Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
45841	2024-07-07 18:48	qwerty.ps1 b099d0ec774fccc05b662d86eaba027a Hide_EXE Generic Malware Malicious Packer UPX Antivirus AntiDebug AntiVM PE File PE32 VirusTotal Malware powershell Buffer PE Code Injection Check memory buffers extracted heapspray Creates executable files RWX flags setting unpack itself powershell.exe wrote malicious URLs WriteConsoleW Windows crashed	4 Keyword trend analysis	2	2	2	10.0	M	29	ZeroCERT

45842	2024-07-07 18:50	offic%E8%A1%A8%E6%A0%BCluck.ex... 06592a8ca068935d98a5ada152e3393d UPX PE File PE64 VirusTotal Malware Remote Code Execution					2.6	M	49	ZeroCERT

45843	2024-07-07 18:53	UGcLEmRAhjNb.exe f2a5c7e8313862aca9b7a6314ca73f3a Generic Malware Malicious Library Malicious Packer UPX PE File PE64 DllRegisterServer dll OS Processor Check VirusTotal Malware crashed					1.4		48	ZeroCERT

45844	2024-07-07 18:55	buildj.exe 7debc473f9ec83c3d000a57466eab9b2 Vidar Generic Malware Malicious Library Antivirus UPX AntiDebug AntiVM PE File PE32 OS Processor Check FTP Client Info Stealer VirusTotal Malware Telegram MachineGuid Code Injection Malicious Traffic Check memory WMI unpack itself Windows utilities Collect installed applications suspicious process AppData folder sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser ComputerName DNS Software	3 Keyword trend analysis	5	3	1	11.0	M	58	ZeroCERT

45845	2024-07-07 18:57	ghjkl.exe a2a9c309c5300a53d2c2fc41b71b174b Malicious Library .NET framework(MSIL) PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself ComputerName					2.6	M	55	ZeroCERT

45846	2024-07-07 18:59	SERVE.vbs 3c12d58060963c9a6190f3803d0bc6fe VirusTotal Malware VBScript wscript.exe payload download DNS crashed Dropper	1 Keyword trend analysis	1			10.0	M	7	ZeroCERT

45847	2024-07-07 19:03	2EU.file.exe f7ea17cd71f263659d0ee0b82a95fbaf Malicious Library UPX PE File PE64 ftp OS Processor Check VirusTotal Malware PDB					0.6		2	ZeroCERT

45848	2024-07-07 19:04	UNIQ.file.exe 16fcba4c603655fca5f10157dd6d360f Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName					6.4		53	ZeroCERT

45849	2024-07-07 19:05	inte.exe cd0fd465ea4fd58cf58413dda8114989 Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself					2.4		64	ZeroCERT

45850	2024-07-07 19:07	amadka.exe 29af55c68d51c9ef3c35850bec56664d Amadey Admin Tool (Sysinternals etc ...) Anti_VM PE File PE32 Malware download Amadey VirusTotal Malware AutoRuns Malicious Traffic Checks debugger unpack itself Checks Bios Detects VMWare AppData folder VMware anti-virtualization Windows DNS crashed	3 Keyword trend analysis	2	2	1	11.0	M	55	ZeroCERT

45851	2024-07-07 19:11	go.exe d1a881d79ea584b074ae23f9279c5bd0 Generic Malware Malicious Library UPX AntiDebug AntiVM PE File PE32 OS Processor Check MSOffice File VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed	8 Keyword trend analysis Info https://www.google.com/favicon.ico https://accounts.google.com/generate_204?w4ag3w https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AdF4I74pC9xrfzbndeH-N6NOflXq1MjzJIxNFee4-gZlSvToqsOXxF3zsbE0AhE66RpXdgwWsyVz&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S-1023031012%3A1720346845031034 https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F https://accounts.google.com/_/bscframe https://accounts.google.com/ https://ssl.gstatic.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=AdF4I76Y3NkKUEH3PqSbeNYT6o-AmZa8Isqhy7dbwEu3iufOXcI9DiOb9Rvo_KyAQWxTR7znvW1X-w	6	1		6.4		44	ZeroCERT

45852	2024-07-07 19:11	63vN2.txt.vbs dc087d53594631d1aaa5a22d4b98029f Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	1	1		6.8		21	ZeroCERT

45853	2024-07-07 19:25	er.er.er.erererere.doC 0028cb11338cbdfd81985d00fa9bf282 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Exploit DNS crashed	1 Keyword trend analysis	2			5.6		39	ZeroCERT

45854	2024-07-07 19:26	EU.file.exe 84d89662f4329f2fa4a36cfd32974eef Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware Remote Code Execution					2.2	M	63	ZeroCERT

45855	2024-07-08 07:52	PACKAGE_DEMO.exe e450ca946d4bf6173ebe3f00c3d08d81 Generic Malware Malicious Library Malicious Packer UPX PE File PE64 OS Processor Check Browser Info Stealer Malware download VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency Check memory Creates shortcut Collect installed applications sandbox evasion IP Check installed browsers check Tofsee Ransomware MeduzaStealer Stealer Browser Email ComputerName Trojan Banking DNS		3	8 Info ET INFO TLS Handshake Failure ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2 ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP) SURICATA Applayer Protocol detection skipped		11.8	M	56	ZeroCERT