Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
5386
2024-02-10 14:33
conhost.exe
5d591e339ce6468026b1653b11bea227
NSIS
Generic Malware
Malicious Library
UPX
PE32
PE File
DLL
Lnk Format
GIF Format
VirusTotal
Malware
Check memory
Creates shortcut
Creates executable files
unpack itself
AppData folder
2.8
22
ZeroCERT
5387
2024-02-10 14:25
rwtweewge.exe
6e401ff8d2152ee1f93cdf7a48072207
PE32
PE File
.NET EXE
VirusTotal
Malware
PDB
Check memory
Checks debugger
unpack itself
2.6
M
58
ZeroCERT
5388
2024-02-10 14:25
install.exe
68a70167645fa690aa89281024abacd1
Gen1
Emotet
Generic Malware
Malicious Library
UPX
Admin Tool (Sysinternals etc ...)
PE File
PE64
OS Processor Check
DLL
PE32
ZIP Format
ftp
DllRegisterServer
dll
VirusTotal
Malware
Check memory
Creates executable files
AppData folder
WriteConsoleW
2.8
30
ZeroCERT
5389
2024-02-10 14:23
lumma.exe
30862fecf7b6eff6b318feccc621d737
Malicious Library
UPX
ScreenShot
AntiDebug
AntiVM
PE32
PE File
OS Processor Check
VirusTotal
Malware
Code Injection
Checks debugger
buffers extracted
unpack itself
crashed
6.8
M
50
ZeroCERT
5390
2024-02-10 14:21
cupcakesweet.vbs
8d6536fee8f9f116774d855002ce8fed
VirusTotal
Malware
wscript.exe payload download
Tofsee
2
Keyword trend analysis
×
Info
×
http://paste.ee/d/2xeYY
https://paste.ee/d/2xeYY
2
Info
×
paste.ee(104.21.84.67) - mailcious
104.21.84.67 - malware
2
Info
×
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
2.6
6
ZeroCERT
5391
2024-02-10 14:20
Nhnsunywskn.exe
422a9c5cfa6370c93a4bd5db29c3d196
Hide_EXE
ScreenShot
AntiDebug
AntiVM
PE32
PE File
.NET EXE
VirusTotal
Malware
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
Windows
Cryptographic key
crashed
7.6
M
26
ZeroCERT
5392
2024-02-10 14:19
DCRatBuild.exe
84c895e5e9d2e8a4a33bcc6ec7657b20
Suspicious_Script_Bin
Malicious Library
.NET framework(MSIL)
UPX
AntiDebug
AntiVM
PE32
PE File
OS Processor Check
.NET EXE
VirusTotal
Malware
PDB
suspicious privilege
MachineGuid
Code Injection
Check memory
Checks debugger
buffers extracted
WMI
Creates executable files
unpack itself
AntiVM_Disk
WriteConsoleW
VM Disk Size Check
ComputerName
Remote Code Execution
8.6
51
ZeroCERT
5393
2024-02-10 14:19
wininit.exe
78b14cf5b0ad7fc6f8b57f9fbbbe9771
.NET framework(MSIL)
PE32
PE File
.NET EXE
VirusTotal
Malware
PDB
Check memory
Checks debugger
unpack itself
ComputerName
2.4
45
ZeroCERT
5394
2024-02-10 14:17
AK1.exe
1517f1d574f5829ac5c84995a6a518ff
.NET framework(MSIL)
PE32
PE File
.NET EXE
VirusTotal
Malware
PDB
Check memory
Checks debugger
unpack itself
ComputerName
2.4
46
ZeroCERT
5395
2024-02-10 14:17
ballonprocessedbymicrosofttost...
f030a9cabc88c5208d21577178efee05
MS_RTF_Obfuscation_Objects
RTF File
doc
VirusTotal
Malware
VBScript
Malicious Traffic
RWX flags setting
exploit crash
Tofsee
Exploit
DNS
crashed
3
Keyword trend analysis
×
Info
×
http://paste.ee/d/2xeYY
http://172.245.135.142/3333/cupcakesweet.vbs
https://paste.ee/d/2xeYY
3
Info
×
paste.ee(172.67.187.200) - mailcious
172.67.187.200 - mailcious
172.245.135.142 - mailcious
3
Info
×
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO Dotted Quad Host VBS Request
4.2
M
35
ZeroCERT
5396
2024-02-09 15:24
june.exe
044aec73856511ff37163b177b831646
Emotet
Gen1
Malicious Library
UPX
Anti_VM
PE32
PE File
MZP Format
OS Processor Check
PE64
DLL
ftp
Checks debugger
Creates executable files
unpack itself
AppData folder
Windows
ComputerName
crashed
3.0
ZeroCERT
5397
2024-02-09 15:20
wmlaunch.exe
87455f08f37b75119d9422c735ff862c
PE32
PE File
VirusTotal
Malware
AutoRuns
Check memory
RWX flags setting
unpack itself
sandbox evasion
Windows
Browser
crashed
2
Info
×
xing0701.e1.luyouxia.net(123.99.198.201)
123.99.198.201
7.0
M
52
ZeroCERT
5398
2024-02-09 15:20
ghost.exe
b077d33f58db73dd013c079bb435efa3
Malicious Library
UPX
Socket
PWS
AntiDebug
AntiVM
PE32
PE File
OS Processor Check
VirusTotal
Malware
Code Injection
Checks debugger
buffers extracted
unpack itself
malicious URLs
crashed
7.0
M
33
ZeroCERT
5399
2024-02-09 07:34
theme.js
90a55f63c797aa531cce6c4f94df911b
Downloader
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Sniff Audio
HTTP
DNS
Code injection
Internet API
persistence
FTP
KeyLogger
P2P
AntiDebug
AntiVM
unpack itself
malicious URLs
crashed
1.4
guest
5400
2024-02-09 07:34
wocommerce.js
4710589f7473f5f6b01ab5e12001ae89
Downloader
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Sniff Audio
HTTP
DNS
Code injection
Internet API
persistence
FTP
KeyLogger
P2P
AntiDebug
AntiVM
malicious URLs
crashed
1.0
guest
First
Previous
351
352
353
354
355
356
357
358
359
360
Next
Last
Total : 48,354cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword