Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
1861
2025-02-21 16:32
lem.exe
0c38e5cacc997db36aeb4678c1ddf3bc
Gen1
Emotet
Generic Malware
Malicious Library
Antivirus
UPX
Downloader
Malicious Packer
Anti_VM
PE File
PE32
OS Processor Check
MZP Format
DLL
.NET DLL
PE64
DllRegisterServer
dll
ftp
VirusTotal
Malware
Check memory
Checks debugger
Creates executable files
unpack itself
AppData folder
sandbox evasion
ComputerName
crashed
4.0
M
14
ZeroCERT
1862
2025-02-21 16:32
kooki.exe
2afe3f4ef74cc7a7bb9f9be5f0e82a8f
Malicious Library
.NET framework(MSIL)
Malicious Packer
PE File
.NET EXE
PE32
VirusTotal
Malware
AutoRuns
PDB
suspicious privilege
Check memory
Checks debugger
unpack itself
Windows utilities
suspicious process
Windows
5.8
M
30
ZeroCERT
1863
2025-02-21 16:29
CHROM.exe
060fb89b755c0c9d89fb267da38ebe8d
Malicious Library
.NET framework(MSIL)
PE File
.NET EXE
PE32
VirusTotal
Malware
PDB
Check memory
Checks debugger
unpack itself
DNS
1
Info
×
23.49.154.73 - mailcious
3.0
M
7
ZeroCERT
1864
2025-02-21 16:23
coracion1.png
33b528941a4932848cb9471b75d1a500
Malicious Library
UPX
PE File
DLL
PE64
.NET DLL
VirusTotal
Malware
suspicious privilege
MachineGuid
Malicious Traffic
Check memory
Checks debugger
unpack itself
Check virtual network interfaces
DNS
1
Keyword trend analysis
×
Info
×
http://167.114.95.242/PS/index.php?VS=DEF1&PL=NAO
1
Info
×
167.114.95.242
4.8
M
37
ZeroCERT
1865
2025-02-21 16:20
1.exe
efc2de49c53a388807ef989c2f6efa46
Client SW User Data Stealer
LokiBot
Emotet
ftp Client
info stealer
Malicious Library
Malicious Packer
UPX
Socket
Http API
ScreenShot
PWS
HTTP
DNS
Internet API
AntiDebug
AntiVM
PE File
PE32
VirusTotal
Malware
Telegram
Code Injection
Malicious Traffic
buffers extracted
malicious URLs
Tofsee
ComputerName
DNS
2
Keyword trend analysis
×
Info
×
https://steamcommunity.com/profiles/76561199828130190
https://t.me/g02f04
5
Info
×
t.me(149.154.167.99) - mailcious
steamcommunity.com(23.49.154.73) - mailcious
149.154.167.99 - mailcious
23.49.154.73 - mailcious
95.217.24.123
3
Info
×
ET INFO Observed Telegram Domain (t .me in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
8.8
M
46
ZeroCERT
1866
2025-02-21 09:43
password.txt.lnk
04d3429703b4a6fcd2cc2eea25b2f706
Generic Malware
Antivirus
AntiDebug
AntiVM
GIF Format
Lnk Format
VirusTotal
Malware
powershell
suspicious privilege
Code Injection
Check memory
Checks debugger
Creates shortcut
unpack itself
powershell.exe wrote
suspicious process
WriteConsoleW
Windows
ComputerName
Cryptographic key
1
Keyword trend analysis
×
Info
×
http://212.57.37.63/uac_bypass.vbs
5.0
25
ZeroCERT
1867
2025-02-21 09:42
betta_version.msi
c505a2e4af5fd83df5b355cbf275a002
Generic Malware
Malicious Library
MSOffice File
CAB
OS Processor Check
VirusTotal
Malware
Telegram
suspicious privilege
Check memory
Checks debugger
unpack itself
AntiVM_Disk
IP Check
VM Disk Size Check
ComputerName
DNS
3
Keyword trend analysis
×
Info
×
http://IPiNfo.io/country
http://ipINFO.io/Ip
http://IPINfo.Io/city
4
Info
×
ipINFO.io(34.117.59.81)
api.telegram.org(149.154.167.220)
34.117.59.81
149.154.167.220
4
Info
×
ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI)
ET INFO External IP Lookup Domain in DNS Lookup (ipinfo .io)
ET POLICY External IP Lookup ipinfo.io
ET HUNTING Telegram API Domain in DNS Lookup
3.2
16
ZeroCERT
1868
2025-02-21 09:40
ZoomApp.exe
7c1dc8baa8c032731c08e0085f825115
njRAT
backdoor
Generic Malware
Malicious Library
Antivirus
UPX
PE File
MSOffice File
CAB
PE32
OS Processor Check
OS Name Check
DLL
VirusTotal
Malware
PDB
suspicious privilege
Check memory
Checks debugger
buffers extracted
Creates executable files
unpack itself
AppData folder
AntiVM_Disk
VM Disk Size Check
Windows
ComputerName
RCE
DNS
Cryptographic key
2
Info
×
instance-qa9t4q-relay.screenconnect.com(147.75.49.60)
147.75.49.60
1
Info
×
ET INFO Observed DNS Query to Known ScreenConnect/ConnectWise Remote Desktop Service Domain
5.2
17
ZeroCERT
1869
2025-02-20 23:02
https://steanmcommunity.gifts/...
2b524b0285d902a9d395468c4e18937c
Downloader
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Hijack Network
Sniff Audio
HTTP
DNS
Code injection
Internet API
persistence
FTP
KeyLogger
P2P
AntiDebug
AntiVM
PNG Format
MSOffice File
JPEG Format
VirusTotal
Malware
Code Injection
RWX flags setting
unpack itself
Windows utilities
malicious URLs
Tofsee
Windows
DNS
3
Info
×
steanmcommunity.gifts(185.208.158.242)
152.199.39.108 - mailcious
185.208.158.242
3
Info
×
ET DROP Spamhaus DROP Listed Traffic Inbound group 31
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
5.0
6
guest
1870
2025-02-20 19:12
111.txt
54fbe16bb5ff1ed4ef9ecdbfb97905ca
Suspicious_Script_Bin
ScreenShot
AntiDebug
AntiVM
VirusTotal
Malware
Check memory
unpack itself
1.6
10
guest
1871
2025-02-20 12:26
cabalmain.exe
b66b3067ed8dc4b46efc17cf619a7626
Gen1
Themida
Generic Malware
EnigmaProtector
Malicious Library
Malicious Packer
Antivirus
Downloader
UPX
Anti_VM
PE File
ftp
DllRegisterServer
dll
PE32
OS Processor Check
VirusTotal
Malware
2.0
M
33
ZeroCERT
1872
2025-02-20 12:25
helper.exe
9f365dcad65549bf48c4098e39a5a508
Themida
Malicious Library
UPX
PE File
.NET EXE
PE32
VirusTotal
Malware
unpack itself
Checks Bios
Detects VMWare
VMware
anti-virtualization
Firmware
crashed
4.2
M
45
ZeroCERT
1873
2025-02-20 12:24
setupis.msi
3571cbe8d39df8d0247c37287e5ac627
Generic Malware
Malicious Library
MSOffice File
CAB
OS Processor Check
VirusTotal
Malware
suspicious privilege
Check memory
Checks debugger
unpack itself
AntiVM_Disk
VM Disk Size Check
ComputerName
5
Keyword trend analysis
×
Info
×
http://sysoieaosgwoeesa.xyz:443/api/client_hello - rule_id: 43783
http://sysoieaosgwoeesa.xyz:443/api/client/new
http://sysoieaosgwoeesa.xyz:443/tasks/collect
http://sysoieaosgwoeesa.xyz:443/avast_update
http://sysoieaosgwoeesa.xyz:443/tasks/get_worker
2
Info
×
sysoieaosgwoeesa.xyz(92.118.112.155) - mailcious
92.118.112.155 - mailcious
2
Info
×
ET HUNTING EXE Base64 Encoded potential malware
ET POLICY HTTP traffic on port 443 (POST)
1
Info
×
http://sysoieaosgwoeesa.xyz:443/api/client_hello
2.6
M
23
ZeroCERT
1874
2025-02-20 05:08
putty.exe
765bdc0f8bc0d77f7414e7a36ae45fd9
Generic Malware
Malicious Library
UPX
PE File
PE64
OS Processor Check
FTP Client Info Stealer
VirusTotal
Malware
Check memory
Checks debugger
unpack itself
RCE
Software
2.6
2
guest
1875
2025-02-20 03:54
scan_doc_000_371.js
60aa9509a011433b98f1a3677183bfa9
VirusTotal
Malware
WMI
ComputerName
1.4
6
guest
First
Previous
121
122
123
124
125
126
127
128
129
130
Next
Last
Total : 53,366cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword
