Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
1
2024-09-05 15:28
data64_6.exe
87953bdf18ba88061cf28ad17116b56f
Generic Malware
Malicious Library
UPX
Downloader
AntiDebug
AntiVM
PE File
PE32
OS Processor Check
DLL
MZP Format
VirusTotal
Malware
PDB
Code Injection
unpack itself
suspicious process
AppData folder
Remote Code Execution
4.4
M
42
guest
2
2024-04-22 13:16
setup294.exe
0cb2c7acebecb2db200e6987c69d2afa
Generic Malware
Malicious Library
UPX
AntiDebug
AntiVM
PE File
PE32
OS Processor Check
DLL
VirusTotal
Malware
PDB
Code Injection
Checks debugger
Creates executable files
unpack itself
AppData folder
Remote Code Execution
4.6
27
ZeroCERT
3
2023-10-27 00:09
winrar-x64-700b1.exe
ec258c62501e30c84217db59cd156e84
Emotet
Gen1
Malicious Library
UPX
Malicious Packer
Antivirus
PE File
PE64
OS Processor Check
CHM Format
DLL
PE32
VirusTotal
Malware
PDB
Check memory
Creates executable files
RWX flags setting
unpack itself
Remote Code Execution
2.8
2
guest
4
2023-09-17 09:36
sunor.exe
cf75403e04f4d4527f4fb25958a387c2
UPX
Malicious Library
AntiDebug
AntiVM
PE File
PE32
OS Processor Check
DLL
PDB
Code Injection
Checks debugger
Creates executable files
unpack itself
AppData folder
Remote Code Execution
3.8
M
ZeroCERT
5
2023-09-10 09:32
sufor.exe
1ba7db783e31bb8c6dc66b5a411a6ec9
Malicious Library
UPX
AntiDebug
AntiVM
PE File
PE32
OS Processor Check
DLL
PDB
Code Injection
Checks debugger
Creates executable files
unpack itself
AppData folder
Remote Code Execution
3.8
ZeroCERT
6
2023-08-23 17:25
CompPkgSrv.exe
b21b7a7c3470ec539fbfb187a361c894
PE File
.NET EXE
PE32
VirusTotal
Malware
Check memory
Checks debugger
unpack itself
Check virtual network interfaces
Tofsee
Windows
2
Info
×
files.catbox.moe(108.181.20.35) - malware
108.181.20.35 - mailcious
2
Info
×
ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
3.8
M
30
ZeroCERT
7
2023-08-23 17:21
CompPkgSrv.exe
9b3c1edaa709d4ab07401fae17223b60
PE File
.NET EXE
PE32
VirusTotal
Malware
Check memory
Checks debugger
unpack itself
Check virtual network interfaces
Tofsee
Windows
2
Info
×
files.catbox.moe(108.181.20.35) - malware
108.181.20.35 - mailcious
2
Info
×
ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
3.8
M
30
ZeroCERT
8
2023-07-04 07:34
rama.exe
03b453f78a11fc192d88447d789524f5
UPX
Malicious Library
OS Processor Check
PE File
PE32
DLL
PDB
unpack itself
AppData folder
Remote Code Execution
1.8
M
ZeroCERT
9
2023-05-06 12:14
vbc.exe
1d559db083653055d70931df9ba4386c
AgentTesla
PWS
.NET framework
browser
info stealer
Generic Malware
Google
Chrome
User Data
Downloader
Antivirus
Create Service
Socket
DNS
PWS[m]
Sniff Audio
Internet API
Escalate priviledges
KeyLogger
AntiDebug
AntiVM
.NET EXE
PE32
PE File
VirusTotal
Malware
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
Creates shortcut
unpack itself
suspicious process
Windows
ComputerName
DNS
Cryptographic key
DDNS
keylogger
2
Info
×
infoprokapz.ddns.net(45.88.66.87)
45.88.66.87
1
Info
×
ET POLICY DNS Query to DynDNS Domain *.ddns .net
12.2
M
47
ZeroCERT
10
2023-02-27 13:58
vbc.exe
458fac04945792014ed3cb1dd8ffb376
AgentTesla
PWS[m]
RAT
browser
info stealer
Hide_EXE
Generic Malware
Google
Chrome
User Data
Downloader
Antivirus
Create Service
Socket
DNS
Internet API
Sniff Audio
KeyLogger
Escalate priviledges
AntiDebug
AntiVM
.NET EXE
PE32
PE File
Remcos
VirusTotal
Malware
powershell
suspicious privilege
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
Creates shortcut
unpack itself
powershell.exe wrote
suspicious process
Windows
ComputerName
DNS
Cryptographic key
DDNS
keylogger
1
Keyword trend analysis
×
Info
×
http://geoplugin.net/json.gp
4
Info
×
geoplugin.net(178.237.33.50)
infoprokaps.ddns.net(23.94.99.5) - mailcious
178.237.33.50
23.94.99.5 - malware
2
Info
×
ET POLICY DNS Query to DynDNS Domain *.ddns .net
ET JA3 Hash - Remcos 3.x TLS Connection
12.0
M
48
ZeroCERT
11
2023-01-22 14:53
vbc.exe
994218a84ef481fc7648d5bfd5f37cf5
AgentTesla
PWS[m]
NPKI
RAT
browser
info stealer
Generic Malware
Google
Chrome
User Data
Downloader
Antivirus
Create Service
Socket
DNS
Internet API
Sniff Audio
KeyLogger
Escalate priviledges
AntiDebug
AntiVM
PE32
.NET EXE
PE File
Remcos
VirusTotal
Malware
suspicious privilege
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
Creates shortcut
unpack itself
suspicious process
Windows
ComputerName
DNS
Cryptographic key
DDNS
keylogger
1
Keyword trend analysis
×
Info
×
http://geoplugin.net/json.gp
4
Info
×
geoplugin.net(178.237.33.50)
infoprokaps.ddns.net(178.162.212.214)
178.162.212.214
178.237.33.50
2
Info
×
ET JA3 Hash - Remcos 3.x TLS Connection
ET POLICY DNS Query to DynDNS Domain *.ddns .net
11.0
M
22
ZeroCERT
12
2022-12-02 10:14
vbc.exe
a82700161c7914a19d7fa227e6bc7903
AgentTesla
PWS[m]
RAT
browser
info stealer
Generic Malware
Google
Chrome
User Data
Downloader
UPX
Antivirus
Create Service
Socket
DNS
Internet API
Sniff Audio
KeyLogger
Escalate priviledges
AntiDebug
AntiVM
PE32
.NET EXE
PE File
Remcos
VirusTotal
Malware
powershell
suspicious privilege
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
Creates shortcut
unpack itself
powershell.exe wrote
suspicious process
malicious URLs
Windows
ComputerName
DNS
Cryptographic key
DDNS
keylogger
1
Keyword trend analysis
×
Info
×
http://geoplugin.net/json.gp
4
Info
×
geoplugin.net(178.237.33.50)
aryexpcrt.ddns.net(68.235.48.108) - mailcious
178.237.33.50
68.235.48.108 - mailcious
2
Info
×
ET POLICY DNS Query to DynDNS Domain *.ddns .net
ET JA3 Hash - Remcos 3.x TLS Connection
13.8
M
38
ZeroCERT
13
2022-11-19 09:49
vbc.exe
e2de5b66b334794c444f3957b2b22d3c
AgentTesla
PWS[m]
RAT
browser
info stealer
Generic Malware
Google
Chrome
User Data
Downloader
Antivirus
Create Service
Socket
DNS
Internet API
Sniff Audio
KeyLogger
Escalate priviledges
AntiDebug
AntiVM
PE32
.NET EXE
PE File
VirusTotal
Malware
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
Creates shortcut
unpack itself
suspicious process
Windows
ComputerName
DNS
Cryptographic key
DDNS
keylogger
2
Info
×
aryexpcrt.ddns.net(68.235.48.108) - mailcious
68.235.48.108 - mailcious
1
Info
×
ET POLICY DNS Query to DynDNS Domain *.ddns .net
12.6
18
ZeroCERT
14
2022-11-18 09:19
vbc.exe
671c5fa2f01e03e1e5c3a47e48a904b0
AgentTesla
PWS[m]
RAT
browser
info stealer
Generic Malware
Google
Chrome
User Data
Downloader
Antivirus
Create Service
Socket
DNS
Internet API
Sniff Audio
KeyLogger
Escalate priviledges
AntiDebug
AntiVM
PE32
.NET EXE
PE File
VirusTotal
Malware
Buffer PE
AutoRuns
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
Creates shortcut
ICMP traffic
unpack itself
Windows utilities
suspicious process
WriteConsoleW
Windows
ComputerName
DNS
Cryptographic key
keylogger
3
Info
×
google.com(172.217.161.206)
172.217.24.110
107.174.202.148 - mailcious
15.2
23
ZeroCERT
15
2022-11-11 09:35
vbc.exe
212b8cea43ea6afa550e0173c4886db8
AgentTesla
PWS[m]
RAT
browser
info stealer
Generic Malware
Google
Chrome
User Data
Downloader
UPX
Antivirus
Create Service
Socket
DNS
Internet API
Sniff Audio
KeyLogger
Escalate priviledges
AntiDebug
AntiVM
PE32
OS Processor Check
.NET EXE
PE File
VirusTotal
Malware
powershell
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
Creates shortcut
unpack itself
powershell.exe wrote
suspicious process
Windows
ComputerName
DNS
Cryptographic key
DDNS
keylogger
2
Info
×
aryexpcrt.ddns.net(68.235.48.108) - mailcious
68.235.48.108 - mailcious
1
Info
×
ET POLICY DNS Query to DynDNS Domain *.ddns .net
13.0
M
28
ZeroCERT
First
1
2
Last
Total : 22cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword
