popup

Submissions

No Date Request Urls Hosts IDS Rule Score Zero VT Player Etc
30886 2022-05-20 17:39 REvup  

c3cf7d4fab7e7ea5a5adfabd4f77f0b4


Malicious Library DLL PE File PE64 VirusTotal Malware AutoRuns Checks debugger unpack itself Auto service suspicious process AntiVM_Disk sandbox evasion VM Disk Size Check Windows ComputerName crashed 		5.2 7 ZeroCERT

30887 2022-05-20 17:37 cc.exe  

25d86a1736a06b7f5ec097b0f633276c


PWS[m] Generic Malware UPX Malicious Library Admin Tool (Sysinternals etc ...) Antivirus Create Service DGA Socket ScreenShot DNS Internet API Code injection Sniff Audio HTTP Steal credential KeyLogger P2P Downloader Escalate priviledges FTP Http API Anti Emotet VirusTotal Malware powershell Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities suspicious process WriteConsoleW Tofsee Windows Discord ComputerName RCE DNS Cryptographic key crashed 		1 2 3 13.2 49 ZeroCERT

30888 2022-05-20 17:37 winlog.exe  

7212de5b3965d87dc138a6741329d6f4


UPX Malicious Library PE32 OS Processor Check PE File VirusTotal Malware PDB unpack itself 		2.2 37 ZeroCERT

30889 2022-05-20 17:35 Ffzhofyh.exe  

b5680d05c29db4aaac268573cd17a09b


PWS[m] RAT SMTP KeyLogger AntiDebug AntiVM PE32 .NET EXE PE File VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself WriteConsoleW Windows ComputerName DNS crashed 		1 1 6.0 43 ZeroCERT

30890 2022-05-20 17:34 PAGO111.exe  

a976de15c5149e328122fba6ca13a0b7


Formbook RAT PWS .NET framework AntiDebug AntiVM PE32 .NET EXE PE File FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted ICMP traffic unpack itself 		7 19 1 9.0 24 ZeroCERT

30891 2022-05-20 17:34 vbc.exe  

2033987c1b1a62b5c6e4fe2ffe1960b6


Malicious Library PE32 PE File VirusTotal Malware PDB unpack itself RCE 		2.2 36 ZeroCERT

30892 2022-05-20 17:33 vbc.exe  

9b05d8c3314d90122415fc46999d24b9


UPX Malicious Library PE32 PE File Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Creates executable files unpack itself installed browsers check Browser Email ComputerName DNS Software 		1 2 7 9.0 17 ZeroCERT

30893 2022-05-20 16:15 https://malware.me/analysis/up...  

c406dcffb15cdd25df600f649b97cec4


PWS[m] Anti_VM Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Downloader Escalate priviledges persistence FTP Http API AntiDebug AntiVM BitCoin icon MSOffice File PNG For Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed 		50 10 2 4.6 조광섭

30894 2022-05-20 14:23 rtst1055.exe  

b571c79a04b9b7373a9ce17d810a6c47


Malicious Library VMProtect PE File PE64 VirusTotal Malware crashed 		2.2 35 ZeroCERT

30895 2022-05-20 14:21 winlog.exe  

4e63a988f667ac4be9799aed55f5a585


Loki PWS[m] PWS Loki[b] Loki.m North Korea .NET framework Socket DNS AntiDebug AntiVM PE32 .NET EXE PE File Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software 		1 2 9 1 14.4 M 37 ZeroCERT

30896 2022-05-20 14:21 updated.exe  

a1128f30ff8209aa2a2d414e6da4076f


RAT UPX Malicious Library AntiDebug AntiVM PE32 OS Processor Check PE File VirusTotal Malware Buffer PE Code Injection Check memory Checks debugger buffers extracted unpack itself 		7.4 51 ZeroCERT

30897 2022-05-20 14:20 vbc.exe  

4e59abfcc6537ad26941fa659093991f


Loki UPX Malicious Library PE32 PE File Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Creates executable files unpack itself installed browsers check Browser Email ComputerName DNS Software 		1 2 8 1 9.2 M 29 ZeroCERT

30898 2022-05-20 14:19 siww1049.exe  

d8798724e0b6b77ca5bc0a0a8155aac1


Malicious Library VMProtect PE File PE64 VirusTotal Malware crashed 		2.2 39 ZeroCERT

30899 2022-05-20 14:19 KMSpico.exe  

a02164371a50c5ff9fa2870ef6e8cfa3


RAT Gen1 PWS .NET framework Emotet Generic Malware Hide_EXE NSIS UPX Malicious Library Admin Tool (Sysinternals etc ...) PE32 PE File PNG Format OS Processor Check GIF Format .NET EXE PE64 DLL .NET DLL VirusTotal Malware AutoRuns MachineGuid Check memory Checks debugger Creates shortcut Creates executable files ICMP traffic unpack itself Windows utilities Auto service Check virtual network interfaces suspicious process AppData folder AntiVM_Disk WriteConsoleW anti-virtualization VM Disk Size Check Windows Browser ComputerName Firmware Cryptographic key crashed 		4 12.0 46 ZeroCERT

30900 2022-05-20 14:17 5f1.exe  

1da551a8f7e1e72fb46c9cc630abb68e


Gen2 Gen1 UPX Malicious Library PE32 OS Processor Check PE File VirusTotal Malware 		1.4 36 ZeroCERT

keyword