Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	VT	Player
2461	2025-02-03 10:18	cvss.exe 94ad08c4c062395902f0babda98c66c1 Process Kill Generic Malware Malicious Library FindFirstVolume CryptGenKey UPX PE File Device_File_Check PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger	2 Keyword trend analysis	6	6 Info ET INFO External IP Address Lookup Domain in DNS Lookup (reallyfreegeoip .org) ET POLICY External IP Lookup - checkip.dyndns.org ET INFO 404/Snake/Matiex Keylogger Style External IP Check ET INFO External IP Lookup Domain in DNS Query (checkip .dyndns .org) ET INFO External IP Lookup Service Domain (reallyfreegeoip .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	8.2	38	ZeroCERT

2462	2025-02-03 10:17	svc.exe 8b85497783857bcbc16bc7f0a24a7aec Malicious Library PE File PE32 VirusTotal Malware unpack itself RCE				1.8	53	ZeroCERT

2463	2025-02-03 10:16	6.exe ebb6e511ac2ce8c76dbe6fd308eb27ec Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB Checks debugger RCE				2.6	54	ZeroCERT

2464	2025-02-03 10:15	16.exe 04b5aaf415d009730bc16cab6805ba77 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB Checks debugger RCE				2.6	54	ZeroCERT

2465	2025-02-03 10:14	layer.html 5393441cbdb2545f96d200dfe60fb39b Generic Malware Antivirus AntiDebug AntiVM VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut RWX flags setting unpack itself Windows utilities powershell.exe wrote suspicious process Windows ComputerName Cryptographic key				7.8	14	ZeroCERT

2466	2025-02-03 10:13	systemsound.exe 559321a213a4b595bf07b50e8c8dbb72 .NET framework(MSIL) PE File .NET EXE PE32 VirusTotal Malware Buffer PE suspicious privilege Check memory Checks debugger buffers extracted unpack itself Windows ComputerName Cryptographic key crashed				4.4	53	ZeroCERT

2467	2025-02-03 10:12	4422_8390.exe cd924dc9cb81d4fb6661bf3f0ce16f73 Emotet Generic Malware Malicious Library Malicious Packer UPX PE File PE32 OS Processor Check VirusTotal Malware Buffer PE AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files ICMP traffic unpack itself Windows utilities Windows ComputerName RCE DNS Cryptographic key crashed		3		11.0	52	ZeroCERT

2468	2025-02-03 10:12	42.exe 723fa883af9333610ece38b0300a87e8 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB Checks debugger RCE				2.6	55	ZeroCERT

2469	2025-02-03 10:11	UIServices.exe 4376ea4b5ba0f8a061dc18342267e85c Generic Malware Malicious Library Malicious Packer .NET framework(MSIL) UPX Anti_VM PE File .NET EXE PE32 OS Processor Check JPEG Format VirusTotal Malware Telegram Malicious Traffic Windows utilities IP Check Tofsee Windows DNS	2 Keyword trend analysis	6	7 Info ET INFO External IP Lookup Domain in DNS Lookup (icanhazip .com) ET HUNTING Telegram API Domain in DNS Lookup ET POLICY IP Check Domain (icanhazip. com in HTTP Host) ET INFO TLS Handshake Failure ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Observed Wifi Geolocation Domain (api .mylnikov .org in TLS SNI)	2.8	60	ZeroCERT

2470	2025-02-03 10:10	svc2.exe 5c1afd27623185ab5fafe9753c2d92db Malicious Library AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted unpack itself crashed				8.0	48	ZeroCERT

2471	2025-02-03 10:09	rcdll.dll 924239278b93e09b6e97125a18079f70 UPX PE File DLL PE64 OS Processor Check VirusTotal Malware PDB				1.2	37	ZeroCERT

2472	2025-02-03 10:07	updater.exe a1222bb3d73146d41d0af6fe8937ca42 Generic Malware Malicious Library UPX PE File ftp PE64 OS Processor Check VirusTotal Malware PDB				1.4	42	ZeroCERT

2473	2025-02-03 10:06	EmmetPROD.exe d62a00606fb383476db2c7f057f417f2 Downloader Antivirus UPX PE File PE32 OS Processor Check VirusTotal Malware PDB Checks debugger WMI unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS crashed keylogger	1 Keyword trend analysis	1		6.2	48	ZeroCERT

2474	2025-02-03 10:05	SearchUI.exe d72791d9eb757581772716a7573c4a4c UPX PE File PE32 OS Processor Check VirusTotal Malware suspicious privilege anti-virtualization				3.0	34	ZeroCERT

2475	2025-02-03 10:02	yoda.exe db05af12adf9bec6dc7db5e6b63cd537 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check CAB VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files Windows utilities suspicious process AppData folder sandbox evasion WriteConsoleW Windows ComputerName				6.8	52	ZeroCERT