Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
1921
2025-02-19 10:49
Okfgjrg5d8gt
a07b7ca47de7e03b3f4ee5d8468ba8da
Generic Malware
Malicious Library
.NET framework(MSIL)
UPX
Antivirus
PE File
PE64
OS Processor Check
PowerShell
.NET EXE
PE32
Cryptocurrency Miner
Cryptocurrency
powershell
AutoRuns
PDB
suspicious privilege
MachineGuid
Check memory
Checks debugger
Creates shortcut
Creates executable files
unpack itself
Windows utilities
suspicious process
AppData folder
WriteConsoleW
Windows
ComputerName
RCE
Cryptographic key
crashed
BitCoinMiner
CoinMiner
2
Info
×
usa-east.raptoreum.zone() -
31.220.102.19 -
1
Info
×
ET COINMINER W32/BitCoinMiner.MultiThreat Subscribe/Authorize Stratum Protocol Message
8.6
ZeroCERT
1922
2025-02-19 10:48
poll.exe
f0cd5781e0d4037be6af224c6438ab32
Generic Malware
Malicious Library
UPX
PE File
PE32
MZP Format
buffers extracted
unpack itself
sandbox evasion
Browser
2.4
ZeroCERT
1923
2025-02-19 10:47
TestLAB.exe
39c2f63970a0b2b1942e7072a6c648dc
Gen1
Emotet
Generic Malware
Malicious Library
Antivirus
UPX
Malicious Packer
Anti_VM
PE File
PE32
OS Processor Check
MZP Format
DLL
PE64
DllRegisterServer
dll
.NET DLL
Buffer PE
suspicious privilege
Check memory
Checks debugger
buffers extracted
Creates executable files
unpack itself
AppData folder
sandbox evasion
Windows
ComputerName
Cryptographic key
crashed
5.6
ZeroCERT
1924
2025-02-19 10:47
Sun.exe
3affeeda49307427251022fcb3c46f9b
Generic Malware
Malicious Library
Malicious Packer
UPX
Anti_VM
PE File
PE64
OS Processor Check
PDB
DNS
1
Info
×
31.220.102.19 -
1.2
ZeroCERT
1925
2025-02-19 10:45
JHiuhe2rg7tds
3b1bf937711e0b1f3b6e455d535cc4f0
Generic Malware
Malicious Library
UPX
.NET framework(MSIL)
PE File
PE64
OS Processor Check
PowerShell
.NET EXE
PE32
Cryptocurrency Miner
Cryptocurrency
powershell
AutoRuns
PDB
Check memory
Checks debugger
Creates executable files
unpack itself
Windows utilities
suspicious process
AppData folder
WriteConsoleW
Windows
RCE
DNS
crashed
BitCoinMiner
CoinMiner
3
Info
×
usa-east.raptoreum.zone() -
185.157.162.126 -
31.220.102.19 -
1
Info
×
ET COINMINER W32/BitCoinMiner.MultiThreat Subscribe/Authorize Stratum Protocol Message
7.4
ZeroCERT
1926
2025-02-19 10:42
Invoice4231284.exe
f223c16f11e3c4350f34d51d44498877
njRAT
backdoor
Generic Malware
Malicious Library
Antivirus
UPX
PE File
MSOffice File
CAB
PE32
OS Processor Check
OS Name Check
DLL
PDB
suspicious privilege
Check memory
Checks debugger
buffers extracted
Creates executable files
unpack itself
AppData folder
AntiVM_Disk
VM Disk Size Check
Windows
ComputerName
RCE
DNS
Cryptographic key
2
Info
×
instance-mopgxp-relay.screenconnect.com() -
54.220.232.123 -
1
Info
×
ET INFO Observed DNS Query to Known ScreenConnect/ConnectWise Remote Desktop Service Domain
5.6
ZeroCERT
1927
2025-02-19 10:41
d.msi
ae5b94abf028388af1454ed76806cc6f
MSOffice File
CAB
Remcos
suspicious privilege
Check memory
Checks debugger
unpack itself
AntiVM_Disk
VM Disk Size Check
ComputerName
DNS
1
Info
×
185.157.162.126 -
1
Info
×
ET JA3 Hash - Remcos 3.x/4.x TLS Connection
2.4
ZeroCERT
1928
2025-02-19 10:39
mimikatz.exe
6b5c683727229742a54ef15742b1a351
Generic Malware
Malicious Library
Antivirus
UPX
PE File
PE32
OS Processor Check
PowerShell
powershell
AutoRuns
PDB
suspicious privilege
Check memory
Checks debugger
Creates shortcut
ICMP traffic
unpack itself
Windows utilities
powershell.exe wrote
suspicious process
AppData folder
sandbox evasion
WriteConsoleW
Windows
Browser
ComputerName
Cryptographic key
8.2
ZeroCERT
1929
2025-02-19 10:39
toyour.exe
8d04bc23c265be8dc918b1ba7d299cc8
Generic Malware
Malicious Library
UPX
PE File
PE32
OS Processor Check
PDB
WriteConsoleW
0.4
ZeroCERT
1930
2025-02-19 10:39
ncpa.cpl
39f596ff944812a4f788052306cc6043
Generic Malware
Malicious Library
UPX
PE File
DLL
PE32
OS Processor Check
PDB
0.2
ZeroCERT
1931
2025-02-19 10:36
setup1212.msi
ce10e9e6704cdf38666d71368b7c2a7c
Generic Malware
Malicious Library
MSOffice File
CAB
OS Processor Check
suspicious privilege
Check memory
Checks debugger
unpack itself
AntiVM_Disk
VM Disk Size Check
ComputerName
2
Keyword trend analysis
×
Info
×
http://kuueskmwqmwoocuq.xyz:443/api/client_hello - rule_id: 43990
http://kuueskmwqmwoocuq.xyz:443/api/client_hello
2
Info
×
kuueskmwqmwoocuq.xyz() -
31.192.232.4 -
1
Info
×
http://kuueskmwqmwoocuq.xyz:443/api/client_hello
1.8
ZeroCERT
1932
2025-02-18 18:32
PkgInfo
c162b5333eece2dcb4fe2665e5b66d5b
Downloader
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Hijack Network
Sniff Audio
HTTP
DNS
Code injection
Internet API
persistence
FTP
KeyLogger
P2P
AntiDebug
AntiVM
MSOffice File
Code Injection
RWX flags setting
unpack itself
Windows utilities
malicious URLs
Windows
DNS
1
Info
×
152.199.39.108 - mailcious
5.2
guest
1933
2025-02-18 18:31
icon.icns
dd555ff12fe4ecc24253344609786132
Downloader
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Hijack Network
Sniff Audio
HTTP
DNS
Code injection
Internet API
persistence
FTP
KeyLogger
P2P
AntiDebug
AntiVM
MSOffice File
Code Injection
RWX flags setting
unpack itself
Windows utilities
malicious URLs
Windows
DNS
1
Info
×
152.199.39.108 - mailcious
5.2
guest
1934
2025-02-18 18:31
Info.plist
56ebcffeaaad2fe9baec066cd278ca9c
Downloader
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Hijack Network
Sniff Audio
HTTP
DNS
Code injection
Internet API
persistence
FTP
KeyLogger
P2P
AntiDebug
AntiVM
MSOffice File
Code Injection
unpack itself
Windows utilities
malicious URLs
Windows
DNS
1
Info
×
152.199.39.108 - mailcious
4.8
guest
1935
2025-02-18 18:31
flilphbvd.exe
c45149f1e680fd612c2922e3ca2b2487
PE File
PE32
VirusTotal
Malware
crashed
2.2
M
57
ZeroCERT
First
Previous
121
122
123
124
125
126
127
128
129
130
Next
Last
Total : 53,366cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword
