Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
1
2023-07-26 17:33
ChromeSetup.exe
e731b730b77e82c08ada3ecd859751c9
AgentTesla
Generic Malware
.NET framework(MSIL)
Antivirus
PWS
SMTP
KeyLogger
AntiDebug
AntiVM
.NET EXE
PE File
PE32
Browser Info Stealer
FTP Client Info Stealer
Email Client Info Stealer
powershell
AutoRuns
PDB
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
Creates shortcut
unpack itself
Windows utilities
powershell.exe wrote
Check virtual network interfaces
suspicious process
WriteConsoleW
IP Check
Tofsee
Windows
Browser
Email
ComputerName
DNS
Cryptographic key
Software
crashed
3
Info
×
api.ipify.org(173.231.16.76) -
162.55.60.2 -
64.185.227.156 -
2
Info
×
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
14.4
ZeroCERT
2
2023-07-26 17:32
ChromeSetup.exe
e9a32c39471da0a007579b86dfd4ce38
Generic Malware
Antivirus
UPX
PWS
Internet API
AntiDebug
AntiVM
.NET EXE
PE File
PE32
DLL
VirusTotal
Malware
powershell
Buffer PE
AutoRuns
PDB
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
Creates shortcut
Creates executable files
RWX flags setting
unpack itself
Windows utilities
powershell.exe wrote
suspicious process
AppData folder
WriteConsoleW
Windows
ComputerName
DNS
Cryptographic key
crashed
1
Keyword trend analysis
×
Info
×
http://showip.net/
3
Info
×
showip.net(162.55.60.2) -
162.55.60.2 -
185.195.237.203 -
1
Info
×
ET POLICY IP Check Domain (showip in HTTP Host)
13.8
27
ZeroCERT
3
2023-07-12 17:47
win.exe
d4fe9ca0baa8b18233d058024e4b6f2d
Generic Malware
PDF Suspicious Link
.NET framework(MSIL)
Antivirus
UPX
Internet API
PDF
AntiDebug
AntiVM
.NET EXE
PE File
PE32
ZIP Format
DLL
VirusTotal
Email Client Info Stealer
Malware
Buffer PE
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
Creates shortcut
Creates executable files
RWX flags setting
unpack itself
Windows utilities
suspicious process
WriteConsoleW
Windows
Email
ComputerName
Cryptographic key
crashed
1
Keyword trend analysis
×
Info
×
http://showip.net/
4
Info
×
us2.smtp.mailhostbox.com(208.91.199.223)
showip.net(162.55.60.2)
162.55.60.2
208.91.199.225
3
Info
×
ET POLICY IP Check Domain (showip in HTTP Host)
SURICATA Applayer Detect protocol only one direction
ET INFO Possible SMTP Data Exfiltration - File Attachment Named Files.zip
13.4
M
42
ZeroCERT
4
2023-07-12 07:32
wins.exe
5ee9e77231b275cafb560643b6254ef2
Generic Malware
Antivirus
.NET EXE
PE File
PE32
VirusTotal
Malware
powershell
PDB
suspicious privilege
Code Injection
Check memory
Checks debugger
Creates shortcut
unpack itself
Windows utilities
powershell.exe wrote
suspicious process
WriteConsoleW
Windows
ComputerName
Cryptographic key
8.0
20
ZeroCERT
5
2023-05-16 09:22
vbc.exe
eb5ee53f92ace8c899dd75b9af7a3ee8
PWS
.NET framework
RAT
.NET EXE
PE File
PE32
VirusTotal
Malware
PDB
Check memory
Checks debugger
unpack itself
DNS
1
Info
×
184.75.223.195
3.0
M
36
ZeroCERT
6
2023-04-20 09:46
vbc.exe
f26ce3fc95a5cc436d4e15338a7ded6b
PWS
.NET framework
Hide_EXE
.NET EXE
PE32
PE File
VirusTotal
Malware
PDB
Check memory
Checks debugger
unpack itself
2.2
M
22
ZeroCERT
7
2023-03-24 18:11
vbc.exe
52960f977b511bb88664a0177320a26a
PWS
.NET framework
RAT
Generic Malware
Antivirus
.NET EXE
PE32
PE File
VirusTotal
Malware
PDB
suspicious privilege
Code Injection
Check memory
Checks debugger
Creates shortcut
unpack itself
Windows utilities
suspicious process
WriteConsoleW
Windows
ComputerName
Cryptographic key
7.4
M
28
ZeroCERT
8
2023-03-17 10:02
vbc.exe
2405e3c0602edc439e913ae0b0894fad
PWS
.NET framework
RAT
UPX
.NET EXE
PE32
PE File
VirusTotal
Malware
Check memory
Checks debugger
unpack itself
ComputerName
2.4
M
39
ZeroCERT
9
2023-03-17 09:59
vbc.exe
30027f61c9de1e89c5314667fae3b647
PWS
.NET framework
RAT
Generic Malware
Antivirus
SMTP
KeyLogger
AntiDebug
AntiVM
.NET EXE
PE32
PE File
Browser Info Stealer
FTP Client Info Stealer
VirusTotal
Email Client Info Stealer
Malware
AutoRuns
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
Creates shortcut
unpack itself
Windows utilities
suspicious process
WriteConsoleW
Windows
Browser
Email
ComputerName
Cryptographic key
Software
crashed
13.8
M
31
ZeroCERT
10
2023-03-17 09:55
vbc.exe
96cafe7de7304d358d586ce231fda4e1
PWS
.NET framework
RAT
Generic Malware
Antivirus
SMTP
KeyLogger
AntiDebug
AntiVM
.NET EXE
PE32
PE File
Browser Info Stealer
FTP Client Info Stealer
VirusTotal
Email Client Info Stealer
Malware
AutoRuns
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
Creates shortcut
unpack itself
Windows utilities
suspicious process
WriteConsoleW
Windows
Browser
Email
ComputerName
Cryptographic key
Software
crashed
13.2
M
30
ZeroCERT
11
2023-03-10 16:19
vbc.exe
6e4c51c65c966531518f3ace3499ade7
Admin Tool (Sysinternals etc ...)
SMTP
KeyLogger
AntiDebug
AntiVM
.NET EXE
PE32
PE File
Browser Info Stealer
FTP Client Info Stealer
VirusTotal
Email Client Info Stealer
Malware
AutoRuns
PDB
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
Creates executable files
unpack itself
Windows utilities
suspicious process
AppData folder
malicious URLs
WriteConsoleW
Windows
Browser
Email
ComputerName
Cryptographic key
Software
crashed
14.6
M
24
ZeroCERT
12
2023-03-08 17:41
vbc.exe
f10caa63bef70662a123611402191200
RAT
Generic Malware
Antivirus
.NET EXE
PE32
PE File
VirusTotal
Malware
powershell
PDB
suspicious privilege
Check memory
Checks debugger
buffers extracted
Creates shortcut
unpack itself
powershell.exe wrote
suspicious process
WriteConsoleW
Windows
ComputerName
DNS
Cryptographic key
crashed
1
Info
×
23.111.184.154 - mailcious
6.2
M
27
ZeroCERT
13
2023-03-08 17:39
vbc.exe
21f7fd1bf4759b63e04892f4ecbdf0e4
RAT
Generic Malware
Antivirus
.NET EXE
PE32
PE File
VirusTotal
Malware
powershell
PDB
suspicious privilege
Check memory
Checks debugger
buffers extracted
Creates shortcut
unpack itself
powershell.exe wrote
suspicious process
WriteConsoleW
Windows
ComputerName
Cryptographic key
crashed
5.6
20
ZeroCERT
14
2023-03-07 09:43
vbc.exe
a28b0660ea0c24b2e6b4aa9f0049cd93
RAT
Generic Malware
Antivirus
SMTP
KeyLogger
AntiDebug
AntiVM
.NET EXE
PE File
PE32
Browser Info Stealer
FTP Client Info Stealer
VirusTotal
Email Client Info Stealer
Malware
powershell
AutoRuns
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
Creates shortcut
unpack itself
Windows utilities
powershell.exe wrote
suspicious process
WriteConsoleW
Windows
Browser
Email
ComputerName
Cryptographic key
Software
crashed
14.4
M
33
ZeroCERT
15
2023-03-03 18:02
vbc.exe
131ff0ef35352e56cef2893ab1260c3d
PWS
.NET framework
RAT
Generic Malware
Antivirus
SMTP
KeyLogger
AntiDebug
AntiVM
.NET EXE
PE32
PE File
Browser Info Stealer
FTP Client Info Stealer
VirusTotal
Email Client Info Stealer
Malware
AutoRuns
PDB
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
Creates shortcut
unpack itself
Windows utilities
suspicious process
WriteConsoleW
Windows
Browser
Email
ComputerName
Cryptographic key
Software
crashed
12.8
24
ZeroCERT
First
1
2
3
Last
Total : 31cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword
