Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
46006
2024-07-12 16:00
lumma1207.exe
64ae8807b8359c84c00444c2cbab6236
Generic Malware
Malicious Library
UPX
PE File
PE32
OS Processor Check
VirusTotal
Malware
unpack itself
crashed
2.4
44
ZeroCERT
46007
2024-07-12 16:00
vidar1207.exe
51c75077bca69383b83b1c94c2406e05
Generic Malware
Malicious Library
UPX
PE File
PE32
OS Processor Check
VirusTotal
Malware
unpack itself
crashed
2.4
43
ZeroCERT
46008
2024-07-12 16:00
node.js.exe
9e6ba754b50c865d54a69075a65620ae
Gen1
RedLine stealer
NSIS
Generic Malware
Malicious Library
UPX
Malicious Packer
Obsidium protector
Antivirus
Anti_VM
Javascript_Blob
PE File
PE32
DLL
PE64
OS Processor Check
ftp
VirusTotal
Malware
suspicious privilege
Check memory
Creates executable files
unpack itself
AppData folder
Ransomware
DNS
1
Info
×
194.187.251.115 - mailcious
4.8
M
7
ZeroCERT
46009
2024-07-12 16:01
crosscheckrosefloweronhairbeau...
7921681c6200952fdf2db1a77381ac24
Generic Malware
Antivirus
PowerShell
VirusTotal
Malware
VBScript
powershell
suspicious privilege
Check memory
Checks debugger
wscript.exe payload download
Creates shortcut
unpack itself
Check virtual network interfaces
suspicious process
WriteConsoleW
Tofsee
Windows
ComputerName
Cryptographic key
Dropper
2
Keyword trend analysis
×
Info
×
https://pastecode.dev/raw/6l7qjjrz/paste1.txt - rule_id: 41177
https://ia803405.us.archive.org/16/items/new_image_202406/new_image.jpg
4
Info
×
pastecode.dev(172.66.43.27) - mailcious
ia803405.us.archive.org(207.241.232.195) - mailcious
172.66.40.229 - mailcious
207.241.232.195 - mailcious
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
1
Info
×
https://pastecode.dev/raw/6l7qjjrz/paste1.txt
10.0
M
8
ZeroCERT
46010
2024-07-12 16:02
hm.hm.hm.hmhmhm.doc
84bafe55d9087cdfce20ebdd74b8610f
MS_RTF_Obfuscation_Objects
RTF File
doc
VirusTotal
Malware
Malicious Traffic
exploit crash
unpack itself
Tofsee
Exploit
DNS
crashed
3
Keyword trend analysis
×
Info
×
http://139.99.220.222/55066/crosscheckrosefloweronhairbeauty.gIF
https://pastecode.dev/raw/6l7qjjrz/paste1.txt - rule_id: 41177
https://ia803405.us.archive.org/16/items/new_image_202406/new_image.jpg
5
Info
×
pastecode.dev(172.66.43.27) - mailcious
ia803405.us.archive.org(207.241.232.195) - mailcious
207.241.232.195 - mailcious
172.66.43.27 - mailcious
139.99.220.222 - malware
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
1
Info
×
https://pastecode.dev/raw/6l7qjjrz/paste1.txt
4.6
M
33
ZeroCERT
46011
2024-07-12 16:26
Update.js
aec7249b3d61d42aec7e3723176b5fb5
VBScript
wscript.exe payload download
Tofsee
crashed
Dropper
1
Keyword trend analysis
×
Info
×
https://trw.parish.chuathuongxot.org/orderReview
2
Info
×
trw.parish.chuathuongxot.org(23.95.182.12)
23.95.182.12 - mailcious
2
Info
×
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
10.0
guest
46012
2024-07-12 17:01
Sеtup.exe
56a5cb142c58843c3ed84e02d2af1a2c
Generic Malware
Admin Tool (Sysinternals etc ...)
UPX
PE File
PE32
Browser Info Stealer
VirusTotal
Malware
Malicious Traffic
Check memory
buffers extracted
unpack itself
Collect installed applications
suspicious TLD
anti-virtualization
installed browsers check
Browser
ComputerName
DNS
1
Keyword trend analysis
×
Info
×
http://tzeight8vt.top/v1/upload.php
2
Info
×
tzeight8vt.top(185.251.89.18)
185.251.89.18
2
Info
×
ET DNS Query to a *.top domain - Likely Hostile
ET INFO HTTP Request to a *.top domain
6.6
45
ZeroCERT
46013
2024-07-14 17:45
Trkyzwvg-TG-A.exe
2e12b69ae7aa5d931a6aa3bf554071df
Generic Malware
.NET framework(MSIL)
Antivirus
PE File
.NET EXE
PE32
VirusTotal
Malware
powershell
suspicious privilege
Check memory
Checks debugger
Creates shortcut
unpack itself
powershell.exe wrote
suspicious process
AppData folder
Windows
ComputerName
Cryptographic key
5.4
M
54
ZeroCERT
46014
2024-07-14 17:45
random.dll
f2c158f71dec27759a60227b449e848a
Malicious Library
PE File
DLL
PE32
VirusTotal
Malware
unpack itself
1.4
M
19
ZeroCERT
46015
2024-07-14 17:47
availableresearchpro.exe
73e3c089e5e10d52872ee4f434bd6d23
Gen1
Emotet
Malicious Library
UPX
Malicious Packer
.NET framework(MSIL)
PE File
PE64
CAB
.NET EXE
PE32
VirusTotal
Malware
AutoRuns
PDB
Check memory
Checks debugger
Creates executable files
unpack itself
AppData folder
Windows
ComputerName
Remote Code Execution
5.0
M
51
ZeroCERT
46016
2024-07-14 17:47
build16666.exe
4640faeafa95ce219c649e9f5cbffd75
Generic Malware
Malicious Library
PE File
PE64
VirusTotal
Malware
Check memory
unpack itself
1.8
M
53
ZeroCERT
46017
2024-07-14 17:49
overlay2.exe
276c27a0dde03ec7a01d2ae077a1ec0d
Malicious Library
.NET framework(MSIL)
PE File
.NET EXE
PE32
VirusTotal
Malware
suspicious privilege
Check memory
Checks debugger
unpack itself
Windows
ComputerName
Cryptographic key
3.2
M
62
ZeroCERT
46018
2024-07-14 17:49
TG-Source-2.exe
6cdd7805c45cd8fe70d7ed669060d53c
Generic Malware
Malicious Library
.NET framework(MSIL)
Antivirus
PE File
.NET EXE
PE32
VirusTotal
Malware
suspicious privilege
Check memory
Checks debugger
Creates shortcut
unpack itself
suspicious process
AppData folder
Windows
ComputerName
Cryptographic key
4.4
M
58
ZeroCERT
46019
2024-07-14 17:52
random.dll
0693990c67e447b84f9055a43cf88974
Malicious Library
PE File
DLL
PE32
VirusTotal
Malware
unpack itself
1.4
M
19
ZeroCERT
46020
2024-07-14 17:52
random.exe
233ea23b1c1587f1cf895f08ba6da10b
Malicious Library
UPX
PE File
PE32
OS Processor Check
VirusTotal
Malware
unpack itself
2.4
M
61
ZeroCERT
First
Previous
3061
3062
3063
3064
3065
3066
3067
3068
3069
3070
Next
Last
Total : 48,231cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword