Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
17911	2023-05-10 18:11	MON_pdf.exe b1779162ee18fdff9a550e23bec9b2c4 NSIS UPX Malicious Library PE File PE32 DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns Check memory Checks debugger Creates executable files unpack itself Check virtual network interfaces AppData folder Windows Browser Email ComputerName Cryptographic key Software crashed		2	2	7.4	M	48	ZeroCERT

17912	2023-05-10 18:09	Wed.exe f92115170bf02c0ac2f6b1e7270dcfb6 Formbook .NET EXE PE File PE32 VirusTotal Malware PDB Check memory Checks debugger buffers extracted unpack itself				2.4	M	17	ZeroCERT

17913	2023-05-10 18:09	vbc.exe 6ade942d85d1738a7d52360ca1d34080 Generic Malware UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware PDB unpack itself RCE DNS				3.8	M	32	ZeroCERT

17914	2023-05-10 18:07	%23%23%23%23%23%23%23%23%23%23... 41e6396e3fb7c2ee5676acd85978f671 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted RWX flags setting exploit crash IP Check Tofsee Windows Exploit DNS crashed Downloader	2 Keyword trend analysis	3	7 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	5.4	M	30	ZeroCERT

17915	2023-05-10 18:07	aaaa.exe 852e911a70f5f4ebdf572adc36cb97f6 AntiDebug AntiVM MSOffice File Code Injection ICMP traffic RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed		6	2	6.0	M		ZeroCERT

17916	2023-05-10 18:05	vbc.exe 31b54d8b3a96f7346c0d96f79a5f70d2 PWS .NET framework Formbook Hide_EXE Generic Malware Antivirus SMTP KeyLogger Anti_VM AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed	1 Keyword trend analysis	2	1	14.0	M	52	ZeroCERT

17917	2023-05-10 18:05	index.php ffdf510dac759b90ec0e44b755fdb09a UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware unpack itself RCE				2.0	M	26	ZeroCERT

17918	2023-05-10 18:03	pspp 14f04f5932bc851acf217a147afb018a UPX Malicious Library VMProtect OS Processor Check PE64 PE File VirusTotal Malware				2.2	M	42	ZeroCERT

17919	2023-05-10 18:02	vbc.exe 906095752970580abc9cabb800275187 Generic Malware UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware PDB unpack itself RCE DNS				3.8	M	30	ZeroCERT

17920	2023-05-10 18:01	QQQQ%23%23%23%23%23%23%23%23%2... 00a01e52c1cea67f0060dc808ed99ab7 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted RWX flags setting exploit crash Windows Exploit DNS crashed Downloader	1 Keyword trend analysis	1	7 Info ET INFO Executable Download from dotted-quad Host ET MALWARE MSIL/GenKryptik.FQRH Download Request ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	4.8	M	28	ZeroCERT

17921	2023-05-10 18:01	yfpqyf6z34gx4.exe 1bad400e3d462431b279bcfff555fd58 AntiDebug AntiVM MSOffice File Code Injection ICMP traffic RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed		5	2	6.0	M		ZeroCERT

17922	2023-05-10 17:59	vbc.exe 746e259e8909d818693bce42b28ad243 PWS .NET framework SMTP PWS[m] KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed	1 Keyword trend analysis	2	1	12.4	M	53	ZeroCERT

17923	2023-05-10 17:58	sun.exe d943a312a3e7bcc124099611fb6c11f2 PWS .NET framework Generic Malware Antivirus KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Windows Browser Email ComputerName Cryptographic key Software crashed		2	2	14.2	M	43	ZeroCERT

17924	2023-05-10 14:00	94f6d162d47da132_워싱턴선언, 북핵 위협 ... c7b099c4f8b3e909becd086f29e18f91 HWP MSOffice File GIF Format Checks debugger Creates shortcut Creates executable files unpack itself				1.4			JYC

17925	2023-05-10 11:11	123.exe 851dfeb9035473532d796a9b41608b3c Vidar PE64 PE File VirusTotal Malware PDB MachineGuid Check memory Checks debugger unpack itself				2.0	M	22	r0d