Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
3121	2024-06-09 04:21	ghsalncr.exe 6ec12dab45f4cd794945a73eabdcd9d3 PE File PE32 VirusTotal Malware				1.4		21	guest

3122	2024-06-08 17:47	HER.exe 004d48284a26569ed3220fd1fd4b7c31 Process Kill Generic Malware Suspicious_Script_Bin Malicious Library FindFirstVolume CryptGenKey UPX PE File Device_File_Check PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	2	3	7.2	M	50	ZeroCERT

3123	2024-06-08 17:44	lsass.exe 6293f7a0a604be58b31b34460fd5a71b PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee Windows		2	1	4.2	M	43	ZeroCERT

3124	2024-06-08 17:44	dude.exe aaf735aafa732fc96d2091354795185a Generic Malware Malicious Library UPX AntiDebug AntiVM PE File PE32 OS Processor Check icon MSOffice File VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed	8 Keyword trend analysis Info https://www.google.com/favicon.ico https://accounts.google.com/generate_204?h1fWvw https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=AS5LTAStUYgHXYd6dyrzYlv0rlNXWsy8KDcmbk61i6z1oK1cpRecjGypwowFoNYDjJy4FzHyYiwZOg https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F https://accounts.google.com/_/bscframe https://accounts.google.com/ https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AS5LTATsj2mzmMe9etAFGZRbGaNTsG4tOqdZIHJNt3wqGpQ2QarlByCCBLR3Uvd1sZcv0LJcjpdIzA&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S-2096241754%3A1717836011855520 https://ssl.gstatic.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png	6	1	5.8	M	45	ZeroCERT

3125	2024-06-08 17:42	9a3efc.exe 8fdefd3d070cf9c9517735b029759eff Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself Remote Code Execution				2.2	M	24	ZeroCERT

3126	2024-06-08 17:13	next.exe 801de46b2c66cd9de4e42994e453b705 Gen1 Generic Malware Malicious Library UPX Antivirus Malicious Packer Anti_VM PE File .NET EXE PE32 PE64 DLL OS Processor Check ZIP Format VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check ComputerName DNS		1		7.0	M	54	ZeroCERT

3127	2024-06-08 17:13	8fc809.exe ca7ca149cea267a3d1f267c9fff30903 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware				1.8	M	33	ZeroCERT

3128	2024-06-08 17:11	kfiwarhg.exe 7d44a8a6757c2b7287c4a7b761f4e326 Generic Malware Downloader Malicious Library UPX VMProtect Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PE64 PE File VirusTotal Malware PDB Code Injection Creates executable files unpack itself AppData folder Remote Code Execution				5.2	M	49	ZeroCERT

3129	2024-06-08 17:09	IGCC.exe b715e50cd2a0ba26941fcf98d1ec2f36 Generic Malware Malicious Library UPX Antivirus PE File PE32 DLL powershell suspicious privilege Check memory Checks debugger WMI Creates shortcut Creates executable files unpack itself powershell.exe wrote suspicious process AppData folder WriteConsoleW Windows ComputerName Cryptographic key				6.6	M		ZeroCERT

3130	2024-06-08 17:07	igcc.exe cd7b7957361fccb2ca14ca9f418d84dd Generic Malware Malicious Library UPX Antivirus PE File PE32 DLL VirusTotal Malware powershell suspicious privilege Check memory Checks debugger WMI Creates shortcut Creates executable files unpack itself powershell.exe wrote suspicious process AppData folder WriteConsoleW Windows ComputerName Cryptographic key				7.6		37	ZeroCERT

3131	2024-06-08 17:06	suduko.exe eda1749ecd5d30aebc623e3ed3679e33 Malicious Library Confuser .NET .NET framework(MSIL) PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself				2.0	M	55	ZeroCERT

3132	2024-06-08 17:04	Client-built.exe 16f3ac9a4ca5183fec9a3a21fd3488e1 Malicious Library Malicious Packer .NET framework(MSIL) UPX PE File .NET EXE PE32 Malware download NetWireRC VirusTotal Malware IP Check RAT DNS	1 Keyword trend analysis	3	2	3.6		65	ZeroCERT

3133	2024-06-08 17:04	sys.exe 99a282853f148177787dc58187f5cad0 Malicious Library PE File PE32 VirusTotal Malware RWX flags setting unpack itself suspicious TLD DNS		1	1	3.4	M	62	ZeroCERT

3134	2024-06-08 05:30	startservices.cmd cae3961f999cc4885834fd3a5dec3f09 Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM Windows utilities WriteConsoleW Windows				1.0			guest

3135	2024-06-08 05:30	mysql_uninstallservice-win10.c... 160aaa5a69bf0fd6fbf89a84b8fad035 Downloader task schedule Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM Windows utilities WriteConsoleW Windows				1.0			guest