Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
2926
2024-06-17 10:24
Taskbar.exe
0ee9a0317342d545c2bfd9e3fbd627f9
Malicious Library
PE File
.NET EXE
PE32
VirusTotal
Malware
Check memory
Checks debugger
unpack itself
Check virtual network interfaces
Tofsee
Windows
Remote Code Execution
Cryptographic key
2
Info
×
i.ibb.co(172.96.160.168) - mailcious
172.96.160.183
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
3.8
M
50
ZeroCERT
2927
2024-06-17 09:35
tmp.vbs
18f1dab32aa01d481ca68568f7278f89
crashed
0.2
ZeroCERT
2928
2024-06-17 09:31
lib.php_1.ps1
f05991652398406655a6a5eebe3e5f3a
Generic Malware
Antivirus
VirusTotal
Malware
Check memory
unpack itself
WriteConsoleW
Windows
Cryptographic key
1.8
M
27
ZeroCERT
2929
2024-06-17 09:28
oldbas.bat
c7b0fc36d7fd3a1accb4f8d85f78ac96
Generic Malware
Downloader
Antivirus
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Sniff Audio
HTTP
DNS
Code injection
Internet API
FTP
KeyLogger
P2P
AntiDebug
AntiVM
PNG Format
MSOffice File
JPEG Format
VirusTotal
Malware
powershell
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
Creates shortcut
RWX flags setting
exploit crash
unpack itself
Windows utilities
powershell.exe wrote
suspicious process
WriteConsoleW
Windows
Exploit
ComputerName
Cloudflare
DNS
Cryptographic key
crashed
3
Keyword trend analysis
×
Info
×
https://sailing-became-stops-maple.trycloudflare.com/a.pdf
https://sailing-became-stops-maple.trycloudflare.com/b.pdf
https://sailing-became-stops-maple.trycloudflare.com/qfv0ao.zip
1
Info
×
sailing-became-stops-maple.trycloudflare.com()
1
Info
×
ET POLICY Observed DNS Query to Commonly Abused Cloudflare Domain (trycloudflare .com)
7.6
11
ZeroCERT
2930
2024-06-17 09:26
lib.php.ps1
ec1b518541228072eb75463ce15c7bce
Generic Malware
Antivirus
VirusTotal
Malware
Check memory
unpack itself
WriteConsoleW
Windows
Cryptographic key
2.0
31
ZeroCERT
2931
2024-06-17 09:26
bas.bat
e3dd1f8ee9c65b8c514003384a81a3c9
Generic Malware
Downloader
Antivirus
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Sniff Audio
HTTP
DNS
Code injection
Internet API
FTP
KeyLogger
P2P
AntiDebug
AntiVM
MSOffice File
PNG Format
JPEG Format
VirusTotal
Malware
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
Creates shortcut
RWX flags setting
exploit crash
unpack itself
Windows utilities
suspicious process
WriteConsoleW
Windows
Exploit
ComputerName
Cloudflare
DNS
Cryptographic key
crashed
3
Keyword trend analysis
×
Info
×
https://tunisia-raleigh-fare-odd.trycloudflare.com/a.pdf
https://tunisia-raleigh-fare-odd.trycloudflare.com/b.pdf
https://tunisia-raleigh-fare-odd.trycloudflare.com/qfv0ao.zip
1
Info
×
tunisia-raleigh-fare-odd.trycloudflare.com()
1
Info
×
ET POLICY Observed DNS Query to Commonly Abused Cloudflare Domain (trycloudflare .com)
7.6
10
ZeroCERT
2932
2024-06-17 09:26
ClientCaller.exe
a0c8b9f6054a0700915a3df02d3d07ee
Malicious Library
Downloader
UPX
DllRegisterServer
dll
PE File
PE32
MZP Format
VirusTotal
Malware
Check memory
unpack itself
2.2
37
ZeroCERT
2933
2024-06-17 09:24
3306.exe
eb896b51453c804f14c11eee64c0ff79
Malicious Library
AntiDebug
AntiVM
PE File
PE32
VirusTotal
Malware
AutoRuns
Code Injection
Check memory
unpack itself
Windows utilities
suspicious process
AppData folder
Windows
2
Info
×
www2.micrr0soft.com(156.241.4.189)
156.241.4.189
8.0
M
61
ZeroCERT
2934
2024-06-17 09:23
ClientCaller.exe
b90b8f1b397bcaeb8ead207d5d9af8e4
Malicious Library
Downloader
UPX
DllRegisterServer
dll
PE File
PE32
MZP Format
VirusTotal
Malware
Check memory
unpack itself
2.4
41
ZeroCERT
2935
2024-06-17 09:17
adobe.exe
5fb6f9de46e67ad7d07418a02417aa92
PE64
PE File
VirusTotal
Cryptocurrency Miner
Malware
Cryptocurrency
unpack itself
DNS
CoinMiner
2
Info
×
xmr.2miners.com(162.19.139.184) - mailcious
162.19.139.184 - mailcious
1
Info
×
ET COINMINER Observed DNS Query to Cryptocurrency Mining Pool Domain (xmr .2miners .com)
3.6
26
ZeroCERT
2936
2024-06-16 10:48
clips.exe
49b56d5b9af9bf4027adf9b2b89971c4
Generic Malware
Malicious Packer
Antivirus
PE File
PE32
VirusTotal
Malware
powershell
AutoRuns
suspicious privilege
Check memory
Checks debugger
Creates shortcut
Creates executable files
unpack itself
Windows utilities
powershell.exe wrote
suspicious process
AppData folder
WriteConsoleW
Windows
ComputerName
Remote Code Execution
Cryptographic key
8.0
M
51
ZeroCERT
2937
2024-06-16 10:46
x86_0929_1.exe
cedd4cef78da5751af380902c89f1352
Generic Malware
Malicious Packer
Malicious Library
UPX
PE File
PE32
OS Processor Check
VirusTotal
Malware
AutoRuns
PDB
suspicious privilege
sandbox evasion
WriteConsoleW
Windows
Advertising
Remote Code Execution
Firmware
DNS
crashed
1
Info
×
149.129.37.78 - malware
7.6
M
30
ZeroCERT
2938
2024-06-16 10:43
ticket2c.exe
ce4737e2002d128dea02d50d2ab010cb
Malicious Library
PE File
PE32
MZP Format
VirusTotal
Malware
unpack itself
WriteConsoleW
Remote Code Execution
1.6
M
14
ZeroCERT
2939
2024-06-16 10:41
ticket2w.exe
db063c7f3eeed0ac66c3c42fd3797f59
Malicious Library
PE File
PE32
MZP Format
VirusTotal
Malware
unpack itself
Remote Code Execution
1.6
M
21
ZeroCERT
2940
2024-06-16 10:40
ticket_dat.exe
58204293fa2d102fe00bacd2cbaaf7bf
Malicious Library
PE File
PE32
MZP Format
VirusTotal
Malware
unpack itself
Remote Code Execution
2.0
M
21
ZeroCERT
First
Previous
191
192
193
194
195
196
197
198
199
200
Next
Last
Total : 48,317cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword