RedLine_Stealer_b_Zero - RedLine stealer Is_DotNET_EXE - (no description) IsPE32 - (no description) Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file detect_Redline_Stealer_V2 - (no description)
VirusTotal	Search for analysis

Name	34ff2954138e80e9_Install.dll Submit file
Filepath	C:\Windows\Temp\{DD44DF47-B1D2-4CCE-B7A7-2E9D94F17EDB}\.ba\Install.dll
Size	844.3KB
Processes	1704 (hvof1h0.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`846ca4cb8076194724f5e884757b6048`
SHA1	`687e1e057b70bf43d84318def17dd8187bb9d96b`
SHA256	`34ff2954138e80e91d23c7fcfa9e071579897ec175840974768aecd527464eb5`
CRC32	`43B79439`
ssdeep	`12288:e5nXj3pfXrh2yydKIg641cgQNE9NtkCVtgIHgp4zU8uap:+TJdOKIm2bE9NjVtX/`
Yara	PE_Header_Zero - PE File Signature Admin_Tool_IN_Zero - Admin Tool Sysinternals Malicious_Library_Zero - Malicious_Library IsDLL - (no description) mzp_file_format - MZP(Delphi) file format IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	6bf976cde3d05fe1_Portal-Ech64.exe Submit file
Filepath	C:\Windows\Temp\{DD44DF47-B1D2-4CCE-B7A7-2E9D94F17EDB}\.ba\Portal-Ech64.exe
Size	3.2MB
Processes	1704 (hvof1h0.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`92c4cb3d272c3189d625a21c84b7239d`
SHA1	`9e2df5c22498189c492b971ec2f17af5a1521272`
SHA256	`6bf976cde3d05fe1665c07e1e53f1fe46e7a195d224525f0fe5944a5ef03d5d3`
CRC32	`F156BF47`
ssdeep	`49152:n+CEOpdvVKzbBbFPWqSpGYZj1daV2wi9q872itsRPlJt75cX+yYTNuNcVWSMVQ/c:AtfNSmbvtoCT3pVLpVKQpVepVGbvW`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library mzp_file_format - MZP(Delphi) file format Antivirus - Contains references to security software IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	79c417e26b842ea9_94cd32df1e.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\10036890101\94cd32df1e.exe
Size	2.0MB
Processes	2276 (namez.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`4aad684d02739448a3617090be899c7c`
SHA1	`bf0dc044b95da37394f8b913038f68ccf1898192`
SHA256	`79c417e26b842ea90a0ac6333ddd1985628e89fbeebe0a315c7941ccb8796406`
CRC32	`60A8CE8B`
ssdeep	`49152:a6WCaT3KfXUbrY3vPoRZHJRSasw0O0pbtvs9+cWQ:aAkpEvUZpRAPtpbtIWQ`
Yara	themida_packer - themida packer PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	d2a651547a83723b_BorlndMm.dll Submit file
Filepath	C:\Windows\Temp\{DD44DF47-B1D2-4CCE-B7A7-2E9D94F17EDB}\.ba\BorlndMm.dll
Size	29.0KB
Processes	1704 (hvof1h0.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`f2264abae9d3da4bd185f8177016c234`
SHA1	`2eb10ce6cc47443b67c4e1ce495dd8d8bb2a90e1`
SHA256	`d2a651547a83723be81fb4e87bd75fae6f95666050e072a30c22d7ace0cb5f20`
CRC32	`63869C07`
ssdeep	`768:eKF+Ki/ija+1IGm5fe+7GGXQ/ija+1IhyPXZl0Pi75:eKF+qmd7GGYyb0a75`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) mzp_file_format - MZP(Delphi) file format IsPE32 - (no description)
VirusTotal	Search for analysis

Name	3868ce9bd2cf15f1_StlpMt45.dll Submit file
Filepath	C:\Windows\Temp\{DD44DF47-B1D2-4CCE-B7A7-2E9D94F17EDB}\.ba\StlpMt45.dll
Size	604.0KB
Processes	1704 (hvof1h0.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`94beb60d54d38e532619dcb5dd723fea`
SHA1	`75aa84d225e579928afc9db87898d9c45e40b6d1`
SHA256	`3868ce9bd2cf15f171655448060768c23a61ec366454e1eaa40dfe6da6f92041`
CRC32	`0CD35D7B`
ssdeep	`12288:vkn33ywLy8gz7IJ/Pd0/LRZxXlB1E34aN:vkmcJ/PSRZxXVE34`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) mzp_file_format - MZP(Delphi) file format IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	55f488bccca0d639_BootstrapperApplicationData.xml Submit file
Filepath	C:\Windows\Temp\{DD44DF47-B1D2-4CCE-B7A7-2E9D94F17EDB}\.ba\BootstrapperApplicationData.xml
Size	5.1KB
Processes	1704 (hvof1h0.exe)
Type	XML 1.0 document, Little-endian UTF-16 Unicode text, with very long lines, with CRLF line terminators
MD5	`74aaba58476ef6a5869d9880f7d10fc9`
SHA1	`f2dfdd03e67aaac59499a9843ff2b65c5998e5fc`
SHA256	`55f488bccca0d639a68b7bbc3e47c5415e4a053269693e6e355b8da07a4a1308`
CRC32	`F008BE7A`
ssdeep	`96:XY9Zn6veYA0w8yciYfAn6kf80w+TycBgRCDn6CQm0wcycCRovgkT6WroDWr316kr:XyZsbMefAPmXGJeUjuxTAOe5fP/Xdri`
Yara	None matched
VirusTotal	Search for analysis

Name	f85cf19c361a4ddc_lbiqcih.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\10064520101\lBiQciH.exe
Size	348.0KB
Processes	2276 (namez.exe)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`eca9ed4915cf2aefd71fbeac06c823aa`
SHA1	`85d37cf096ea54ed834a597dc80b23e7ce833e6f`
SHA256	`f85cf19c361a4ddc892ad294e20cf0dc911a5764b7ee6339c2fd5a99889946fe`
CRC32	`EBE6232B`
ssdeep	`6144:NPAyRP8NIndJ0g3nempR4CyMyYlryhs5x3zODo2v:NI0bnr0g7pR4CHllio2`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsPE64 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	ecad6804366660a0_690brum.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\10074671121\690BRuM.cmd
Size	1.5MB
Processes	2276 (namez.exe)
Type	ASCII text, with very long lines, with CRLF, LF line terminators
MD5	`b6bfa80c2a21c48ad5c03b9fd0054de1`
SHA1	`d93ef6a423953d92914a21a514dac0127b423265`
SHA256	`f368d3ef2556afa25bebc5c94308ba2745e2e20d8151a79d0665da9586826c68`
CRC32	`1FFD2BCC`
ssdeep	`24576:T1FXSmogP/o2LiywNxfGy99jmun8oQsuIkgg5PFN6684Rr5MKaW066GOYDs:T1FXZBQDOucXd7wkxV0N`
Yara	anti_vm_detect - Possibly employs anti-virtualization techniques
VirusTotal	Search for analysis

Name	914e6b0d9568dd17_Bouspous.hr Submit file
Filepath	C:\Windows\Temp\{DD44DF47-B1D2-4CCE-B7A7-2E9D94F17EDB}\.ba\Bouspous.hr
Size	4.4MB
Processes	1704 (hvof1h0.exe)
Type	data
MD5	`591c9165073cdeb454bc311b9e7d9c69`
SHA1	`a50a9099d1cc00f1938695080081585ba6bf83bd`
SHA256	`914e6b0d9568dd17ba551e544b8d508b84cac2ca150f0d015bcc2ff349e4800f`
CRC32	`5004D23D`
ssdeep	`98304:xo1+eIqdQlfHCGywCe8LCYw/F1unQb97lxq/ZXLaX8BfWMmCFfcY04:xo8eIqkHCGYfw/FndjY+Cb04`
Yara	None matched
VirusTotal	Search for analysis

Name	ff6b10432009d2e9_hvof1h0.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\10073290101\hvof1h0.exe
Size	9.1MB
Processes	2276 (namez.exe) 2224 (powershell.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`1b34271296e7e6d92412af02442afc25`
SHA1	`5bf0140b5f5d9edfae6911c87d21d2524cb5dd29`
SHA256	`ff6b10432009d2e9e201968fd0e79f471c1172ee1abbec8cc39b41ecf6db2a53`
CRC32	`84646A57`
ssdeep	`196608:sfU8hBymkp/BrwhblGCFqSKQXCWBFAUEIxnhZrYWURteeEPg5+zrf:8KZBrmBFqSQWPSIhCRgeE45irf`
Yara	PE_Header_Zero - PE File Signature Admin_Tool_IN_Zero - Admin Tool Sysinternals Malicious_Library_Zero - Malicious_Library CAB_file_format - CAB archive file IsPE32 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14___tmp_rar_sfx_access_check_25399421 Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\SystemService\__tmp_rar_sfx_access_check_25399421
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	94efefd99001182d_CC3260MT.dll Submit file
Filepath	C:\Windows\Temp\{DD44DF47-B1D2-4CCE-B7A7-2E9D94F17EDB}\.ba\CC3260MT.dll
Size	1.4MB
Processes	1704 (hvof1h0.exe) 2276 (namez.exe)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`e9802f07dd34a7b2a8164c51a098c4e7`
SHA1	`66cf432aa46c70f005c6d66544de129c47321395`
SHA256	`94efefd99001182d1f8f4e6dc5e2135a2da162344b5713ea2b43acbc6693b3fd`
CRC32	`271975AF`
ssdeep	`12288:iVXhBDFeZsk4B8lLLnP17XfUKMsG5I4S9X5/qfzKjJ3PmSruNXCwwwwwwwwwwwwx:iJhB7TqpLnPhPUKHYfSJ+SruBZqR`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsDLL - (no description) mzp_file_format - MZP(Delphi) file format IsPE32 - (no description) Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	92e2d1cf4df636af_Vcl60.bpl Submit file
Filepath	C:\Windows\Temp\{DD44DF47-B1D2-4CCE-B7A7-2E9D94F17EDB}\.ba\Vcl60.bpl
Size	1.3MB
Processes	1704 (hvof1h0.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`3c54d0ca35ad94787fe3eb1efb76feb5`
SHA1	`952a4d86cc1721aff1dc2ef450f6e6afde66c8ba`
SHA256	`92e2d1cf4df636af37f4c50ad3a1f04d7e21eaeb7bfe8478ab7c23f68791826d`
CRC32	`88BB1A24`
ssdeep	`12288:bm+Qn2EwRdVI0Ine/pCz+2f3RAXNKEj0RJMiohzj/AQ1hRfSVW4gBeyYGmN:6+IMr0spuxJaHL1HaVpgBjYG`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsDLL - (no description) mzp_file_format - MZP(Delphi) file format Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet Network_Downloader - File Downloader IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	ecc4cde448fa9b09_namez.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\f1e82329e5\namez.exe
Size	415.5KB
Processes	2144 (1o76j7.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`3ec886e81b3a5649ff9dac6d88baba96`
SHA1	`9cfc98d1e96ddd9c45c157969a6a50221af62a2b`
SHA256	`ecc4cde448fa9b09bffc77555b878e1656ac4e5c6c4218b08078ee85b1b8f8d5`
CRC32	`DAC106A3`
ssdeep	`6144:tiUuGdolfFd313lcnGpPpnbJoHtbspmZfkCw3uWgGUS/T+WiU+9GTA/nw4AO2i2J:tiUuGdolfFd1lGkpbCVkCweWgB7A99j`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	7e012f12c9bd81c5_hmcm0oj.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\10001850101\Hmcm0Oj.exe
Size	1.6MB
Processes	2276 (namez.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`facac47c2741962b87a61e8c7c6e3c5d`
SHA1	`06b2ed62b342041beb37128b1170356531891aef`
SHA256	`7e012f12c9bd81c5d9ae00b71b2cc373539417d2c6a684f06519afaaeda9e2fd`
CRC32	`E8950675`
ssdeep	`24576:q80L897sWSQSky+TLcgGp/FraGjiRu03lCR6lrKgWg/Jx5DyS+pNJInH:qf89Rty+XcgGp/FrLUuClk6lrtz7eD`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	d729e48054c024a4_Gieckweagflog.bj Submit file
Filepath	C:\Windows\Temp\{DD44DF47-B1D2-4CCE-B7A7-2E9D94F17EDB}\.ba\Gieckweagflog.bj
Size	50.6KB
Processes	2276 (namez.exe) 1704 (hvof1h0.exe)
Type	data
MD5	`6125f343d07b7997b35aa4a8c886ddd4`
SHA1	`542b81402afcf3c6ef3827851ee1e932e7516715`
SHA256	`d729e48054c024a413eda120346a800da37104998699b892f49f712075ecb1b3`
CRC32	`B8A1D6FF`
ssdeep	`768:BXag5ZQhK5q6jZCVyGu7MCr4UN594eQyui2wAAymWlVoA0YW0wm1BEKec1f4uY2O:5aWyw9jZAylACV8WAAymQhwmTw2u9rl5`
Yara	None matched
VirusTotal	Search for analysis

Name	7ed131e9cf7d7f87_ezp5zcz.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\10072280101\eZp5zCz.exe
Size	1006.5KB
Processes	2276 (namez.exe)
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`1fc27b282f32c078dd2dfcdcc7696236`
SHA1	`6c4cc3179cbff8bdec9c80cbbf4fced73822ba3e`
SHA256	`7ed131e9cf7d7f87b0c7e95e121025f35f526c927e8dda59196c9022870193b1`
CRC32	`605CCEA2`
ssdeep	`24576:MPIt+AtP8o1BZyiCZvr3O8KsewWkprcLhlxhX6F/FhlxhX6F/k:8s518Jr3BrcNB6ZB62`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsPE64 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis