Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
1
2021-12-23 11:16
wpx.exe
f1e2b815c21532a42ed362eb821c6671
PWS
.NET framework
Generic Malware
Admin Tool (Sysinternals etc ...)
SMTP
KeyLogger
AntiDebug
AntiVM
PE File
PE32
.NET EXE
Malware download
VirusTotal
Malware
AutoRuns
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
Creates executable files
unpack itself
Windows utilities
Check virtual network interfaces
suspicious process
AppData folder
WriteConsoleW
Windows
ComputerName
DNS
Cryptographic key
crashed
Downloader
3
Info
×
apcweb.com.ar(192.185.112.177) - malware
150.109.147.236 - malware
192.185.112.177 - malware
1
Info
×
ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
14.8
M
26
ZeroCERT
2
2021-12-13 10:29
wpx.exe
f3b27d4480ba10b41c77860ab5a1064c
PWS
.NET framework
email
stealer
Generic Malware
Antivirus
Socket
DNS
Code injection
KeyLogger
Escalate priviledges
Downloader
ScreenShot
persistence
AntiDebug
AntiVM
PE File
PE32
.NET EXE
VirusTotal
Malware
PDB
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
Creates shortcut
unpack itself
Windows utilities
suspicious process
AntiVM_Disk
WriteConsoleW
VM Disk Size Check
Windows
ComputerName
Cryptographic key
crashed
2
Info
×
grace.adds-only.xyz(185.19.85.155)
185.19.85.155 - mailcious
12.8
M
10
ZeroCERT
3
2021-11-30 11:33
Wechatsextup.exe
6e65a0fcf114bb1e4eac17c66ba4cdc3
RAT
PWS
.NET framework
Generic Malware
task schedule
Antivirus
Create Service
DGA
Socket
DNS
Internet API
Code injection
Sniff Audio
HTTP
KeyLogger
FTP
Escalate priviledges
Downloader
ScreenShot
P2P
Steal credential
Http API
AntiDebug
AntiVM
PE File
PE32
VirusTotal
Malware
powershell
AutoRuns
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
Creates shortcut
unpack itself
Windows utilities
powershell.exe wrote
suspicious process
AppData folder
WriteConsoleW
Windows
ComputerName
Cryptographic key
12.2
M
39
ZeroCERT
4
2021-10-19 10:00
ski.exe
1b465c6989637df1d5c511919c43e457
RAT
PWS
.NET framework
Gen2
Formbook
Generic Malware
task schedule
Malicious Library
UPX
Antivirus
Malicious Packer
Admin Tool (Sysinternals etc ...)
DNS
Sniff Audio
KeyLogger
ScreenShot
Create Service
DGA
Socket
Steal credential
Internet API
Code injecti
VirusTotal
Malware
powershell
suspicious privilege
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
Creates shortcut
unpack itself
Windows utilities
powershell.exe wrote
suspicious process
AppData folder
WriteConsoleW
IP Check
Tofsee
Ransomware
Windows
ComputerName
DNS
Cryptographic key
2
Keyword trend analysis
×
Info
×
http://ip-api.com/json/
https://payloads-poison.000webhostapp.com/r77-x64.dll
5
Info
×
payloads-poison.000webhostapp.com(145.14.145.39) - mailcious
ip-api.com(208.95.112.1)
145.14.145.34 - malware
91.134.207.16 - malware
208.95.112.1
4
Info
×
ET POLICY External IP Lookup ip-api.com
ET INFO Observed Free Hosting Domain (*.000webhostapp .com in DNS Lookup)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO Observed SSL Cert for Free Hosting Domain (*.000webhostapp .com)
15.8
M
23
ZeroCERT
First
1
Last
Total : 4cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword
