Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
17026
2023-05-20 16:29
vbc.exe
88f4d678b79d16820bf90404170118c7
RAT
.NET EXE
PE File
PE32
VirusTotal
Malware
PDB
Check memory
Checks debugger
unpack itself
2.4
M
30
ZeroCERT
17027
2023-05-20 16:29
bs1.exe
10f3b2556027848e861bdf1fa3fad046
UPX
PE64
PE File
VirusTotal
Malware
crashed
1.6
M
19
ZeroCERT
17028
2023-05-20 16:28
wealthzx.exe
a5c83c6ebe289f10bc234898385e889e
KeyLogger
AntiDebug
AntiVM
PE64
PE File
Browser Info Stealer
VirusTotal
Email Client Info Stealer
Malware
Telegram
PDB
suspicious privilege
MachineGuid
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
Check virtual network interfaces
IP Check
Tofsee
Windows
Browser
Email
ComputerName
DNS
crashed
keylogger
1
Keyword trend analysis
×
Info
×
https://api.ipify.org/
4
Info
×
api.ipify.org(64.185.227.155)
api.telegram.org(149.154.167.220)
173.231.16.76
149.154.167.220
4
Info
×
ET HUNTING Telegram API Domain in DNS Lookup
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI)
11.8
M
43
ZeroCERT
17029
2023-05-20 16:27
mn.php
f19e4ec96f8b163760b236127387c5a8
UPX
Malicious Library
OS Processor Check
DLL
PE64
PE File
Checks debugger
unpack itself
ComputerName
DNS
crashed
6
Info
×
34.254.140.99
214.43.249.250
2.228.251.38
57.182.80.190
92.119.178.40
62.4.213.138
3.8
M
ZeroCERT
17030
2023-05-20 16:25
firefoxport.exe
d55045e55d930facae1dda5cb8ef3cc1
Generic Malware
UPX
Malicious Library
OS Processor Check
PE File
PE32
VirusTotal
Malware
unpack itself
WriteConsoleW
2.0
M
25
ZeroCERT
17031
2023-05-20 16:25
variables.php
21e1167deef484bba34629762fd317bd
ZIP Format
M
ZeroCERT
17032
2023-05-20 16:23
datelog.dll
71c46a859f0729eb66d3fe7a9ae4c4e4
Backdoor
Farfli
UPX
Malicious Library
Malicious Packer
Antivirus
OS Processor Check
DLL
PE File
PE32
VirusTotal
Malware
Checks debugger
unpack itself
DNS
1
Info
×
216.83.59.17 - malware
4.0
M
54
ZeroCERT
17033
2023-05-20 16:23
chrome.exe
a4cd1ae410eb0a18a0c48218b7080713
RedLine stealer[m]
UPX
Admin Tool (Sysinternals etc ...)
AntiDebug
AntiVM
.NET EXE
PE File
PE32
Browser Info Stealer
FTP Client Info Stealer
VirusTotal
Malware
PDB
suspicious privilege
Code Injection
Checks debugger
buffers extracted
exploit crash
unpack itself
Collect installed applications
installed browsers check
Windows
Exploit
Browser
DNS
Cryptographic key
Software
crashed
1
Info
×
176.124.219.192
11.2
M
33
ZeroCERT
17034
2023-05-20 16:21
mn.php
8444b7011547a0b4bdc18437aa9d6e83
UPX
Malicious Library
OS Processor Check
DLL
PE64
PE File
Checks debugger
unpack itself
ComputerName
DNS
crashed
6
Info
×
34.254.140.99
214.43.249.250
2.228.251.38
57.182.80.190
92.119.178.40
62.4.213.138
3.8
ZeroCERT
17035
2023-05-20 16:20
foto0195.exe
283d3a45769695434e47bbb2c98ff469
Gen1
Emotet
PWS
.NET framework
RAT
RedLine Stealer
UltraVNC
UPX
Malicious Library
Confuser .NET
CAB
PE File
PE32
OS Processor Check
.NET EXE
Browser Info Stealer
FTP Client Info Stealer
VirusTotal
Malware
AutoRuns
PDB
suspicious privilege
Check memory
Checks debugger
WMI
Creates executable files
unpack itself
Disables Windows Security
Collect installed applications
AppData folder
AntiVM_Disk
VM Disk Size Check
installed browsers check
Windows
Update
Browser
ComputerName
RCE
DNS
Cryptographic key
Software
crashed
1
Info
×
77.91.68.253 - mailcious
11.4
M
36
ZeroCERT
17036
2023-05-20 16:19
mn.php
b975131f47777670e30248a7713d3275
UPX
Malicious Library
OS Processor Check
DLL
PE64
PE File
Checks debugger
unpack itself
ComputerName
DNS
crashed
6
Info
×
34.254.140.99
214.43.249.250
2.228.251.38
57.182.80.190
92.119.178.40
62.4.213.138
3.8
ZeroCERT
17037
2023-05-19 18:31
File_pass1234.7z
4f93d356a5bddc4210282cdfc365c2fd
PWS[m]
Escalate priviledges
KeyLogger
AntiDebug
AntiVM
Malware
suspicious privilege
Malicious Traffic
Check memory
Checks debugger
Creates executable files
unpack itself
IP Check
Tofsee
DNS
4
Keyword trend analysis
×
Info
×
http://94.142.138.131/api/tracemap.php - rule_id: 28311
http://www.maxmind.com/geoip/v2.1/city/me
https://api.db-ip.com/v2/p31e4d59ee6ad1a0b5cc80695a873e43a8fbca06/self
https://db-ip.com/
10
Info
×
api.db-ip.com(104.26.5.15)
db-ip.com(104.26.5.15)
ipinfo.io(34.117.59.81)
www.maxmind.com(104.17.214.67)
172.67.75.166
104.17.215.67
94.142.138.131 - mailcious
34.117.59.81
104.26.5.15
94.142.138.113 - mailcious
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)
1
Info
×
http://94.142.138.131/api/tracemap.php
4.2
M
ZeroCERT
17038
2023-05-19 18:09
Rszsx.js
99d584088d1c742f855f1345dcf541d0
Generic Malware
Antivirus
Hide_URL
AntiDebug
AntiVM
PowerShell
VirusTotal
Malware
suspicious privilege
Code Injection
Check memory
Checks debugger
Creates shortcut
unpack itself
suspicious process
Windows
ComputerName
Cryptographic key
1
Keyword trend analysis
×
Info
×
http://77.91.87.226/2kUY1F/Vu5AUV
6.0
8
ZeroCERT
17039
2023-05-19 18:09
Icuv.js
69cd79e7cef9f9fcd5d0e7d47b179566
Generic Malware
Antivirus
Hide_URL
AntiDebug
AntiVM
PowerShell
VirusTotal
Malware
powershell
suspicious privilege
Code Injection
Check memory
Checks debugger
Creates shortcut
unpack itself
suspicious process
Windows
ComputerName
Cryptographic key
1
Keyword trend analysis
×
Info
×
http://77.91.85.124/pNXY/r1Tfgm
6.2
16
ZeroCERT
17040
2023-05-19 18:08
rt.php.ps1
126439fe4d3f566c2171c0b63479931b
Generic Malware
Antivirus
Check memory
unpack itself
WriteConsoleW
Windows
Cryptographic key
1.0
ZeroCERT
First
Previous
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
Next
Last
Total : 53,349cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword
