Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
49156
2024-10-24 11:16
sheisthebestcaseeveryoneknowbe...
1fd620bfc1434f416a86c5ab0ca98c41
Generic Malware
Antivirus
Downloader
AntiDebug
AntiVM
PE File
DLL
PE32
.NET DLL
VirusTotal
Malware
powershell
suspicious privilege
MachineGuid
Code Injection
Check memory
Checks debugger
Creates shortcut
Creates executable files
RWX flags setting
unpack itself
Windows utilities
powershell.exe wrote
suspicious process
AppData folder
Windows
ComputerName
DNS
Cryptographic key
1
Keyword trend analysis
×
Info
×
http://192.3.220.40/888/seebestthingswithgreatnewsgivenme.tIF
1
Info
×
192.3.220.40 - mailcious
11.6
17
ZeroCERT
49157
2024-10-24 13:04
EMBF8CF.exe
3288c284561055044c489567fd630ac2
Gen1
Generic Malware
Malicious Library
Malicious Packer
UPX
PE File
PE32
MZP Format
OS Processor Check
VirusTotal
Malware
WriteConsoleW
1.6
M
45
guest
49158
2024-10-25 10:42
TTUygt18RB5jZCR.exe
f1f5c3ac10d4a2b5ee41287be266697a
Generic Malware
Malicious Library
.NET framework(MSIL)
Antivirus
PE File
.NET EXE
PE32
VirusTotal
Malware
PDB
suspicious privilege
Code Injection
Check memory
Checks debugger
Creates shortcut
unpack itself
suspicious process
WriteConsoleW
Windows
ComputerName
Cryptographic key
7.4
55
ZeroCERT
49159
2024-10-25 10:42
UyIkxZbgRRPlkjH.exe
c15785eb484765d6eedc8443b08566e2
AgentTesla
Generic Malware
Malicious Library
.NET framework(MSIL)
Antivirus
PWS
SMTP
KeyLogger
AntiDebug
AntiVM
PE File
.NET EXE
PE32
Browser Info Stealer
VirusTotal
Email Client Info Stealer
Malware
powershell
PDB
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
Creates shortcut
unpack itself
powershell.exe wrote
suspicious process
WriteConsoleW
Windows
Browser
Email
ComputerName
Cryptographic key
crashed
11.4
51
ZeroCERT
49160
2024-10-25 10:43
lr.ps1
262d5f9525046d113fe1cdaeb93f093d
Generic Malware
Antivirus
VirusTotal
Malware
powershell
AutoRuns
Check memory
WMI
unpack itself
Windows utilities
powershell.exe wrote
Check virtual network interfaces
suspicious process
WriteConsoleW
Windows
ComputerName
DNS
Cryptographic key
2
Keyword trend analysis
×
Info
×
http://183.102.83.247:7070/docs/x.exe
http://183.102.83.247:7070/docs/config.json
1
Info
×
183.102.83.247
9.2
20
ZeroCERT
49161
2024-10-25 10:43
RDPConf.exe
03fb8e478f4ba100d37a136231fa2f78
Generic Malware
Malicious Library
UPX
PE File
PE32
MZP Format
VirusTotal
Malware
Check memory
unpack itself
crashed
2.0
38
ZeroCERT
49162
2024-10-25 10:45
RDPCheck.exe
8f82226b2f24d470c02f6664f67f23f7
Malicious Library
UPX
PE File
PE32
MZP Format
VirusTotal
Malware
unpack itself
AntiVM_Disk
VM Disk Size Check
Windows
ComputerName
keylogger
3.0
32
ZeroCERT
49163
2024-10-26 06:06
Coodesker-x64_1.0.7.0.exe
e58e97726528ec439d868e27e1bcec52
Generic Malware
Malicious Library
Malicious Packer
UPX
PE File
PE64
OS Processor Check
VirusTotal
Malware
PDB
unpack itself
Remote Code Execution
2.2
13
guest
49164
2024-10-26 11:07
greatthingswithgoodnewsgivenby...
9dbf5ee2610284f5668fb229ba474b95
Generic Malware
Antivirus
AntiDebug
AntiVM
PowerShell
PE File
DLL
PE32
.NET DLL
VirusTotal
Malware
powershell
suspicious privilege
MachineGuid
Code Injection
Check memory
Checks debugger
Creates shortcut
Creates executable files
RWX flags setting
unpack itself
Windows utilities
powershell.exe wrote
suspicious process
AppData folder
Windows
ComputerName
DNS
Cryptographic key
1
Info
×
192.3.176.141
11.0
19
ZeroCERT
49165
2024-10-26 11:07
seethebestthingstobegoodwithhi...
0b1aa8ae190d05df71f4052fae67df5b
Generic Malware
Antivirus
Downloader
AntiDebug
AntiVM
PE File
DLL
PE32
.NET DLL
VirusTotal
Malware
powershell
suspicious privilege
MachineGuid
Code Injection
Check memory
Checks debugger
Creates shortcut
Creates executable files
RWX flags setting
unpack itself
Windows utilities
powershell.exe wrote
suspicious process
AppData folder
Windows
ComputerName
DNS
Cryptographic key
1
Info
×
192.3.176.141
11.2
25
ZeroCERT
49166
2024-10-26 11:07
seethebestthingsevermeetwithgr...
964a54d784f1cbef1effaa3ab917fcbc
Generic Malware
Antivirus
Downloader
AntiDebug
AntiVM
PowerShell
PE File
DLL
PE32
.NET DLL
VirusTotal
Malware
powershell
suspicious privilege
MachineGuid
Code Injection
Check memory
Checks debugger
Creates shortcut
Creates executable files
RWX flags setting
unpack itself
Windows utilities
powershell.exe wrote
suspicious process
AppData folder
Windows
ComputerName
DNS
Cryptographic key
1
Info
×
192.3.176.141
11.0
18
ZeroCERT
49167
2024-10-26 11:12
bas.bat
a78fec06e5281ace20cadab84e438e28
Generic Malware
Downloader
Antivirus
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Sniff Audio
HTTP
DNS
Code injection
Internet API
FTP
KeyLogger
P2P
AntiDebug
AntiVM
PNG Format
MSOffice File
JPEG Format
VirusTotal
Malware
powershell
suspicious privilege
Code Injection
Check memory
Checks debugger
Creates shortcut
RWX flags setting
unpack itself
Windows utilities
powershell.exe wrote
suspicious process
WriteConsoleW
Windows
ComputerName
Cloudflare
DNS
Cryptographic key
3
Keyword trend analysis
×
Info
×
https://receivers-ranch-buddy-incl.trycloudflare.com/p.pdf
https://receivers-ranch-buddy-incl.trycloudflare.com/fresh7.zip
https://receivers-ranch-buddy-incl.trycloudflare.com/q.pdf
1
Info
×
receivers-ranch-buddy-incl.trycloudflare.com(104.16.230.132)
1
Info
×
ET POLICY Observed DNS Query to Commonly Abused Cloudflare Domain (trycloudflare .com)
5.6
12
ZeroCERT
49168
2024-10-26 11:14
random.exe
17f5a1ae03a0ff4eb038527de02e8860
Emotet
Gen1
Generic Malware
Malicious Library
UPX
Admin Tool (Sysinternals etc ...)
Malicious Packer
Antivirus
Anti_VM
PE File
PE32
OS Processor Check
DLL
VirusTotal
Malware
PDB
suspicious privilege
Checks debugger
WMI
Creates executable files
unpack itself
ComputerName
Remote Code Execution
DNS
2
Info
×
geo.netsupportsoftware.com(104.26.1.231)
185.215.113.67 - mailcious
7.6
39
ZeroCERT
49169
2024-10-26 11:14
tue.bat
d4c69fb043ea523b7c692131647ae56f
Generic Malware
Downloader
Antivirus
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Sniff Audio
HTTP
DNS
Code injection
Internet API
FTP
KeyLogger
P2P
AntiDebug
AntiVM
VirusTotal
Malware
suspicious privilege
Check memory
Checks debugger
Creates shortcut
unpack itself
suspicious process
WriteConsoleW
Windows
ComputerName
Cryptographic key
3.4
3
ZeroCERT
49170
2024-10-26 11:14
bestellung-DKM00392pdf.lnk
c420c304dbd1c84f68e6bac989f85f5e
Generic Malware
Downloader
Antivirus
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Sniff Audio
HTTP
DNS
Code injection
Internet API
FTP
KeyLogger
P2P
AntiDebug
AntiVM
Lnk Format
GIF Format
PowerShell
VirusTotal
Malware
powershell
suspicious privilege
Code Injection
Check memory
Checks debugger
Creates shortcut
unpack itself
Windows utilities
powershell.exe wrote
suspicious process
WriteConsoleW
Windows
ComputerName
Cryptographic key
6.8
11
ZeroCERT
First
Previous
3271
3272
3273
3274
3275
3276
3277
3278
3279
3280
Next
Last
Total : 49,283cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword
