Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
6166
2024-01-24 08:11
pixelcloudnew2.exe
afa4b5293faaade81fdcfb074a0f68f8
RedlineStealer
RedLine stealer
.NET framework(MSIL)
UPX
PE32
PE File
.NET EXE
OS Processor Check
Check memory
Checks debugger
unpack itself
Windows
DNS
Cryptographic key
1
Info
×
94.156.66.203
2.6
ZeroCERT
6167
2024-01-24 08:09
23.exe
91ab5914b61a0250cffa61c6f35776b9
Malicious Library
UPX
PE32
PE File
OS Processor Check
PDB
unpack itself
Remote Code Execution
1.2
M
ZeroCERT
6168
2024-01-24 08:05
check.exe
bdfe4d6a63e6367f4cba94b395860a02
Downloader
Malicious Library
UPX
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Sniff Audio
HTTP
DNS
Code injection
Internet API
persistence
FTP
KeyLogger
P2P
AntiDebug
AntiVM
PE32
PE File
OS Processor Check
PDB
Code Injection
Creates executable files
unpack itself
AppData folder
malicious URLs
ComputerName
Remote Code Execution
crashed
4.6
M
ZeroCERT
6169
2024-01-24 08:04
rty37.exe
5403c7f25701c2f3880998784e78b2f9
Malicious Library
UPX
PE File
PE64
OS Processor Check
PDB
MachineGuid
unpack itself
Check virtual network interfaces
Tofsee
Remote Code Execution
2
Keyword trend analysis
×
Info
×
http://apps.identrust.com/roots/dstrootcax3.p7c
https://i.alie3ksgaa.com/sta/imagd.jpg
3
Info
×
i.alie3ksgaa.com(154.92.15.189) - mailcious
154.92.15.189 - mailcious
182.162.106.144
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
1.8
M
ZeroCERT
6170
2024-01-24 08:02
TrumTrum.exe
dd00d5501f388f4422cce9bd559394e0
PE File
PE64
VirusTotal
Malware
crashed
2.2
M
50
ZeroCERT
6171
2024-01-24 08:02
gookcom.exe
c6fea3621cca858371f2d596c9723891
Generic Malware
Antivirus
PE32
PE File
.NET EXE
PowerShell
VirusTotal
Malware
powershell
suspicious privilege
Check memory
Checks debugger
Creates shortcut
unpack itself
powershell.exe wrote
suspicious process
WriteConsoleW
Windows
ComputerName
DNS
Cryptographic key
1
Info
×
91.215.85.198 - mailcious
6.4
M
52
ZeroCERT
6172
2024-01-24 08:00
StealerClient_Cpp_1_4.exe
43cfdf73b4175c4eb9611116f46ecaf5
Malicious Library
Malicious Packer
UPX
PE32
PE File
OS Processor Check
VirusTotal
Malware
1.2
48
ZeroCERT
6173
2024-01-24 08:00
setup_wm.exe
57f791f7477b1f7a1b3605465d054db8
Gen1
Generic Malware
Malicious Library
UPX
PE32
PE File
DllRegisterServer
dll
VirusTotal
Malware
PDB
Remote Code Execution
1.6
45
ZeroCERT
6174
2024-01-24 07:58
dd.exe
cce53392d805e6fbfdbccf4527d53c26
AgentTesla
Generic Malware
.NET framework(MSIL)
Antivirus
PWS
SMTP
KeyLogger
AntiDebug
AntiVM
PE32
PE File
.NET EXE
Browser Info Stealer
FTP Client Info Stealer
VirusTotal
Email Client Info Stealer
Malware
PDB
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
Creates shortcut
unpack itself
Windows utilities
Check virtual network interfaces
suspicious process
WriteConsoleW
IP Check
Tofsee
Windows
Browser
Email
ComputerName
DNS
Cryptographic key
Software
crashed
keylogger
2
Info
×
api.ipify.org(64.185.227.156)
173.231.16.75
4
Info
×
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
ET INFO TLS Handshake Failure
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
13.6
38
ZeroCERT
6175
2024-01-24 07:57
kskskfsf.exe
d75a38987ba68363fb67861537749274
Malicious Library
PE32
PE File
VirusTotal
Malware
unpack itself
crashed
2.4
40
ZeroCERT
6176
2024-01-24 07:56
num.exe
b65204b855a9031d3a1e8480899ed0ce
Emotet
Suspicious_Script_Bin
Downloader
Malicious Library
UPX
Malicious Packer
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Hijack Network
Sniff Audio
HTTP
DNS
Code injection
Internet API
persistence
FTP
KeyLogge
VirusTotal
Malware
suspicious privilege
Code Injection
Check memory
Checks debugger
Creates executable files
Windows utilities
malicious URLs
AntiVM_Disk
WriteConsoleW
VM Disk Size Check
Windows
5.2
17
ZeroCERT
6177
2024-01-24 07:55
red.exe
5878d2c316a84469a950dabb79c668cd
RedLine Infostealer
UltraVNC
Malicious Library
UPX
PE32
PE File
OS Processor Check
VirusTotal
Malware
PDB
Check memory
Checks debugger
unpack itself
Windows
Cryptographic key
crashed
2.8
M
33
ZeroCERT
6178
2024-01-24 07:50
Install.exe
16c5332ffa5a8fbb4403570ef5de191d
Admin Tool (Sysinternals etc ...)
UPX
AntiDebug
AntiVM
PE32
PE File
.NET EXE
VirusTotal
Malware
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
Windows
DNS
Cryptographic key
1
Info
×
159.223.92.119
11.4
20
ZeroCERT
6179
2024-01-23 14:50
http://www.amazon.ca
f0d918f20a6893435e7ed9012fffbce2
Downloader
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Hijack Network
Sniff Audio
HTTP
DNS
Code injection
Internet API
persistence
FTP
KeyLogger
P2P
AntiDebug
AntiVM
icon
MSOffice File
Code Injection
RWX flags setting
exploit crash
unpack itself
Windows utilities
malicious URLs
Tofsee
Windows
Exploit
DNS
crashed
4
Keyword trend analysis
×
Info
×
http://www.amazon.ca/
https://www.amazon.ca/favicon.ico
https://fls-na.amazon.ca/1/oc-csi/1/OP/requestId=99J3W16RWYF8QCRB2H31&js=1
https://www.amazon.ca/
6
Info
×
www.amazon.ca(52.85.228.45)
fls-na.amazon.ca(3.213.183.151)
images-na.ssl-images-amazon.com(18.64.6.158) - mailcious
18.164.155.27
121.254.136.25
34.206.21.244
2
Info
×
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
4.2
guest
6180
2024-01-23 14:19
IEbrowserUpdates.vbs
b188e3740962ca8e83f9a86ab3889c9f
VirusTotal
Malware
wscript.exe payload download
Tofsee
2
Keyword trend analysis
×
Info
×
http://paste.ee/d/ywRmc
https://paste.ee/d/ywRmc
2
Info
×
paste.ee(104.21.84.67) - mailcious
104.21.84.67 - malware
2
Info
×
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
2.6
M
3
ZeroCERT
First
Previous
411
412
413
414
415
416
417
418
419
420
Next
Last
Total : 48,320cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword