Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
48646
2024-10-06 12:16
DWrite.dll
a93ae3f505e35ef5a1d4cd896d3f7a59
Generic Malware
Malicious Library
UPX
PE File
DLL
PE64
OS Processor Check
VirusTotal
Malware
PDB
Code Injection
Malicious Traffic
Checks debugger
buffers extracted
DNS
crashed
2
Keyword trend analysis
×
Info
×
http:///iloveblogs.bin
http://167.71.175.190/iloveblogs.bin
1
Info
×
167.71.175.190
2
Info
×
SURICATA HTTP Request line incomplete
SURICATA Applayer Detect protocol only one direction
5.0
44
ZeroCERT
48647
2024-10-06 12:16
good.exe
97ffff75b66e8e014a4953e075b1d158
Gen1
Generic Malware
Malicious Library
UPX
Socket
Http API
HTTP
DNS
Code injection
Internet API
AntiDebug
AntiVM
PE File
PE32
OS Processor Check
Malware
Code Injection
Malicious Traffic
buffers extracted
unpack itself
suspicious TLD
DNS
crashed
1
Keyword trend analysis
×
Info
×
http://c-cdns.top/g8VqD9fmdE/index.php
2
Info
×
c-cdns.top(31.13.224.51)
31.13.224.51
2
Info
×
ET DNS Query to a *.top domain - Likely Hostile
ET INFO HTTP Request to a *.top domain
8.0
ZeroCERT
48648
2024-10-06 12:48
NewApp.exe
2eea3ddbfc81544b54a4ac5028a30805
PE File
PE64
VirusTotal
Cryptocurrency Miner
Malware
Remote Code Execution
DNS
CoinMiner
5
Info
×
xmr-eu1.nanopool.org(51.89.23.91) - mailcious
pastebin.com(104.20.3.235) - mailcious
51.15.193.130 - mailcious
104.20.4.235 - mailcious
54.37.232.103
2
Info
×
ET POLICY Observed DNS Query to Coin Mining Domain (nanopool .org)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (CoinMiner)
2.4
43
ZeroCERT
48649
2024-10-06 12:49
QueryAC.exe
0c2122e76676082991f3cf30aabbff34
Generic Malware
Malicious Library
Malicious Packer
UPX
PE File
DllRegisterServer
dll
PE32
wget
OS Processor Check
VirusTotal
Malware
1.8
26
ZeroCERT
48650
2024-10-06 12:50
Updater.exe
925ec45b5ac88ab7af039190589204b9
PE File
PE32
VirusTotal
Malware
AutoRuns
Check memory
Windows utilities
suspicious process
WriteConsoleW
Windows
ComputerName
Remote Code Execution
5.2
35
ZeroCERT
48651
2024-10-06 12:52
random.exe
3c445725c0d2e80428429f7904bc56bb
Themida
Anti_VM
PE File
PE32
VirusTotal
Malware
Checks debugger
unpack itself
Checks Bios
Detects VMWare
VMware
anti-virtualization
Windows
crashed
5.0
M
26
ZeroCERT
48652
2024-10-06 18:17
afhksefkrhar.exe
844b868dabe70a2748c5f86c327e9391
Generic Malware
Malicious Library
UPX
PE File
PE32
OS Processor Check
VirusTotal
Malware
unpack itself
DNS
1
Info
×
135.181.4.162
2.4
M
61
ZeroCERT
48653
2024-10-06 18:18
1.exe
774c8215da3cb73644d36ca3f60e676b
Suspicious_Script_Bin
Generic Malware
Malicious Library
UPX
PE File
PE32
OS Processor Check
VirusTotal
Malware
suspicious privilege
Code Injection
Check memory
Checks debugger
WMI
Creates executable files
Windows utilities
suspicious process
AppData folder
WriteConsoleW
Windows
ComputerName
6.6
M
45
ZeroCERT
48654
2024-10-06 18:21
s.jar
f476422a60511cd61f6754728580ce34
Generic Malware
Malicious Library
Admin Tool (Sysinternals etc ...)
UPX
ZIP Format
OS Processor Check
PE File
DLL
PE32
VirusTotal
Malware
Check memory
Checks debugger
Creates executable files
RWX flags setting
unpack itself
Windows utilities
Check virtual network interfaces
AppData folder
Windows
Java
DNS
crashed
keylogger
1
Info
×
161.97.108.54
7.6
M
18
ZeroCERT
48655
2024-10-06 18:23
Build.exe
76a22609f559db1a73201b95a09053e7
Generic Malware
Antivirus
AntiDebug
AntiVM
PE File
.NET EXE
PE32
VirusTotal
Malware
AutoRuns
MachineGuid
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
Creates shortcut
Creates executable files
unpack itself
Check virtual network interfaces
AppData folder
IP Check
installed browsers check
Windows
Browser
ComputerName
DNS
crashed
1
Keyword trend analysis
×
Info
×
http://ipinfo.io/ip
3
Info
×
ipinfo.io(34.117.59.81)
193.142.146.64
34.117.59.81
2
Info
×
ET INFO External IP Lookup Domain in DNS Lookup (ipinfo .io)
ET POLICY External IP Lookup ipinfo.io
13.4
M
56
ZeroCERT
48656
2024-10-06 18:25
185.jar
29fd6772aafb08c90b1ff9a91f48ecff
Generic Malware
Malicious Library
Admin Tool (Sysinternals etc ...)
UPX
ZIP Format
OS Processor Check
PE File
DLL
PE32
Browser Info Stealer
Malware download
NetWireRC
VirusTotal
Malware
Check memory
Checks debugger
Creates executable files
ICMP traffic
RWX flags setting
unpack itself
Windows utilities
Check virtual network interfaces
AppData folder
WriteConsoleW
DynamicRAT
Windows
Java
Browser
DNS
crashed
keylogger
1
Info
×
185.196.220.62 - mailcious
1
Info
×
ET MALWARE [ANY.RUN] Win32/DynamicRAT CnC Activity
8.4
M
18
ZeroCERT
48657
2024-10-06 18:28
licarisan_api.exe
65a683124fc4ca1839e95322370e2b0d
Generic Malware
task schedule
Downloader
Malicious Library
Malicious Packer
UPX
Antivirus
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Sniff Audio
HTTP
DNS
Code injection
Internet API
persistence
FTP
KeyLogger
P2
VirusTotal
Malware
powershell
Buffer PE
AutoRuns
suspicious privilege
MachineGuid
Code Injection
Check memory
Checks debugger
buffers extracted
Creates shortcut
Creates executable files
unpack itself
Windows utilities
suspicious process
installed browsers check
Windows
Browser
ComputerName
Remote Code Execution
DNS
Cryptographic key
crashed
2
Info
×
185.196.220.62 - mailcious
193.142.146.64
16.2
M
44
ZeroCERT
48658
2024-10-06 18:30
an_api.exe
d8b47bd38c34fc553ec5765b5297db5d
Generic Malware
Malicious Library
Malicious Packer
UPX
PWS
AntiDebug
AntiVM
PE File
PE32
MZP Format
VirusTotal
Malware
Buffer PE
AutoRuns
suspicious privilege
MachineGuid
Code Injection
Check memory
Checks debugger
buffers extracted
Creates shortcut
Creates executable files
unpack itself
Windows utilities
installed browsers check
Windows
Browser
ComputerName
Remote Code Execution
DNS
Cryptographic key
crashed
1
Info
×
193.142.146.64
14.8
M
49
ZeroCERT
48659
2024-10-06 18:42
MpgRat.exe
2a051b9aa77beac67746c61354d7db3a
Generic Malware
Malicious Library
UPX
PE File
PE32
OS Processor Check
VirusTotal
Malware
suspicious privilege
Code Injection
Check memory
Checks debugger
WMI
Creates executable files
Windows utilities
suspicious process
AppData folder
WriteConsoleW
Windows
ComputerName
6.0
13
ZeroCERT
48660
2024-10-07 10:27
windows.exe
2adb3e99e13f76ea7dc348971144efa5
UPX
PE File
PE64
VirusTotal
Malware
suspicious privilege
Windows utilities
WriteConsoleW
Windows
DNS
1
Info
×
106.15.6.181
3.6
10
ZeroCERT
First
Previous
3241
3242
3243
3244
3245
3246
3247
3248
3249
3250
Next
Last
Total : 49,283cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword
