Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
1
2021-09-22 10:12
product_specifications_details...
3bd6f12e4d6f4ed06a414a6cb100f546
RAT
Generic Malware
Antivirus
AntiDebug
AntiVM
PE File
.NET EXE
PE32
VirusTotal
Malware
powershell
suspicious privilege
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
WMI
Creates shortcut
ICMP traffic
unpack itself
powershell.exe wrote
Check virtual network interfaces
suspicious process
WriteConsoleW
Tofsee
Windows
ComputerName
DNS
Cryptographic key
crashed
1
Keyword trend analysis
×
Info
×
https://store2.gofile.io/download/a1c57f0b-1c7b-4dad-97ee-57d68360aaf4/Ucvcldsqn.dll
9
Info
×
www.facebook.com(157.240.215.35)
www.google.com(172.217.31.132)
www.twitter.com(104.244.42.129)
store2.gofile.io(31.14.69.10)
104.244.42.65 - suspicious
216.58.200.68
13.107.21.200
31.14.69.10
31.13.77.35
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
12.8
M
26
ZeroCERT
2
2021-09-22 10:09
product_specifications_details...
60b5efcc9ea0f944ac7fab44ace01de9
RAT
Generic Malware
Antivirus
AntiDebug
AntiVM
PE File
.NET EXE
PE32
VirusTotal
Malware
powershell
Buffer PE
AutoRuns
suspicious privilege
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
WMI
Creates shortcut
ICMP traffic
RWX flags setting
unpack itself
powershell.exe wrote
Check virtual network interfaces
suspicious process
WriteConsoleW
Tofsee
Windows
ComputerName
Cryptographic key
crashed
1
Keyword trend analysis
×
Info
×
https://store2.gofile.io/download/44989e53-4040-4cf6-800e-087ac6154184/Iuugtkemaayyziygy.dll
8
Info
×
www.facebook.com(157.240.215.35)
store2.gofile.io(31.14.69.10)
www.twitter.com(104.244.42.129)
www.google.com(172.217.31.132)
157.240.215.35
104.244.42.193 - suspicious
142.250.204.132
31.14.69.10
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
13.6
M
20
ZeroCERT
3
2021-09-22 09:27
product_specifications_details...
de964e4eddeb6ff30b6382af77de7650
RAT
Generic Malware
Antivirus
AntiDebug
AntiVM
PE File
.NET EXE
PE32
VirusTotal
Malware
powershell
suspicious privilege
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
WMI
Creates shortcut
ICMP traffic
unpack itself
powershell.exe wrote
Check virtual network interfaces
suspicious process
WriteConsoleW
Tofsee
Windows
ComputerName
Cryptographic key
crashed
1
Keyword trend analysis
×
Info
×
https://store2.gofile.io/download/7a80b600-2309-4cd7-af3d-a2c5c0bd5e34/Shsiatkkhdjdpjmanb.dll
8
Info
×
www.facebook.com(157.240.215.35)
store2.gofile.io(31.14.69.10)
www.twitter.com(104.244.42.1)
www.google.com(172.217.31.132)
157.240.215.35
104.244.42.193 - suspicious
31.14.69.10
142.250.66.36
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
13.2
M
24
ZeroCERT
4
2021-09-22 09:25
enquiry_3013577701209ppt.exe
2c7d4e78f74cc716f23492ad19daf763
RAT
Generic Malware
Antivirus
AntiDebug
AntiVM
PE File
.NET EXE
PE32
VirusTotal
Malware
powershell
Buffer PE
AutoRuns
suspicious privilege
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
WMI
Creates shortcut
ICMP traffic
RWX flags setting
unpack itself
powershell.exe wrote
Check virtual network interfaces
suspicious process
WriteConsoleW
Tofsee
Windows
ComputerName
Cryptographic key
crashed
1
Keyword trend analysis
×
Info
×
https://store2.gofile.io/download/af6f96d2-cbdd-494d-a0c4-3806faa01406/Entban.dll
8
Info
×
www.twitter.com(104.244.42.193)
store2.gofile.io(31.14.69.10)
www.facebook.com(157.240.215.35)
www.google.com(172.217.31.132)
104.244.42.1 - suspicious
157.240.215.35
31.14.69.10
216.58.200.68
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
13.6
M
27
ZeroCERT
5
2021-09-22 09:23
new_requests_5022058.exe
d883d9c4eb5bbaf4d4b3131d1ec71349
RAT
Generic Malware
Antivirus
AntiDebug
AntiVM
PE File
.NET EXE
PE32
VirusTotal
Malware
powershell
Buffer PE
AutoRuns
suspicious privilege
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
WMI
Creates shortcut
ICMP traffic
RWX flags setting
unpack itself
powershell.exe wrote
Check virtual network interfaces
suspicious process
WriteConsoleW
Tofsee
Windows
ComputerName
Cryptographic key
crashed
1
Keyword trend analysis
×
Info
×
https://store2.gofile.io/download/5c9d4064-4708-4f82-b830-1ebe74778b3b/Luwwfkikt.dll
8
Info
×
www.facebook.com(157.240.215.35)
store2.gofile.io(31.14.69.10)
www.twitter.com(104.244.42.193)
www.google.com(172.217.25.228)
157.240.215.35
142.250.66.68
31.14.69.10
104.244.42.129 - suspicious
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
13.8
M
32
ZeroCERT
6
2021-09-22 09:23
jj10-crypt.exe
7dd1032cbeb2b3f61e727060a65a839f
Generic Malware
Antivirus
SMTP
KeyLogger
AntiDebug
AntiVM
PE File
.NET EXE
PE32
VirusTotal
Malware
powershell
AutoRuns
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
Creates shortcut
unpack itself
powershell.exe wrote
suspicious process
Windows
ComputerName
Cryptographic key
crashed
11.0
M
29
ZeroCERT
First
1
Last
Total : 6cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword
