Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
44776
2021-06-05 21:42
inst77player_1.0.0.1.exe
5c71794e0bfd811534ff4117687d26e2
PE File
PE32
DLL
Check memory
Creates executable files
unpack itself
AppData folder
2.0
ZeroCERT
44777
2021-06-05 12:41
http://111.251.36.166
AgentTesla
DGA
DNS
Socket
Create Service
Sniff Audio
HTTP
Escalate priviledges
KeyLogger
FTP
Hijack Network
Code injection
Http API
Internet API
Steal credential
ScreenShot
Downloader
P2P
persistence
AntiDebug
AntiVM
PNG Format
MSOffice File
JPEG Format
Code Injection
RWX flags setting
exploit crash
unpack itself
Windows utilities
malicious URLs
Tofsee
Windows
Exploit
DNS
crashed
1
Info
×
111.251.36.166
2
Info
×
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
5.8
guest
44778
2021-06-05 11:05
teta-089.exe
dcf27acafb4a26ac3d198482a0ddc846
Anti_VM
Malicious Library
AntiDebug
AntiVM
PE File
.NET EXE
PE32
VirusTotal
Malware
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
7.2
M
21
ZeroCERT
44779
2021-06-05 11:03
a.dot
6da2c4e91c3afddf10f7f9cce9836638
RTF File
doc
AntiDebug
AntiVM
Malware download
VirusTotal
Malware
MachineGuid
Check memory
exploit crash
unpack itself
Windows
Exploit
crashed
Downloader
1
Keyword trend analysis
×
Info
×
http://papaya.gotdns.ch/pawpaw/afo.exe
4
Info
×
ararat.mangospot.net(185.140.53.216) - mailcious
papaya.gotdns.ch(23.95.122.53) - mailcious
23.95.122.53 - mailcious
185.140.53.216 - mailcious
2
Info
×
ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
ET POLICY PE EXE or DLL Windows file download HTTP
4.8
M
25
ZeroCERT
44780
2021-06-05 11:01
afo.docx
92bd8363f47010e0cd7cc0a4a932b732
RTF File
doc
Malware download
VirusTotal
Malware
Malicious Traffic
exploit crash
unpack itself
Windows
Exploit
crashed
Downloader
4
Keyword trend analysis
×
Info
×
http://bit.do/fQXx3
http://23.95.122.53/pawpaw/a.dot
http://papaya.gotdns.ch/pawpaw/afo.exe
http://bit.do/
6
Info
×
bit.do(54.83.52.76) - mailcious
ararat.mangospot.net(185.140.53.216) - mailcious
papaya.gotdns.ch(23.95.122.53) - mailcious
23.95.122.53 - mailcious
54.83.52.76 - suspicious
185.140.53.216 - mailcious
3
Info
×
ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Possible RTF File With Obfuscated Version Header
4.4
M
6
ZeroCERT
44781
2021-06-05 11:00
afo.exe
f6dccd16da5a8415c2f64ad72aa76068
AsyncRAT
backdoor
PWS
.NET framework
Admin Tool (Sysinternals
Devolutions inc)
Anti_VM
Malicious Library
DNS
SMTP
AntiDebug
AntiVM
PE File
.NET EXE
PE32
VirusTotal
Malware
Buffer PE
AutoRuns
PDB
suspicious privilege
MachineGuid
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
Windows utilities
suspicious process
WriteConsoleW
human activity check
Windows
ComputerName
DNS
Cryptographic key
2
Info
×
ararat.mangospot.net(185.140.53.216) - mailcious
185.140.53.216 - mailcious
15.8
M
33
ZeroCERT
44782
2021-06-05 10:58
yes-229.exe
dcf27acafb4a26ac3d198482a0ddc846
Anti_VM
Malicious Library
AntiDebug
AntiVM
PE File
.NET EXE
PE32
VirusTotal
Malware
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
8.2
M
21
ZeroCERT
44783
2021-06-05 10:58
u.wbk
b5d26ba8cc8b2b0fc069698577133fef
RTF File
doc
AntiDebug
AntiVM
Malware download
VirusTotal
Malware
MachineGuid
Checks debugger
exploit crash
unpack itself
Windows
Exploit
DNS
crashed
Downloader
1
Keyword trend analysis
×
Info
×
http://papaya.gotdns.ch/pawpaw/uwa.exe
2
Info
×
papaya.gotdns.ch(23.95.122.53) - mailcious
23.95.122.53 - mailcious
2
Info
×
ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
ET POLICY PE EXE or DLL Windows file download HTTP
4.4
M
29
ZeroCERT
44784
2021-06-05 10:56
afo.exe
f6dccd16da5a8415c2f64ad72aa76068
AsyncRAT
backdoor
PWS
.NET framework
Admin Tool (Sysinternals
Devolutions inc)
Anti_VM
Malicious Library
DNS
SMTP
AntiDebug
AntiVM
PE File
.NET EXE
PE32
VirusTotal
Malware
Buffer PE
AutoRuns
PDB
suspicious privilege
MachineGuid
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
Windows utilities
suspicious process
WriteConsoleW
human activity check
Windows
ComputerName
Cryptographic key
2
Info
×
ararat.mangospot.net(185.140.53.216) - mailcious
185.140.53.216 - mailcious
15.2
M
33
ZeroCERT
44785
2021-06-05 10:56
uwa.exe
fe29a7011c5da172c6686eb9efcd4532
PWS
Loki[b]
Loki[m]
AsyncRAT
backdoor
.NET framework
Admin Tool (Sysinternals
Devolutions inc)
Anti_VM
Malicious Library
DNS
SMTP
Socket
AntiDebug
AntiVM
PE File
.NET EXE
PE32
Browser Info Stealer
VirusTotal
Malware
PDB
suspicious privilege
MachineGuid
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
malicious URLs
installed browsers check
Windows
Browser
DNS
Cryptographic key
10.6
M
39
ZeroCERT
44786
2021-06-05 10:54
scan.exe
a7ecde3c8d8e2cb0d16088971e4dbd96
Gen1
Gen2
PE File
PE64
OS Processor Check
DLL
.NET DLL
VirusTotal
Malware
Check memory
Creates executable files
unpack itself
DNS
3.2
30
ZeroCERT
44787
2021-06-05 10:54
ds2.exe
ccd95be19ccce8766611174bd6183e32
AsyncRAT
backdoor
Malicious Packer
Antivirus
KeyLogger
AntiDebug
AntiVM
PE File
.NET EXE
PE32
powershell
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
Creates shortcut
unpack itself
Disables Windows Security
powershell.exe wrote
suspicious process
Windows
ComputerName
Cryptographic key
10.6
ZeroCERT
44788
2021-06-05 10:51
svchost.exe
c1e7cb2700292ecd0bc4f4b1d718853d
DNS
Socket
Code injection
ScreenShot
AntiDebug
AntiVM
PE File
PE32
VirusTotal
Malware
Buffer PE
AutoRuns
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
WMI
unpack itself
Tofsee
Windows
ComputerName
keylogger
2
Info
×
irc.service-exec.net(195.133.40.24) - malware
195.133.40.24 - malware
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
10.8
M
50
ZeroCERT
44789
2021-06-05 10:51
ana.exe
ed74a72fc3b7510936e9768cbf5d6fca
Admin Tool (Sysinternals
Devolutions inc)
Anti_VM
Malicious Library
PE File
.NET EXE
OS Processor Check
PE32
VirusTotal
Malware
PDB
Check memory
Checks debugger
unpack itself
Windows
DNS
Cryptographic key
3.4
M
45
ZeroCERT
44790
2021-06-05 10:49
KzsAgahE4LzUhnl.exe
57e4c083050dd78285bfb2ec8e74798c
AsyncRAT
backdoor
PWS
.NET framework
Admin Tool (Sysinternals
Devolutions inc)
Anti_VM
Malicious Library
PE File
.NET EXE
PE32
VirusTotal
Malware
PDB
Check memory
Checks debugger
unpack itself
Windows
Cryptographic key
2.6
34
ZeroCERT
First
Previous
2981
2982
2983
2984
2985
2986
2987
2988
2989
2990
Next
Last
Total : 53,369cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword
