Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
48916	2024-10-17 10:36	pnr.exe 03095ac4f252a39ed63043b4ec57a070 ASPack UPX PE File PE32 MZP Format VirusTotal Malware Check memory unpack itself				1.8		3	ZeroCERT

48917	2024-10-17 10:39	ewm.exe 5be32defc6aeca7d5d91d1eb90c14124 Generic Malware Malicious Library ASPack UPX PE File DllRegisterServer dll PE32 OS Processor Check VirusTotal Malware unpack itself sandbox evasion Windows Remote Code Execution	1 Keyword trend analysis	2	1	4.0		53	ZeroCERT

48918	2024-10-17 10:39	cred64.dll 1b32cdb682dc2b89bab7263aa4f1f08b Generic Malware Malicious Library UPX Antivirus PE File DLL PE64 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency PDB suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger Creates shortcut unpack itself Windows utilities suspicious process sandbox evasion installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software	1 Keyword trend analysis	1		9.8		41	ZeroCERT

48919	2024-10-17 10:39	cred.dll 13c5fbf7e0d1ea910bf55a32a877217f Generic Malware Malicious Library UPX Antivirus PE File DLL PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger Creates shortcut unpack itself Windows utilities suspicious process sandbox evasion installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software	1 Keyword trend analysis	1		9.4		56	ZeroCERT

48920	2024-10-17 10:40	System.exe 3d2c42e4aca7233ac1becb634ad3fa0a Malicious Library Antivirus UPX PE File PE32 MZP Format OS Processor Check .NET EXE JPEG Format DLL VirusTotal Malware AutoRuns suspicious privilege MachineGuid Check memory Checks debugger Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check Tofsee Windows Advertising Google ComputerName DNS Cryptographic key DDNS crashed keylogger	5 Keyword trend analysis Info http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download	9	2	9.6		66	ZeroCERT

48921	2024-10-17 10:40	cred.dll 16ab3210260ec2df7ffc2292e9ad4abb Generic Malware Malicious Library UPX Antivirus PE File DLL PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency powershell suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process suspicious TLD sandbox evasion installed browsers check Windows Browser Email ComputerName Remote Code Execution Cryptographic key Software	2 Keyword trend analysis	4	2	9.8		51	ZeroCERT

48922	2024-10-17 10:40	taskhostw.exe daaa8ac3995fb610eda2e52a639d191f Generic Malware Malicious Library UPX PE File PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger	2 Keyword trend analysis	4	6 Info ET INFO External IP Address Lookup Domain in DNS Lookup (reallyfreegeoip .org) ET INFO External IP Lookup Domain in DNS Query (checkip .dyndns .org) ET POLICY External IP Lookup - checkip.dyndns.org ET INFO 404/Snake/Matiex Keylogger Style External IP Check ET INFO External IP Lookup Service Domain (reallyfreegeoip .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	8.8		35	ZeroCERT

48923	2024-10-17 10:42	aa_v3.exe 9054fe003778dd05b3b1438d236963ae Ammy Admin Generic Malware Malicious Library UPX PE File PE32 VirusTotal Malware AutoRuns Malicious Traffic Windows Remote Code Execution DNS	3 Keyword trend analysis	9	1	4.4		52	ZeroCERT

48924	2024-10-17 10:47	cred64.dll 86d2400fe6cf41987dc3d7431cbc1279 Generic Malware Malicious Library UPX Antivirus PE File DLL PE64 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency PDB suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger Creates shortcut unpack itself Windows utilities suspicious process sandbox evasion installed browsers check Windows Browser Email ComputerName Cryptographic key Software	1 Keyword trend analysis	2		9.2		51	ZeroCERT

48925	2024-10-17 10:48	xxx.exe 28b7505a051cf6a0e6ee179ef76be154 PE File PE64 Malware download VirusTotal Malware PDB Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows DNS	1 Keyword trend analysis	2	2	4.8		33	ZeroCERT

48926	2024-10-17 10:50	m8.exe 3559372c3860d4a42f05915e3f7641f2 Malicious Library PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself DNS crashed		1	1	5.4		50	ZeroCERT

48927	2024-10-17 10:51	well_clean.exe 18e64b3509e95557b6614610df2fcf20 RedLine stealer Generic Malware Malicious Library UPX Code injection Anti_VM AntiDebug AntiVM PE File PE32 OS Processor Check Browser Info Stealer VirusTotal Malware suspicious privilege Code Injection Checks debugger WMI RWX flags setting unpack itself Windows utilities malicious URLs sandbox evasion WriteConsoleW installed browsers check Ransomware Windows Browser ComputerName				10.8		38	ZeroCERT

48928	2024-10-17 10:53	clip64.dll b7836f044f3f89eff107ee5d2342a9a2 Amadey Generic Malware Malicious Library UPX PE File DLL PE32 OS Processor Check VirusTotal Malware Malicious Traffic Checks debugger unpack itself DNS	1 Keyword trend analysis	1		3.6		54	ZeroCERT

48929	2024-10-17 10:54	cred.dll 0961bd2ba614e84e0b9b93444179fb07 Generic Malware Malicious Library UPX Antivirus PE File DLL PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency powershell suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process sandbox evasion installed browsers check Windows Browser Email ComputerName Cryptographic key Software	1 Keyword trend analysis	2		9.4		41	ZeroCERT

48930	2024-10-17 10:54	Xworm%20V5.6.exe 56ccb739926a725e78a7acf9af52c4bb Emotet Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer Antivirus .NET framework(MSIL) UPX Anti_VM PE File .NET EXE MSOffice File PE32 OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself				2.0	M	62	ZeroCERT