Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
49231
2024-10-30 09:31
m.dat
f6814a59c53218b84eb943ef07fcb74c
Gen1
XMRig Miner
Generic Malware
Malicious Library
UPX
Malicious Packer
Antivirus
AntiDebug
AntiVM
PE File
PE64
OS Processor Check
VirusTotal
Malware
AutoRuns
PDB
MachineGuid
Code Injection
Creates executable files
unpack itself
Windows utilities
Auto service
suspicious TLD
WriteConsoleW
Firewall state off
Windows
Remote Code Execution
DNS
2
Info
×
k2yisgood.top(45.89.228.144)
k2ygoods.ydns.eu(46.29.162.246)
1
Info
×
ET DNS Query to a *.top domain - Likely Hostile
10.2
53
ZeroCERT
49232
2024-10-30 09:33
wintoolsone64.exe
3a408188540d593a618c37ff3b9fa378
Generic Malware
Malicious Library
Malicious Packer
UPX
Anti_VM
PE File
DllRegisterServer
dll
PE32
OS Processor Check
VirusTotal
Malware
0.8
12
ZeroCERT
49233
2024-10-30 09:35
seebestthingswithreadyforgoodt...
b2daf885c5199ed93bfdafe0f3a33ae6
MS_RTF_Obfuscation_Objects
RTF File
doc
VirusTotal
Malware
exploit crash
unpack itself
Exploit
DNS
crashed
1
Info
×
18.189.170.22
4.8
32
ZeroCERT
49234
2024-10-30 09:37
.exe
08d5869bc24d424f76b8b862fb4d3ece
Malicious Library
PE File
.NET EXE
PE32
VirusTotal
Malware
Buffer PE
Check memory
Checks debugger
buffers extracted
unpack itself
ComputerName
3.6
43
ZeroCERT
49235
2024-10-30 09:43
agent.exe
639e6bb08e1fcefc214238bdab212db5
Generic Malware
Malicious Library
UPX
PE File
PE64
OS Processor Check
VirusTotal
Malware
PDB
MachineGuid
Check memory
Checks debugger
unpack itself
Windows utilities
suspicious process
Windows
ComputerName
Remote Code Execution
crashed
3.4
14
ZeroCERT
49236
2024-10-30 09:43
f2rPs6mHkljoAcH.exe
cd437678986f11ba11e754bb1153f9a0
Generic Malware
Malicious Library
Antivirus
PWS
SMTP
KeyLogger
AntiDebug
AntiVM
PE File
.NET EXE
PE32
VirusTotal
Malware
powershell
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
Creates shortcut
unpack itself
powershell.exe wrote
Check virtual network interfaces
suspicious process
WriteConsoleW
IP Check
Windows
ComputerName
DNS
Cryptographic key
DDNS
1
Info
×
checkip.dyndns.org(132.226.247.73)
1
Info
×
ET INFO External IP Lookup Domain in DNS Query (checkip .dyndns .org)
11.2
45
ZeroCERT
49237
2024-10-30 09:46
gseTC3ENkK2egL4.exe
10b98a933809918bfcdd9c1ea91edee6
Generic Malware
Malicious Library
.NET framework(MSIL)
UPX
Antivirus
DNS
AntiDebug
AntiVM
PE File
.NET EXE
PE32
VirusTotal
Malware
Buffer PE
AutoRuns
PDB
suspicious privilege
MachineGuid
Code Injection
Check memory
Checks debugger
buffers extracted
Creates shortcut
unpack itself
Windows utilities
suspicious process
WriteConsoleW
human activity check
Windows
ComputerName
DNS
Cryptographic key
1
Info
×
66.63.187.113
15.2
44
ZeroCERT
49238
2024-10-30 09:48
server.exe
99e291c244c7c4bc5d0f90840170813e
Malicious Library
Antivirus
UPX
PE File
PE32
OS Processor Check
VirusTotal
Malware
DNS
1
Info
×
121.196.49.217
3.4
60
ZeroCERT
49239
2024-10-30 09:50
mm.exe
d782071609e332aa2c8caa1778d76431
Malicious Library
Malicious Packer
Obsidium protector
UPX
PE File
PE32
OS Processor Check
PE64
VirusTotal
Malware
Creates executable files
Remote Code Execution
2.8
50
ZeroCERT
49240
2024-10-30 10:43
rhcr.exe
8627fdb79837f2ed509fc091b75a7ba5
Malicious Library
.NET framework(MSIL)
AntiDebug
AntiVM
PE File
.NET EXE
PE32
VirusTotal
Malware
PDB
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
DNS
1
Info
×
185.125.50.70
9.0
53
ZeroCERT
49241
2024-10-30 10:45
lcr.exe
61da4d15bc59ef6824a9490e29f9e30c
Malicious Library
.NET framework(MSIL)
ScreenShot
AntiDebug
AntiVM
PE File
.NET EXE
PE32
VirusTotal
Malware
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
7.2
56
ZeroCERT
49242
2024-10-30 12:07
https://d-cdn.wind.com.cn/wind...
fc2002fdaf2bc7c641d9bb8b12e86f3d
Downloader
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Hijack Network
Sniff Audio
HTTP
DNS
Code injection
Internet API
persistence
FTP
KeyLogger
P2P
AntiDebug
AntiVM
PNG Format
MSOffice File
JPEG Format
Code Injection
RWX flags setting
unpack itself
Windows utilities
malicious URLs
Windows
1
Info
×
d-cdn.wind.com.cn(103.155.16.137)
2.6
2
guest
49243
2024-10-30 17:18
SoftShipment.exe
88f2f4df57c115ab7062c7a2a23e454a
Generic Malware
Downloader
Malicious Library
UPX
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Hijack Network
Sniff Audio
HTTP
DNS
Code injection
Internet API
persistence
FTP
KeyLogger
P2P
AntiDebug
AntiVM
PE File
VirusTotal
Malware
suspicious privilege
Code Injection
Check memory
Checks debugger
WMI
Creates executable files
unpack itself
Windows utilities
suspicious process
AppData folder
malicious URLs
WriteConsoleW
Windows
ComputerName
7.8
M
54
l0ngcute
49244
2024-10-31 17:52
khtoawdltrha.exe
21eb0b29554b832d677cea9e8a59b999
PE File
PE32
VirusTotal
Malware
unpack itself
ComputerName
crashed
2.8
54
ZeroCERT
49245
2024-10-31 17:55
di5NuAB6Dcw7EOV.exe
4184c85c39e0309f6e841530b9b08a2a
LokiBot
Generic Malware
Malicious Library
.NET framework(MSIL)
Antivirus
Socket
PWS
DNS
AntiDebug
AntiVM
PE File
.NET EXE
PE32
Browser Info Stealer
FTP Client Info Stealer
Email Client Info Stealer
suspicious privilege
MachineGuid
Code Injection
Check memory
Checks debugger
buffers extracted
Creates shortcut
unpack itself
suspicious process
malicious URLs
AntiVM_Disk
WriteConsoleW
VM Disk Size Check
installed browsers check
Windows
Browser
Email
ComputerName
Cryptographic key
Software
1
Info
×
touxzw.ir(104.21.25.154)
12.2
ZeroCERT
First
Previous
3281
3282
3283
3284
3285
3286
Last
Total : 49,283cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword
