Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
2341
2024-07-11 09:25
2.exe
f1c70c7cb29d5327ead87fc87f5be9aa
Malicious Library
UPX
PE File
PE32
OS Processor Check
VirusTotal
Malware
unpack itself
2.4
M
51
ZeroCERT
2342
2024-07-11 09:24
1qWbf4Bsej2u.exe
0e9459f87d4d72ca3f3fb54af7432de9
Generic Malware
Malicious Library
Malicious Packer
UPX
DllRegisterServer
dll
PE File
PE64
OS Processor Check
VirusTotal
Malware
1.0
M
32
ZeroCERT
2343
2024-07-11 09:23
1.exe
835246232dbb706d3958d28677176332
Malicious Library
UPX
PE File
PE32
OS Processor Check
VirusTotal
Malware
unpack itself
2.2
M
32
ZeroCERT
2344
2024-07-11 09:22
c.exe
2cf12d7981e0434dbd32f02c9b5647f2
Malicious Library
.NET framework(MSIL)
AntiDebug
AntiVM
PE File
.NET EXE
PE32
VirusTotal
Malware
PDB
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
Windows
DNS
Cryptographic key
crashed
1
Info
×
104.243.242.165
10.2
M
27
ZeroCERT
2345
2024-07-11 09:22
3.exe
293460728c83e7be2fccc67283815c03
Malicious Library
UPX
PE File
PE32
OS Processor Check
VirusTotal
Malware
unpack itself
2.4
M
55
ZeroCERT
2346
2024-07-11 09:21
a.exe
56fae07d0d9ee560ef2fb4c536868b11
Malicious Library
.NET framework(MSIL)
DNS
AntiDebug
AntiVM
PE File
.NET EXE
PE32
VirusTotal
Malware
Buffer PE
AutoRuns
PDB
suspicious privilege
MachineGuid
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
human activity check
Windows
DNS
DDNS
3
Info
×
maxlogs.webhop.me() - mailcious
newsddawork.3utilities.com(104.243.242.169)
104.243.242.169
2
Info
×
ET POLICY DNS Query to DynDNS Domain *.3utilities .com
ET POLICY DNS Query to DynDNS Domain *.webhop .me
13.4
M
42
ZeroCERT
2347
2024-07-11 09:18
gh.gh.gh.ghghghgh.doc
feb6e59fff619a84e6e391a4c95a6650
MS_RTF_Obfuscation_Objects
RTF File
doc
Malware download
VirusTotal
Malware
Malicious Traffic
exploit crash
unpack itself
Tofsee
Exploit
DNS
crashed
3
Keyword trend analysis
×
Info
×
http://139.99.220.222/66266/ucancrosstheflowerbeautiytogetin.gIF
http://198.46.176.133/Upload/vbs.jpeg
https://pastecode.dev/raw/6l7qjjrz/paste1.txt
4
Info
×
pastecode.dev(172.66.43.27) - mailcious
172.66.40.229 - mailcious
198.46.176.133
139.99.220.222
3
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET MALWARE Base64 Encoded MZ In Image
ET MALWARE Malicious Base64 Encoded Payload In Image
4.8
M
40
ZeroCERT
2348
2024-07-11 09:17
ghj.ghj.ghj.ghj.doc
d55328b7b87c986b84e60450453840c1
MS_RTF_Obfuscation_Objects
RTF File
doc
VirusTotal
Malware
RWX flags setting
exploit crash
Exploit
crashed
3.2
34
ZeroCERT
2349
2024-07-10 22:48
4b98d2919533ab614a7571aa0ef7c8...
ad27be427dd7f922143e57fd1fa64f98
Browser Login Data Stealer
Generic Malware
Downloader
Malicious Library
Malicious Packer
UPX
PE File
PE32
OS Processor Check
JPEG Format
VirusTotal
Malware
AutoRuns
Check memory
Creates executable files
unpack itself
suspicious process
AppData folder
Windows
DNS
keylogger
1
Info
×
185.157.162.75 - mailcious
9.8
29
guest
2350
2024-07-10 22:42
4b98d2919533ab614a7571aa0ef7c8...
ad27be427dd7f922143e57fd1fa64f98
Browser Login Data Stealer
Generic Malware
Downloader
Malicious Library
Malicious Packer
UPX
PE File
PE32
OS Processor Check
JPEG Format
VirusTotal
Malware
AutoRuns
Check memory
Creates executable files
unpack itself
suspicious process
AppData folder
Windows
DNS
keylogger
1
Info
×
185.157.162.75 - mailcious
9.2
29
guest
2351
2024-07-10 16:10
Plugin_0703.exe.bak
7fb098ac9cc8d730ac0ea7111805a553
Emotet
Gen1
Generic Malware
Malicious Library
UPX
Antivirus
PE File
PE32
CAB
OS Processor Check
DLL
Lnk Format
GIF Format
ZIP Format
AutoRuns
Checks debugger
Creates shortcut
Creates executable files
unpack itself
Windows utilities
Auto service
AntiVM_Disk
sandbox evasion
Firewall state off
VM Disk Size Check
Windows
Browser
ComputerName
Remote Code Execution
7.6
guest
2352
2024-07-10 13:45
wh.vbs
23454878fb50859c4849ac2b6e256789
Generic Malware
Antivirus
VirusTotal
Malware
powershell
suspicious privilege
Check memory
Checks debugger
Creates shortcut
unpack itself
Windows utilities
Check virtual network interfaces
suspicious process
WriteConsoleW
Tofsee
Windows
ComputerName
Cryptographic key
4
Info
×
www.almrwad.com(184.171.244.231) - mailcious
www.erp-royal-crown.info(148.251.114.233)
148.251.114.233
184.171.244.231 - mailcious
3
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
SURICATA TLS invalid record type
SURICATA TLS invalid record/traffic
8.4
22
ZeroCERT
2353
2024-07-10 13:43
mg.vbs
8df76af54c38d5d4c2cd9f6d18eedf92
Generic Malware
Antivirus
VirusTotal
Malware
powershell
suspicious privilege
Check memory
Checks debugger
Creates shortcut
unpack itself
Windows utilities
Check virtual network interfaces
suspicious process
WriteConsoleW
Tofsee
Windows
ComputerName
Cryptographic key
4
Info
×
www.almrwad.com(184.171.244.231) - mailcious
www.erp-royal-crown.info(148.251.114.233)
148.251.114.233
184.171.244.231 - mailcious
3
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
SURICATA TLS invalid record type
SURICATA TLS invalid record/traffic
8.2
19
ZeroCERT
2354
2024-07-10 13:42
rustdesk.exe
05d5f32d7a756924b7480ea0e3a36152
Generic Malware
Malicious Library
WinRAR
UPX
PE File
PE32
OS Processor Check
VirusTotal
Malware
PDB
suspicious privilege
Check memory
Checks debugger
Creates executable files
sandbox evasion
WriteConsoleW
Windows
Remote Code Execution
5.2
M
22
ZeroCERT
2355
2024-07-10 13:39
sostener.vbs
af7ba7e4a9c914e8497936eb7b6ae725
Generic Malware
Antivirus
PowerShell
VBScript
powershell
suspicious privilege
Check memory
Checks debugger
wscript.exe payload download
Creates shortcut
unpack itself
Check virtual network interfaces
suspicious process
WriteConsoleW
Tofsee
Windows
ComputerName
Cryptographic key
Dropper
2
Keyword trend analysis
×
Info
×
https://pastecode.dev/raw/6l7qjjrz/paste1.txt
https://ia803405.us.archive.org/16/items/new_image_202406/new_image.jpg
4
Info
×
pastecode.dev(172.66.43.27)
ia803405.us.archive.org(207.241.232.195) - mailcious
172.66.40.229
207.241.232.195 - mailcious
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
10.0
ZeroCERT
First
Previous
151
152
153
154
155
156
157
158
159
160
Next
Last
Total : 48,289cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword
