Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
1
2024-06-24 07:47
pic1.exe
1fecbc51b5620e578c48a12ebeb19bc2
Generic Malware
Downloader
Malicious Library
UPX
MPRESS
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Sniff Audio
HTTP
DNS
Code injection
Internet API
FTP
KeyLogger
P2P
AntiDebug
AntiVM
PE File
PE64
OS Processor C
VirusTotal
Malware
PDB
Code Injection
Creates executable files
unpack itself
suspicious TLD
Tofsee
Remote Code Execution
crashed
2
Info
×
cv99160.tw1.ru(92.53.96.121)
92.53.96.121 - mailcious
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
5.4
44
ZeroCERT
2
2024-06-14 07:46
motruhjgmawes.exe
57a6a83482ce2897e8cdec17accbd662
Generic Malware
Downloader
Malicious Library
UPX
VMProtect
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Sniff Audio
HTTP
DNS
Code injection
Internet API
FTP
KeyLogger
P2P
AntiDebug
AntiVM
PE64
PE File
OS Processo
PDB
Code Injection
Creates executable files
RWX flags setting
unpack itself
AppData folder
Remote Code Execution
4.4
M
ZeroCERT
3
2024-06-08 17:11
kfiwarhg.exe
7d44a8a6757c2b7287c4a7b761f4e326
Generic Malware
Downloader
Malicious Library
UPX
VMProtect
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Sniff Audio
HTTP
DNS
Code injection
Internet API
persistence
FTP
KeyLogger
P2P
AntiDebug
AntiVM
PE64
PE File
VirusTotal
Malware
PDB
Code Injection
Creates executable files
unpack itself
AppData folder
Remote Code Execution
5.2
M
49
ZeroCERT
4
2024-06-05 07:30
lrthijawd.exe
1b1ecd323162c054864b63ada693cd71
SystemBC
Generic Malware
Downloader
Malicious Library
UPX
Malicious Packer
Antivirus
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Sniff Audio
HTTP
DNS
Code injection
Internet API
persistence
FTP
KeyLogger
P2P
Ant
AutoRuns
PDB
Code Injection
Checks debugger
Creates executable files
AppData folder
sandbox evasion
Windows
Remote Code Execution
5.2
ZeroCERT
5
2024-05-10 10:01
pojgysef.exe
d4f738f4e3787ef0b31891e446919aa8
Generic Malware
Downloader
Malicious Library
UPX
VMProtect
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Sniff Audio
HTTP
DNS
Code injection
Internet API
FTP
KeyLogger
P2P
AntiDebug
AntiVM
PE File
PE32
OS Processo
VirusTotal
Malware
PDB
Code Injection
Creates executable files
unpack itself
AppData folder
Remote Code Execution
4.8
36
ZeroCERT
6
2024-05-09 07:36
eee01.exe
0576835e3964b2d0bd3a87c3c80115b2
Malicious Library
Admin Tool (Sysinternals etc ...)
UPX
PE File
PE32
MZP Format
VirusTotal
Malware
unpack itself
AntiVM_Disk
VM Disk Size Check
3.0
M
18
ZeroCERT
7
2024-05-01 17:00
jfesawdr.exe
9fb56dd5b5beb0b9c5d0102f22373c0b
Generic Malware
Downloader
Malicious Library
UPX
VMProtect
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Sniff Audio
HTTP
DNS
Code injection
Internet API
FTP
KeyLogger
P2P
AntiDebug
AntiVM
PE File
PE32
OS Processo
VirusTotal
Malware
PDB
Code Injection
Creates executable files
unpack itself
AppData folder
ComputerName
Remote Code Execution
4.6
M
47
ZeroCERT
8
2024-01-24 08:05
check.exe
bdfe4d6a63e6367f4cba94b395860a02
Downloader
Malicious Library
UPX
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Sniff Audio
HTTP
DNS
Code injection
Internet API
persistence
FTP
KeyLogger
P2P
AntiDebug
AntiVM
PE32
PE File
OS Processor Check
PDB
Code Injection
Creates executable files
unpack itself
AppData folder
malicious URLs
ComputerName
Remote Code Execution
crashed
4.6
M
ZeroCERT
9
2023-08-14 16:13
AnimalCrossing2.exe
629f8ea6367bc269bd13799d249d7b5c
Generic Malware
UPX
Malicious Library
Malicious Packer
OS Processor Check
PE64
PE File
VirusTotal
Malware
PDB
0.8
2
ZeroCERT
10
2022-06-12 12:16
services.exe
b02f16632a71d8db3c239bdf38d3cdcb
RAT
Generic Malware
Antivirus
PE File
PE64
VirusTotal
Malware
powershell
suspicious privilege
MachineGuid
Malicious Traffic
Check memory
Checks debugger
buffers extracted
Creates shortcut
unpack itself
powershell.exe wrote
Check virtual network interfaces
suspicious process
WriteConsoleW
Windows
ComputerName
Cryptographic key
1
Keyword trend analysis
×
Info
×
http://dalyshops.com/loader/uploads/services_Fiwakjwd.jpg
2
Info
×
dalyshops.com(193.142.146.10) - malware
193.142.146.10 - malware
7.2
M
26
ZeroCERT
11
2022-03-18 09:34
services.exe
d5b001c179f199db0344a3aa6e44aab9
RAT
PE File
.NET EXE
PE32
VirusTotal
Malware
MachineGuid
Malicious Traffic
Check memory
Checks debugger
buffers extracted
unpack itself
Check virtual network interfaces
suspicious process
WriteConsoleW
Tofsee
Windows
ComputerName
Cryptographic key
1
Keyword trend analysis
×
Info
×
https://cdn.discordapp.com/attachments/941755488457068614/949090126024310884/services.png
2
Info
×
cdn.discordapp.com(162.159.134.233) - malware
162.159.129.233 - malware
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
5.4
M
23
ZeroCERT
12
2022-03-10 09:45
xmrig.exe
5385a40c6af4c73f43cfa5de46b9f05a
Generic Malware
Malicious Packer
Malicious Library
UPX
PE File
OS Processor Check
PE64
VirusTotal
Malware
Report
unpack itself
ComputerName
DNS
1
Info
×
185.168.130.138 - mailcious
1
Info
×
ET CNC Feodo Tracker Reported CnC Server group 9
3.4
51
ZeroCERT
13
2021-09-22 10:24
1056935770.exe
7b4cdcad8ab6a42017cd93d9639074ae
Generic Malware
UPX
Antivirus
PE64
PE File
VirusTotal
Malware
powershell
suspicious privilege
MachineGuid
Check memory
Checks debugger
Creates shortcut
unpack itself
powershell.exe wrote
suspicious process
Windows
ComputerName
Cryptographic key
5.0
M
33
ZeroCERT
14
2021-09-22 09:54
75796491.exe
c9da7eeb35209ea9a47fcde193e77266
RAT
PWS
.NET framework
Generic Malware
Antivirus
AntiDebug
AntiVM
PE File
.NET EXE
PE32
VirusTotal
Malware
powershell
AutoRuns
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
Creates shortcut
unpack itself
Windows utilities
powershell.exe wrote
suspicious process
malicious URLs
WriteConsoleW
Windows
ComputerName
Cryptographic key
crashed
12.2
43
ZeroCERT
15
2021-09-15 09:42
vmnet.exe
e07ce1ac09be171289b93538009c471c
RAT
Generic Malware
Antivirus
PE64
PE File
VirusTotal
Malware
powershell
suspicious privilege
MachineGuid
Check memory
Checks debugger
WMI
Creates shortcut
ICMP traffic
unpack itself
powershell.exe wrote
suspicious process
WriteConsoleW
Windows
ComputerName
Cryptographic key
4
Info
×
www.youtube.com(172.217.161.46)
www.google.com(142.250.196.100)
142.250.66.132
142.250.204.78
6.4
M
39
ZeroCERT
First
1
Last
Total : 15cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword