Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
2176
2025-02-06 10:04
cann.exe
ba355806bff2f47d72c0ae2d2a2419c4
PE File
.NET EXE
PE32
VirusTotal
Malware
Check memory
Checks debugger
unpack itself
Check virtual network interfaces
Tofsee
Windows
2
Info
×
files.catbox.moe(108.181.20.39) -
108.181.20.39 -
2
Info
×
ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
3.2
21
ZeroCERT
2177
2025-02-06 10:00
svc1.exe
63d0e572062c5bfc60fa8496cebe6ca9
Malicious Library
AntiDebug
AntiVM
PE File
.NET EXE
PE32
VirusTotal
Malware
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
DNS
crashed
1
Info
×
81.19.131.103 -
8.6
52
ZeroCERT
2178
2025-02-06 09:59
filfin1.exe
539de3d8e30e9e8b8f70406ee4878782
Malicious Library
UPX
PE File
PE32
OS Processor Check
ZeroCERT
2179
2025-02-06 09:58
MPDWforXLAconstraints.vbs
30761ad802d17370d44fd758d483a95b
Generic Malware
Malicious Library
Antivirus
VirusTotal
Malware
powershell
suspicious privilege
Malicious Traffic
Check memory
Checks debugger
Creates shortcut
unpack itself
Check virtual network interfaces
suspicious process
WriteConsoleW
Tofsee
Windows
ComputerName
Cryptographic key
1
Keyword trend analysis
×
Info
×
https://res.cloudinary.com/daxwua63y/image/upload/v1738334533/alcb4htolzvfhzzufqh5.jpg
2
Info
×
res.cloudinary.com(23.46.236.45) -
23.46.236.45 -
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
9.2
16
ZeroCERT
2180
2025-02-06 09:58
bot.dll
245749553e7194636b0f78e7dea115ef
Generic Malware
Malicious Library
Malicious Packer
UPX
PE File
DLL
PE64
OS Processor Check
VirusTotal
Malware
Checks debugger
unpack itself
DNS
crashed
1
Info
×
18.179.18.153 -
2.6
44
ZeroCERT
2181
2025-02-05 14:57
winX32.exe
eee37f6f66eafa13d9555dfc9ccb3805
njRAT
PE File
.NET EXE
PE32
GIF Format
Lnk Format
VirusTotal
Malware
AutoRuns
suspicious privilege
Check memory
Checks debugger
Creates shortcut
Creates executable files
unpack itself
Windows utilities
AppData folder
human activity check
Windows
ComputerName
DNS
DDNS
2
Info
×
sosomyhestor.ddns.net(46.153.112.54)
46.153.112.54
1
Info
×
ET POLICY DNS Query to DynDNS Domain *.ddns .net
7.4
M
56
r0d
2182
2025-02-05 12:13
random.exe
f662cb18e04cc62863751b672570bd7d
Themida
UPX
PE File
PE32
Browser Info Stealer
RedLine
Malware download
FTP Client Info Stealer
VirusTotal
Malware
suspicious privilege
Malicious Traffic
Check memory
Checks debugger
buffers extracted
unpack itself
Checks Bios
Collect installed applications
Detects VMWare
Check virtual network interfaces
VMware
anti-virtualization
installed browsers check
Tofsee
Stealer
Windows
Browser
ComputerName
DNS
Cryptographic key
Software
crashed
2
Keyword trend analysis
×
Info
×
http://103.84.89.222:33791/
https://api.ip.sb/geoip
3
Info
×
api.ip.sb(104.26.13.31)
103.84.89.222
104.26.13.31
4
Info
×
ET MALWARE RedLine Stealer - CheckConnect Response
ET MALWARE Win32/LeftHook Stealer Browser Extension Config Inbound
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
SURICATA HTTP unable to match response to request
10.8
M
58
ZeroCERT
2183
2025-02-05 11:28
black.exe
740b99fb0515f52ae740be4abce39747
Generic Malware
Malicious Library
Malicious Packer
UPX
PE File
PE64
OS Processor Check
VirusTotal
Malware
DNS
1
Info
×
146.59.154.106
1.8
M
52
ZeroCERT
2184
2025-02-05 11:25
DevMI.exe
5f2f1ae240812065799e8c05d3a01aa7
Generic Malware
PE File
PE64
VirusTotal
Malware
unpack itself
DNS
2
Info
×
xmr-eu1.nanopool.org(212.47.253.124) - mailcious
146.59.154.106
1
Info
×
ET POLICY Observed DNS Query to Coin Mining Domain (nanopool .org)
2.0
M
59
ZeroCERT
2185
2025-02-05 11:22
cjrimgid.exe
807dadd8710a7b570ed237fd7cd1aa4b
Generic Malware
Malicious Library
UPX
PE File
PE32
OS Processor Check
VirusTotal
Malware
Telegram
PDB
Malicious Traffic
Tofsee
ComputerName
DNS
2
Keyword trend analysis
×
Info
×
https://steamcommunity.com/profiles/76561199824159981
https://t.me/sok33tn
5
Info
×
t.me(149.154.167.99) - mailcious
steamcommunity.com(104.74.170.104) - mailcious
149.154.167.99 - mailcious
104.74.170.104 - mailcious
95.217.25.45
3
Info
×
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO Observed Telegram Domain (t .me in TLS SNI)
4.4
M
49
ZeroCERT
2186
2025-02-05 11:20
exacag.exe
42994901f5bc8b43588bb54889f1db81
Malicious Library
.NET framework(MSIL)
UPX
PE File
.NET EXE
PE32
OS Processor Check
VirusTotal
Malware
Check memory
Checks debugger
unpack itself
2.0
M
57
ZeroCERT
2187
2025-02-05 11:18
CPDB.exe
daf531be28ca056a8e9a40966ab83cf0
AsyncRAT
Malicious Library
Malicious Packer
.NET framework(MSIL)
UPX
PE File
.NET EXE
PE32
OS Processor Check
VirusTotal
Malware
2
Info
×
otrodia8912.gleeze.com(45.157.233.241)
45.157.233.241
1
Info
×
ET INFO DYNAMIC_DNS Query to a *.gleeze .com Domain
2.2
M
53
ZeroCERT
2188
2025-02-05 11:17
setupqw.msi
05b777e864c9f032329acadbc747309b
Generic Malware
Malicious Library
MSOffice File
CAB
OS Processor Check
VirusTotal
Malware
suspicious privilege
Check memory
Checks debugger
unpack itself
AntiVM_Disk
VM Disk Size Check
ComputerName
1
Keyword trend analysis
×
Info
×
http://kagkimuoakomksww.xyz:443/api/client_hello
2
Info
×
kagkimuoakomksww.xyz(92.118.10.45)
92.118.10.45
2.6
M
20
ZeroCERT
2189
2025-02-05 11:13
1.exe
f3388b09788fed42a72a7814e4a11f0c
Antivirus
UPX
PE File
.NET EXE
PE32
OS Processor Check
VirusTotal
Malware
suspicious privilege
MachineGuid
Check memory
Checks debugger
unpack itself
AntiVM_Disk
VM Disk Size Check
Windows
ComputerName
DNS
Cryptographic key
1
Info
×
46.153.112.54
4.6
M
51
ZeroCERT
2190
2025-02-05 11:11
winX32.exe
eee37f6f66eafa13d9555dfc9ccb3805
PE File
.NET EXE
PE32
Lnk Format
GIF Format
Malware download
njRAT
VirusTotal
Malware
AutoRuns
suspicious privilege
Checks debugger
Creates shortcut
Creates executable files
unpack itself
Windows utilities
AppData folder
human activity check
Windows
ComputerName
DNS
DDNS
crashed
2
Info
×
sosomyhestor.ddns.net(46.153.112.54)
46.153.112.54
2
Info
×
ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
ET POLICY DNS Query to DynDNS Domain *.ddns .net
6.4
57
ZeroCERT
First
Previous
141
142
143
144
145
146
147
148
149
150
Next
Last
Total : 53,458cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword
