Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
6466
2023-12-23 18:29
nigown.exe
42bdba10ab5d962cf9714f4980272d22
.NET framework(MSIL)
PWS
SMTP
KeyLogger
AntiDebug
AntiVM
PE32
PE File
.NET EXE
Browser Info Stealer
FTP Client Info Stealer
VirusTotal
Email Client Info Stealer
Malware
PDB
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
Windows
Browser
Email
ComputerName
Cryptographic key
Software
crashed
10.0
M
53
ZeroCERT
6467
2023-12-23 18:27
UpdateCheck.exe
c5352fea4e134e1a8e5e3a220d35be26
Generic Malware
PE File
PE64
VirusTotal
Malware
Malicious Traffic
Check virtual network interfaces
Sliver
DNS
1
Keyword trend analysis
×
Info
×
https://195.35.25.136/
1
Info
×
195.35.25.136 - malware
1
Info
×
ET ATTACK_RESPONSE Havoc/Sliver Framework TLS Certificate Observed
4.0
M
53
ZeroCERT
6468
2023-12-23 18:27
QubpyznbC7neo.exe
cccb899d6c57a95d4266155e87a8aabe
Antivirus
.NET framework(MSIL)
UPX
PE32
PE File
.NET EXE
VirusTotal
Malware
PDB
Check memory
Checks debugger
unpack itself
ComputerName
2.8
M
40
ZeroCERT
6469
2023-12-23 18:24
lumtru.exe
700a9938d0fcff91df12cbefe7435c88
Malicious Library
PE32
PE File
VirusTotal
Malware
PDB
unpack itself
Remote Code Execution
2.4
M
64
ZeroCERT
6470
2023-12-23 18:23
f305ba-b4b69ab5.exe
683c060ccca9ee3a5dad65946c8c9a88
Generic Malware
UPX
Antivirus
PWS
AntiDebug
AntiVM
PE32
PE File
.NET EXE
OS Processor Check
PNG Format
ZIP Format
Browser Info Stealer
VirusTotal
Malware
Cryptocurrency wallets
Cryptocurrency
powershell
PDB
suspicious privilege
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
WMI
Creates shortcut
unpack itself
Windows utilities
powershell.exe wrote
Check virtual network interfaces
suspicious process
IP Check
Tofsee
Ransomware
Windows
Discord
Browser
ComputerName
DNS
Cryptographic key
crashed
3
Keyword trend analysis
×
Info
×
http://apps.identrust.com/roots/dstrootcax3.p7c
http://ip-api.com/json/?fields=225545
https://gstatic.com/generate_204
9
Info
×
discord.com(162.159.128.233) - mailcious
ip-api.com(208.95.112.1)
artemis.community(172.67.193.142) - malware
gstatic.com(142.250.206.227)
162.159.137.232 - mailcious
208.95.112.1
172.67.193.142 - malware
23.50.121.137
142.250.199.67
4
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO Observed Discord Domain (discord .com in TLS SNI)
ET POLICY External IP Lookup ip-api.com
ET INFO Observed Discord Domain in DNS Lookup (discord .com)
15.4
M
49
ZeroCERT
6471
2023-12-23 18:22
setup294.dll
f8da2527550d3cd4ace397705dcfc72d
Malicious Library
PE32
PE File
DLL
VirusTotal
Malware
1.4
M
28
ZeroCERT
6472
2023-12-23 18:22
Testing.dot
3dfddb91261f5565596e3f014f9c495a
VBA_macro
Generic Malware
MSOffice File
VirusTotal
Malware
RWX flags setting
exploit crash
unpack itself
Exploit
crashed
2.6
M
22
ZeroCERT
6473
2023-12-23 18:20
xxx.exe
9cf34288dda36ca0b013d6978d1acfe4
Formbook
Generic Malware
task schedule
Antivirus
.NET framework(MSIL)
AntiDebug
AntiVM
PE32
PE File
.NET EXE
Lnk Format
GIF Format
VirusTotal
Malware
AutoRuns
PDB
MachineGuid
Code Injection
Check memory
Checks debugger
buffers extracted
Creates shortcut
Creates executable files
unpack itself
Windows
ComputerName
Cryptographic key
9.4
M
48
ZeroCERT
6474
2023-12-23 18:20
4ygvd.exe
c6c66e0ae7e62194bd95e52e85f69aa1
AgentTesla
.NET framework(MSIL)
PWS
SMTP
KeyLogger
AntiDebug
AntiVM
PE32
PE File
.NET EXE
Browser Info Stealer
FTP Client Info Stealer
VirusTotal
Email Client Info Stealer
Malware
PDB
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
Windows
Browser
Email
ComputerName
Cryptographic key
Software
crashed
10.0
M
53
ZeroCERT
6475
2023-12-23 18:19
etopt.exe
f77abc2f79780428ca514c0041c8b9e9
Emotet
Generic Malware
Malicious Library
UPX
PE32
PE File
PNG Format
DLL
OS Processor Check
BMP Format
Lnk Format
GIF Format
VirusTotal
Malware
Check memory
Checks debugger
Creates shortcut
Creates executable files
RWX flags setting
unpack itself
AppData folder
ComputerName
Firmware
4.2
M
28
ZeroCERT
6476
2023-12-23 18:18
setup294.exe
7e563b190589c303d58f64ecd73e0cf6
Malicious Library
UPX
PE32
PE File
OS Processor Check
DLL
PDB
unpack itself
suspicious process
AppData folder
Remote Code Execution
1.8
ZeroCERT
6477
2023-12-23 03:12
SHIPMENT.html
eee94ac7a87b9751276ff8a8f2dd1545
AntiDebug
AntiVM
MSOffice File
PNG Format
Code Injection
RWX flags setting
exploit crash
unpack itself
Windows utilities
Tofsee
Windows
Exploit
DNS
crashed
1
Keyword trend analysis
×
Info
×
https://i.gyazo.com/4522caeb250b902767ea9d7dbee510fb.png
2
Info
×
i.gyazo.com(104.18.25.163)
104.18.25.163
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
3.8
guest
6478
2023-12-22 15:00
OperaGXSetup.exe
46431992aa566007949fc4acbc058856
Generic Malware
PE32
PE File
VirusTotal
Malware
Malicious Traffic
unpack itself
Tofsee
ComputerName
1
Keyword trend analysis
×
Info
×
http://www.msk-post.com/server/init.php
2
Info
×
www.msk-post.com(91.228.225.55)
91.228.225.55
2
Info
×
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
3.2
M
47
ZeroCERT
6479
2023-12-22 13:52
48cda9ff.exe
b6d9df296551816e5de88db1a3878e97
Malicious Library
UPX
PE32
PE File
OS Processor Check
VirusTotal
Malware
PDB
unpack itself
2.0
35
ZeroCERT
6480
2023-12-22 09:05
xp_amp_app_usage_dnu-2023-12-2...
e4ca61ab3ea153cee21ca7b13f7006e0
AntiDebug
AntiVM
Email Client Info Stealer
suspicious privilege
Checks debugger
Creates shortcut
unpack itself
installed browsers check
Browser
Email
ComputerName
3.4
guest
First
Previous
431
432
433
434
435
436
437
438
439
440
Next
Last
Total : 48,302cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword