Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
2071	2025-02-18 17:59	bug_report.md 22deaa2a857a964e2d6009a8daad2e19 Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File Code Injection RWX flags setting unpack itself Windows utilities malicious URLs Windows DNS		1		5.2			guest

2072	2025-02-18 17:59	feature_request.md 4bbb0812310331153f28c0e0eebba33c Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File Code Injection RWX flags setting unpack itself Windows utilities malicious URLs Windows DNS		1		5.2			guest

2073	2025-02-18 17:58	feature_request.md 4bbb0812310331153f28c0e0eebba33c Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File Code Injection RWX flags setting unpack itself Windows utilities malicious URLs Windows DNS		1		5.2			guest

2074	2025-02-18 17:58	bug_report.md 22deaa2a857a964e2d6009a8daad2e19 Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File Code Injection RWX flags setting unpack itself Windows utilities malicious URLs Windows DNS		1		5.2			guest

2075	2025-02-18 17:58	ogprjsirbfuw.exe 2f0e35af8216efda756f9bd78b83fa9c Malicious Library Antivirus UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check Windows ComputerName Cryptographic key				4.0	M	58	ZeroCERT

2076	2025-02-18 17:58	cjitigjfktti.exe 9a25f9aa3d34d382fbfe05cef7196267 PE File PE32 VirusTotal Malware unpack itself ComputerName crashed				2.8	M	61	ZeroCERT

2077	2025-02-18 17:55	feature_request.md 4bbb0812310331153f28c0e0eebba33c Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File Code Injection RWX flags setting unpack itself Windows utilities malicious URLs Windows DNS		1		5.2			guest

2078	2025-02-18 17:55	bug_report.md 22deaa2a857a964e2d6009a8daad2e19 Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File Code Injection RWX flags setting unpack itself Windows utilities malicious URLs Windows DNS		1		5.2			guest

2079	2025-02-18 17:54	oiuyjikdkjg.exe b56db4ebf7110c1083550ed83a03df17 Generic Malware Malicious Library UPX PE File PE64 OS Processor Check VirusTotal Malware PDB MachineGuid Tofsee	1 Keyword trend analysis	2	2	2.2	M	51	ZeroCERT

2080	2025-02-18 17:54	cabal.exe c70277566ea794b1017c1c2c635799da Emotet Generic Malware Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 DLL OS Processor Check .NET DLL MSOffice File CAB VirusTotal Malware Buffer PE PDB suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder Ransomware Windows Update DNS Cryptographic key	67 Keyword trend analysis Info http://168.138.162.78/output/client/Data/Language/English/help.enc http://168.138.162.78/output/client/Data/extra_obj.enc http://168.138.162.78/output/client/Data/data.enc http://168.138.162.78/output/client/Data/FX/SRC/ebm/skull_13_keep_r2.ebm http://168.138.162.78/output/client/Data/cont2.enc http://168.138.162.78/output/client/Data/Language/English/cont_msg.enc http://168.138.162.78/output/client/Data/UI/Theme1/ui_texture0.dds http://168.138.162.78/output//client/update.exe http://168.138.162.78/output/client/Data/Sound/BGM/Gilas-Cabal.ogg http://168.138.162.78/output/client/Data/Language/English/script_msg.enc http://168.138.162.78/output/client/Data/help.enc http://168.138.162.78/output/client/Data/ability.enc http://168.138.162.78/output/client/Data/smob.enc http://168.138.162.78/output/client/Data/UI/Theme1/ui_texture10.dds http://168.138.162.78/output/client/Data/Item/arms/Skull_13_keep.EBM http://168.138.162.78/output/client/Data/UI/Icon/craft127.dds http://168.138.162.78/output/client/Data/Object/Character/man8.ech http://168.138.162.78/output/client/Data/Map/world_01.mcl http://168.138.162.78/output/client/Data/cont.enc http://168.138.162.78/output/client/Data/item.enc http://168.138.162.78/output/client/Data/mob.enc http://168.138.162.78/output/client/Data/Language/English/cabal_msg.enc http://168.138.162.78/output/client/Data/FX/EFX/buff/mbuff_keep__888.efx http://168.138.162.78/output/client/Data/Language/English/klog.enc http://168.138.162.78/output/client/Data/Language/English/achievement_msg.enc http://168.138.162.78/output/client/Data/UI/Icon/craft121.dds http://168.138.162.78/output/client/Data/keymap.enc http://168.138.162.78/output/updates/update_1.7z http://168.138.162.78/output/client/Data/UI/Icon/craft122.dds http://168.138.162.78/output/client/Data/achievement.enc http://168.138.162.78/output/client/Data/quest.enc http://168.138.162.78/output/client/Data/FX/EFX/Arms/skull_13_keep_15.efx http://168.138.162.78/output//client/SevenZipSharp.dll http://168.138.162.78/output/client/Data/Language/English/cont2_msg.enc http://168.138.162.78/output/client/Data/cabal.enc http://168.138.162.78/output/client/Data/caz.enc http://168.138.162.78/output//client/7z.dll http://168.138.162.78/output/client/Data/Item/bike/bike_46.ebm http://168.138.162.78/output/client/Data/Language/English/script.enc http://168.138.162.78/output/client/Data/FX/SRC/ebm/skull_13_keep_r.ebm http://168.138.162.78/output/client/Data/Language/English/extra_obj_msg.enc http://168.138.162.78/output/client/Data/Language/English/keymap_msg.enc http://168.138.162.78/output/client/Data/destroy.enc http://168.138.162.78/output/client/Data/title.enc http://168.138.162.78/output/client/Data/Language/English/caz_msg.enc http://168.138.162.78/output/client/Data/Language/English/tip.enc http://168.138.162.78/output/client/Data/mobex.enc http://168.138.162.78/output/client/Data/global.enc http://168.138.162.78/output//resources.xml http://168.138.162.78/output/client/Data/mapinfo.enc http://168.138.162.78/output/client/Data/UI/Icon/craft123.dds http://168.138.162.78/output/client/Data/assistant.enc http://168.138.162.78/output/client/Data/UI/Icon/craft128.dds http://168.138.162.78/output/client/custom.dll http://168.138.162.78/output/client/Data/market.enc http://168.138.162.78/output/client/Data/FX/EFX/Arms/skull_13_keep.efx http://168.138.162.78/output/client/Data/msg.enc http://168.138.162.78/output/client/Data/Language/English/msg.enc http://168.138.162.78/output/client/Data/FX/SRC/ebm/skull_13_keep_r3.ebm http://168.138.162.78/output/client/Data/change_shape.enc http://168.138.162.78/output//client/System.Windows.Interactivity.dll http://168.138.162.78/output/client/Data/maze.enc http://168.138.162.78/output/client/Data/usersetting.dat http://168.138.162.78/output/client/Data/Language/English/language.enc http://168.138.162.78/output/client/Data/klog.enc http://168.138.162.78/output/client/Data/Sound/BGM/cabal_bgm.ini http://168.138.162.78/output/client/Data/UI/Theme1/ui_texture1.dds	2	7 Info ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO Dotted Quad Host DLL Request ET INFO Packed Executable Download ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)	9.8	M	47	guest

2081	2025-02-18 17:53	bug_report.md 22deaa2a857a964e2d6009a8daad2e19 Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File Code Injection RWX flags setting unpack itself Windows utilities malicious URLs Windows DNS		1		5.2			guest

2082	2025-02-18 17:52	ltohjksef.exe d52a100e13740fcba59d39de72dc87b4 PE File PE32 VirusTotal Malware unpack itself ComputerName crashed				2.8	M	59	ZeroCERT

2083	2025-02-18 17:51	feature_request.md 4bbb0812310331153f28c0e0eebba33c Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File Code Injection RWX flags setting unpack itself Windows utilities malicious URLs Windows DNS		1		5.2			guest

2084	2025-02-18 17:50	bug_report.md 22deaa2a857a964e2d6009a8daad2e19 Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File Code Injection RWX flags setting unpack itself Windows utilities malicious URLs Windows DNS		1		5.2			guest

2085	2025-02-18 17:49	girpwkfuejs.exe 3bb795264a7175510c8c9ef53ababd30 Antivirus UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check Windows ComputerName Cryptographic key				4.0	M	57	ZeroCERT