popup

Submissions

No Date Request Urls Hosts IDS Rule Score Zero VT Player Etc
7111 2023-11-14 17:33 Service_32.exe  

f353a6519b5c64d48f798d91e5235848


UPX Malicious Library Anti_VM AntiDebug AntiVM PE32 PE File .NET EXE OS Processor Check DLL PDB Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder Windows Remote Code Execution Cryptographic key crashed 		8.4 M ZeroCERT

7112 2023-11-14 17:31 amdays.exe  

1469e905f3ce6bd98f075df0293320b9


.NET framework(MSIL) UPX Http API HTTP Code injection Internet API AntiDebug AntiVM PE32 PE File .NET EXE Lnk Format GIF Format AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities Windows ComputerName DNS 		1 11.0 M ZeroCERT

7113 2023-11-14 17:29 ma.exe  

75ab3e51c23bdcbed0b3d61cfe34e115


Emotet Malicious Packer UPX PE File PE64 suspicious privilege MachineGuid Check memory Checks debugger unpack itself anti-virtualization ComputerName Remote Code Execution 		3.8 M ZeroCERT

7114 2023-11-14 17:27 cl.exe  

2b7f57acb70c816b7d1f4dd6adf7a708


UPX PE File PE64 .NET EXE unpack itself Windows Remote Code Execution crashed 		2.4 M ZeroCERT

7115 2023-11-14 17:25 software.exe  

2b0ca4edd1b9b7c6c627798503e9805f


UPX Malicious Library PWS Anti_VM AntiDebug AntiVM PE32 PE File .NET EXE OS Processor Check PNG Format DLL Browser Info Stealer Malware download FTP Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces AppData folder installed browsers check SectopRAT Windows Browser Backdoor ComputerName Remote Code Execution DNS Cryptographic key Software crashed 		1 1 15.0 M ZeroCERT

7116 2023-11-14 17:25 secondumma.exe  

4a160637f5d25483b11a823ca58c93a9


Malicious Library UPX PE32 PE File OS Processor Check unpack itself Remote Code Execution 		1.0 M ZeroCERT

7117 2023-11-14 17:23 is.exe  

16ef8b5b3fe9fcca6b37396f264f74f7


Malicious Library UPX PWS SMTP AntiDebug AntiVM PE32 PE File OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer Malware Microsoft suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed 		1 4 11.6 M ZeroCERT

7118 2023-11-14 17:22 Purchase_Order_N°055-05623pdf....  

36502252e6844b5881d0f7d216a49626


.NET framework(MSIL) PE32 PE File .NET EXE PDB Check memory Checks debugger unpack itself 		1.4 ZeroCERT

7119 2023-11-14 17:21 PO..exe  

897c78d5b9c1bf368fbfbb4f33c9caaf


Client SW User Data Stealer Backdoor RemcosRAT browser info stealer Generic Malware Google Chrome User Data Downloader .NET framework(MSIL) Antivirus Create Service Socket ScreenShot Escalate priviledges PWS Sniff Audio DNS Internet API KeyLogger AntiDebu powershell AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key DDNS keylogger 		2 1 12.4 ZeroCERT

7120 2023-11-14 17:19 fridayexploit.hta  

d4970c65d0fc813816a54460705705cc


AgentTesla Generic Malware Antivirus KeyLogger AntiDebug AntiVM PowerShell Malware powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted heapspray Creates shortcut RWX flags setting unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows Exploit ComputerName Cryptographic key 		3 4 2 2 13.8 M ZeroCERT

7121 2023-11-14 14:53 HtaieBrowserhistorycleanercach...  

8a8ad36f9aba5977a145a338be170265


MS_RTF_Obfuscation_Objects RTF File doc Vulnerability Malware Malicious Traffic buffers extracted exploit crash unpack itself Tofsee Exploit crashed 		3 4 4 1 3.0 M ZeroCERT

7122 2023-11-14 08:11 Allergy_Test_Results.pdf.exe  

a8b48d2e9a3d042a28001d46923f03e7


UPX PWS SMTP AntiDebug AntiVM PE32 PE File .NET EXE Code Injection Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key 		1 7.8 M ZeroCERT

7123 2023-11-14 08:08 latestmar.exe  

5e2d0831dae832def43705bc89220040


NPKI HermeticWiper Generic Malware Suspicious_Script NSIS Malicious Library UPX Antivirus Malicious Packer Admin Tool (Sysinternals etc ...) Anti_VM Javascript_Blob PE32 PE File .NET EXE PNG Format JPEG Format OS Processor Check ZIP Format icon BMP Format Malware Check memory Checks debugger Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check Ransomware Windows crashed 		7.6 M ZeroCERT

7124 2023-11-14 08:08 taskeng.exe  

8cd79908aa72e2f763392a9fe45b46db


Malicious Library UPX PE32 PE File OS Processor Check WMI ComputerName 		1.0 M ZeroCERT

7125 2023-11-14 08:06 WinSCP-6.1.2-Setup.exe  

17c8b1be1c8c7812785bbb6defd10b87


Malicious Library UPX PE32 PE File OS Processor Check unpack itself Windows DNS crashed 		1 2.2 M ZeroCERT

keyword