Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
2671
2024-06-27 17:17
부가가치세 수정신고 안내(부가가치세사무처리규정).hwp...
6eee6fa92a270b1f32390eec50512eea
Generic Malware
Malicious Library
Antivirus
HWP
PS
PostScript
AntiDebug
AntiVM
GIF Format
Lnk Format
PE File
PE32
CAB
JPEG Format
MSOffice File
Malware download
VirusTotal
Malware
Campaign
powershell
suspicious privilege
Code Injection
Malicious Traffic
Check memory
Checks debugger
Creates shortcut
Creates executable files
unpack itself
Windows utilities
suspicious process
WriteConsoleW
Konni
Windows
ComputerName
Cryptographic key
2
Keyword trend analysis
×
Info
×
http://stvse.com/upload.php - rule_id: 40637
http://stvse.com/upload.php
2
Info
×
stvse.com(176.97.64.174)
176.97.64.174 - mailcious
1
Info
×
ET MALWARE [ANY.RUN] Konni.APT Exfiltration
1
Info
×
http://stvse.com/upload.php
9.0
17
ZeroCERT
2672
2024-06-27 17:12
build2.exe
335a64e110185d35bcfbc3ef86a382e9
Client SW User Data Stealer
LokiBot
ftp Client
info stealer
Generic Malware
Malicious Library
UPX
Http API
PWS
Code injection
AntiDebug
AntiVM
PE File
PE32
OS Processor Check
FTP Client Info Stealer
VirusTotal
Malware
Telegram
MachineGuid
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
WMI
unpack itself
Windows utilities
Collect installed applications
suspicious process
AppData folder
malicious URLs
sandbox evasion
WriteConsoleW
anti-virtualization
installed browsers check
Tofsee
Windows
Browser
ComputerName
DNS
Software
2
Keyword trend analysis
×
Info
×
https://steamcommunity.com/profiles/76561199695752269
https://t.me/ta904ek
5
Info
×
t.me(149.154.167.99) - mailcious
steamcommunity.com(23.59.200.146) - mailcious
149.154.167.99 - mailcious
184.26.241.154 - mailcious
65.21.109.161
3
Info
×
ET INFO TLS Handshake Failure
ET INFO Observed Telegram Domain (t .me in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
15.8
M
59
ZeroCERT
2673
2024-06-27 13:25
Result_2024-0617.pdf.jse
20e2de2d794dfff774b71b6dd2294a96
Client SW User Data Stealer
browser
info stealer
Generic Malware
Suspicious_Script_Bin
Hide_EXE
Google
Chrome
User Data
Downloader
Antivirus
Malicious Library
Malicious Packer
UPX
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal cr
Browser Info Stealer
VirusTotal
Malware
United States
powershell
AutoRuns
suspicious privilege
Code Injection
Check memory
Checks debugger
Creates shortcut
exploit crash
unpack itself
Windows utilities
suspicious process
malicious URLs
WriteConsoleW
installed browsers check
Windows
Exploit
Browser
ComputerName
Cryptographic key
crashed
1
Keyword trend analysis
×
Info
×
http://image.ionexusa.com/view.php
1
Info
×
image.ionexusa.com(127.0.0.1) - mailcious
1
Info
×
ET INFO DYNAMIC_DNS Query to a *.ionexusa .com Domain
13.0
24
ZeroCERT
2674
2024-06-27 10:27
hv.exe
6a1db4f73db4ed058c8cd7e04dfa7cc3
Malicious Library
Malicious Packer
Admin Tool (Sysinternals etc ...)
.NET framework(MSIL)
UPX
PWS
AntiDebug
AntiVM
PE File
.NET EXE
PE32
DLL
OS Processor Check
VirusTotal
Malware
Buffer PE
PDB
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
Creates executable files
unpack itself
Windows utilities
Check virtual network interfaces
AppData folder
Tofsee
Windows
ComputerName
DNS
Cryptographic key
crashed
1
Keyword trend analysis
×
Info
×
https://pastebin.com/raw/A54sKxhY - rule_id: 38719
3
Info
×
pastebin.com(172.67.19.24) - mailcious
104.20.3.235 - malware
194.26.29.153
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
1
Info
×
https://pastebin.com/raw/A54sKxhY
12.6
M
54
ZeroCERT
2675
2024-06-27 10:24
ama.exe
04055601abbd16ec6cc9e02450c19381
Generic Malware
Malicious Library
Malicious Packer
UPX
PE File
PE32
OS Processor Check
VirusTotal
Malware
AutoRuns
unpack itself
AppData folder
AntiVM_Disk
VM Disk Size Check
Windows
3.4
M
63
ZeroCERT
2676
2024-06-27 10:22
3.exe
84c6c6c2620a690c0cc77fc438396837
Malicious Library
UPX
PE File
PE32
OS Processor Check
VirusTotal
Malware
1.2
M
26
ZeroCERT
2677
2024-06-27 10:20
O3B6wY7ZkFhh.exe
9b297a1485665aef1a926f7cd322c932
Generic Malware
Malicious Library
Malicious Packer
UPX
PE File
PE64
DllRegisterServer
dll
OS Processor Check
VirusTotal
Malware
crashed
1.4
M
27
ZeroCERT
2678
2024-06-27 10:18
cp.exe
97256cf11c9109c24fde65395fef1306
Generic Malware
Malicious Library
Malicious Packer
UPX
PE File
PE32
OS Processor Check
VirusTotal
Malware
AutoRuns
unpack itself
AppData folder
AntiVM_Disk
VM Disk Size Check
Windows
3.4
M
59
ZeroCERT
2679
2024-06-27 10:16
payload.bin
48cc44c908f2b564daf679a93a7259b6
AntiDebug
AntiVM
ELF
VirusTotal
Email Client Info Stealer
Malware
suspicious privilege
Checks debugger
Creates shortcut
unpack itself
installed browsers check
Browser
Email
ComputerName
4.4
M
39
ZeroCERT
2680
2024-06-27 10:16
a.p.l.n.doc
6e11c40fcc227fab4b32f8c3b275b57c
MS_RTF_Obfuscation_Objects
RTF File
doc
VirusTotal
Malware
Malicious Traffic
buffers extracted
RWX flags setting
exploit crash
Tofsee
Exploit
DNS
crashed
2
Keyword trend analysis
×
Info
×
https://paste.ee/d/i2CFj
http://91.92.244.199/xampp/apln/bringbeautifulflowerimages.gif
3
Info
×
paste.ee(104.21.84.67) - mailcious
172.67.187.200 - mailcious
91.92.244.199 - mailcious
3
Info
×
ET DROP Spamhaus DROP Listed Traffic Inbound group 13
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
5.0
M
38
ZeroCERT
2681
2024-06-27 10:14
ma.exe
a3fb2b623f4490ae1979fea68cfe36d6
Downloader
Malicious Library
Malicious Packer
UPX
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Sniff Audio
HTTP
DNS
Code injection
Internet API
FTP
KeyLogger
P2P
AntiDebug
AntiVM
PE File
PE64
VirusTotal
Malware
AutoRuns
suspicious privilege
MachineGuid
Code Injection
Check memory
Checks debugger
Creates executable files
RWX flags setting
unpack itself
Windows utilities
suspicious process
malicious URLs
WriteConsoleW
Windows
ComputerName
Remote Code Execution
crashed
9.4
61
ZeroCERT
2682
2024-06-27 10:12
Software.exe
ae2b1b79c7579bb64b1640303f88c05f
Themida Packer
Malicious Library
UPX
AntiDebug
AntiVM
PE File
.NET EXE
PE32
DLL
OS Processor Check
VirusTotal
Malware
Buffer PE
Code Injection
Check memory
Checks debugger
buffers extracted
Creates executable files
unpack itself
Checks Bios
Detects VMWare
AppData folder
VMware
anti-virtualization
Windows
Firmware
Cryptographic key
crashed
12.0
59
ZeroCERT
2683
2024-06-27 10:11
vi.exe
baa9e1a92bab85279dca0aed641f1fa9
Malicious Library
Antivirus
UPX
PE File
PE32
OS Processor Check
VirusTotal
Malware
Malicious Traffic
Tofsee
crashed
1
Keyword trend analysis
×
Info
×
https://steamcommunity.com/profiles/76561199662282318
4
Info
×
ndearn.xyz(76.223.67.189)
steamcommunity.com(104.76.78.101) - mailcious
76.223.67.189 - mailcious
104.76.78.101 - mailcious
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
3.4
M
52
ZeroCERT
2684
2024-06-27 10:09
kn.n.n.n.nnnn.doC
2af6dfccbd42b4b421436d545211a3be
MS_RTF_Obfuscation_Objects
RTF File
doc
VirusTotal
Malware
buffers extracted
exploit crash
unpack itself
Exploit
DNS
crashed
2
Info
×
51.81.235.253
208.95.112.1
5.6
37
ZeroCERT
2685
2024-06-27 10:09
sc.exe
e86471da9e0244d1d5e29b15fc9feb80
Generic Malware
Malicious Library
Downloader
Antivirus
UPX
PE File
PE64
OS Processor Check
Browser Info Stealer
VirusTotal
Malware
AutoRuns
PDB
Windows
Browser
2.6
M
60
ZeroCERT
First
Previous
171
172
173
174
175
176
177
178
179
180
Next
Last
Total : 48,289cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword