Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
46096
2024-07-18 08:29
appmodedrivme.exe
ffe6422dff4cbe7efdbd7ac4983504d4
Malicious Library
.NET framework(MSIL)
PE File
ftp
.NET EXE
PE32
Check memory
Checks debugger
unpack itself
ComputerName
1.4
ZeroCERT
46097
2024-07-18 08:31
LuckySetup.exe
0384b1d87ff3be1c490657a34233dc9d
Gen1
Generic Malware
Malicious Library
Malicious Packer
UPX
Antivirus
.NET framework(MSIL)
PE File
PE32
MZP Format
OS Processor Check
DLL
.NET DLL
.NET EXE
Lnk Format
GIF Format
PE64
VirusTotal
Malware
suspicious privilege
Check memory
Checks debugger
Creates shortcut
Creates executable files
unpack itself
AppData folder
AntiVM_Disk
VM Disk Size Check
installed browsers check
Browser
ComputerName
crashed
5.8
11
ZeroCERT
46098
2024-07-18 10:51
4c12d617aa51bb0c0108242da6aa00...
4c12d617aa51bb0c0108242da6aa0071
VBA_macro
Word 2007 file format(docx)
ZIP Format
VirusTotal
Malware
1.6
25
ZeroCERT
46099
2024-07-18 10:52
attachment.docm
8783d7173dbdfd95f05501fa9a20e46f
VBA_macro
Word 2007 file format(docx)
ZIP Format
Vulnerability
VirusTotal
Malware
unpack itself
suspicious process
WriteConsoleW
1
Keyword trend analysis
×
Info
×
http://koreaillmin.mypressonline.com/file/upload/list.php?query=1
5.6
25
ZeroCERT
46100
2024-07-18 10:53
design.docm
46b1a7d4befaf02eda1938d50ea8c488
VBA_macro
AntiDebug
AntiVM
Word 2007 file format(docx)
ZIP Format
Lnk Format
GIF Format
VirusTotal
Malware
VBScript
Code Injection
Check memory
wscript.exe payload download
Creates shortcut
Creates executable files
RWX flags setting
exploit crash
unpack itself
suspicious process
Exploit
DNS
crashed
Dropper
1
Keyword trend analysis
×
Info
×
http://koreaillmin.mypressonline.com/file/upload/list.php?query=1
2
Info
×
koreaillmin.mypressonline.com(185.176.43.98)
185.176.43.98 - mailcious
1
Info
×
ET INFO Observed Free Hosting Domain (mypressonline .com) in DNS Lookup
10.0
23
ZeroCERT
46101
2024-07-18 10:54
7ebfba0b98c135481c14db1c2f2da4...
7ebfba0b98c135481c14db1c2f2da484
VBA_macro
AntiDebug
AntiVM
Word 2007 file format(docx)
ZIP Format
Lnk Format
GIF Format
VirusTotal
Malware
VBScript
Code Injection
Check memory
wscript.exe payload download
Creates shortcut
Creates executable files
exploit crash
unpack itself
suspicious process
Exploit
DNS
crashed
Dropper
1
Keyword trend analysis
×
Info
×
http://koreaillmin.mypressonline.com/file/upload/list.php?query=1
2
Info
×
koreaillmin.mypressonline.com(185.176.43.98)
185.176.43.98 - mailcious
1
Info
×
ET INFO Observed Free Hosting Domain (mypressonline .com) in DNS Lookup
10.0
23
ZeroCERT
46102
2024-07-18 10:54
4c12d617aa51bb0c0108242da6aa00...
4c12d617aa51bb0c0108242da6aa0071
VBA_macro
Word 2007 file format(docx)
ZIP Format
Vulnerability
VirusTotal
Malware
unpack itself
suspicious process
WriteConsoleW
1
Keyword trend analysis
×
Info
×
http://koreaillmin.mypressonline.com/file/upload/list.php?query=1
5.6
25
ZeroCERT
46103
2024-07-18 10:58
Joint working group.pdf.chm
b445f85edab25e9216874ca8cad0efb5
AntiDebug
AntiVM
CHM Format
VirusTotal
Malware
AutoRuns
MachineGuid
Code Injection
Check memory
RWX flags setting
unpack itself
Windows utilities
suspicious process
Windows
4.0
6
ZeroCERT
46104
2024-07-18 11:09
bin.ps1
d7f49d9cb663a5aab495beb612a8e415
Generic Malware
Antivirus
VirusTotal
Malware
suspicious privilege
Check memory
Checks debugger
Creates shortcut
Creates executable files
unpack itself
suspicious process
WriteConsoleW
Windows
ComputerName
Cryptographic key
5.0
22
ZeroCERT
46105
2024-07-18 11:12
逾期发票 5453909172 Overdue Invoic...
7c828476742a70dc25a084ffe5719998
Generic Malware
Malicious Library
.NET framework(MSIL)
Antivirus
PE File
.NET EXE
PE32
powershell
suspicious privilege
Check memory
Checks debugger
Creates shortcut
unpack itself
powershell.exe wrote
suspicious process
WriteConsoleW
Windows
ComputerName
Cryptographic key
4.6
ZeroCERT
46106
2024-07-18 11:14
wdeigthseven.vbs
3013532d03b160b1e9ef47e783317580
Generic Malware
Antivirus
PowerShell
VirusTotal
Malware
VBScript
powershell
suspicious privilege
Check memory
Checks debugger
wscript.exe payload download
Creates shortcut
unpack itself
Check virtual network interfaces
suspicious process
WriteConsoleW
Tofsee
Windows
ComputerName
DNS
Cryptographic key
Dropper
2
Keyword trend analysis
×
Info
×
https://pastecode.dev/raw/6l7qjjrz/paste1.txt - rule_id: 41177
https://ia803405.us.archive.org/16/items/new_image_202406/new_image.jpg
4
Info
×
pastecode.dev(172.66.43.27) - mailcious
ia803405.us.archive.org(207.241.232.195) - mailcious
172.66.43.27 - mailcious
207.241.232.195 - mailcious
3
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO Pastebin-like Service Domain in DNS Lookup (pastecode .dev)
ET INFO Observed Pastebin-like Service Domain (pastecode .dev) in TLS SNI
1
Info
×
https://pastecode.dev/raw/6l7qjjrz/paste1.txt
10.0
M
4
ZeroCERT
46107
2024-07-18 11:16
6697dafdd90a3_crypted.exe#1
b511a938c3da1d394dadd5c5c67bb48b
Generic Malware
Malicious Library
UPX
PE File
PE32
OS Processor Check
VirusTotal
Malware
unpack itself
crashed
2.2
M
40
ZeroCERT
46108
2024-07-18 11:18
66979a57f071c_otraba.exe#kisot...
b00510d3aa8bebcace517ac6cf2f1138
Malicious Library
.NET framework(MSIL)
UPX
ScreenShot
AntiDebug
AntiVM
PE File
.NET EXE
PE32
VirusTotal
Malware
PDB
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
8.8
M
31
ZeroCERT
46109
2024-07-18 23:00
FAKE BTC SENDER zip.exe
3a7da416e0ed02e02fa874f3ae09e9a2
North Korea
RedLine Infostealer
RedLine stealer
RedlineStealer
Generic Malware
Malicious Library
WinRAR
UPX
.NET framework(MSIL)
Malicious Packer
PE File
PE32
OS Processor Check
DLL
.NET DLL
.NET EXE
VirusTotal
Malware
PDB
Check memory
Checks debugger
Creates executable files
RWX flags setting
unpack itself
Check virtual network interfaces
Windows
Remote Code Execution
DNS
Cryptographic key
1
Info
×
80.92.206.111 - malware
6.0
48
guest
46110
2024-07-19 12:53
66990947b9f24_crypted.exe#1
ae74c6d6ed392c35afafedfc9316d163
Generic Malware
Malicious Library
UPX
PE File
PE32
OS Processor Check
VirusTotal
Malware
unpack itself
crashed
2.2
46
ZeroCERT
First
Previous
3071
3072
3073
3074
3075
3076
3077
3078
3079
3080
Next
Last
Total : 48,230cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword