Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
1801
2024-07-30 10:11
ccxzse.ps1
2c41269583d28c932670429c40247c3e
Generic Malware
Antivirus
VirusTotal
Malware
Check memory
unpack itself
WriteConsoleW
Windows
Cryptographic key
1.6
M
13
ZeroCERT
1802
2024-07-30 10:11
weseethesimplethingsalwaystoge...
c7f6cf5da3192c2cae7d911ee67f6620
Generic Malware
Antivirus
PowerShell
Malware download
VirusTotal
Malware
powershell
suspicious privilege
Malicious Traffic
Check memory
Checks debugger
buffers extracted
Creates shortcut
unpack itself
Check virtual network interfaces
suspicious process
WriteConsoleW
Windows
ComputerName
DNS
Cryptographic key
1
Keyword trend analysis
×
Info
×
http://198.46.176.133/Upload/vbs.jpeg - rule_id: 41176
1
Info
×
198.46.176.133 - mailcious
2
Info
×
ET MALWARE Base64 Encoded MZ In Image
ET MALWARE Malicious Base64 Encoded Payload In Image
1
Info
×
http://198.46.176.133/Upload/vbs.jpeg
8.8
M
4
ZeroCERT
1803
2024-07-30 10:06
weareinonlinewithnewthingsalwa...
dd84171b3002f6733fdc2800ac93f09f
Generic Malware
Antivirus
PowerShell
Malware download
VirusTotal
Malware
powershell
suspicious privilege
Malicious Traffic
Check memory
Checks debugger
buffers extracted
Creates shortcut
unpack itself
Check virtual network interfaces
suspicious process
WriteConsoleW
Windows
ComputerName
DNS
Cryptographic key
1
Keyword trend analysis
×
Info
×
http://198.46.176.133/Upload/vbs.jpeg - rule_id: 41176
2
Info
×
103.186.116.99
198.46.176.133 - mailcious
2
Info
×
ET MALWARE Base64 Encoded MZ In Image
ET MALWARE Malicious Base64 Encoded Payload In Image
1
Info
×
http://198.46.176.133/Upload/vbs.jpeg
8.8
M
4
ZeroCERT
1804
2024-07-30 10:06
Medical.doc
a5cc3d6c626628f934384cf95dddfc09
MSOffice File
RWX flags setting
exploit crash
unpack itself
Exploit
DNS
crashed
1
Info
×
45.66.231.190
2.8
ZeroCERT
1805
2024-07-30 10:05
HRD.txt.exe
437b017eb2cc7db4677091a38116e7bb
Browser Login Data Stealer
Generic Malware
Downloader
Malicious Library
Malicious Packer
UPX
ScreenShot
AntiDebug
AntiVM
PE File
PE32
OS Processor Check
Browser Info Stealer
Remcos
VirusTotal
Email Client Info Stealer
Malware
suspicious privilege
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
ICMP traffic
unpack itself
AntiVM_Disk
sandbox evasion
VM Disk Size Check
installed browsers check
Windows
Browser
Email
ComputerName
DNS
DDNS
keylogger
1
Keyword trend analysis
×
Info
×
http://geoplugin.net/json.gp
4
Info
×
geoplugin.net(178.237.33.50)
wemberdag.duckdns.org(103.186.116.99)
103.186.116.99
178.237.33.50
3
Info
×
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
ET JA3 Hash - Remcos 3.x/4.x TLS Connection
12.4
64
ZeroCERT
1806
2024-07-30 10:05
SRV.txt.vbs
558ec1566a5e96df14e34f69c20423f1
Browser Login Data Stealer
Generic Malware
Downloader
Malicious Library
Malicious Packer
UPX
PE File
PE32
OS Processor Check
Remcos
VirusTotal
Malware
Malicious Traffic
Check memory
DNS
DDNS
1
Keyword trend analysis
×
Info
×
http://geoplugin.net/json.gp
4
Info
×
geoplugin.net(178.237.33.50)
juiololo.duckdns.org()
178.237.33.50
45.66.231.190
3
Info
×
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
ET JA3 Hash - Remcos 3.x/4.x TLS Connection
2.8
59
ZeroCERT
1807
2024-07-30 10:04
seemsitsgreattoreleasethedargo...
1e06a0b540d76abb6e2712fa7e37138a
Generic Malware
Antivirus
PowerShell
Malware download
VirusTotal
Malware
powershell
suspicious privilege
Malicious Traffic
Check memory
Checks debugger
buffers extracted
Creates shortcut
unpack itself
Check virtual network interfaces
suspicious process
WriteConsoleW
Windows
ComputerName
DNS
Cryptographic key
1
Keyword trend analysis
×
Info
×
http://198.46.176.133/Upload/vbs.jpeg - rule_id: 41176
1
Info
×
198.46.176.133 - mailcious
2
Info
×
ET MALWARE Base64 Encoded MZ In Image
ET MALWARE Malicious Base64 Encoded Payload In Image
1
Info
×
http://198.46.176.133/Upload/vbs.jpeg
8.8
M
4
ZeroCERT
1808
2024-07-30 10:04
vbs.jpg.exe
d783b01173fc303ec28a741b88fe1a3d
Malicious Library
Malicious Packer
UPX
PE File
DLL
PE32
.NET DLL
OS Processor Check
VirusTotal
Malware
PDB
0.6
7
ZeroCERT
1809
2024-07-30 09:51
p.ps1
35331e753312b7f595f0b07a6307b2ef
Generic Malware
Antivirus
Check memory
unpack itself
WriteConsoleW
Windows
Cryptographic key
1.0
ZeroCERT
1810
2024-07-30 09:50
R7424.vbs
8ed012ccd8d23a8ff8e7b899a1e731c5
Generic Malware
Antivirus
VirusTotal
Malware
powershell
suspicious privilege
Check memory
Checks debugger
Creates shortcut
unpack itself
suspicious process
WriteConsoleW
Windows
ComputerName
Cryptographic key
5.8
9
ZeroCERT
1811
2024-07-30 09:50
s6790.vbs
9cd28988bbf3082be4a3f55a35a74728
Generic Malware
Antivirus
VirusTotal
Malware
powershell
AutoRuns
suspicious privilege
Check memory
Checks debugger
Creates shortcut
unpack itself
Windows utilities
suspicious process
WriteConsoleW
Windows
ComputerName
Cryptographic key
7.4
9
ZeroCERT
1812
2024-07-30 09:48
수정본_20240729.docx.lnk
1bb62f16635e0bcaf7b4ac2c27ceac71
Generic Malware
Antivirus
AntiDebug
AntiVM
Lnk Format
GIF Format
VirusTotal
Malware
powershell
suspicious privilege
Code Injection
Check memory
Checks debugger
Creates shortcut
RWX flags setting
unpack itself
Windows utilities
powershell.exe wrote
suspicious process
WriteConsoleW
Windows
Java
ComputerName
Cryptographic key
7.2
19
ZeroCERT
1813
2024-07-30 09:48
UPBIT_20240729.docx.lnk
6793c3d6438553222f5e8ed2ee8c3ebf
Generic Malware
Antivirus
AntiDebug
AntiVM
Lnk Format
GIF Format
VirusTotal
Malware
powershell
suspicious privilege
Code Injection
Check memory
Checks debugger
Creates shortcut
RWX flags setting
unpack itself
Windows utilities
powershell.exe wrote
suspicious process
WriteConsoleW
Windows
Java
ComputerName
Cryptographic key
7.2
14
ZeroCERT
1814
2024-07-30 09:45
BEN.txt.exe
550a8fd698db084dde7fd1878981a9a8
Browser Login Data Stealer
Generic Malware
Downloader
Malicious Library
Malicious Packer
UPX
PE File
PE32
OS Processor Check
Remcos
VirusTotal
Malware
Malicious Traffic
Check memory
Windows
DNS
DDNS
keylogger
1
Keyword trend analysis
×
Info
×
http://geoplugin.net/json.gp
4
Info
×
geoplugin.net(178.237.33.50)
tochisglobal.ddns.net(103.253.17.222)
178.237.33.50
103.253.17.222
2
Info
×
ET POLICY DNS Query to DynDNS Domain *.ddns .net
ET JA3 Hash - Remcos 3.x/4.x TLS Connection
3.8
62
ZeroCERT
1815
2024-07-30 09:44
22per2.php.vbs
50520f18c7641f87940cfba2a9659c8b
Generic Malware
Antivirus
OS Processor Check
Check memory
unpack itself
WriteConsoleW
Windows
Cryptographic key
1.0
ZeroCERT
First
Previous
121
122
123
124
125
126
127
128
129
130
Next
Last
Total : 48,231cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword