Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
1	2025-04-07 10:11	72tqn.exe 41f630848f119363b0d686b48d376650 Malicious Library UPX PE File PE32 VirusTotal Malware Check memory					1.0		11	ZeroCERT

2	2024-12-04 16:18	0DMNix3.exe dd587632bd83be28e06fc74be5ffe634 NSIS Malicious Library UPX PE32 PE File DLL VirusTotal Malware Malicious Traffic Check memory Creates executable files ICMP traffic Windows utilities AppData folder Windows DNS	2 Keyword trend analysis	1	6 Info ET INFO Executable Download from dotted-quad Host ET HUNTING Suspicious BITS EXE DL From Dotted Quad ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) ET INFO Dotted Quad Host RAR Request		5.0		16	ZeroCERT

3	2024-11-29 13:33	tvtC9D3.exe 56944be08ed3307c498123514956095b NSIS Malicious Library UPX PE32 PE File DLL VirusTotal Malware Malicious Traffic Check memory Creates executable files ICMP traffic Windows utilities AppData folder Windows DNS	2 Keyword trend analysis	2	6 Info ET INFO Executable Download from dotted-quad Host ET HUNTING Suspicious BITS EXE DL From Dotted Quad ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) ET INFO Dotted Quad Host RAR Request		4.8		9	ZeroCERT

4	2024-11-22 15:33	fastad4.exe 7077281a1e876202fe81ad4cde09ce2f Malicious Library UPX PE32 PE File ftp DLL VirusTotal Malware Check memory Creates executable files AppData folder		1			2.0		29	ZeroCERT

5	2024-09-26 10:27	66f4186b24569_sfx_123_500.exe 9aca15a320ce8fe7eabb268f7116cbcc Malicious Library UPX PE File PE32 VirusTotal Malware Check memory					1.0		16	ZeroCERT

6	2024-08-13 17:09	sahost.exe 29e3de6b17d0fdfb360834f038b59a39 NSIS Suspicious_Script_Bin Malicious Library UPX Anti_VM PE File PE32 DLL VirusTotal Malware AppData folder					1.4	M	24	ZeroCERT

7	2024-08-13 07:49	sahost.exe 3264ed302538a2d29f2e48f26eff85b0 NSIS Suspicious_Script_Bin Malicious Library UPX PE File PE32 DLL AppData folder					0.6			ZeroCERT

8	2024-08-09 16:15	Rage.exe ca817109712a3e97bf8026cdc810743d Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware Check memory Checks debugger buffers extracted Creates executable files					3.0	M	40	ZeroCERT

9	2024-07-15 16:46	kz_kkm_2.4.2.3.exe 40a22356fd06bc9a4fd4ddedf5286666 Generic Malware Malicious Library UPX .NET framework(MSIL) Malicious Packer Anti_VM Javascript_Blob PE File PE32 DLL OS Processor Check .NET DLL PNG Format .NET EXE ftp Lnk Format GIF Format PE64 wget VirusTotal Malware AutoRuns Check memory Creates shortcut Creates executable files unpack itself AppData folder Windows ComputerName					3.4		12	ZeroCERT

10	2024-07-15 16:41	kkm.exe ab6ca8e3d0c7967c6372a96334e6bb19 Generic Malware Malicious Library UPX .NET framework(MSIL) Anti_VM PE File PE32 DLL .NET DLL PNG Format Lnk Format GIF Format OS Processor Check ftp .NET EXE VirusTotal Malware AutoRuns Check memory Creates shortcut Creates executable files unpack itself AppData folder Windows ComputerName					4.0	M	40	ZeroCERT

11	2024-07-04 07:36	injector.exe 509c110ee54d73c3398140a5eb78c45a NSIS Malicious Library UPX Confuser .NET PE File PE32 .NET EXE VirusTotal Malware Microsoft suspicious privilege Check memory Checks debugger Creates executable files unpack itself AppData folder ComputerName DNS crashed		1	2		5.2		57	ZeroCERT

12	2024-06-20 16:48	DamnedSetup.exe c431df16a0810e27345aa37df100a114 Gen1 NSIS Generic Malware Malicious Library UPX Antivirus Malicious Packer Obsidium protector Admin Tool (Sysinternals etc ...) Javascript_Blob Anti_VM PE File PE32 DLL OS Processor Check ftp PE64 VirusTotal Malware suspicious privilege Check memory Creates executable files unpack itself AppData folder Ransom Message Ransomware					4.8		1	ZeroCERT

13	2024-06-10 10:10	loader-1001.exe 58ca6d5068fa4fed981cf5ef8a04e4d5 NSIS Generic Malware Downloader Malicious Library UPX Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM PE File PE32 Pow VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself powershell.exe wrote Check virtual network interfaces suspicious process AppData folder Tofsee Windows ComputerName Cryptographic key crashed	5 Keyword trend analysis Info http://apps.identrust.com/roots/dstrootcax3.p7c https://cdn-edge-node.com/online_security_mkl.exe - rule_id: 39716 https://d22hce23hy1ej9.cloudfront.net/load/th.php?a=2836&c=1001 - rule_id: 39690 https://d2lvl7wmj7b91p.cloudfront.net/load/load.php?c=1001 https://d22hce23hy1ej9.cloudfront.net/load/dl.php?id=458&c=1001 - rule_id: 39689	9	1	3	10.2	M	31	ZeroCERT

14	2024-05-20 10:27	start-pub.exe 52bcb73bddd7e3b613ec7fb1367c91c1 NSIS Generic Malware Downloader Malicious Library UPX Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM PE File PE32 P VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself powershell.exe wrote Check virtual network interfaces suspicious process AppData folder WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key crashed	6 Keyword trend analysis Info http://apps.identrust.com/roots/dstrootcax3.p7c http://240429000936002.mjt.kqri92.top/f/fvgbm0428902.txt - rule_id: 39695 https://d22hce23hy1ej9.cloudfront.net/load/th.php?a=2841&c=2841 - rule_id: 39690 https://d22hce23hy1ej9.cloudfront.net/load/dl.php?id=458&c=2841 - rule_id: 39689 https://d22hce23hy1ej9.cloudfront.net/load/dl.php?id=444&c=2841 - rule_id: 39689 https://d1vt2h4o64rfsv.cloudfront.net/load/load.php?c=2841&a=2841 - rule_id: 39691	11 Info d22hce23hy1ej9.cloudfront.net(13.225.110.70) - mailcious cdn-edge-node.com(104.21.11.117) - mailcious 240429000936002.mjt.kqri92.top(94.156.35.76) - mailcious d1vt2h4o64rfsv.cloudfront.net(18.244.65.223) - mailcious adblock2024.shop(172.67.176.247) - mailcious 172.67.165.254 - mailcious 18.244.65.10 - mailcious 104.21.43.83 - mailcious 13.225.110.102 182.162.106.144 179.43.158.2	3	5	11.2	M	17	ZeroCERT

15	2024-05-19 10:36	vpn-1002.exe ccb630a81a660920182d1c74b8db7519 NSIS Generic Malware Downloader Malicious Library UPX Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM PE File PE32 PowerS VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself powershell.exe wrote Check virtual network interfaces suspicious process AppData folder WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key crashed	7 Keyword trend analysis Info http://apps.identrust.com/roots/dstrootcax3.p7c http://240429000936002.mjt.kqri92.top/f/fvgbm0428902.txt https://d22hce23hy1ej9.cloudfront.net/load/dl.php?id=444&c=1002 https://d22hce23hy1ej9.cloudfront.net/load/th.php?a=2836&c=1002 https://cdn-edge-node.com/online_security_mkl.exe https://d22hce23hy1ej9.cloudfront.net/load/dl.php?id=458&c=1002 https://d2csnxzxwctx26.cloudfront.net/load/load.php?c=1002	11	3		10.2		24	ZeroCERT