Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
61
2023-10-17 10:07
at.hta
b3a69d39ea2f074e520077721b475d51
VirusTotal
Malware
crashed
1.0
M
26
ZeroCERT
62
2023-10-17 09:43
artwork.hta
b3a69d39ea2f074e520077721b475d51
Generic Malware
Antivirus
PowerShell
VirusTotal
Malware
powershell
suspicious privilege
Malicious Traffic
Check memory
Checks debugger
Creates shortcut
Creates executable files
RWX flags setting
unpack itself
Windows utilities
powershell.exe wrote
Check virtual network interfaces
suspicious process
WriteConsoleW
Tofsee
Windows
ComputerName
DNS
Cryptographic key
2
Keyword trend analysis
×
Info
×
http://91.207.183.9:8000/main.bat
http://91.207.183.9:8000/main.exe
3
Info
×
www2.lunapic.com(72.9.146.243)
91.207.183.9 - mailcious
72.9.146.243
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET HUNTING PowerShell Hidden Window Command Common In Powershell Stagers M1
10.6
26
ZeroCERT
63
2023-10-12 10:05
blalalalalalalala.hta
b4acf9fdc9a290176583bbab576c4c20
Generic Malware
Antivirus
Hide_URL
AntiDebug
AntiVM
PowerShell
VirusTotal
Malware
powershell
suspicious privilege
MachineGuid
Code Injection
Check memory
Checks debugger
buffers extracted
Creates shortcut
RWX flags setting
unpack itself
Windows utilities
powershell.exe wrote
Check virtual network interfaces
suspicious process
WriteConsoleW
Tofsee
Windows
ComputerName
Cryptographic key
3
Keyword trend analysis
×
Info
×
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/583/414/original/hta_nostartup.jpg?1692658645
http://185.225.74.170/realonerealone.txt
3
Info
×
uploaddeimagens.com.br(104.21.45.138) - malware
23.209.95.51
172.67.215.45 - malware
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
10.6
16
ZeroCERT
64
2023-10-10 17:02
windows.exe
36065d0183df9a022d1cfb4eac70ee71
AntiDebug
AntiVM
MSOffice File
Code Injection
RWX flags setting
exploit crash
unpack itself
Windows utilities
Tofsee
Windows
Exploit
DNS
crashed
2
Info
×
camo.githubusercontent.com(185.199.109.133)
185.199.110.133 - malware
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
3.8
M
ZeroCERT
65
2023-10-04 10:27
JinxRunner.exe
99a86d2efce8a24dd4cb3bbb356feb6b
AntiDebug
AntiVM
MSOffice File
Code Injection
RWX flags setting
exploit crash
unpack itself
Windows utilities
Tofsee
Windows
Exploit
DNS
crashed
2
Info
×
camo.githubusercontent.com(185.199.111.133)
185.199.108.133 - mailcious
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
3.8
M
ZeroCERT
66
2023-10-04 10:23
JinxRunner.exe
71b292094ff79b9c520d28ceac33c198
AntiDebug
AntiVM
MSOffice File
Code Injection
RWX flags setting
exploit crash
unpack itself
Windows utilities
Tofsee
Windows
Exploit
DNS
crashed
2
Info
×
camo.githubusercontent.com(185.199.108.133)
185.199.108.133 - mailcious
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
3.8
M
ZeroCERT
67
2023-10-02 14:29
kk.html
88d13ec3e5baafd8327b514d4a5a947d
Antivirus
AntiDebug
AntiVM
MSOffice File
Code Injection
RWX flags setting
exploit crash
unpack itself
Windows utilities
Tofsee
Windows
Exploit
DNS
crashed
2
Info
×
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
3.8
ZeroCERT
68
2023-09-27 10:04
bazila.hta
085f5a95ff83ee0a711882dfbd5b0d1b
Emotet
Gen1
Generic Malware
Antivirus
Malicious Library
UPX
AntiDebug
AntiVM
PowerShell
MSOffice File
PE File
PE32
DllRegisterServer
dll
OS Processor Check
Malware
powershell
suspicious privilege
MachineGuid
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
heapspray
Creates shortcut
Creates executable files
exploit crash
unpack itself
Windows utilities
powershell.exe wrote
Check virtual network interfaces
suspicious process
AppData folder
Tofsee
Windows
Exploit
ComputerName
DNS
Cryptographic key
crashed
1
Keyword trend analysis
×
Info
×
https://zyp6be3wyc01.one-clickr.icu/eee.exe
4
Info
×
zyp6be3wyc01.one-clickr.icu(172.67.201.91)
wildberries.ru(185.138.255.1)
185.138.255.1
172.67.201.91
4
Info
×
ET INFO DNS Query for Suspicious .icu Domain
ET INFO Suspicious Domain (*.icu) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
14.0
ZeroCERT
69
2023-09-21 09:37
TiWorker.hta
328e0141e999dfe62d9429c5685aabd2
Generic Malware
Antivirus
AntiDebug
AntiVM
PowerShell
VirusTotal
Malware
powershell
suspicious privilege
MachineGuid
Code Injection
Check memory
Checks debugger
Creates shortcut
RWX flags setting
unpack itself
Windows utilities
powershell.exe wrote
suspicious process
Windows
ComputerName
Cryptographic key
1
Keyword trend analysis
×
Info
×
http://107.175.113.216/pastor/retain.exe
7.0
M
7
ZeroCERT
70
2023-09-21 09:16
TiWorker.hta
708ae6bdeacfb88deca920e606bff2fd
Generic Malware
Antivirus
AntiDebug
AntiVM
PowerShell
VirusTotal
Malware
powershell
suspicious privilege
MachineGuid
Code Injection
Check memory
Checks debugger
Creates shortcut
RWX flags setting
unpack itself
Windows utilities
powershell.exe wrote
suspicious process
Windows
ComputerName
Cryptographic key
1
Keyword trend analysis
×
Info
×
http://103.183.115.28/T199W/wininit.exe
7.0
9
ZeroCERT
71
2023-09-19 18:15
winrar-x64-623.hta
eaca14cc7d8933f7876ae1b8373679bc
AntiDebug
AntiVM
MSOffice File
VirusTotal
Malware
Code Injection
RWX flags setting
exploit crash
unpack itself
Windows utilities
Tofsee
Windows
Exploit
DNS
crashed
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
4.4
15
ZeroCERT
72
2023-09-19 18:15
WinRar.hta
f5ab8d63e1e276dcec448620ac5c83a8
AntiDebug
AntiVM
MSOffice File
VirusTotal
Malware
Code Injection
RWX flags setting
exploit crash
unpack itself
Windows utilities
Tofsee
Windows
Exploit
DNS
crashed
2
Info
×
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
4.6
20
ZeroCERT
73
2023-09-19 18:06
Readme.hta
96a3850e5ed18978a1cd70ec0af6b4fb
AntiDebug
AntiVM
MSOffice File
VirusTotal
Malware
Code Injection
RWX flags setting
exploit crash
unpack itself
Windows utilities
Tofsee
Windows
Exploit
DNS
crashed
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
4.4
17
ZeroCERT
74
2023-09-19 17:46
LatestReceipt_4300843182.htm
7da83c1cc46e1e19a7d2e543eb245ee0
AntiDebug
AntiVM
MSOffice File
VirusTotal
Malware
Code Injection
exploit crash
unpack itself
Windows utilities
Tofsee
Windows
Exploit
DNS
crashed
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
4.0
10
ZeroCERT
75
2023-09-14 18:59
ClientStart.hta
12e11aec09a12f714ccf9ab425ca70e9
AntiDebug
AntiVM
MSOffice File
VirusTotal
Malware
Code Injection
RWX flags setting
exploit crash
unpack itself
Windows utilities
Tofsee
Windows
Exploit
DNS
crashed
2
Info
×
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
4.4
19
ZeroCERT
First
Previous
1
2
3
4
5
6
7
8
9
10
Next
Last
Total : 657cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword