Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
43966	2024-04-20 09:06	070.exe ad4d59f67896456294dbc19e6aa0f92a Emotet Gen1 Generic Malware Malicious Library Confuser .NET UPX PE File PE32 MZP Format DllRegisterServer dll DLL OS Processor Check PE64 VirusTotal Malware Checks debugger Creates executable files unpack itself AppData folder Windows ComputerName crashed					3.6	M	17	ZeroCERT

43967	2024-04-20 09:41	clip64.dll 726cd06231883a159ec1ce28dd538699 Amadey Generic Malware Malicious Library UPX PE File DLL PE32 OS Processor Check VirusTotal Malware Malicious Traffic Checks debugger unpack itself DNS	1 Keyword trend analysis	1	1	1	3.6	M	56	ZeroCERT

43968	2024-04-20 09:41	random.exe 47c3491d805349f03578f6ac3e0bda01 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check Browser Info Stealer VirusTotal Malware MachineGuid Code Injection Check memory Checks debugger exploit crash installed browsers check Exploit Browser crashed					4.6		24	ZeroCERT

43969	2024-04-20 09:43	cred64.dll 15a42d3e4579da615a384c717ab2109b Amadey Generic Malware Malicious Library UPX Antivirus PE64 PE File DLL OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency PDB suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger Creates shortcut unpack itself Windows utilities suspicious process sandbox evasion installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software	1 Keyword trend analysis	1	1	1	9.8	M	54	ZeroCERT

43970	2024-04-20 09:51	arswin.exe e6644612cd418d35b558ad934e5a46d6 NSIS Generic Malware Suspicious_Script_Bin Malicious Library Malicious Packer UPX PE File PE32 AutoRuns Check memory Creates executable files Windows utilities Check virtual network interfaces AppData folder Windows DNS		2			4.6			ZeroCERT

43971	2024-04-20 16:23	.audiodg.exe fc030e6077d1a645b2bb1e0d77cc778d Malicious Library Admin Tool (Sysinternals etc ...) .NET framework(MSIL) PE File ftp .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself					2.0	M	57	guest

43972	2024-04-21 10:09	file300un.exe 15ce9e885610d5b85500ea0d139f6d21 Malicious Library UPX PE64 PE File OS Processor Check VirusTotal Malware PDB Check memory Checks debugger unpack itself					1.6		18	ZeroCERT

43973	2024-04-21 10:09	IEnetworkings.html 42d96a63fe345fe4a01752e1dcb06d1d AntiDebug AntiVM MSOffice File VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed			2		4.4		10	ZeroCERT

43974	2024-04-21 10:12	List.exe dc8d248871407e4f43d71c3c65aad4cd Themida Packer PE64 PE File VirusTotal Malware Windows crashed					2.2		27	ZeroCERT

43975	2024-04-21 10:13	Uni400uni.exe dfe244414c8461175241ce54707eb6b6 Malicious Library UPX PE64 PE File OS Processor Check VirusTotal Malware PDB Check memory Checks debugger unpack itself					2.2	M	41	ZeroCERT

43976	2024-04-21 12:46	linda.exe 2f4a897cb286ae032e1bb8dfb82747ea Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB unpack itself					2.0	M	33	ZeroCERT

43977	2024-04-21 12:47	.hta c4c06bc09d5d07d8abdb074e80806d07 Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM PowerShell VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key	2 Keyword trend analysis	1	1		11.4	M	24	ZeroCERT

43978	2024-04-21 12:49	AppGate2103v01_16.exe cb4118382e3f97f0db04938a4e31e3e1 PE64 PE File unpack itself Windows Remote Code Execution crashed					3.0	M		ZeroCERT

43979	2024-04-21 12:51	loadme.exe efc57ed49a29d9c43f780ac57d9383ea Generic Malware Malicious Library Downloader Admin Tool (Sysinternals etc ...) Malicious Packer UPX PE File PE32 PE64 Malware download VirusTotal Cryptocurrency Miner Malware Cryptocurrency AutoRuns Malicious Traffic Checks debugger Creates executable files ICMP traffic Disables Windows Security AppData folder Windows Update DNS	4 Keyword trend analysis	26 Info www.update.microsoft.com(20.109.209.108) 5.255.18.13 61.227.164.121 46.70.121.246 176.209.45.51 41.199.184.238 2.185.42.54 185.215.113.66 - malware 188.212.64.50 85.185.13.69 86.62.3.134 37.151.144.37 216.107.138.162 20.72.235.82 189.232.95.219 2.182.213.119 2.178.158.240 196.175.1.52 189.173.87.167 176.113.245.27 187.235.186.245 151.233.81.251 176.108.77.174 128.65.176.18 92.124.152.236 92.46.250.202	7 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 32 ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET POLICY Cryptocurrency Miner Checkin	3	12.4	M	39	ZeroCERT

43980	2024-04-21 12:51	setup294.exe 5692160ae59475de12a720b8f3f0fbaf Generic Malware Malicious Library UPX PE File PE32 OS Processor Check DLL VirusTotal Malware PDB unpack itself suspicious process AppData folder Remote Code Execution DNS		1	1		3.4	M	33	ZeroCERT