Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
3286
2020-11-24 18:12
winlog.exe
effa5155df8a30584dcaffa91dbbfa9e
VirusTotal
Malware
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
Windows utilities
AppData folder
malicious URLs
Windows
DNS
3
Info
×
www.wordshirts.store()
www.856380167.xyz(103.88.34.80)
103.88.34.80
10.2
M
13
ZeroCERT
3287
2020-11-25 09:48
333333.jpg.exe
3bb250385cc67cce1fec01e7957282cb
unpack itself
1.0
ZeroCERT
3288
2020-11-25 09:50
81.exe
a5b4252c8bac59ad90a543ec1f2e4a7a
VirusTotal
Malware
Check memory
Checks debugger
unpack itself
malicious URLs
2.8
M
59
ZeroCERT
3289
2020-11-25 09:52
Bc.exe
ab5be19947a194e51f29f19188f314a6
VirusTotal
Malware
suspicious privilege
Check memory
Checks debugger
unpack itself
ComputerName
2.8
M
37
ZeroCERT
3290
2020-11-25 09:54
ago.exe
0b1e53072e91e0d71e3db6b2720d2ee8
Browser Info Stealer
FTP Client Info Stealer
VirusTotal
Email Client Info Stealer
Malware
suspicious privilege
Check memory
Checks debugger
unpack itself
malicious URLs
Ransomware
Windows
Browser
Tor
Email
ComputerName
Cryptographic key
Software
crashed
7.8
M
57
ZeroCERT
3291
2020-11-25 09:59
cssrs.bat.exe
82051be04dc64ddade7daadb40ef7aa0
VirusTotal
Malware
Check memory
RWX flags setting
Detects VMWare
malicious URLs
sandbox evasion
VMware
Browser
Remote Code Execution
DNS
crashed
1
Info
×
143.92.57.83 - suspicious
6.2
M
22
ZeroCERT
3292
2020-11-25 09:59
frc.exe
8ecaaebd5421a1ecb8875768d596d63a
Browser Info Stealer
FTP Client Info Stealer
VirusTotal
Email Client Info Stealer
Malware
suspicious privilege
Check memory
Checks debugger
unpack itself
malicious URLs
Ransomware
Windows
Browser
Tor
Email
ComputerName
DNS
Cryptographic key
Software
crashed
8.4
M
57
ZeroCERT
3293
2020-11-25 11:03
fw1.exe
5bd6a17341164eb9be5c4149e619aa6a
VirusTotal
Malware
unpack itself
malicious URLs
Remote Code Execution
DNS
1
Info
×
143.92.57.83 - suspicious
3.8
M
47
ZeroCERT
3294
2020-11-25 11:05
kc.exe
a1d7b3b8eba5e173f0fc1bd4815c9b09
Browser Info Stealer
FTP Client Info Stealer
VirusTotal
Email Client Info Stealer
Malware
suspicious privilege
Check memory
Checks debugger
unpack itself
malicious URLs
Ransomware
Windows
Browser
Tor
Email
ComputerName
DNS
Cryptographic key
Software
crashed
8.4
M
55
ZeroCERT
3295
2020-11-25 11:16
sooft.exe
bdbb8e4de8ffaa96552df10d184b3195
Browser Info Stealer
FTP Client Info Stealer
VirusTotal
Email Client Info Stealer
Malware
MachineGuid
Malicious Traffic
Check memory
buffers extracted
unpack itself
Windows utilities
Collect installed applications
Check virtual network interfaces
suspicious process
AppData folder
malicious URLs
WriteConsoleW
installed browsers check
Tofsee
Windows
Browser
Email
ComputerName
Software
5
Keyword trend analysis
×
Info
×
http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt
http://crt.usertrust.com/USERTrustRSAAddTrustCA.crt
http://www.evograph.ro/js/img1.php
http://www.evograph.ro/js/img1.php?id=00009CF9F2321904909678
https://iplogger.org/1F7K57
7
Info
×
crt.usertrust.com(91.199.212.52)
www.evograph.ro(89.40.17.17) - malware
crt.sectigo.com(91.199.212.52)
iplogger.org(88.99.66.31)
91.199.212.52
89.40.17.17 - suspicious
88.99.66.31 - suspicious
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
10.8
M
58
ZeroCERT
3296
2020-11-25 17:49
Bc.exe
ab5be19947a194e51f29f19188f314a6
VirusTotal
Malware
suspicious privilege
Check memory
Checks debugger
unpack itself
ComputerName
3.0
M
46
ZeroCERT
3297
2020-11-25 17:52
crypt64.exe
844af995530659841ac2d31bf4f54367
Malware download
njRAT
NetWireRC
VirusTotal
Malware
Checks debugger
Creates executable files
unpack itself
malicious URLs
WriteConsoleW
DNS
1
Info
×
154.202.3.44 - suspicious
1
Info
×
ET MALWARE Bladabindi/njRAT CnC Command (ll)
4.2
M
65
ZeroCERT
3298
2020-11-25 18:03
frc.exe
8ecaaebd5421a1ecb8875768d596d63a
Browser Info Stealer
FTP Client Info Stealer
VirusTotal
Email Client Info Stealer
Malware
suspicious privilege
Check memory
Checks debugger
unpack itself
malicious URLs
Ransomware
Windows
Browser
Tor
Email
ComputerName
Cryptographic key
Software
crashed
7.8
M
57
ZeroCERT
3299
2020-11-25 18:04
Fud.exe
d9d14a4d757661ddc2c9505aa355b738
VirusTotal
Malware
Check memory
Checks debugger
Creates executable files
unpack itself
AppData folder
malicious URLs
WriteConsoleW
DNS
DDNS
1
Info
×
ddnshost-microsofts.serveftp.com(0.0.0.0)
1
Info
×
ET POLICY DNS Query to DynDNS Domain *.serveftp .com
5.2
M
64
ZeroCERT
3300
2020-11-25 18:11
guy1.exe
9721f911ecb8a06c0f244f7ff35dbde2
VirusTotal
Malware
AutoRuns
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
Check virtual network interfaces
malicious URLs
Tofsee
Ransomware
Windows
Tor
ComputerName
DNS
crashed
2
Info
×
advance.onthewifi.com(80.85.159.36)
80.85.159.36
3
Info
×
ET POLICY DNS Query to DynDNS Domain *.onthewifi .com
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
13.4
M
26
ZeroCERT
First
Previous
211
212
213
214
215
216
217
218
219
220
Next
Last
Total : 48,320cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword