Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
4201	2024-05-07 14:16	PCHunter64_pps.exe 8cafdbb0a919a1de8e0e9e38f8aa19bd Themida Packer Generic Malware Downloader PE64 PE File VirusTotal Malware Windows Remote Code Execution crashed				3.2	M	40	ZeroCERT

4202	2024-05-07 14:15	6055.exe b4046c434acdb1caa6b0f9e9743752a9 Generic Malware Malicious Library Malicious Packer Antivirus UPX PE64 PE File OS Processor Check VirusTotal Malware PDB				0.6		2	ZeroCERT

4203	2024-05-07 14:13	123.exe f47dc2b6eb1db9add1aa892befed2e82 Generic Malware Malicious Library Malicious Packer UPX PE64 PE File OS Processor Check Browser Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency Check memory unpack itself IP Check Tofsee Ransomware Browser ComputerName DNS		3	4	6.8	M	24	ZeroCERT

4204	2024-05-07 14:13	4.exe 138bd23787348b10295fda6fd39f59d4 Antivirus UPX PE File .NET EXE PE32 OS Processor Check Lnk Format GIF Format VirusTotal Malware AutoRuns suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check Windows ComputerName				5.6	M	53	ZeroCERT

4205	2024-05-07 08:22	dumb.exe 479736d5599db235e580d2ff12fe3594 Generic Malware Malicious Library Malicious Packer UPX PE64 PE File OS Processor Check VirusTotal Malware Check memory				1.4		18	guest

4206	2024-05-06 17:00	svcyr.exe 7edc4b4b6593bd68c65cd155b8755f26 Malicious Library Downloader UPX PE File PE32 OS Processor Check VirusTotal Malware AutoRuns Windows		2		3.4	M	60	ZeroCERT

4207	2024-05-06 16:58	116.dll a76b957e828ae98f7a824a8b613f59a3 Malicious Library UPX PE File DLL PE32 OS Processor Check VirusTotal Malware Check memory unpack itself ComputerName crashed				2.2	M	47	ZeroCERT

4208	2024-05-06 16:56	1.bat 9c376684de141d140fdb7b3b070daef1 Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM PowerShell VirusTotal Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	1	1	11.0		9	ZeroCERT

4209	2024-05-06 16:56	win.exe 8a2a16720871904c285e2365f4169602 UPX PE File PE32 VirusTotal Malware AutoRuns Creates executable files Check virtual network interfaces Windows DNS	1 Keyword trend analysis	2	1	6.4	M	41	ZeroCERT

4210	2024-05-06 16:54	libcef.sfx.exe 9086dc170ca5e4763e6658db1931e678 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check DLL VirusTotal Malware AutoRuns PDB Creates executable files RWX flags setting Windows Remote Code Execution DNS		1		6.6	M	49	ZeroCERT

4211	2024-05-06 16:54	d112.dll a0fecce5300ae99eb4c36b4148395d91 Malicious Library UPX PE File DLL PE32 OS Processor Check VirusTotal Malware Check memory unpack itself ComputerName crashed				2.2	M	48	ZeroCERT

4212	2024-05-06 16:52	win.exe bd5be2867a859a3a311f8e2c4e90e686 NSIS Generic Malware Suspicious_Script_Bin Malicious Library Malicious Packer UPX PE File PE32 OS Processor Check VirusTotal Malware AutoRuns Creates executable files Windows DNS		2		5.0	M	34	ZeroCERT

4213	2024-05-06 09:30	khxf80t6conphyb.exe 117efcf6a3a3af167c293331a7531a46 Generic Malware Malicious Library .NET framework(MSIL) Antivirus AntiDebug AntiVM PE File .NET EXE PE32 Malware download AsyncRAT NetWireRC VirusTotal Malware powershell Telegram PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities suspicious process AntiVM_Disk WriteConsoleW VM Disk Size Check Tofsee Windows ComputerName DNS Cryptographic key		4	7 Info ET INFO DYNAMIC_DNS Query to a *.run .place Domain ET HUNTING Telegram API Domain in DNS Lookup ET INFO TLS Handshake Failure ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server) ET MALWARE Generic AsyncRAT Style SSL Cert	12.2	M	51	ZeroCERT

4214	2024-05-06 05:26	UAH-REM-PEF-202324.dll 9045490ffd594cb9efdb772a5f336dd0 Generic Malware Malicious Library UPX PE64 PE File DLL OS Processor Check VirusTotal Malware PDB				1.0		1	guest

4215	2024-05-06 05:24	UAH-REM-PEF-202324.dll 9045490ffd594cb9efdb772a5f336dd0 Generic Malware Malicious Library UPX PE64 PE File DLL OS Processor Check VirusTotal Malware PDB				1.0		1	guest