Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
38581	2021-11-18 18:08	hman.exe 911a6c29d88bb2ec2dbe446ee35549a5 Generic Malware Antivirus AntiDebug AntiVM PE File PE32 VirusTotal Malware powershell Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut RWX flags setting unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key Downloader	1 Keyword trend analysis	2	1		10.0		22	ZeroCERT

38582	2021-11-18 18:07	clipper.exe 674ed99d03afc4da71fb05b6e8b315a8 Generic Malware PE File PE32 .NET EXE VirusTotal Malware Check memory Checks debugger unpack itself					2.0		44	ZeroCERT

38583	2021-11-18 18:05	d3dcompiler_47.dll 7641e39b7da4077084d2afe7c31032e0 Gen2 Gen1 Anti_VM Malicious Library UPX PE64 PE File OS Processor Check DLL PDB Checks debugger unpack itself crashed					1.0			C0d3_22

38584	2021-11-18 18:05	d3dcompiler_47.dll 7641e39b7da4077084d2afe7c31032e0 Gen2 Gen1 Anti_VM Malicious Library UPX PE64 PE File OS Processor Check DLL PDB Checks debugger unpack itself crashed					1.0			C0d3_22

38585	2021-11-18 18:02	WindowsHost.exe 9f07b608fcd7bad488f0f444aaf89c65 RAT PWS .NET framework Generic Malware UPX PE File PE32 .NET EXE VirusTotal Malware Check memory Checks debugger unpack itself					1.8		33	ZeroCERT

38586	2021-11-18 17:17	AppVShNotify.exe 0cf148aaf0f5be5768bebdc3c0eb0f87 Gen2 Gen1 Generic Malware UPX PE64 PE File OS Processor Check PDB					0.2			C0d3_22

38587	2021-11-18 16:53	RuntimeBroker.exe ba4cfe6461afa1004c52f19c8f2169dc Gen2 Gen1 Malicious Packer Malicious Library UPX PE64 PE File OS Processor Check PDB					0.4			C0d3_22

38588	2021-11-18 16:52	pwahelper.exe 45f3a40af44a20f61e92a0f98f63a347 Gen2 Generic Malware Malicious Packer Malicious Library UPX PE64 PE File OS Processor Check PDB					0.4			C0d3_22

38589	2021-11-18 16:40	ScriptRunner.exe ea8c42a5c14b808d6b73ac5a6a871379 RAT Generic Malware PE File PE32 .NET EXE PDB MachineGuid Check memory Checks debugger unpack itself Windows Cryptographic key					1.4			C0d3_22

38590	2021-11-18 15:02	GoalFit.exe b1815a67a3103f8c462bacc58cd0e0a1 Malicious Library UPX PE File PE32 OS Processor Check DLL FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Creates executable files unpack itself AppData folder	12 Keyword trend analysis Info http://www.invalidmob.com/fg6s/?hBZ=c239r9fe958S+F1/a+Ow4ejRZ5GHg1F7woFiZTSPM63bBEDr1IS9Bs9IDA3udVl18SDeT0jt&VRKh=vDKtMDQphn4DpR http://www.lghl56.com/fg6s/?hBZ=uc/5PuIUZlG36os+7LexRTPp6wnTJKg2zgJfW+2DzVSFDGp/ZX6ed7j6rzoWHlmopcfw67ac&or=3f2pdRAhg http://www.jshntn.com/fg6s/?hBZ=QhJT/lj89jmoERcPnbTQCqPc65rPokueh5BqelcbeJy7pcqc3+lUtgWUw0fy5Ld9UWGgu0ep&or=3f2pdRAhg http://www.fuqoguiders.xyz/fg6s/?hBZ=GOXv9FyzhJsa8KS8dsMmj7/YoTn1jmPQeNfbpJuZqmm6ucgpeks34qCTkToYyxiW+NLP4pkS&or=3f2pdRAhg http://www.fairshakeforfarmers.com/fg6s/?hBZ=xKxtAmNEnxoBUukVIEF1kvuK+nwXMLOnedC+SNz+BGaFhI5v6X1MgDSserQot0MFGqCPeyki&or=3f2pdRAhg http://www.alo360.net/fg6s/?hBZ=Mz4uLoABPVXo3kz7cY9kI1UW/VC8dhujTXpbszs0NPRWzSBmB/biWYhkOb4QFg4YZ/yq4ZIw&or=3f2pdRAhg http://www.drfarhad-amini.com/fg6s/?hBZ=YemKNOFl2uCC2w2+Hf7nWnP/ao/99kBWt1q/O2BJCHQBIGOUleovmks/GdEUoR1FOJMr1UT2&or=3f2pdRAhg http://www.leadgenteambyec2.online/fg6s/?hBZ=F2Zf2n4P0FXRaLVHjnLjEfJTEg7xi89YsuUiESEaACXybpqmv6BiuuaznmyJ6mz5DteeP808&or=3f2pdRAhg http://www.capitandelamarina.com/fg6s/?hBZ=sLzNFFNyjDEco478Bhn0l2SjjrMBdiGF5KmlY86sslKlGHEC66IFdMgpFM2UPuLAB2LyR8Wr&VRKh=vDKtMDQphn4DpR http://www.doctorfly.mobi/fg6s/?hBZ=ZD+CDfKzm/2YQc3YUSWpgqXUEniGIQPqGnxtch4bxt/WqhYVJmOg1TegURDgRtjTY4agDkrV&or=3f2pdRAhg http://www.omnebrand.com/fg6s/?hBZ=9brTSNv+C1bZjAKjYfad4vi7E65W3zPrh1IQvHFu7UT2xWBfg4DahvTXlUjO1GKskhxRzYYt&or=3f2pdRAhg http://www.decentralstream.com/fg6s/?hBZ=5w4qcH3RtmDmlmYd8peDY0KE2wDS2yAwKjriKCc5syzJGBsdqKRa5Igiu1uXS3h05ItrAZN3&or=3f2pdRAhg	28 Info www.decentralstream.com(3.64.163.50) www.omnebrand.com(23.227.38.74) www.capitandelamarina.com(2.57.90.16) www.invalidmob.com(204.11.56.48) www.jshntn.com(216.137.179.182) www.doctorfly.mobi(34.102.136.180) www.thaivisapro.com() www.lghl56.com(154.86.195.217) www.drfarhad-amini.com(185.146.22.236) www.fairshakeforfarmers.com(172.217.31.147) www.fuqoguiders.xyz(185.151.30.177) www.myadpwisely.com() www.astairazur.xyz() www.engelskapiste.com() www.alo360.net(154.203.8.28) www.eislamiceducation.net() www.leadgenteambyec2.online(34.102.136.180) 185.151.30.177 154.203.8.28 142.250.204.147 185.146.22.236 34.102.136.180 - mailcious 3.64.163.50 - mailcious 154.86.195.217 2.57.90.16 - mailcious 216.137.179.182 204.11.56.48 - phishing 23.227.38.74 - mailcious	2		5.8		22	ZeroCERT

38591	2021-11-18 15:02	jpg01.jpg 05b1c8f10da93f118ced2fe384929937 RAT PWS .NET framework Generic Malware Antivirus AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities Checks Bios Detects VirtualBox suspicious process WriteConsoleW VMware anti-virtualization Windows ComputerName Cryptographic key Software	1 Keyword trend analysis	3	1		13.2		26	ZeroCERT

38592	2021-11-18 15:01	quodqbqhlcvhzw.mp4 b4c5c1e150afcd7386e83ef0da203f3b Malicious Library PE File PE32 DLL VirusTotal Malware					1.2		17	ZeroCERT

38593	2021-11-18 15:01	clip.exe d888e5127c788faa6409059553ce0c02 Generic Malware Malicious Packer Malicious Library UPX PE File PE32 VirusTotal Malware Windows utilities WriteConsoleW Windows ComputerName					2.4		45	ZeroCERT

38594	2021-11-18 15:01	test_16.exe ae2331eaded52fd561b9aad229952f3e RAT PWS .NET framework Generic Malware task schedule Malicious Packer Antivirus Malicious Library UPX Create Service DGA SSL Socket Steal credential DNS SMTP Internet API Hijack Network Code injection Sniff Audio HTTP Dynamic Dns KeyLogger FTP Escalate VirusTotal Malware powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger WMI Creates shortcut Creates executable files unpack itself powershell.exe wrote Check virtual network interfaces suspicious process AppData folder malicious URLs WriteConsoleW Tofsee Windows Advertising Google ComputerName DNS Cryptographic key DDNS crashed keylogger	8 Keyword trend analysis Info http://xred.site50.net/syn/SSLLibrary.dll - rule_id: 4617 http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 https://www.000webhost.com/migrate?static=true https://pastebin.com/raw/dGfLAhWu https://accounts.google.com/_/signin/sl/lookup?hl=EN https://www.instagram.com/accounts/login/ https://www.dropbox.com/s/dl/fzj752whr3ontsm/SSLLibrary.dll https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1 - rule_id: 4618	17 Info pastebin.com(104.23.98.190) - mailcious www.000webhost.com(104.19.184.120) freedns.afraid.org(69.42.215.252) xred.site50.net(153.92.0.100) - mailcious docs.google.com(172.217.175.110) - mailcious xred.mooo.com() - mailcious accounts.google.com(172.217.31.173) www.instagram.com(157.240.215.174) www.dropbox.com(162.125.84.18) - mailcious 172.217.24.109 153.92.0.100 - mailcious 142.250.204.110 104.23.98.190 - mailcious 150.238.42.13 104.19.185.120 157.240.215.174 162.125.84.18 - mailcious	4	2	14.0	M	47	ZeroCERT

38595	2021-11-18 15:00	4529_1636965947_8152.exe dd44fcc300b5a71bda2be110819253ce RAT PWS .NET framework Generic Malware UPX AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications Check virtual network interfaces AppData folder anti-virtualization installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	4	1		13.4		22	ZeroCERT