Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
15196	2021-11-10 09:46	Arrival_7036PDF.jar 1aec13cf9b79fd1858bbe91b6281f568 NPKI Malicious Library UPX Malicious Packer MSOffice File PE File OS Processor Check PE32 DLL Malware download NetWireRC VirusTotal Email Client Info Stealer Malware AutoRuns Check memory Checks debugger buffers extracted WMI Creates executable files RWX flags setting unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder suspicious TLD WriteConsoleW IP Check Windows Java Email ComputerName DNS crashed	2 Keyword trend analysis	11 Info str-master.pw(147.182.174.188) - mailcious objects.githubusercontent.com(185.199.108.133) github.com(52.78.231.108) - mailcious repo1.maven.org(199.232.196.209) ip-api.com(208.95.112.1) 185.199.109.133 - mailcious 147.182.174.188 - mailcious 15.164.81.167 - malware 151.101.52.209 185.205.210.106 208.95.112.1	6	1	9.4	M	14	ZeroCERT

15197	2021-11-10 09:47	GF-DFTFYTSKFHK437943.msi 1fbb973e9856e9f89216fc609f9e6aa1 Gen2 Generic Malware Malicious Packer Malicious Library OS Processor Check MSOffice File VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself AntiVM_Disk IP Check VM Disk Size Check Tofsee Advertising Google ComputerName	3 Keyword trend analysis Info http://ip-api.com/json/ https://docs.google.com/document/d/10HvsTYa9mOZkmz5pyA-Za4wVTeJi4XzWOBmXG4x--SQ/export?format=txt https://doc-0g-8k-docstext.googleusercontent.com/export/kr014gggnh0d9kvhc4c60ctnp0/qobs2n84j988rv25et34agsloo/1636505080000/109814536751784867157/*/10HvsTYa9mOZkmz5pyA-Za4wVTeJi4XzWOBmXG4x--SQ?format=txt	6	2		3.6		16	ZeroCERT

15198	2021-11-10 09:52	_-Name d46b39b3c3a6dc15a18e90c0b28d5bc3 Malicious Library PE File PE32 PDB					0.2			ZeroCERT

15199	2021-11-10 14:03	winapi32.exe 5f20b46e52c413a9a4d79b1fb7a85b18 UPX PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself suspicious process WriteConsoleW Tofsee Windows ComputerName	1 Keyword trend analysis	2	1		4.8		39	guest

15200	2021-11-10 18:01	URGENT PURCHASE ORDER.exe 2c88a95d136be447e28c6ba0c424f93e Malicious Library UPX Create Service DGA Socket Steal credential DNS Internet API Code injection Sniff Audio HTTP KeyLogger FTP Escalate priviledges Downloader ScreenShot Http API P2P AntiDebug AntiVM PE File PE32 VirusTotal Malware AutoRuns Code Injection Creates executable files RWX flags setting unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Remote Code Execution crashed	1 Keyword trend analysis	2			7.4		37	ZeroCERT

15201	2021-11-10 18:03	ipfile.exe 1629965aff3a7f0a6f815053fcd32755 Generic Malware Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself					2.2		22	ZeroCERT

15202	2021-11-10 18:03	2523_1636395605_7090.exe 02d40f2cc146029de92935a5fd2bff00 Generic Malware PE File PE32 .NET EXE VirusTotal Malware Check memory Checks debugger unpack itself Windows ComputerName					3.0		37	ZeroCERT

15203	2021-11-10 18:03	ServicedetailforDARevision.pdf e822e0070c7f84af44407fd2fdfee044 PDF								ZeroCERT

15204	2021-11-10 18:05	1516_1636380988_6400.exe 08cb82859479b33dc1d0738b985db28c Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself					2.2		26	ZeroCERT

15205	2021-11-10 18:05	5600_1636395892_7115.exe ef9cfb2ddc4af2089df63a761ecc7833 RAT Generic Malware PE File PE32 .NET EXE VirusTotal Malware Check memory Checks debugger unpack itself					2.4		38	ZeroCERT

15206	2021-11-10 18:08	lyl01.exe fc48a319b30c94e51cc9342192caa28e RAT Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed		1			11.4		33	ZeroCERT

15207	2021-11-10 18:08	7035_1636476680_5245.exe cf0a77cf9b3eda603a4d50996aa206ad RAT Generic Malware PE64 PE File VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself					2.2		17	ZeroCERT

15208	2021-11-10 18:10	4486_1636398307_3671.exe 62e48160bc502c948c21e9574c8d9aa6 Themida Packer Anti_VM PE File PE32 .NET EXE VirusTotal Malware Check memory Checks debugger unpack itself Checks Bios Detects VMWare VMware anti-virtualization Windows Firmware DNS Cryptographic key crashed		1			7.8		33	ZeroCERT

15209	2021-11-10 18:10	7195_1636484007_9624.exe 455dd879d3c2203e9a4f412278f5391d AntiDebug AntiVM PE File PE32 Browser Info Stealer VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI RWX flags setting unpack itself Collect installed applications installed browsers check Windows Browser ComputerName DNS Cryptographic key crashed		1			11.8		27	ZeroCERT

15210	2021-11-10 18:12	james112.exe abaecc87a5255a67718b49ca9b03a793 RAT Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed		1			10.6		40	ZeroCERT