Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
6286
2024-01-16 08:09
0j4.exe
f704df24d1545d44d09b11b926905687
Emotet
PE File
PE64
Check memory
Checks debugger
unpack itself
DNS
1
Info
×
182.162.106.144
1.8
M
ZeroCERT
6287
2024-01-16 08:06
Gidqdtno.exe
68bb590a1db1911df6242ef91d648eea
PE File
PE64
Check memory
Checks debugger
unpack itself
1.2
M
ZeroCERT
6288
2024-01-16 08:06
t100.exe
cad140e444bf6506cd5b2c80237f29ac
Malicious Library
PE32
PE File
PDB
unpack itself
Remote Code Execution
1.2
M
ZeroCERT
6289
2024-01-16 08:04
Tufjz.exe
2b3a448e50e194422bebec24b250feb2
PE File
PE64
VirusTotal
Malware
Check memory
Checks debugger
unpack itself
2.4
41
ZeroCERT
6290
2024-01-16 08:04
abc.exe
bcf0e5d50839268ab93d1210cf08fa37
Malicious Library
UPX
PE32
PE File
OS Processor Check
VirusTotal
Malware
unpack itself
2.2
M
58
ZeroCERT
6291
2024-01-16 08:02
brg.exe
3d4626022b800487f3cdd557683b6add
UPX
Malicious Library
PE File
PE64
OS Processor Check
PE32
VirusTotal
Malware
Code Injection
buffers extracted
DNS
1
Info
×
154.92.15.189 - mailcious
4.2
9
ZeroCERT
6292
2024-01-16 08:02
28888c47bbc1871b439df19ff4df68...
b61b1fc010669f0f8a793bb95d770f9b
Emotet
Gen1
Generic Malware
NSIS
Malicious Library
UPX
Antivirus
Admin Tool (Sysinternals etc ...)
Malicious Packer
Anti_VM
PE32
PE File
.NET EXE
PNG Format
OS Processor Check
ZIP Format
MZP Format
JPEG Format
DllRegisterServer
dll
BMP Format
PE64
CHM F
VirusTotal
Malware
AutoRuns
Malicious Traffic
Check memory
Checks debugger
Creates executable files
unpack itself
Windows utilities
suspicious process
AppData folder
AntiVM_Disk
WriteConsoleW
VM Disk Size Check
Ransomware
Windows
ComputerName
DNS
crashed
2
Keyword trend analysis
×
Info
×
http://185.172.128.90/cpa/ping.php?substr=nine&s=ab - rule_id: 38981
http://185.172.128.53/syncUpd.exe - rule_id: 38939
2
Info
×
185.172.128.90 - mailcious
185.172.128.53 - malware
5
Info
×
ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))
ET INFO Executable Download from dotted-quad Host
ET INFO Packed Executable Download
ET POLICY PE EXE or DLL Windows file download HTTP
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
2
Info
×
http://185.172.128.90/cpa/ping.php
http://185.172.128.53/syncUpd.exe
11.2
M
45
ZeroCERT
6293
2024-01-16 08:02
cayV0Deo9jSt417.exe
aa3cdd5145d9fb980c061d2d8653fa8d
Malicious Packer
PE32
PE File
.NET EXE
VirusTotal
Malware
PDB
Check memory
Checks debugger
unpack itself
ComputerName
2.8
M
45
ZeroCERT
6294
2024-01-16 08:01
rty29.exe
484970b905d262cd9a08d8afb5a6fdac
Malicious Packer
PE File
PE64
VirusTotal
Malware
PDB
MachineGuid
unpack itself
Check virtual network interfaces
Tofsee
Remote Code Execution
2
Keyword trend analysis
×
Info
×
http://apps.identrust.com/roots/dstrootcax3.p7c
https://i.alie3ksgaa.com/sta/imagd.jpg
3
Info
×
i.alie3ksgaa.com(154.92.15.189) - mailcious
154.92.15.189 - mailcious
182.162.106.144
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
3.2
M
21
ZeroCERT
6295
2024-01-16 07:59
2-3-1_2023-12-14_13-35.exe
95f70460434d32448cfb8e78e77edb14
Malicious Library
PE32
PE File
PDB
unpack itself
Remote Code Execution
1.2
M
ZeroCERT
6296
2024-01-16 02:43
3cc284cecc3a8513d8ba664f88c116...
812267e367c58c04d7c4800aa0f64603
Malicious Library
UPX
Anti_VM
PE32
PE File
MZP Format
VirusTotal
Malware
unpack itself
Remote Code Execution
crashed
2.2
54
guest
6297
2024-01-16 02:30
051495d208bad010334f14c162600b...
732717fb963205cdf2d23f4a177fcfcb
Malicious Library
UPX
PE32
PE File
MZP Format
VirusTotal
Malware
unpack itself
Remote Code Execution
crashed
2.6
51
guest
6298
2024-01-15 14:55
qhrx1h.dotm
4df66a06d2f1b52ab30422cbee2a4356
VBA_macro
Generic Malware
Malicious Library
UPX
Antivirus
ZIP Format
Word 2007 file format(docx)
PE32
PE File
OS Processor Check
VirusTotal
Malware
powershell
suspicious privilege
Check memory
Checks debugger
buffers extracted
Creates shortcut
Creates executable files
unpack itself
powershell.exe wrote
suspicious process
Windows
ComputerName
Cryptographic key
1
Keyword trend analysis
×
Info
×
https://viviendas8.com/bb/abc.exe
2
Info
×
viviendas8.com(192.185.181.3)
192.185.181.3
7.6
35
ZeroCERT
6299
2024-01-15 09:52
WinSAT.exe
5506937886bb145000308714e33bf82b
Gen1
SmokeLoader
RedLine stealer
Emotet
NSIS
Generic Malware
Downloader
Suspicious_Script
Malicious Library
UPX
Admin Tool (Sysinternals etc ...)
Malicious Packer
ASPack
Obsidium protector
Antivirus
Anti_VM
Javascript_Blob
PE32
PE File
DLL
OS Processor Ch
VirusTotal
Malware
suspicious privilege
Check memory
Creates executable files
unpack itself
AppData folder
Ransomware
4.8
14
ZeroCERT
6300
2024-01-15 09:50
app.exe
4542692613fa0b646e7f00abd0eeb60a
Malicious Packer
PE File
PE64
VirusTotal
Malware
1.2
M
15
ZeroCERT
First
Previous
411
412
413
414
415
416
417
418
419
420
Next
Last
Total : 48,320cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword