Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
7576
2023-10-19 19:52
lnvoice_1332936990.js
fd8654cbec65781ef40ef64410c93bf6
Generic Malware
Antivirus
VirusTotal
Malware
powershell
suspicious privilege
Check memory
Checks debugger
Creates shortcut
unpack itself
suspicious process
WriteConsoleW
Windows
ComputerName
Cryptographic key
1
Keyword trend analysis
×
Info
×
http://htlbook.blogspot.com/atom.xml
5.2
1
guest
7577
2023-10-19 18:42
HTMLcache8.dOC
2b81d6d754937ab82947a76d395df643
MS_RTF_Obfuscation_Objects
RTF File
doc
VirusTotal
Malware
VBScript
Malicious Traffic
exploit crash
Tofsee
Exploit
DNS
crashed
1
Keyword trend analysis
×
Info
×
http://185.254.37.80/sevenththththththth.vbs
3
Info
×
wallpapercave.com(104.22.52.71) - malware
185.254.37.80 - mailcious
104.22.53.71
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO Dotted Quad Host VBS Request
3.6
M
29
ZeroCERT
7578
2023-10-19 18:38
HTMLcache8.dOC
2b81d6d754937ab82947a76d395df643
MS_RTF_Obfuscation_Objects
RTF File
doc
VirusTotal
Malware
RWX flags setting
exploit crash
Exploit
crashed
2.6
M
29
ZeroCERT
7579
2023-10-19 18:38
uwp4082989.png.exe
5913cdb1f8f9045b3e19987a08134771
Malicious Library
UPX
.NET DLL
PE File
DLL
PE32
OS Processor Check
VirusTotal
Malware
PDB
1.4
26
ZeroCERT
7580
2023-10-19 18:37
skx3hHI.exe
aa97e84ddfed87f96092e40ae29e9a63
.NET framework(MSIL)
Socket
DNS
persistence
AntiDebug
AntiVM
PE File
PE32
.NET EXE
VirusTotal
Malware
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
Windows
DNS
Cryptographic key
1
Info
×
94.156.6.14
10.8
M
28
ZeroCERT
7581
2023-10-19 18:35
plugmanzx.exe
2f7fc48c821a1ee87c7c95b069fe69ef
DNS
AntiDebug
AntiVM
PE File
PE32
.NET EXE
Malware download
Nanocore
Cobalt Strike
NetWireRC
VirusTotal
Malware
Buffer PE
AutoRuns
PDB
suspicious privilege
MachineGuid
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
Windows utilities
suspicious process
WriteConsoleW
human activity check
Windows
RAT
ComputerName
DNS
DDNS
2
Info
×
29122021.sytes.net(94.156.6.14)
94.156.6.14
5
Info
×
ET INFO DYNAMIC_DNS Query to a *.sytes.net Domain
ET MALWARE NanoCore RAT CnC 7
ET MALWARE NanoCore RAT Keep-Alive Beacon (Inbound)
ET MALWARE NanoCore RAT Keepalive Response 1
ET MALWARE NanoCore RAT Keepalive Response 3
13.4
M
31
ZeroCERT
7582
2023-10-19 18:32
mtxwrwa.exe
03e41b95af64f8e4be9fcbd85df87673
.NET framework(MSIL)
PE File
PE32
.NET EXE
VirusTotal
Malware
Check memory
Checks debugger
unpack itself
ComputerName
2.4
M
39
ZeroCERT
7583
2023-10-19 18:30
sukonted2.1.exe
ed1aef251adba4e47408db95bcf563cf
NSIS
Malicious Library
UPX
PE File
PE32
OS Processor Check
VirusTotal
Malware
suspicious privilege
Check memory
Creates executable files
unpack itself
AppData folder
4.4
M
35
ZeroCERT
7584
2023-10-19 18:30
plugmanzx.exe
f4a329dff4849f902fe877e345e6d740
.NET framework(MSIL)
PE File
PE32
.NET EXE
VirusTotal
Malware
PDB
Check memory
Checks debugger
unpack itself
2.0
M
31
ZeroCERT
7585
2023-10-19 18:28
gfhdsggssdgfsFile.vbs
50530ad3f7a59a70e2ad275d8eca6e34
Generic Malware
Antivirus
PowerShell
VirusTotal
Malware
powershell
suspicious privilege
Check memory
Checks debugger
Creates shortcut
unpack itself
Check virtual network interfaces
suspicious process
WriteConsoleW
Tofsee
Windows
ComputerName
Cryptographic key
2
Keyword trend analysis
×
Info
×
https://wallpapercave.com/uwp/uwp4072801.png
http://185.254.37.80/apamaaktivosbase6444.txt
2
Info
×
wallpapercave.com(104.22.52.71) - malware
104.22.53.71
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
7.6
5
ZeroCERT
7586
2023-10-19 18:28
westartagain.vbs
a19e87eb4cfc892ad7ccf43fd3a2a114
Generic Malware
Antivirus
PowerShell
VirusTotal
Malware
powershell
suspicious privilege
Check memory
Checks debugger
Creates shortcut
unpack itself
Check virtual network interfaces
suspicious process
WriteConsoleW
Tofsee
Windows
ComputerName
Cryptographic key
2
Keyword trend analysis
×
Info
×
https://wallpapercave.com/uwp/uwp4082989.png
http://94.156.253.236/newbeginining.txt
2
Info
×
wallpapercave.com(172.67.29.26) - malware
172.67.29.26 - malware
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
7.6
3
ZeroCERT
7587
2023-10-19 18:27
sevenththththththth.vbs
f9145a219ca855c79279b94e9b902068
Generic Malware
Antivirus
PowerShell
VirusTotal
Malware
powershell
suspicious privilege
Check memory
Checks debugger
Creates shortcut
unpack itself
Check virtual network interfaces
suspicious process
WriteConsoleW
Tofsee
Windows
ComputerName
Cryptographic key
2
Keyword trend analysis
×
Info
×
https://wallpapercave.com/uwp/uwp4072801.png
http://185.254.37.80/seventhhhhhhhh.txt
2
Info
×
wallpapercave.com(104.22.52.71) - malware
172.67.29.26 - malware
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
7.6
4
ZeroCERT
7588
2023-10-19 11:02
7a54bdb20779c4359694feaa1398dd...
c0696ad2162f2afab1dc1d70454a5353
Malicious Library
UPX
PE File
PE32
ftp
OS Processor Check
VirusTotal
Malware
unpack itself
1.6
25
ZeroCERT
7589
2023-10-19 11:00
setup294.exe
0d1933c0074987f494c9023a9888da47
Malicious Library
PE File
PE32
DLL
Check memory
Checks debugger
Creates executable files
unpack itself
AppData folder
WriteConsoleW
2.2
ZeroCERT
7590
2023-10-19 11:00
baf14778c246e15550645e30ba78ce...
f71cca8206e173f86a3c3fd1891ac4db
Malicious Library
UPX
PE File
PE32
ftp
OS Processor Check
VirusTotal
Malware
unpack itself
DNS
1
Info
×
104.194.128.170 - mailcious
2.2
26
ZeroCERT
First
Previous
501
502
503
504
505
506
507
508
509
510
Next
Last
Total : 48,231cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword