Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
6301
2024-01-15 08:05
sl2_24.exe
d0ac3a6a9db42362ed09f3a5d192001d
PE File
PE64
crashed
0.4
M
ZeroCERT
6302
2024-01-15 08:02
ReymenStealer.exe
2f4f4f544c12721873f7600bf1d5a37b
Generic Malware
Antivirus
PE32
PE File
.NET EXE
PowerShell
powershell
suspicious privilege
MachineGuid
Check memory
Checks debugger
Creates shortcut
unpack itself
powershell.exe wrote
Check virtual network interfaces
suspicious process
Tofsee
Windows
Discord
ComputerName
DNS
Cryptographic key
Downloader
1
Keyword trend analysis
×
Info
×
https://cdn.discordapp.com/attachments/1193667029731909664/1193667157301678110/WinSAT.exe
2
Info
×
cdn.discordapp.com(162.159.129.233) - malware
162.159.134.233 - malware
3
Info
×
ET INFO Observed Discord Domain in DNS Lookup (discordapp .com)
ET INFO Observed Discord Domain (discordapp .com in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
10.0
M
ZeroCERT
6303
2024-01-15 08:00
sl23.exe
4362186c664ef63239ef5cff1646b42a
PE File
PE64
crashed
0.2
M
ZeroCERT
6304
2024-01-15 07:58
4.exe
e4153c1acc9bab930996d7ee3b148f57
Vidar
Malicious Library
UPX
PE32
PE File
OS Processor Check
Malware
Telegram
MachineGuid
Malicious Traffic
WMI
Tofsee
ComputerName
DNS
crashed
2
Keyword trend analysis
×
Info
×
https://steamcommunity.com/profiles/76561199601319247 - rule_id: 38985
https://t.me/bg3goty
5
Info
×
t.me(149.154.167.99) - mailcious
steamcommunity.com(104.76.78.101) - mailcious
149.154.167.99 - mailcious
104.76.78.101 - mailcious
65.109.241.139 - mailcious
3
Info
×
ET INFO Observed Telegram Domain (t .me in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
1
Info
×
https://steamcommunity.com/profiles/76561199601319247
3.2
M
ZeroCERT
6305
2024-01-15 07:56
VisualStudiomain.exe
ba05fb0df65714d3f37acab7fc5ce934
PE32
PE File
.NET EXE
PDB
Check memory
Checks debugger
unpack itself
1.0
ZeroCERT
6306
2024-01-15 07:56
axemupdate.exe
bb15f1093a179b4c341deb573e2615ab
UPX
PE File
PE64
OS Processor Check
MachineGuid
Check memory
Checks debugger
unpack itself
1.4
ZeroCERT
6307
2024-01-14 14:41
uwp4203994.png.exe
f0449b9fcc34ff41ee98527228e6716a
UPX
PE32
PE File
DLL
OS Processor Check
.NET DLL
VirusTotal
Malware
Remote Code Execution
0.8
18
ZeroCERT
6308
2024-01-14 13:42
7juwy31nzd44.exe
a1be5a9cc2660e483c811d758fa8ed51
Malicious Library
Malicious Packer
Antivirus
UPX
PE File
PE64
OS Processor Check
VirusTotal
Malware
0.8
M
19
ZeroCERT
6309
2024-01-14 13:40
new_inte.exe
8a6150d9aeecaf24aa06b669096bb465
Malicious Library
UPX
PE32
PE File
OS Processor Check
VirusTotal
Malware
suspicious privilege
Malicious Traffic
WMI
Windows utilities
suspicious process
AppData folder
WriteConsoleW
Windows
ComputerName
DNS
1
Keyword trend analysis
×
Info
×
http://185.172.128.90/cpa/ping.php?substr=one&s=two
1
Info
×
185.172.128.90
6.0
M
44
ZeroCERT
6310
2024-01-14 13:38
twointe.exe
ce4df085dbbf900194f5d8bf6900ac52
Malicious Library
PE32
PE File
VirusTotal
Malware
unpack itself
1.6
M
28
ZeroCERT
6311
2024-01-14 13:38
d1.vbs
64da79bd667b0d6fdef99227cdc716dc
VirusTotal
Malware
VBScript
wscript.exe payload download
DNS
Dropper
1
Keyword trend analysis
×
Info
×
http://49.235.80.190:8287/sc/httpdownload_s.exe
1
Info
×
49.235.80.190
10.0
28
guest
6312
2024-01-14 13:37
987123.exe
ddb3205a92ff18ae17b3f9f93c7b197c
Malicious Library
PE32
PE File
VirusTotal
Malware
unpack itself
1.8
M
30
ZeroCERT
6313
2024-01-14 13:35
crypted.exe
4c4b53e5e75c14252ea3b8bf17a88f4b
ScreenShot
AntiDebug
AntiVM
PE32
PE File
.NET EXE
VirusTotal
Malware
PDB
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
8.8
M
42
ZeroCERT
6314
2024-01-14 13:28
winserver.exe
4952f7d5dbfdd54e151d6cd75afcc930
UPX
PE File
PE64
OS Processor Check
VirusTotal
Malware
PDB
unpack itself
DNS
1
Info
×
49.235.80.190
3.6
M
36
ZeroCERT
6315
2024-01-14 13:26
securityhealths.exe
93f01bd10921f4455e9577442cbadcec
.NET framework(MSIL)
PE32
PE File
.NET EXE
VirusTotal
Malware
Check memory
Checks debugger
unpack itself
2.4
M
46
ZeroCERT
First
Previous
421
422
423
424
425
426
427
428
429
430
Next
Last
Total : 48,318cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword
