Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
45706
2024-07-02 13:49
Update.js
a17403e9e32d19f46d7796f574136b61
VBScript
wscript.exe payload download
Tofsee
crashed
Dropper
1
Keyword trend analysis
×
Info
×
https://vlms.fans.smalladventureguide.com/orderReview
2
Info
×
vlms.fans.smalladventureguide.com(162.252.175.117)
162.252.175.117 - mailcious
2
Info
×
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
10.0
guest
45707
2024-07-02 14:10
Update.js
365d4f4e6ffed01288e0fae6e352e8a5
VBScript
wscript.exe payload download
Tofsee
crashed
Dropper
1
Keyword trend analysis
×
Info
×
https://czvqr.fans.smalladventureguide.com/orderReview
2
Info
×
czvqr.fans.smalladventureguide.com(162.252.175.117) - mailcious
162.252.175.117 - mailcious
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
10.0
guest
45708
2024-07-02 15:45
Content_497179.exe
52070a9adf4787ece9b80af208603030
Generic Malware
NSIS
Malicious Library
UPX
PE File
PE32
OS Processor Check
DLL
BMP Format
Malware
suspicious privilege
Malicious Traffic
Check memory
Checks debugger
Creates executable files
RWX flags setting
unpack itself
AppData folder
sandbox evasion
anti-virtualization
Tofsee
1
Keyword trend analysis
×
Info
×
https://codeonicinc.com/
2
Info
×
codeonicinc.com(104.26.8.6)
104.26.9.6
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
6.6
ZeroCERT
45709
2024-07-02 15:45
C.jpg.exe
b3623c2ff1b7635712d8ff50d58560d2
UPX
PE File
DLL
PE32
VirusTotal
Malware
Checks debugger
unpack itself
crashed
2.8
M
44
r0d
45710
2024-07-02 15:58
Content_497179.exe
52070a9adf4787ece9b80af208603030
Gen1
Generic Malware
NSIS
Malicious Library
UPX
Admin Tool (Sysinternals etc ...)
Malicious Packer
Anti_VM
PE File
PE32
OS Processor Check
DLL
icon
BMP Format
DllRegisterServer
dll
Lnk Format
GIF Format
ftp
Malware
suspicious privilege
Malicious Traffic
Check memory
Checks debugger
Creates shortcut
Creates executable files
RWX flags setting
unpack itself
AppData folder
AntiVM_Disk
sandbox evasion
anti-virtualization
VM Disk Size Check
installed browsers check
Tofsee
Browser
ComputerName
1
Keyword trend analysis
×
Info
×
https://codeonicinc.com/
2
Info
×
codeonicinc.com(104.26.8.6)
172.67.69.54
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
9.2
ZeroCERT
45711
2024-07-02 21:23
FreeArc-0.67-alpha-win32.exe
58d75e3e3002b0769cc9527a87c81e40
NSIS
Malicious Library
UPX
PE File
PE32
BMP Format
DLL
Check memory
Creates executable files
unpack itself
AppData folder
AntiVM_Disk
VM Disk Size Check
2.0
guest
45712
2024-07-02 22:06
FreeArc-0.51-win32.exe
f610dc533e6a1a631d78391705f374e9
Malicious Library
UPX
PE File
PE32
BMP Format
VirusTotal
Malware
Check memory
unpack itself
1.2
6
guest
45713
2024-07-03 07:53
1.exe
a8899bbd6c19faf3ba8afe6f853cbc46
Malicious Library
PE File
PE32
VirusTotal
Malware
Remote Code Execution
1.8
M
28
ZeroCERT
45714
2024-07-03 07:54
InvestmentsBreed.exe
93ca970bf446580ce800feb9c3973304
Generic Malware
Suspicious_Script_Bin
Downloader
Malicious Library
UPX
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Hijack Network
Sniff Audio
HTTP
DNS
Code injection
Internet API
persistence
FTP
KeyLogger
P2P
An
VirusTotal
Malware
suspicious privilege
Code Injection
Check memory
Checks debugger
WMI
Creates executable files
unpack itself
Windows utilities
suspicious process
malicious URLs
WriteConsoleW
Windows
ComputerName
6.8
M
22
ZeroCERT
45715
2024-07-03 07:56
setup.exe
376bda749ff4727c39cbc3868b2e6477
Malicious Library
PE File
PE32
VirusTotal
Malware
Checks debugger
WMI
Creates executable files
RWX flags setting
unpack itself
Checks Bios
anti-virtualization
ComputerName
4.6
M
37
ZeroCERT
45716
2024-07-03 07:58
MicrosoftService.exe
01fd03e1f9ddbeee002267238428ac26
Antivirus
UPX
PE File
.NET EXE
PE32
OS Processor Check
suspicious privilege
MachineGuid
Check memory
Checks debugger
unpack itself
AntiVM_Disk
VM Disk Size Check
Windows
ComputerName
Cryptographic key
2.8
M
ZeroCERT
45717
2024-07-03 07:58
ServerManager.exe
c5b7998c5908e5a4742674dbfda9ffb8
Antivirus
UPX
PE File
.NET EXE
PE32
OS Processor Check
suspicious privilege
MachineGuid
Check memory
Checks debugger
unpack itself
AntiVM_Disk
VM Disk Size Check
Windows
ComputerName
Cryptographic key
2.8
M
ZeroCERT
45718
2024-07-03 08:03
VBDVMGWB.exe
30772bcce9852eb58cf05a75bcdce2f9
Gen1
Generic Malware
Malicious Library
UPX
Malicious Packer
Antivirus
PE File
PE32
DLL
PE64
OS Processor Check
Check memory
Checks debugger
Creates executable files
unpack itself
AntiVM_Disk
VM Disk Size Check
2.6
ZeroCERT
45719
2024-07-03 08:05
wp.exe
140e8ca7a6a6df97fe913af1adad9cbe
AgentTesla
Malicious Library
PWS
SMTP
KeyLogger
AntiDebug
AntiVM
PE File
.NET EXE
PE32
Browser Info Stealer
Email Client Info Stealer
Buffer PE
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
Check virtual network interfaces
Tofsee
Windows
Gmail
Browser
Email
ComputerName
Cryptographic key
crashed
keylogger
2
Info
×
smtp.gmail.com(74.125.23.108)
173.194.174.109
2
Info
×
SURICATA Applayer Detect protocol only one direction
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
12.4
M
ZeroCERT
45720
2024-07-03 08:07
pilnmAc2.6.exe
9929a1a4d2ec5d72c028435c6b71054f
Process Kill
Generic Malware
Suspicious_Script_Bin
Malicious Library
FindFirstVolume
CryptGenKey
UPX
PE File
PE32
Device_File_Check
OS Processor Check
Browser Info Stealer
FTP Client Info Stealer
Email Client Info Stealer
suspicious privilege
Check memory
Checks debugger
buffers extracted
unpack itself
Check virtual network interfaces
IP Check
Tofsee
Windows
Browser
Email
ComputerName
DNS
Cryptographic key
Software
crashed
keylogger
1
Keyword trend analysis
×
Info
×
https://api.ipify.org/
2
Info
×
api.ipify.org(172.67.74.152)
172.67.74.152
3
Info
×
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
7.4
M
ZeroCERT
First
Previous
3041
3042
3043
3044
3045
3046
3047
3048
3049
3050
Next
Last
Total : 48,231cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword