popup

Submissions

No Date Request Urls Hosts IDS Rule Score Zero VT Player Etc
6646 2023-12-13 17:22 microsoftdecided.vbs  

191f2509a2a2ee5ca560be4cf1baccd7


Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key 		3 3 1 8.4 5 ZeroCERT

6647 2023-12-13 17:20 dll_vbe.jpg.exe  

4d8026468c5829b38f6d265643085c2a


Generic Malware Antivirus PE32 PE File DLL .NET DLL VirusTotal Malware PDB 		0.6 8 ZeroCERT

6648 2023-12-13 17:19 Rump_vbs.jpg.exe  

3c63488040bb51090f2287418b3d157d


PE32 PE File DLL .NET DLL PDB 		0.2 ZeroCERT

6649 2023-12-13 17:11 Microsoftdecidedtoupdateentire...  

abd08657ab33f8d1fb76b2757c0253b2


MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware VBScript Malicious Traffic buffers extracted RWX flags setting exploit crash Tofsee Exploit DNS crashed 		2 4 2 4.6 M 35 ZeroCERT

6650 2023-12-13 17:08 Master_data.exe  

d4e13b3431540c5d7b3b8bd98ee4ae9d


Admin Tool (Sysinternals etc ...) .NET framework(MSIL) UPX Malicious Library Http API ScreenShot PWS AntiDebug AntiVM PE32 PE File .NET EXE DLL OS Processor Check Browser Info Stealer Malware download VirusTotal Malware Cryptocurrency wallets Cryptocurrency Buffer PE PDB Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications AppData folder malicious URLs sandbox evasion installed browsers check Ransomware Lumma Stealer Windows Browser ComputerName Firmware Cryptographic key crashed 		1 2 2 15.4 41 ZeroCERT

6651 2023-12-13 17:07 microsoftdecidedtoupdateentire...  

911181c9ce56b902706424dfcc600236


MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware buffers extracted RWX flags setting exploit crash Exploit crashed 		3.2 M 34 ZeroCERT

6652 2023-12-13 08:38 fred.exe  

ffc9aa77bbf6df5309e1c24d43ff10f4


Loki LokiBot Formbook Socket PWS DNS AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer LokiBot Malware download FTP Client Info Stealer Email Client Info Stealer Malware c&c PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs suspicious TLD installed browsers check Browser Email ComputerName DNS Software 		1 2 9 1 13.4 M ZeroCERT

6653 2023-12-13 08:36 autorun.exe  

e603e2abda021b58c29868700301275a


Malicious Library Malicious Packer UPX PE32 PE File OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed 		1 5 6.0 M ZeroCERT

6654 2023-12-12 11:46 osu.rar  

e55e4be58bfb9cb11cc67ae3670e4f35


AntiDebug AntiVM VirusTotal Email Client Info Stealer Malware suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName 		4.6 43 guest

6655 2023-12-12 10:54 GoogleCrashHandler64.exe  

c87e0ff27716ffd84d540965e457773e


EnigmaProtector UPX PE32 PE File MZP Format PE64 VirusTotal Malware suspicious privilege Checks debugger WMI Creates executable files unpack itself Windows utilities Detects VMWare suspicious process sandbox evasion WriteConsoleW VMware Windows ComputerName crashed 		8.2 M 21 ZeroCERT

6656 2023-12-12 10:48 Microsoftunderstandverywellhow...  

108879c398ff1a9e9e7fae2ee5d94099


MS_RTF_Obfuscation_Objects RTF File doc Malware download Remcos VirusTotal Malware Malicious Traffic buffers extracted RWX flags setting exploit crash Windows Exploit DNS crashed 		2 5 6 4.6 M 34 ZeroCERT

6657 2023-12-12 08:07 Builder.exe  

d49ec8360f618f61d91701143e475fbc


Malicious Library ASPack UPX PE32 PE File OS Processor Check .NET EXE PDB Check memory Checks debugger Creates executable files unpack itself AppData folder Remote Code Execution 		2.4 M ZeroCERT

6658 2023-12-12 08:05 wlanext.exe  

0b96e8a9f710917f8ebbeba13040e308


NSIS Generic Malware Malicious Library UPX Antivirus PE32 PE File powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process Windows ComputerName Cryptographic key crashed 		6.0 M ZeroCERT

6659 2023-12-12 08:02 toolspub2.exe  

05193c12562beb5de5f05ae6816c976f


Malicious Library AntiDebug AntiVM PE32 PE File Malware PDB Code Injection Checks debugger buffers extracted unpack itself 		6.0 M ZeroCERT

6660 2023-12-12 08:00 gpupdate.exe  

d03630dc968aae232a10fc0507727977


CobaltStrike Malicious Library Malicious Packer UPX PE File PE64 OS Processor Check PDB crashed 		0.8 M ZeroCERT

keyword