Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
46846
2024-08-09 10:52
FILE2233.exe
03fe60596aa8f9b633ac360fd9ec42d8
Vidar
PE File
PE64
VirusTotal
Malware
PDB
MachineGuid
Check memory
Checks debugger
unpack itself
1.8
17
ZeroCERT
46847
2024-08-09 11:12
Umar.exe
bc3e076ec6527a8bf74e9293be24630e
Generic Malware
Admin Tool (Sysinternals etc ...)
UPX
PE File
PE32
Browser Info Stealer
Malware download
VirusTotal
Malware
Malicious Traffic
Check memory
buffers extracted
unpack itself
Collect installed applications
suspicious TLD
anti-virtualization
installed browsers check
CryptBot
Browser
ComputerName
DNS
1
Keyword trend analysis
×
Info
×
http://tvez20ht.top/v1/upload.php
2
Info
×
tvez20ht.top(31.129.44.121)
31.129.44.121
3
Info
×
ET DNS Query to a *.top domain - Likely Hostile
ET INFO HTTP Request to a *.top domain
ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4
6.4
31
ZeroCERT
46848
2024-08-09 11:21
Filemy.exe
850a43e323656b86ae665d8b4fd71369
Generic Malware
Malicious Library
UPX
PE File
PE64
OS Processor Check
VirusTotal
Malware
0.4
1
ZeroCERT
46849
2024-08-09 11:28
mingh.exe
2c15e22aea92ccabc62205aebc53e314
Malicious Library
PE File
PE64
M
ZeroCERT
46850
2024-08-09 15:16
random.exe
486b72c59c13d478f33938c5c25d7e98
Themida Packer
PE File
PE32
VirusTotal
Malware
AutoRuns
Checks debugger
unpack itself
Windows utilities
Checks Bios
Detects VMWare
suspicious process
WriteConsoleW
VMware
anti-virtualization
Windows
ComputerName
DNS
crashed
1
Info
×
193.233.132.62 - mailcious
10.2
M
45
guest
46851
2024-08-09 15:29
test.xls
f2a0f05417b7ea87683d05d66298cea1
MSOffice File
unpack itself
0.4
guest
46852
2024-08-09 15:52
iden.doc
1ee73b17111ab0ffb2f62690310f4ada
VBA_macro
Generic Malware
Malicious Library
UPX
Anti_VM
MSOffice File
PE File
PE64
OS Processor Check
Vulnerability
VirusTotal
Malware
heapspray
unpack itself
6.2
36
ZeroCERT
46853
2024-08-09 16:07
iden.doc
1ee73b17111ab0ffb2f62690310f4ada
VBA_macro
Generic Malware
Malicious Library
UPX
Anti_VM
MSOffice File
PE File
PE64
OS Processor Check
VirusTotal
Malware
heapspray
exploit crash
unpack itself
Exploit
crashed
5.6
36
ZeroCERT
46854
2024-08-09 16:13
iden.doc
1ee73b17111ab0ffb2f62690310f4ada
VBA_macro
Generic Malware
Malicious Library
UPX
Anti_VM
MSOffice File
PE File
PE64
OS Processor Check
VirusTotal
Malware
heapspray
exploit crash
unpack itself
Exploit
crashed
5.6
36
ZeroCERT
46855
2024-08-09 16:15
Rage.exe
ca817109712a3e97bf8026cdc810743d
Generic Malware
Malicious Library
UPX
PE File
PE32
OS Processor Check
VirusTotal
Malware
Check memory
Checks debugger
buffers extracted
Creates executable files
3.0
M
40
ZeroCERT
46856
2024-08-09 16:15
66ae9b60d9863_otr.exe
3d3191283ae8325423342c1e29e4472b
Malicious Library
.NET framework(MSIL)
UPX
ScreenShot
AntiDebug
AntiVM
PE File
.NET EXE
PE32
VirusTotal
Malware
PDB
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
9.0
M
49
ZeroCERT
46857
2024-08-09 16:17
svc.exe
53d19fb9a95e384638e297557ebf523d
Generic Malware
Malicious Library
UPX
PE File
PE32
OS Processor Check
VirusTotal
Malware
unpack itself
2.2
M
56
ZeroCERT
46858
2024-08-09 16:17
66adc1d3f237b_mine.exe
4b005e8541f7ed9bd82d80ce58c55c7c
Stealc
Client SW User Data Stealer
LokiBot
ftp Client
info stealer
Malicious Library
.NET framework(MSIL)
UPX
ASPack
Http API
PWS
HTTP
Code injection
Internet API
AntiDebug
AntiVM
PE File
.NET EXE
PE32
OS Processor Check
FTP Client Info Stealer
VirusTotal
Malware
Telegram
PDB
suspicious privilege
MachineGuid
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
WMI
unpack itself
Windows utilities
Collect installed applications
suspicious process
malicious URLs
sandbox evasion
WriteConsoleW
anti-virtualization
installed browsers check
Tofsee
Windows
Browser
ComputerName
DNS
Software
3
Keyword trend analysis
×
Info
×
https://steamcommunity.com/profiles/76561199747278259 - rule_id: 41798
https://steamcommunity.com/profiles/76561199747278259
https://t.me/armad2a
5
Info
×
t.me(149.154.167.99) - mailcious
steamcommunity.com(184.29.170.106) - mailcious
149.154.167.99 - mailcious
188.245.87.202 - mailcious
23.77.13.219
3
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO Observed Telegram Domain (t .me in TLS SNI)
ET INFO TLS Handshake Failure
1
Info
×
https://steamcommunity.com/profiles/76561199747278259
17.6
M
55
ZeroCERT
46859
2024-08-09 16:18
MicrosoftWordUpdater.log.exe
0d1dca5eaad49c2dbd979e1bf0b5f8d0
Generic Malware
Malicious Library
UPX
PE File
PE64
OS Processor Check
VirusTotal
Malware
1.2
18
ZeroCERT
46860
2024-08-09 16:19
66b31de809837_main.exe
ffed603d138764ec3f02116843bbdf26
RedLine stealer
Malicious Library
Antivirus
.NET framework(MSIL)
PE File
.NET EXE
PE32
VirusTotal
Malware
PDB
suspicious privilege
Code Injection
Check memory
Checks debugger
unpack itself
5.8
M
46
ZeroCERT
First
Previous
3121
3122
3123
3124
3125
3126
3127
3128
3129
3130
Next
Last
Total : 48,198cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword
