Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
7021
2023-11-20 09:55
updater3.exe
47437b8a25c634828593283d0679063a
RedLine stealer
Gen1
NSIS
Downloader
Generic Malware
Malicious Library
UPX
Malicious Packer
Javascript_Blob
Anti_VM
PE32
PE File
ftp
DLL
PE64
OS Processor Check
MSOffice File
VirusTotal
Malware
suspicious privilege
Check memory
Checks debugger
Creates executable files
RWX flags setting
unpack itself
Check virtual network interfaces
AppData folder
IP Check
Ransomware
crashed
1
Info
×
ipinfo.io(34.117.59.81)
6.2
M
4
ZeroCERT
7022
2023-11-20 09:55
Lwsecure_beta.exe
5c320953f68110bc451f42495ef0a296
Gen1
Malicious Library
UPX
PE File
PE64
ftp
OS Processor Check
VirusTotal
Malware
PDB
Tofsee
Remote Code Execution
crashed
2
Info
×
app.physics.wisc.edu(128.104.160.19)
128.104.160.19
2
Info
×
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
2.0
M
38
ZeroCERT
7023
2023-11-20 09:54
v1.exe
cc78ebc3aad20686d5bef8613aba55be
Client SW User Data Stealer
LokiBot
ftp Client
info stealer
.NET framework(MSIL)
UPX
Http API
PWS
AntiDebug
AntiVM
PE32
PE File
.NET EXE
OS Processor Check
FTP Client Info Stealer
VirusTotal
Malware
Telegram
Buffer PE
suspicious privilege
MachineGuid
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
WMI
unpack itself
Windows utilities
Collect installed applications
suspicious process
AppData folder
malicious URLs
sandbox evasion
WriteConsoleW
anti-virtualization
installed browsers check
Tofsee
Windows
Browser
ComputerName
DNS
Cryptographic key
Software
1
Keyword trend analysis
×
Info
×
https://steamcommunity.com/profiles/76561199571056594
5
Info
×
t.me(149.154.167.99) - mailcious
steamcommunity.com(184.87.111.197) - mailcious
149.154.167.99 - mailcious
49.13.94.153 - mailcious
104.76.78.101 - mailcious
3
Info
×
ET INFO Observed Telegram Domain (t .me in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
16.8
M
51
ZeroCERT
7024
2023-11-20 09:53
UnityGameHandler.exe
2547fc421a8ce77e333e88f4f87be833
Gen1
RedLine stealer
NSIS
Downloader
Generic Malware
Malicious Library
UPX
Malicious Packer
Javascript_Blob
Anti_VM
PE32
PE File
ftp
OS Processor Check
DLL
PE64
MSOffice File
VirusTotal
Malware
suspicious privilege
Check memory
Checks debugger
Creates executable files
unpack itself
AppData folder
Ransomware
crashed
3.4
7
ZeroCERT
7025
2023-11-20 09:49
devmode.exe
192f55e340f45009639d106530172497
UPX
PE32
PE File
.NET EXE
OS Processor Check
VirusTotal
Malware
suspicious privilege
Check memory
Checks debugger
unpack itself
ComputerName
3.0
M
50
ZeroCERT
7026
2023-11-20 09:49
Discord.exe
5fe0d276069583d186448d4aaf9a2842
Gen1
Generic Malware
Malicious Library
UPX
PE File
PE64
OS Processor Check
DLL
ZIP Format
VirusTotal
Malware
Check memory
Creates executable files
crashed
2.2
M
45
ZeroCERT
7027
2023-11-20 09:47
TrueCrypt_vlBfql.exe
9bbdc08c91d9231f3508b97d8775e923
Generic Malware
Malicious Library
Malicious Packer
UPX
PE File
PE64
OS Processor Check
VirusTotal
Malware
crashed
1.6
M
35
ZeroCERT
7028
2023-11-20 09:45
build.exe
320a062b2e5a45a5c5298a7cc50d949d
Malicious Library
UPX
PE32
PE File
OS Processor Check
VirusTotal
Malware
PDB
unpack itself
Remote Code Execution
2.2
M
34
ZeroCERT
7029
2023-11-20 09:45
TrueCrypt_ypAWBs.exe
234f10adf43fc8b9c00f39224b652a99
Generic Malware
Malicious Library
Malicious Packer
UPX
PE File
PE64
OS Processor Check
VirusTotal
Malware
crashed
1.2
36
ZeroCERT
7030
2023-11-18 13:04
TrueCrypt_vlBfql.exe
9bbdc08c91d9231f3508b97d8775e923
Generic Malware
Malicious Library
Malicious Packer
UPX
PE File
PE64
OS Processor Check
VirusTotal
Malware
crashed
1.6
M
31
ZeroCERT
7031
2023-11-18 12:50
XNN.js
59177b07115feace5dfd413725f0f153
Generic Malware
Antivirus
AntiDebug
AntiVM
PowerShell
powershell
suspicious privilege
Code Injection
Check memory
Checks debugger
wscript.exe payload download
Creates shortcut
unpack itself
Windows utilities
Check virtual network interfaces
suspicious process
WriteConsoleW
Windows
ComputerName
Cryptographic key
crashed
2
Keyword trend analysis
×
Info
×
http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt
https://smithroses.com/wcnMU8/Nonco
4
Info
×
smithroses.com(207.246.113.147)
www.ssl.com(44.219.43.99)
207.246.113.147
54.88.41.161
8.8
ZeroCERT
7032
2023-11-18 12:50
BFWT.js
05766e814cc04adb55b19cca486cc455
Generic Malware
Antivirus
AntiDebug
AntiVM
PowerShell
powershell
suspicious privilege
Code Injection
Check memory
Checks debugger
wscript.exe payload download
Creates shortcut
unpack itself
Windows utilities
Check virtual network interfaces
suspicious process
WriteConsoleW
Windows
ComputerName
Cryptographic key
crashed
2
Keyword trend analysis
×
Info
×
http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt
https://smithroses.com/wcnMU8/Uncop
4
Info
×
smithroses.com(207.246.113.147)
www.ssl.com(44.219.43.99)
207.246.113.147
54.88.41.161
8.8
ZeroCERT
7033
2023-11-18 12:47
ROM.js
16965294fcb242a55144e4963f7d27ac
Generic Malware
Antivirus
AntiDebug
AntiVM
PowerShell
powershell
suspicious privilege
Code Injection
Check memory
Checks debugger
wscript.exe payload download
Creates shortcut
unpack itself
Windows utilities
Check virtual network interfaces
suspicious process
WriteConsoleW
Windows
ComputerName
Cryptographic key
crashed
2
Keyword trend analysis
×
Info
×
http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt
https://rimaflower.com/p4c/tacon
4
Info
×
rimaflower.com(66.135.19.210)
www.ssl.com(44.219.43.99)
44.219.43.99
66.135.19.210
8.8
ZeroCERT
7034
2023-11-18 12:46
lnvoice-1597256897.pdf.js
6ad3ba5c57ad42f2915166df9b09417d
Generic Malware
Antivirus
VirusTotal
Malware
powershell
suspicious privilege
Check memory
Checks debugger
Creates shortcut
unpack itself
suspicious process
WriteConsoleW
Windows
ComputerName
Cryptographic key
2
Keyword trend analysis
×
Info
×
http://busizinusa.blogspot.com///////////////////////////////////atom.xml
https://4c1c6c2c-3624-42cb-a147-0b3263050851.usrfiles.com/ugd/4c1c6c_31f8162eee98441e8de36b6b0e919315.txt
5.8
2
ZeroCERT
7035
2023-11-18 12:45
TrueCrypt_KlHkcF.exe
03205a2fe1c1b6c9f6d38b9e12d7688f
Generic Malware
Malicious Library
Malicious Packer
UPX
PE File
PE64
OS Processor Check
VirusTotal
Malware
crashed
1.4
20
ZeroCERT
First
Previous
461
462
463
464
465
466
467
468
469
470
Next
Last
Total : 48,289cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword