Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
1
2024-06-09 09:39
work.exe
fcd2251a8050b590a00cfe90dde9bd4c
Malicious Library
Admin Tool (Sysinternals etc ...)
UPX
PE File
PE32
VirusTotal
Malware
AutoRuns
Creates executable files
RWX flags setting
unpack itself
AppData folder
Windows
crashed
4.0
M
60
ZeroCERT
2
2021-07-09 10:06
EXCEL.exe
06b4abe10cbb4e3b692fd7c15f973228
RAT
Generic Malware
SMTP
KeyLogger
PDF
AntiDebug
AntiVM
.NET EXE
PE32
PE File
Browser Info Stealer
FTP Client Info Stealer
VirusTotal
Email Client Info Stealer
Malware
AutoRuns
suspicious privilege
Code Injection
Malicious Traffic
Checks debugger
buffers extracted
exploit crash
unpack itself
Check virtual network interfaces
malicious URLs
IP Check
Windows
Exploit
Browser
Email
DNS
Cryptographic key
DDNS
Software
crashed
keylogger
2
Keyword trend analysis
×
Info
×
http://checkip.dyndns.org/
https://freegeoip.app/xml/175.208.134.150
4
Info
×
freegeoip.app(172.67.188.154)
checkip.dyndns.org(216.146.43.70)
131.186.161.70
104.21.19.200
16.0
26
ZeroCERT
3
2021-07-09 09:58
conhosts.exe
caef2cf45e5f00b554a5847de4096408
RAT
Gen2
Emotet
Gen1
PWS
.NET framework
Generic Malware
NSIS
Admin Tool (Sysinternals etc ...)
Anti_VM
UPX
KeyLogger
ScreenShot
PDF
AntiDebug
AntiVM
.NET EXE
PE32
PE File
OS Processor Check
VirusTotal
Malware
AutoRuns
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
Creates executable files
unpack itself
AppData folder
malicious URLs
installed browsers check
Windows
Browser
Cryptographic key
crashed
10.0
23
ZeroCERT
4
2021-07-09 09:52
ChromeSetup.exe
8b8070d443edc2583af45f5e831612ae
RAT
Generic Malware
SMTP
KeyLogger
PDF
AntiDebug
AntiVM
.NET EXE
PE32
PE File
Browser Info Stealer
FTP Client Info Stealer
VirusTotal
Email Client Info Stealer
Malware
AutoRuns
suspicious privilege
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
unpack itself
Check virtual network interfaces
malicious URLs
IP Check
Windows
Browser
Email
ComputerName
DNS
Cryptographic key
DDNS
Software
crashed
keylogger
2
Keyword trend analysis
×
Info
×
http://checkip.dyndns.org/
https://freegeoip.app/xml/175.208.134.150
4
Info
×
freegeoip.app(104.21.19.200)
checkip.dyndns.org(162.88.193.70)
216.146.43.71
172.67.188.154
14.4
19
ZeroCERT
5
2021-07-07 11:29
svchost.exe
0909bde36854892a4a4a2f68489cb410
RAT
Gen2
Emotet
Gen1
PWS
.NET framework
Generic Malware
NSIS
UPX
Admin Tool (Sysinternals etc ...)
Anti_VM
KeyLogger
ScreenShot
AntiDebug
AntiVM
PE File
.NET EXE
PE32
OS Processor Check
Browser Info Stealer
VirusTotal
Malware
AutoRuns
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
Creates executable files
unpack itself
suspicious process
AppData folder
installed browsers check
Windows
Browser
DNS
Cryptographic key
crashed
1
Keyword trend analysis
×
Info
×
http://detectportal.firefox.com/success.txt?ipv4
4
Info
×
prod.detectportal.prod.cloudops.mozgcp.net(34.107.221.82)
detectportal.firefox.com(34.107.221.82)
mozilla.org(44.236.72.93)
34.107.221.82
11.6
M
16
ZeroCERT
6
2021-07-07 11:20
EXCEL.exe
135b625746c95837d281a18767310669
RAT
Generic Malware
SMTP
KeyLogger
AntiDebug
AntiVM
PE File
.NET EXE
PE32
Browser Info Stealer
FTP Client Info Stealer
VirusTotal
Email Client Info Stealer
Malware
AutoRuns
suspicious privilege
Code Injection
Malicious Traffic
Checks debugger
buffers extracted
exploit crash
unpack itself
Check virtual network interfaces
IP Check
Tofsee
Windows
Exploit
Browser
Email
DNS
Cryptographic key
DDNS
Software
crashed
keylogger
2
Keyword trend analysis
×
Info
×
http://checkip.dyndns.org/
https://freegeoip.app/xml/175.208.134.150
4
Info
×
freegeoip.app(104.21.19.200)
checkip.dyndns.org(162.88.193.70)
162.88.193.70
172.67.188.154
4
Info
×
ET INFO DYNAMIC_DNS Query to *.dyndns. Domain
ET POLICY External IP Lookup - checkip.dyndns.org
ET POLICY DynDNS CheckIp External IP Address Server Response
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
16.2
M
29
ZeroCERT
7
2021-07-07 11:02
microa.exe
db6d1eadf3bfc69ac72965056c2c742c
AgentTesla
RAT
browser
info stealer
Generic Malware
Google
Chrome
User Data
Socket
Create Service
Sniff Audio
Escalate priviledges
KeyLogger
Code injection
Downloader
AntiDebug
AntiVM
PE File
.NET EXE
PE32
VirusTotal
Malware
AutoRuns
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
Creates executable files
unpack itself
suspicious process
Windows
DNS
Cryptographic key
crashed
14.0
M
30
ZeroCERT
First
1
Last
Total : 7cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword