popup

Submissions

No Date Request Urls Hosts IDS Rule Score Zero VT Player Etc
3556 2024-05-31 07:49 ADServices.exe  

0c2564813f2b9fc088cfb6938214d3cb


Malicious Library PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself crashed 		2.2 M 60 ZeroCERT

3557 2024-05-31 07:47 setup.exe  

08063da816c5db77ce64807c4ec2f7e8


NPKI Generic Malware Malicious Library Antivirus AntiDebug AntiVM PE File PE32 PowerShell VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios powershell.exe wrote suspicious process WriteConsoleW anti-virtualization Windows ComputerName Cryptographic key 		12.0 M 37 ZeroCERT

3558 2024-05-31 07:44 alex.exe  

ebc2640384e061203dcf9efb12a67cd9


Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB unpack itself crashed 		2.4 M 57 ZeroCERT

3559 2024-05-31 07:42 fileosn.exe  

84bf36993bdd61d216e83fe391fcc7fd


RedLine stealer RedlineStealer Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer Malware Microsoft suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed 		1 3 7 1 8.0 M ZeroCERT

3560 2024-05-31 07:42 5.exe  

58f255cdde1639cac205467621bfcb70


Emotet NSIS Malicious Library UPX PE File DllRegisterServer dll PE32 MZP Format CAB suspicious privilege Check memory Checks debugger Creates shortcut Creates executable files installed browsers check Browser ComputerName DNS 		3 3.0 M ZeroCERT

3561 2024-05-31 07:40 lenin.exe  

cd1dfa093d37dff12f11f8c1c06d565e


Themida Packer UPX PE File PE32 Malware download Malware AutoRuns MachineGuid Checks debugger unpack itself Windows utilities Checks Bios Detects VMWare suspicious process WriteConsoleW VMware anti-virtualization IP Check Tofsee Windows RisePro ComputerName DNS crashed 		1 6 5 9.6 M ZeroCERT

3562 2024-05-31 07:38 sarra.exe  

2f1168a237b3b15e3e2c7b6fd1b41702


PE File PE32 ZIP Format Browser Info Stealer Malware download FTP Client Info Stealer Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns MachineGuid Check memory Checks debugger buffers extracted unpack itself Windows utilities Checks Bios Collect installed applications Detects VMWare suspicious process AntiVM_Disk sandbox evasion WriteConsoleW VMware anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Browser RisePro Email ComputerName DNS Software crashed 		1 9 8 15.6 ZeroCERT

3563 2024-05-31 07:38 gold.exe  

0b7e08a8268a6d413a322ff62d389bf9


Generic Malware Malicious Library UPX PE File PE32 OS Processor Check PDB unpack itself crashed 		1.6 M ZeroCERT

3564 2024-05-31 07:36 inte.exe  

b7fcd8d0429e1001ac2b10de60a2d42e


Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware suspicious privilege Malicious Traffic WMI Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName DNS 		2 2 1 6.6 M 60 ZeroCERT

3565 2024-05-31 07:33 winlogon.exe  

7a70779d9d7de5e370fac0fa2d4ccd13


Generic Malware Antivirus PE File .NET EXE PE32 PowerShell VirusTotal Malware powershell PDB suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key 		5.2 M 27 ZeroCERT

3566 2024-05-31 07:33 IerLRtXpEcMnUjz.exe  

148b2c38cf0726535d760a703f803c80


XWorm Generic Malware task schedule WebCam Malicious Library .NET framework(MSIL) Antivirus PWS KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware powershell Telegram AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AntiVM_Disk WriteConsoleW VM Disk Size Check Tofsee Windows ComputerName DNS Cryptographic key keylogger 		4 6 14.2 M 57 ZeroCERT

3567 2024-05-31 07:32 mixinte.exe  

629866cf7074c354fc4bcc86f9c3994a


Generic Malware Malicious Library UPX PE File PE32 OS Processor Check .NET EXE VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName DNS 		2 2 3 1 8.0 M 58 ZeroCERT

3568 2024-05-30 17:35 http://malaygxproj.com  


Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PNG Format MSOffice File JPEG Format VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed 		1 2 4.6 guest

3569 2024-05-30 11:27 vhcrvdh iobv.exe  

e6f4bb8ed235f43cb738447fbf1757c3


Malicious Library .NET framework(MSIL) PE File .NET EXE PE32 VirusTotal Malware PDB MachineGuid Check memory Checks debugger unpack itself 		2.2 35 ZeroCERT

3570 2024-05-30 10:22 logista.hta  

976649b232d3525dd239f7139a65dd92


Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process suspicious TLD Windows ComputerName Cryptographic key 		2 5.8 M 36 ZeroCERT

keyword