Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
2221
2024-07-14 17:56
Q-backup.exe
55f03bade4a94d05b69e40b38b8554ae
Malicious Library
.NET framework(MSIL)
PE File
.NET EXE
PE32
VirusTotal
Malware
suspicious privilege
Check memory
Checks debugger
unpack itself
Windows
ComputerName
Cryptographic key
3.2
M
59
ZeroCERT
2222
2024-07-14 17:54
Microsoft_Service.exe
1644c4839846a1b6524e38071528a564
Malicious Library
Malicious Packer
Antivirus
.NET framework(MSIL)
UPX
PE File
.NET EXE
PE32
OS Processor Check
VirusTotal
Malware
Check memory
Checks debugger
unpack itself
2.0
M
63
ZeroCERT
2223
2024-07-14 17:53
Ndhqvdmn-1.exe
db361206702d61f0beff5f87508152e5
Generic Malware
Malicious Library
Antivirus
PE File
.NET EXE
PE32
VirusTotal
Malware
powershell
suspicious privilege
Check memory
Checks debugger
Creates shortcut
unpack itself
powershell.exe wrote
suspicious process
AppData folder
Windows
ComputerName
Cryptographic key
5.4
M
57
ZeroCERT
2224
2024-07-14 17:52
random.exe
233ea23b1c1587f1cf895f08ba6da10b
Malicious Library
UPX
PE File
PE32
OS Processor Check
VirusTotal
Malware
unpack itself
2.4
M
61
ZeroCERT
2225
2024-07-14 17:52
random.dll
0693990c67e447b84f9055a43cf88974
Malicious Library
PE File
DLL
PE32
VirusTotal
Malware
unpack itself
1.4
M
19
ZeroCERT
2226
2024-07-14 17:49
TG-Source-2.exe
6cdd7805c45cd8fe70d7ed669060d53c
Generic Malware
Malicious Library
.NET framework(MSIL)
Antivirus
PE File
.NET EXE
PE32
VirusTotal
Malware
suspicious privilege
Check memory
Checks debugger
Creates shortcut
unpack itself
suspicious process
AppData folder
Windows
ComputerName
Cryptographic key
4.4
M
58
ZeroCERT
2227
2024-07-14 17:49
overlay2.exe
276c27a0dde03ec7a01d2ae077a1ec0d
Malicious Library
.NET framework(MSIL)
PE File
.NET EXE
PE32
VirusTotal
Malware
suspicious privilege
Check memory
Checks debugger
unpack itself
Windows
ComputerName
Cryptographic key
3.2
M
62
ZeroCERT
2228
2024-07-14 17:47
build16666.exe
4640faeafa95ce219c649e9f5cbffd75
Generic Malware
Malicious Library
PE File
PE64
VirusTotal
Malware
Check memory
unpack itself
1.8
M
53
ZeroCERT
2229
2024-07-14 17:47
availableresearchpro.exe
73e3c089e5e10d52872ee4f434bd6d23
Gen1
Emotet
Malicious Library
UPX
Malicious Packer
.NET framework(MSIL)
PE File
PE64
CAB
.NET EXE
PE32
VirusTotal
Malware
AutoRuns
PDB
Check memory
Checks debugger
Creates executable files
unpack itself
AppData folder
Windows
ComputerName
Remote Code Execution
5.0
M
51
ZeroCERT
2230
2024-07-14 17:45
random.dll
f2c158f71dec27759a60227b449e848a
Malicious Library
PE File
DLL
PE32
VirusTotal
Malware
unpack itself
1.4
M
19
ZeroCERT
2231
2024-07-14 17:45
Trkyzwvg-TG-A.exe
2e12b69ae7aa5d931a6aa3bf554071df
Generic Malware
.NET framework(MSIL)
Antivirus
PE File
.NET EXE
PE32
VirusTotal
Malware
powershell
suspicious privilege
Check memory
Checks debugger
Creates shortcut
unpack itself
powershell.exe wrote
suspicious process
AppData folder
Windows
ComputerName
Cryptographic key
5.4
M
54
ZeroCERT
2232
2024-07-12 17:01
Sеtup.exe
56a5cb142c58843c3ed84e02d2af1a2c
Generic Malware
Admin Tool (Sysinternals etc ...)
UPX
PE File
PE32
Browser Info Stealer
VirusTotal
Malware
Malicious Traffic
Check memory
buffers extracted
unpack itself
Collect installed applications
suspicious TLD
anti-virtualization
installed browsers check
Browser
ComputerName
DNS
1
Keyword trend analysis
×
Info
×
http://tzeight8vt.top/v1/upload.php
2
Info
×
tzeight8vt.top(185.251.89.18)
185.251.89.18
2
Info
×
ET DNS Query to a *.top domain - Likely Hostile
ET INFO HTTP Request to a *.top domain
6.6
45
ZeroCERT
2233
2024-07-12 16:26
Update.js
aec7249b3d61d42aec7e3723176b5fb5
VBScript
wscript.exe payload download
Tofsee
crashed
Dropper
1
Keyword trend analysis
×
Info
×
https://trw.parish.chuathuongxot.org/orderReview
2
Info
×
trw.parish.chuathuongxot.org(23.95.182.12)
23.95.182.12 - mailcious
2
Info
×
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
10.0
guest
2234
2024-07-12 16:02
hm.hm.hm.hmhmhm.doc
84bafe55d9087cdfce20ebdd74b8610f
MS_RTF_Obfuscation_Objects
RTF File
doc
VirusTotal
Malware
Malicious Traffic
exploit crash
unpack itself
Tofsee
Exploit
DNS
crashed
3
Keyword trend analysis
×
Info
×
http://139.99.220.222/55066/crosscheckrosefloweronhairbeauty.gIF
https://pastecode.dev/raw/6l7qjjrz/paste1.txt - rule_id: 41177
https://ia803405.us.archive.org/16/items/new_image_202406/new_image.jpg
5
Info
×
pastecode.dev(172.66.43.27) - mailcious
ia803405.us.archive.org(207.241.232.195) - mailcious
207.241.232.195 - mailcious
172.66.43.27 - mailcious
139.99.220.222 - malware
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
1
Info
×
https://pastecode.dev/raw/6l7qjjrz/paste1.txt
4.6
M
33
ZeroCERT
2235
2024-07-12 16:01
crosscheckrosefloweronhairbeau...
7921681c6200952fdf2db1a77381ac24
Generic Malware
Antivirus
PowerShell
VirusTotal
Malware
VBScript
powershell
suspicious privilege
Check memory
Checks debugger
wscript.exe payload download
Creates shortcut
unpack itself
Check virtual network interfaces
suspicious process
WriteConsoleW
Tofsee
Windows
ComputerName
Cryptographic key
Dropper
2
Keyword trend analysis
×
Info
×
https://pastecode.dev/raw/6l7qjjrz/paste1.txt - rule_id: 41177
https://ia803405.us.archive.org/16/items/new_image_202406/new_image.jpg
4
Info
×
pastecode.dev(172.66.43.27) - mailcious
ia803405.us.archive.org(207.241.232.195) - mailcious
172.66.40.229 - mailcious
207.241.232.195 - mailcious
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
1
Info
×
https://pastecode.dev/raw/6l7qjjrz/paste1.txt
10.0
M
8
ZeroCERT
First
Previous
141
142
143
144
145
146
147
148
149
150
Next
Last
Total : 48,243cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword