Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
43951
2024-04-19 13:20
0pORecqxeDazSCU.scr
0111d8dff50eb7684ed4baf327b93aa5
AgentTesla
Generic Malware
Malicious Library
.NET framework(MSIL)
Antivirus
PWS
SMTP
KeyLogger
AntiDebug
AntiVM
PE File
.NET EXE
PE32
Browser Info Stealer
FTP Client Info Stealer
VirusTotal
Email Client Info Stealer
Malware
suspicious privilege
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
Creates shortcut
unpack itself
Windows utilities
Check virtual network interfaces
suspicious process
WriteConsoleW
IP Check
Windows
Browser
Email
ComputerName
DNS
Cryptographic key
Software
crashed
keylogger
1
Keyword trend analysis
×
Info
×
http://ip-api.com/line/?fields=hosting
3
Info
×
ip-api.com(208.95.112.1)
45.33.6.223
208.95.112.1
1
Info
×
ET POLICY External IP Lookup ip-api.com
15.4
M
38
ZeroCERT
43952
2024-04-19 13:21
SA162.pdf.lnk
f9f276db97c371b83765a24ee1d14d66
Generic Malware
UPX
Antivirus
AntiDebug
AntiVM
Lnk Format
GIF Format
PowerShell
PE File
PE32
VirusTotal
Malware
powershell
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
Creates shortcut
RWX flags setting
unpack itself
powershell.exe wrote
Check virtual network interfaces
suspicious process
AppData folder
WriteConsoleW
Tofsee
Interception
Windows
ComputerName
Cryptographic key
2
Info
×
0had.com(195.58.51.130) - malware
195.58.51.130 - malware
3
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO Packed Executable Download
ET POLICY PE EXE or DLL Windows file download HTTP
12.0
M
19
ZeroCERT
43953
2024-04-19 13:23
AppGate2103v01.exe
193692e1cf957eef7e6cf2f6bc74be86
PE64
PE File
VirusTotal
Malware
unpack itself
Windows
Remote Code Execution
crashed
3.8
M
25
ZeroCERT
43954
2024-04-19 13:26
1.exe
2192cfe9de1e5450629e508ec785055d
Malicious Library
PE File
.NET EXE
PE32
VirusTotal
Malware
PDB
suspicious privilege
Check memory
Checks debugger
unpack itself
DNS
DDNS
1
Info
×
lapoire3.hopto.org(0.0.0.0)
1
Info
×
ET POLICY DNS Query to DynDNS Domain *.hopto .org
3.6
M
58
ZeroCERT
43955
2024-04-19 13:27
amady.exe
56543167a8b1731dafeee93e5f2bf479
RedLine stealer
Gen1
Generic Malware
Malicious Library
UPX
Anti_VM
PE64
PE File
OS Processor Check
DLL
ftp
wget
VirusTotal
Malware
Check memory
Creates executable files
unpack itself
3.4
M
47
ZeroCERT
43956
2024-04-19 13:29
fud_new.exe
f6ee2a295cd2ba584f9a363ade3d55b3
Generic Malware
Malicious Library
UPX
PE File
PE32
OS Processor Check
VirusTotal
Malware
unpack itself
2.4
M
55
ZeroCERT
43957
2024-04-19 13:31
Tartare.chm
4628fc5e0e20cb90631610d009397de2
Suspicious_Script_Bin
AntiDebug
AntiVM
Code Injection
Check memory
crashed
1.4
M
ZeroCERT
43958
2024-04-19 13:34
DisabilityCharge.exe
7def16e0ceea0ad69d53e0e636541dd9
NSIS
Suspicious_Script_Bin
Generic Malware
Hide_EXE
Downloader
Malicious Library
UPX
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Hijack Network
Sniff Audio
HTTP
DNS
Code injection
Internet API
persistence
FTP
Ke
VirusTotal
Malware
suspicious privilege
Code Injection
Check memory
Checks debugger
WMI
Creates executable files
unpack itself
Windows utilities
suspicious process
AppData folder
malicious URLs
sandbox evasion
WriteConsoleW
Windows
ComputerName
1
Info
×
WnPTaVSLwChHmHUZLZbxxYzryHGcJ.WnPTaVSLwChHmHUZLZbxxYzryHGcJ()
8.0
M
27
ZeroCERT
43959
2024-04-19 13:35
file.pdf.lnk
63b1480d095ac1f3c72d8042b353003b
Client SW User Data Stealer
browser
info stealer
Generic Malware
Google
Chrome
User Data
Downloader
Antivirus
Malicious Library
UPX
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Sniff Audio
HTTP
DNS
Code injection
Browser Info Stealer
VirusTotal
Malware
powershell
suspicious privilege
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
heapspray
Creates shortcut
Creates executable files
RWX flags setting
exploit crash
unpack itself
powershell.exe wrote
Check virtual network interfaces
suspicious process
AppData folder
malicious URLs
WriteConsoleW
installed browsers check
Interception
Windows
Exploit
Browser
ComputerName
DNS
Cryptographic key
crashed
2
Keyword trend analysis
×
Info
×
http://93.190.140.76/putty.msi
http://93.190.140.76/SA160.pdf
1
Info
×
93.190.140.76 - malware
3
Info
×
ET INFO Dotted Quad Host PDF Request
ET POLICY PE EXE or DLL Windows file download HTTP
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
18.2
M
21
ZeroCERT
43960
2024-04-19 13:35
Uni400uni.exe
e1d8325b086f91769120381b78626e2e
Malicious Library
UPX
PE64
PE File
OS Processor Check
VirusTotal
Malware
PDB
suspicious privilege
Check memory
Checks debugger
unpack itself
2.4
M
39
ZeroCERT
43961
2024-04-19 13:37
kraxe
2ed40ba18d004720cc8522dfafdd8309
AntiDebug
AntiVM
wget
VirusTotal
Email Client Info Stealer
Malware
Code Injection
Check memory
Checks debugger
unpack itself
installed browsers check
Browser
Email
3.6
M
9
ZeroCERT
43962
2024-04-19 13:40
keepvid-pro_full2578.exe
2627387eb5495186ee3850fdc0b2ebde
Generic Malware
Malicious Library
Malicious Packer
UPX
PE64
PE File
DllRegisterServer
dll
OS Processor Check
VirusTotal
Malware
crashed
1.4
M
49
ZeroCERT
43963
2024-04-20 09:02
dfwa.exe
0140fe9c5aa4fe45892db68bbbd3c2a9
Malicious Library
VMProtect
PE File
PE32
VirusTotal
Malware
unpack itself
2.4
M
36
ZeroCERT
43964
2024-04-20 09:03
TransactionSummary_91002004983...
055e5476942818329e232d273578a1c3
AgentTesla
Generic Malware
Malicious Library
UPX
Antivirus
PWS
SMTP
KeyLogger
AntiDebug
AntiVM
PE File
.NET EXE
PE32
OS Processor Check
Browser Info Stealer
VirusTotal
Email Client Info Stealer
Malware
suspicious privilege
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
WMI
Creates shortcut
unpack itself
Check virtual network interfaces
suspicious process
WriteConsoleW
IP Check
Tofsee
Windows
Browser
Email
ComputerName
DNS
Cryptographic key
crashed
keylogger
2
Keyword trend analysis
×
Info
×
http://ip-api.com/line/?fields=hosting
https://api.ipify.org/
4
Info
×
api.ipify.org(172.67.74.152)
ip-api.com(208.95.112.1)
104.26.13.205
208.95.112.1
4
Info
×
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
ET POLICY External IP Lookup ip-api.com
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
15.4
M
53
ZeroCERT
43965
2024-04-20 09:04
build.exe
86956574d8364f5e6062a23189458eb2
Generic Malware
Malicious Library
UPX
PE File
PE32
OS Processor Check
VirusTotal
Malware
unpack itself
crashed
1.8
M
27
ZeroCERT
First
Previous
2931
2932
2933
2934
2935
2936
2937
2938
2939
2940
Next
Last
Total : 48,322cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword