popup

Submissions

No Date Request Urls Hosts IDS Rule Score Zero VT Player Etc
6736 2023-12-08 09:42 MicrosoftHealthcheck.vbs  

61fee3f2dd4255c687072b4eac7cdb0d


Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key 		1 3 1 9.0 4 ZeroCERT

6737 2023-12-08 09:41 bd1b8cc6.exe  

8801830b87729b1843ff56584d9f34a0


Malicious Library PE32 PE File PDB unpack itself Remote Code Execution 		1.2 M ZeroCERT

6738 2023-12-08 09:39 download.jpg.exe  

d92beb564ff56460bacf7c722a2879cb


Generic Malware Antivirus PE32 PE File DLL .NET DLL VirusTotal Malware PDB 		0.6 7 ZeroCERT

6739 2023-12-07 17:38 dll.jpg.exe  

c0b7ffa3b6b89673fab5638e395cd4f5


Generic Malware Antivirus PE32 PE File DLL .NET DLL VirusTotal Malware PDB 		0.6 8 ZeroCERT

6740 2023-12-07 17:38 async.exe  

e18397f25b87a6f58b9c226e8e9ea03f


PE32 PE File .NET EXE VirusTotal Malware Buffer PE AutoRuns suspicious privilege Check memory Checks debugger buffers extracted ICMP traffic unpack itself Windows utilities suspicious process WriteConsoleW Windows Cryptographic key 		7.4 M 43 ZeroCERT

6741 2023-12-07 17:10 dll.jpg.exe  

c0b7ffa3b6b89673fab5638e395cd4f5


Generic Malware Antivirus PE32 PE File DLL .NET DLL VirusTotal Malware PDB 		0.6 8 ZeroCERT

6742 2023-12-07 17:10 dll.jpg.exe  

c0b7ffa3b6b89673fab5638e395cd4f5


Generic Malware Antivirus PE32 PE File DLL .NET DLL VirusTotal Malware PDB 		0.6 8 ZeroCERT

6743 2023-12-07 16:41 1701610814-Dvnzfr.exe  

6e1e844cd8cb843eacc4840a825f7cba


PE32 PE File .NET EXE VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself 		2.8 M 46 ZeroCERT

6744 2023-12-07 16:40 line.exe  

fcfc4a3e70883dc993ee49241e40c393


Emotet Gen1 SmokeLoader Generic Malware Malicious Library UPX Malicious Packer PE32 PE File CAB OS Processor Check Lnk Format GIF Format Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns PDB MachineGuid Check memory Creates shortcut Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk sandbox evasion WriteConsoleW anti-virtualization IP Check VM Disk Size Check human activity check installed browsers check Tofsee Ransomware Windows Browser RisePro Email ComputerName Remote Code Execution DNS Software crashed 		1 5 6 15.2 M 41 ZeroCERT

6745 2023-12-07 16:39 Fbibh.exe  

1fbdf8bbc90d441b4e22b46b1ce09a6c


.NET framework(MSIL) PE32 PE File .NET EXE Check memory Checks debugger unpack itself Check virtual network interfaces DNS 		1 2.8 M ZeroCERT

6746 2023-12-07 16:35 envifa.vbs  

18bb62e29138d9c8dd098e5be9a4c13c


Generic Malware Antivirus VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key 		2 3 1 8.4 2 ZeroCERT

6747 2023-12-07 16:35 sostener.vbs  

6b28299322157cbfd18c65db5e060c1f


Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key 		2 3 1 8.4 3 ZeroCERT

6748 2023-12-07 11:48 libcurl.exe  

10b4dbfc7d9c04e82aff9f6845eabdc7


PE32 PE File VirusTotal Malware AutoRuns Check memory RWX flags setting Windows DNS 		1 4.0 M 59 ZeroCERT

6749 2023-12-07 11:47 Application.exe  

3ba788943ce69ebe9bbd218606fd8547


Malicious Library UPX PE32 PE File OS Processor Check .NET EXE VirusTotal Email Client Info Stealer Malware Buffer PE AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files ICMP traffic unpack itself Windows utilities Checks Bios suspicious process WriteConsoleW anti-virtualization Windows Email ComputerName DNS Cryptographic key 		3 2 5 12.4 M 35 ZeroCERT

6750 2023-12-07 11:45 build.exe  

6aaf4093cc7a18c1b3635f6078993bc7


RedlineStealer RedLine Infostealer RedLine stealer .NET framework(MSIL) UPX PE32 PE File .NET EXE OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed 		2 3 5 7.4 M 65 ZeroCERT

keyword