Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
45931
2024-07-10 07:41
1.exe
21cccf69e6aac10cae5b938d7b6c5fd4
Lumma Stealer
UPX
PE File
PE32
VirusTotal
Malware
1.2
51
ZeroCERT
45932
2024-07-10 07:46
wev233v22.exe
f7f9d3c98351d9be736e7aafb3563561
Gen1
Generic Malware
Malicious Library
UPX
Antivirus
Malicious Packer
Anti_VM
PE File
PE64
DLL
OS Processor Check
ftp
wget
VirusTotal
Malware
Check memory
Creates executable files
unpack itself
3.2
M
50
ZeroCERT
45933
2024-07-10 09:52
Update.js
94a69d2789ce8db937bd23160c7cf57b
VBScript
wscript.exe payload download
Tofsee
crashed
Dropper
1
Keyword trend analysis
×
Info
×
https://pyous.parish.chuathuongxot.org/orderReview
2
Info
×
pyous.parish.chuathuongxot.org(23.95.182.12)
23.95.182.12 - mailcious
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
10.0
guest
45934
2024-07-10 09:52
Update2.js
1d07102e4ad699b952201104aca88770
VBScript
wscript.exe payload download
unpack itself
Tofsee
crashed
Dropper
1
Keyword trend analysis
×
Info
×
https://wvgbc.parish.chuathuongxot.org/orderReview
2
Info
×
wvgbc.parish.chuathuongxot.org(23.95.182.12)
23.95.182.12 - mailcious
2
Info
×
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
10.0
guest
45935
2024-07-10 13:39
sostener.vbs
af7ba7e4a9c914e8497936eb7b6ae725
Generic Malware
Antivirus
PowerShell
VBScript
powershell
suspicious privilege
Check memory
Checks debugger
wscript.exe payload download
Creates shortcut
unpack itself
Check virtual network interfaces
suspicious process
WriteConsoleW
Tofsee
Windows
ComputerName
Cryptographic key
Dropper
2
Keyword trend analysis
×
Info
×
https://pastecode.dev/raw/6l7qjjrz/paste1.txt
https://ia803405.us.archive.org/16/items/new_image_202406/new_image.jpg
4
Info
×
pastecode.dev(172.66.43.27)
ia803405.us.archive.org(207.241.232.195) - mailcious
172.66.40.229
207.241.232.195 - mailcious
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
10.0
ZeroCERT
45936
2024-07-10 13:42
rustdesk.exe
05d5f32d7a756924b7480ea0e3a36152
Generic Malware
Malicious Library
WinRAR
UPX
PE File
PE32
OS Processor Check
VirusTotal
Malware
PDB
suspicious privilege
Check memory
Checks debugger
Creates executable files
sandbox evasion
WriteConsoleW
Windows
Remote Code Execution
5.2
M
22
ZeroCERT
45937
2024-07-10 13:43
mg.vbs
8df76af54c38d5d4c2cd9f6d18eedf92
Generic Malware
Antivirus
VirusTotal
Malware
powershell
suspicious privilege
Check memory
Checks debugger
Creates shortcut
unpack itself
Windows utilities
Check virtual network interfaces
suspicious process
WriteConsoleW
Tofsee
Windows
ComputerName
Cryptographic key
4
Info
×
www.almrwad.com(184.171.244.231) - mailcious
www.erp-royal-crown.info(148.251.114.233)
148.251.114.233
184.171.244.231 - mailcious
3
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
SURICATA TLS invalid record type
SURICATA TLS invalid record/traffic
8.2
19
ZeroCERT
45938
2024-07-10 13:45
wh.vbs
23454878fb50859c4849ac2b6e256789
Generic Malware
Antivirus
VirusTotal
Malware
powershell
suspicious privilege
Check memory
Checks debugger
Creates shortcut
unpack itself
Windows utilities
Check virtual network interfaces
suspicious process
WriteConsoleW
Tofsee
Windows
ComputerName
Cryptographic key
4
Info
×
www.almrwad.com(184.171.244.231) - mailcious
www.erp-royal-crown.info(148.251.114.233)
148.251.114.233
184.171.244.231 - mailcious
3
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
SURICATA TLS invalid record type
SURICATA TLS invalid record/traffic
8.4
22
ZeroCERT
45939
2024-07-10 16:10
Plugin_0703.exe.bak
7fb098ac9cc8d730ac0ea7111805a553
Emotet
Gen1
Generic Malware
Malicious Library
UPX
Antivirus
PE File
PE32
CAB
OS Processor Check
DLL
Lnk Format
GIF Format
ZIP Format
AutoRuns
Checks debugger
Creates shortcut
Creates executable files
unpack itself
Windows utilities
Auto service
AntiVM_Disk
sandbox evasion
Firewall state off
VM Disk Size Check
Windows
Browser
ComputerName
Remote Code Execution
7.6
guest
45940
2024-07-10 22:42
4b98d2919533ab614a7571aa0ef7c8...
ad27be427dd7f922143e57fd1fa64f98
Browser Login Data Stealer
Generic Malware
Downloader
Malicious Library
Malicious Packer
UPX
PE File
PE32
OS Processor Check
JPEG Format
VirusTotal
Malware
AutoRuns
Check memory
Creates executable files
unpack itself
suspicious process
AppData folder
Windows
DNS
keylogger
1
Info
×
185.157.162.75 - mailcious
9.2
29
guest
45941
2024-07-10 22:48
4b98d2919533ab614a7571aa0ef7c8...
ad27be427dd7f922143e57fd1fa64f98
Browser Login Data Stealer
Generic Malware
Downloader
Malicious Library
Malicious Packer
UPX
PE File
PE32
OS Processor Check
JPEG Format
VirusTotal
Malware
AutoRuns
Check memory
Creates executable files
unpack itself
suspicious process
AppData folder
Windows
DNS
keylogger
1
Info
×
185.157.162.75 - mailcious
9.8
29
guest
45942
2024-07-11 09:17
ghj.ghj.ghj.ghj.doc
d55328b7b87c986b84e60450453840c1
MS_RTF_Obfuscation_Objects
RTF File
doc
VirusTotal
Malware
RWX flags setting
exploit crash
Exploit
crashed
3.2
34
ZeroCERT
45943
2024-07-11 09:18
gh.gh.gh.ghghghgh.doc
feb6e59fff619a84e6e391a4c95a6650
MS_RTF_Obfuscation_Objects
RTF File
doc
Malware download
VirusTotal
Malware
Malicious Traffic
exploit crash
unpack itself
Tofsee
Exploit
DNS
crashed
3
Keyword trend analysis
×
Info
×
http://139.99.220.222/66266/ucancrosstheflowerbeautiytogetin.gIF
http://198.46.176.133/Upload/vbs.jpeg
https://pastecode.dev/raw/6l7qjjrz/paste1.txt
4
Info
×
pastecode.dev(172.66.43.27) - mailcious
172.66.40.229 - mailcious
198.46.176.133
139.99.220.222
3
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET MALWARE Base64 Encoded MZ In Image
ET MALWARE Malicious Base64 Encoded Payload In Image
4.8
M
40
ZeroCERT
45944
2024-07-11 09:21
a.exe
56fae07d0d9ee560ef2fb4c536868b11
Malicious Library
.NET framework(MSIL)
DNS
AntiDebug
AntiVM
PE File
.NET EXE
PE32
VirusTotal
Malware
Buffer PE
AutoRuns
PDB
suspicious privilege
MachineGuid
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
human activity check
Windows
DNS
DDNS
3
Info
×
maxlogs.webhop.me() - mailcious
newsddawork.3utilities.com(104.243.242.169)
104.243.242.169
2
Info
×
ET POLICY DNS Query to DynDNS Domain *.3utilities .com
ET POLICY DNS Query to DynDNS Domain *.webhop .me
13.4
M
42
ZeroCERT
45945
2024-07-11 09:22
3.exe
293460728c83e7be2fccc67283815c03
Malicious Library
UPX
PE File
PE32
OS Processor Check
VirusTotal
Malware
unpack itself
2.4
M
55
ZeroCERT
First
Previous
3061
3062
3063
3064
3065
3066
3067
3068
3069
3070
Next
Last
Total : 48,231cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword
