Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
46681
2024-08-05 15:41
herso.exe
fc195e7f832004c004c41441a5658b50
Amadey
Anti_VM
PE File
PE32
Malware
AutoRuns
Malicious Traffic
Checks debugger
unpack itself
Checks Bios
Detects VMWare
AppData folder
VMware
anti-virtualization
Windows
DNS
crashed
1
Keyword trend analysis
×
Info
×
http://185.215.113.19/Vi9leo/index.php - rule_id: 41489
1
Info
×
185.215.113.19 - malware
1
Info
×
ET DROP Spamhaus DROP Listed Traffic Inbound group 33
1
Info
×
http://185.215.113.19/Vi9leo/index.php
8.8
M
ZeroCERT
46682
2024-08-05 15:43
66af31c75d213_123p.exe
3b24971c5fef776db7df10a769f0857a
ftp
PE File
PE64
VirusTotal
Cryptocurrency Miner
Malware
DNS
CoinMiner
2
Info
×
pool.hashvault.pro(125.253.92.50) - mailcious
125.253.92.50
1
Info
×
ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro)
1.8
M
61
ZeroCERT
46683
2024-08-05 15:44
66af531b832ee_main.exe#space
46bb5bf831f8b516b87078f35286a4d6
Stealc
Client SW User Data Stealer
LokiBot
ftp Client
info stealer
Malicious Library
.NET framework(MSIL)
UPX
ASPack
Http API
PWS
HTTP
Code injection
Internet API
AntiDebug
AntiVM
PE File
.NET EXE
PE32
OS Processor Check
FTP Client Info Stealer
VirusTotal
Malware
Telegram
PDB
suspicious privilege
MachineGuid
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
WMI
unpack itself
Windows utilities
Collect installed applications
suspicious process
malicious URLs
sandbox evasion
WriteConsoleW
anti-virtualization
installed browsers check
Tofsee
Windows
Browser
ComputerName
DNS
Software
3
Keyword trend analysis
×
Info
×
https://steamcommunity.com/profiles/76561199747278259 - rule_id: 41798
https://steamcommunity.com/profiles/76561199747278259
https://t.me/armad2a
5
Info
×
t.me(149.154.167.99) - mailcious
steamcommunity.com(184.87.103.42) - mailcious
149.154.167.99 - mailcious
168.119.176.241 - mailcious
184.26.241.154 - mailcious
3
Info
×
ET INFO Observed Telegram Domain (t .me in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
1
Info
×
https://steamcommunity.com/profiles/76561199747278259
16.4
37
ZeroCERT
46684
2024-08-05 15:46
66ade58a5e39e_tgertert.exe
f9e341ea64be4ee1007755cd909aaa8c
Themida Packer
Anti_VM
PE File
PE32
Lnk Format
GIF Format
Malware download
VirusTotal
Malware
AutoRuns
Check memory
Creates shortcut
Creates executable files
unpack itself
Windows utilities
Checks Bios
Detects VirtualBox
Detects VMWare
suspicious process
WriteConsoleW
VMware
anti-virtualization
human activity check
Windows
RisePro
ComputerName
Firmware
DNS
crashed
2
Info
×
77.105.164.24
125.253.92.50
3
Info
×
ET MALWARE [ANY.RUN] RisePro TCP (Token)
ET MALWARE RisePro TCP Heartbeat Packet
ET MALWARE [ANY.RUN] RisePro TCP (Activity)
10.6
M
55
ZeroCERT
46685
2024-08-05 15:48
66af4e35e761b_doz.exe#mene
c7904602501fb4a18a2ceb29d1c7748b
Stealc
Client SW User Data Stealer
LokiBot
ftp Client
info stealer
Malicious Library
.NET framework(MSIL)
UPX
ASPack
Http API
PWS
HTTP
Code injection
Internet API
AntiDebug
AntiVM
PE File
.NET EXE
PE32
OS Processor Check
FTP Client Info Stealer
VirusTotal
Malware
Telegram
PDB
suspicious privilege
MachineGuid
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
WMI
unpack itself
Windows utilities
Collect installed applications
suspicious process
malicious URLs
sandbox evasion
WriteConsoleW
anti-virtualization
installed browsers check
Tofsee
Windows
Browser
ComputerName
DNS
Software
3
Keyword trend analysis
×
Info
×
https://steamcommunity.com/profiles/76561199747278259 - rule_id: 41798
https://steamcommunity.com/profiles/76561199747278259
https://t.me/armad2a
5
Info
×
t.me(149.154.167.99) - mailcious
steamcommunity.com(173.222.146.99) - mailcious
149.154.167.99 - mailcious
168.119.176.241 - mailcious
184.26.241.154 - mailcious
3
Info
×
ET INFO Observed Telegram Domain (t .me in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
1
Info
×
https://steamcommunity.com/profiles/76561199747278259
16.4
M
35
ZeroCERT
46686
2024-08-05 16:27
demo.exe
edf60741d8f0f84ac05c3c3abe96f531
UPX
PE File
PE64
VirusTotal
Malware
unpack itself
DNS
crashed
1
Info
×
152.136.159.25 - malware
4.0
M
50
r0d
46687
2024-08-06 09:10
madamwebwin7MPDW-constraints.v...
d16a594241bdd18814c7c8f184a02210
Generic Malware
Antivirus
Hide_URL
PowerShell
VirusTotal
Malware
powershell
suspicious privilege
Check memory
Checks debugger
Creates shortcut
unpack itself
Check virtual network interfaces
suspicious process
WriteConsoleW
Tofsee
Windows
ComputerName
Cryptographic key
1
Keyword trend analysis
×
Info
×
https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg
2
Info
×
ia803104.us.archive.org(207.241.232.154) - malware
207.241.232.154 - malware
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
7.6
3
ZeroCERT
46688
2024-08-06 09:10
skx111.exe
6ba2c54c1555fb526e9ea5b55811646a
Malicious Library
AntiDebug
AntiVM
PE File
.NET EXE
PE32
VirusTotal
Malware
Buffer PE
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
Windows
Cryptographic key
crashed
8.6
28
ZeroCERT
46689
2024-08-06 09:12
systems.exe
168fd1d2a0af4fdaa019f351fd03204d
Generic Malware
Malicious Library
UPX
PE File
PE64
OS Processor Check
FTP Client Info Stealer
VirusTotal
Malware
Software
1.2
M
2
ZeroCERT
46690
2024-08-06 09:13
kkkk.exe
95a0d897b91d497a0ca545c9ef3d2c37
Generic Malware
Downloader
Malicious Library
UPX
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Hijack Network
Sniff Audio
HTTP
DNS
Code injection
Internet API
persistence
FTP
KeyLogger
P2P
AntiDebug
AntiVM
PE File
VirusTotal
Malware
suspicious privilege
Code Injection
Check memory
Checks debugger
WMI
Creates executable files
unpack itself
Windows utilities
suspicious process
malicious URLs
sandbox evasion
WriteConsoleW
Windows
ComputerName
6.4
M
4
ZeroCERT
46691
2024-08-06 09:14
Install.exe
59d3bc9ca446bf4fcce3a93cdbce134a
Malicious Library
UPX
PE File
PE32
VirusTotal
Malware
1.2
M
59
ZeroCERT
46692
2024-08-06 09:14
nc.exe
04915e73e6b6d161b573c86b8c3c030d
PE File
PE32
VirusTotal
Malware
unpack itself
WriteConsoleW
crashed
2.6
55
ZeroCERT
46693
2024-08-06 09:16
autoupdate.exe
0c6e9d70bef24a7bfacfb744e4cd3368
CoinMiner
Malicious Library
Antivirus
UPX
PE File
PE32
OS Processor Check
VirusTotal
Malware
PDB
0.6
9
ZeroCERT
46694
2024-08-06 09:17
serv.exe
d2901c7724d3a55d168f10f21b9e7393
PE File
PE64
VirusTotal
Malware
1.6
M
30
ZeroCERT
46695
2024-08-06 09:18
555.exe
9c35f1315cb51f68e401d53196daaf8b
Generic Malware
Malicious Library
UPX
PE File
PE32
OS Processor Check
VirusTotal
Malware
WMI
RWX flags setting
unpack itself
ComputerName
crashed
1
Info
×
amx155.xyz()
3.8
M
66
ZeroCERT
First
Previous
3111
3112
3113
3114
3115
3116
3117
3118
3119
3120
Next
Last
Total : 48,199cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword
