Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
44296
2024-05-14 10:33
micromzx.scr
b8513db1bf7a880432df0f6c4952f9df
AgentTesla
Malicious Library
.NET framework(MSIL)
UPX
PWS
SMTP
KeyLogger
AntiDebug
AntiVM
PE File
ftp
.NET EXE
PE32
Browser Info Stealer
FTP Client Info Stealer
VirusTotal
Email Client Info Stealer
Malware
Buffer PE
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
Check virtual network interfaces
IP Check
Tofsee
Windows
Browser
Email
ComputerName
DNS
Software
crashed
keylogger
1
Keyword trend analysis
×
Info
×
https://api.ipify.org/
2
Info
×
api.ipify.org(104.26.12.205)
104.26.13.205
3
Info
×
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
12.2
M
25
ZeroCERT
44297
2024-05-15 09:13
beautifulthingstobegreatwithgr...
2007140a415ec02159c11eee5bac1dfd
MS_RTF_Obfuscation_Objects
RTF File
doc
VirusTotal
Malware
Malicious Traffic
RWX flags setting
exploit crash
Tofsee
Exploit
DNS
crashed
2
Keyword trend analysis
×
Info
×
http://192.3.111.153/nmo/imagesoftherosearebeautiful.jpg
https://paste.ee/d/w7yvh
3
Info
×
paste.ee(172.67.187.200) - mailcious
172.67.187.200 - mailcious
192.3.111.153 - mailcious
2
Info
×
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
4.2
M
32
ZeroCERT
44298
2024-05-15 09:13
univ.exe
6c0285eefe2804e725422c8c0fe61149
Generic Malware
Malicious Library
UPX
PE File
PE32
OS Processor Check
VirusTotal
Malware
suspicious privilege
Malicious Traffic
WMI
Windows utilities
suspicious process
AppData folder
WriteConsoleW
Windows
ComputerName
DNS
1
Keyword trend analysis
×
Info
×
http://185.172.128.90/cpa/name.php
1
Info
×
185.172.128.90 - mailcious
1
Info
×
ET DROP Spamhaus DROP Listed Traffic Inbound group 32
5.8
36
ZeroCERT
44299
2024-05-15 09:15
univ.exe
9b9b6eed588a5f1c17864c641aaf22d3
Generic Malware
Malicious Library
UPX
PE File
PE32
OS Processor Check
VirusTotal
Malware
Remote Code Execution
2.0
M
33
ZeroCERT
44300
2024-05-15 09:19
21372AA119DAB62FF66C4E6CE179C8...
1f68fe6fc999460d808a243a15232611
Generic Malware
Malicious Library
UPX
PE File
PE32
OS Processor Check
VirusTotal
Malware
Remote Code Execution
1.8
M
29
ZeroCERT
44301
2024-05-15 09:20
060.exe
154243bf5a1b7f1e59e747136827f5b8
Emotet
Gen1
Generic Malware
Malicious Library
UPX
PE File
PE32
MZP Format
DllRegisterServer
dll
OS Processor Check
PE64
DLL
ftp
VirusTotal
Malware
Checks debugger
Creates executable files
unpack itself
AppData folder
Windows
ComputerName
crashed
3.6
M
11
ZeroCERT
44302
2024-05-16 07:25
file200un.exe
8a763f29a240bb422973b6d3c8ea2324
Generic Malware
Malicious Library
UPX
Antivirus
PE64
PE File
OS Processor Check
PowerShell
VirusTotal
Malware
Buffer PE
suspicious privilege
MachineGuid
Check memory
Checks debugger
buffers extracted
Creates shortcut
unpack itself
suspicious process
Windows
ComputerName
Cryptographic key
4.4
M
19
ZeroCERT
44303
2024-05-16 07:25
pub11.exe
879254e27447aa757455bfe4811f6da3
Generic Malware
Malicious Library
PE File
PE32
VirusTotal
Malware
1.8
M
35
ZeroCERT
44304
2024-05-16 07:27
installer.exe
611a4246c5aabf1594344d7bd3fccb4c
Malicious Library
UPX
PE File
.NET EXE
PE32
VirusTotal
Malware
Check memory
Checks debugger
unpack itself
2.0
M
42
ZeroCERT
44305
2024-05-16 07:27
888.exe
0e71dd615925094d6b40a76280bb2ea1
Malicious Library
UPX
PE File
PE32
VirusTotal
Malware
Check memory
Checks debugger
unpack itself
crashed
2.2
37
ZeroCERT
44306
2024-05-16 07:29
univ.exe
d221456c3724a8ae84d820c0d0afcbd0
Generic Malware
Malicious Library
PE File
PE32
VirusTotal
Malware
1.6
26
ZeroCERT
44307
2024-05-16 07:29
spoolsv.exe
986a048eb1d47acb95947bc2591d1e9d
Malicious Library
Malicious Packer
.NET framework(MSIL)
PE File
.NET EXE
PE32
VirusTotal
Malware
Check memory
Checks debugger
unpack itself
2.4
49
ZeroCERT
44308
2024-05-16 07:34
kub54.exe
f5db5ea5dc2a7675f2060a03dc46b49a
Generic Malware
Malicious Library
PE File
PE32
VirusTotal
Malware
1.4
M
35
ZeroCERT
44309
2024-05-16 07:34
build.exe
46cc1157f7333d7473e18467dfdad3ff
Gen1
Generic Malware
Malicious Library
UPX
Antivirus
Malicious Packer
Anti_VM
PE64
PE File
DLL
OS Processor Check
ftp
wget
VirusTotal
Malware
Check memory
Creates executable files
unpack itself
3.0
32
ZeroCERT
44310
2024-05-16 07:34
univ.exe
86175aba72dcc18e8665fc8bb23a92af
Generic Malware
Malicious Library
UPX
PE File
PE32
OS Processor Check
VirusTotal
Malware
suspicious privilege
Malicious Traffic
WMI
Windows utilities
suspicious process
AppData folder
WriteConsoleW
Windows
ComputerName
DNS
1
Keyword trend analysis
×
Info
×
http://185.172.128.90/cpa/name.php
1
Info
×
185.172.128.90 - mailcious
1
Info
×
ET DROP Spamhaus DROP Listed Traffic Inbound group 32
5.4
40
ZeroCERT
First
Previous
2951
2952
2953
2954
2955
2956
2957
2958
2959
2960
Next
Last
Total : 48,320cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword