Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
1
2025-02-05 14:57
winX32.exe
eee37f6f66eafa13d9555dfc9ccb3805
njRAT
PE File
.NET EXE
PE32
GIF Format
Lnk Format
VirusTotal
Malware
AutoRuns
suspicious privilege
Check memory
Checks debugger
Creates shortcut
Creates executable files
unpack itself
Windows utilities
AppData folder
human activity check
Windows
ComputerName
DNS
DDNS
2
Info
×
sosomyhestor.ddns.net(46.153.112.54)
46.153.112.54
1
Info
×
ET POLICY DNS Query to DynDNS Domain *.ddns .net
7.4
M
56
r0d
2
2025-02-05 12:13
random.exe
f662cb18e04cc62863751b672570bd7d
Themida
UPX
PE File
PE32
Browser Info Stealer
RedLine
Malware download
FTP Client Info Stealer
VirusTotal
Malware
suspicious privilege
Malicious Traffic
Check memory
Checks debugger
buffers extracted
unpack itself
Checks Bios
Collect installed applications
Detects VMWare
Check virtual network interfaces
VMware
anti-virtualization
installed browsers check
Tofsee
Stealer
Windows
Browser
ComputerName
DNS
Cryptographic key
Software
crashed
2
Keyword trend analysis
×
Info
×
http://103.84.89.222:33791/
https://api.ip.sb/geoip
3
Info
×
api.ip.sb(104.26.13.31)
103.84.89.222
104.26.13.31
4
Info
×
ET MALWARE RedLine Stealer - CheckConnect Response
ET MALWARE Win32/LeftHook Stealer Browser Extension Config Inbound
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
SURICATA HTTP unable to match response to request
10.8
M
58
ZeroCERT
3
2025-02-05 11:28
black.exe
740b99fb0515f52ae740be4abce39747
Generic Malware
Malicious Library
Malicious Packer
UPX
PE File
PE64
OS Processor Check
VirusTotal
Malware
DNS
1
Info
×
146.59.154.106
1.8
M
52
ZeroCERT
4
2025-02-05 11:25
DevMI.exe
5f2f1ae240812065799e8c05d3a01aa7
Generic Malware
PE File
PE64
VirusTotal
Malware
unpack itself
DNS
2
Info
×
xmr-eu1.nanopool.org(212.47.253.124) - mailcious
146.59.154.106
1
Info
×
ET POLICY Observed DNS Query to Coin Mining Domain (nanopool .org)
2.0
M
59
ZeroCERT
5
2025-02-05 11:22
cjrimgid.exe
807dadd8710a7b570ed237fd7cd1aa4b
Generic Malware
Malicious Library
UPX
PE File
PE32
OS Processor Check
VirusTotal
Malware
Telegram
PDB
Malicious Traffic
Tofsee
ComputerName
DNS
2
Keyword trend analysis
×
Info
×
https://steamcommunity.com/profiles/76561199824159981
https://t.me/sok33tn
5
Info
×
t.me(149.154.167.99) - mailcious
steamcommunity.com(104.74.170.104) - mailcious
149.154.167.99 - mailcious
104.74.170.104 - mailcious
95.217.25.45
3
Info
×
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO Observed Telegram Domain (t .me in TLS SNI)
4.4
M
49
ZeroCERT
6
2025-02-05 11:20
exacag.exe
42994901f5bc8b43588bb54889f1db81
Malicious Library
.NET framework(MSIL)
UPX
PE File
.NET EXE
PE32
OS Processor Check
VirusTotal
Malware
Check memory
Checks debugger
unpack itself
2.0
M
57
ZeroCERT
7
2025-02-05 11:18
CPDB.exe
daf531be28ca056a8e9a40966ab83cf0
AsyncRAT
Malicious Library
Malicious Packer
.NET framework(MSIL)
UPX
PE File
.NET EXE
PE32
OS Processor Check
VirusTotal
Malware
2
Info
×
otrodia8912.gleeze.com(45.157.233.241)
45.157.233.241
1
Info
×
ET INFO DYNAMIC_DNS Query to a *.gleeze .com Domain
2.2
M
53
ZeroCERT
8
2025-02-05 11:17
setupqw.msi
05b777e864c9f032329acadbc747309b
Generic Malware
Malicious Library
MSOffice File
CAB
OS Processor Check
VirusTotal
Malware
suspicious privilege
Check memory
Checks debugger
unpack itself
AntiVM_Disk
VM Disk Size Check
ComputerName
1
Keyword trend analysis
×
Info
×
http://kagkimuoakomksww.xyz:443/api/client_hello
2
Info
×
kagkimuoakomksww.xyz(92.118.10.45)
92.118.10.45
2.6
M
20
ZeroCERT
9
2025-02-05 11:13
1.exe
f3388b09788fed42a72a7814e4a11f0c
Antivirus
UPX
PE File
.NET EXE
PE32
OS Processor Check
VirusTotal
Malware
suspicious privilege
MachineGuid
Check memory
Checks debugger
unpack itself
AntiVM_Disk
VM Disk Size Check
Windows
ComputerName
DNS
Cryptographic key
1
Info
×
46.153.112.54
4.6
M
51
ZeroCERT
10
2025-02-05 11:11
winX32.exe
eee37f6f66eafa13d9555dfc9ccb3805
PE File
.NET EXE
PE32
Lnk Format
GIF Format
Malware download
njRAT
VirusTotal
Malware
AutoRuns
suspicious privilege
Checks debugger
Creates shortcut
Creates executable files
unpack itself
Windows utilities
AppData folder
human activity check
Windows
ComputerName
DNS
DDNS
crashed
2
Info
×
sosomyhestor.ddns.net(46.153.112.54)
46.153.112.54
2
Info
×
ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
ET POLICY DNS Query to DynDNS Domain *.ddns .net
6.4
57
ZeroCERT
11
2025-02-05 11:11
yellow.exe
5125c8d07ebd11f19059d85563aad787
Generic Malware
Malicious Library
Malicious Packer
UPX
PE File
PE64
OS Processor Check
VirusTotal
Malware
1.2
54
ZeroCERT
12
2025-02-05 11:09
ffcr.exe
e9f22b285bfdc648a11f40e416b0ebb3
RedLine stealer
Malicious Library
UPX
AntiDebug
AntiVM
PE File
.NET EXE
PE32
VirusTotal
Malware
Check memory
Checks debugger
unpack itself
Windows
DNS
Cryptographic key
1
Info
×
45.67.231.189
5.2
M
54
ZeroCERT
13
2025-02-05 11:09
purple.exe
7f9e6ae4381a4d660ccd36287de98a4e
Generic Malware
Malicious Library
Malicious Packer
UPX
PE File
PE64
OS Processor Check
VirusTotal
Malware
1.2
53
ZeroCERT
14
2025-02-05 11:07
green.exe
38277b5fdd427b6b992203fe22060214
Generic Malware
Malicious Library
Malicious Packer
UPX
PE File
PE64
OS Processor Check
VirusTotal
Malware
1.2
52
ZeroCERT
15
2025-02-05 11:06
32.ps1
7de4a17dfc66695461f0c6a70ca4ec49
Generic Malware
Antivirus
ZIP Format
VirusTotal
Malware
powershell
Check memory
buffers extracted
unpack itself
Check virtual network interfaces
WriteConsoleW
Windows
ComputerName
Cryptographic key
2
Info
×
shaileshvisionaryastrologer.com(167.86.109.19)
167.86.109.19
3
Info
×
SURICATA Applayer Detect protocol only one direction
ET HUNTING ZIP file download over raw TCP
SURICATA Applayer Protocol detection skipped
5.2
M
23
ZeroCERT
First
1
2
3
4
5
6
7
8
9
10
Next
Last
Total : 51,278cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword
