Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
7831	2021-05-04 09:33	presentation.dll 5a7c87dab250cee78ce63ac34117012b Gen1 DLL PE File PE32 VirusTotal Malware PDB MachineGuid Check memory unpack itself ComputerName DNS crashed				2.4		9	ZeroCERT

7832	2021-05-04 09:34	SZOUQ7KsUzcDsCB.exe 9435e4534e50a32af1f73ea36bb3bda9 PWS .NET framework Malicious Library .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows Cryptographic key				2.2		26	ZeroCERT

7833	2021-05-04 09:36	fixxing.exe 0d50c8e7c3f044099056bfb318f108c6 AsyncRAT backdoor PWS .NET framework Malicious Library DNS AntiDebug AntiVM .NET EXE PE File PE32 Malware download Nanocore VirusTotal Malware c&c Buffer PE suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key		1	1	13.2	M	22	ZeroCERT

7834	2021-05-04 09:36	angelx.exe af8241fb10ef39af9ec4a50a284fc96d AsyncRAT backdoor SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself suspicious process WriteConsoleW Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger		1		12.2		19	ZeroCERT

7835	2021-05-04 09:38	note-mxm.exe 116db2200d9be33529615fc98907d4d8 AsyncRAT backdoor PWS .NET framework DNS AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware Buffer PE suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed		1		12.6	M	39	ZeroCERT

7836	2021-05-04 09:39	IconExplorer.exe 4a71d4c41b583d8e3c589cef642199b6 UPX PE File PE32 VirusTotal Malware unpack itself ComputerName				2.0		2	조광섭

7837	2021-05-04 09:40	nedx.exe c1aba14168659c757816249ab352bada PWS .NET framework Malicious Library SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed				12.6	M	21	ZeroCERT

7838	2021-05-04 09:43	mosb.exe 3eba87fa613f9362c4f98cfd50c9dcf7 PWS .NET framework Malicious Library SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed				11.0		28	ZeroCERT

7839	2021-05-04 10:05	yourlocallotto.exe 7564bb42086def493a6e8f27bf923647 PUP MyWebSearch PE File PE32 DLL VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself Remote Code Execution				2.4	M	33	r0d

7840	2021-05-04 10:08	http://app.sharebox.co.kr/shar... 9059c10b8bd2e7cbbd3269a53a2714d8 AgentTesla DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Hijack Network Code injection Http API Internet API Steal credential ScreenShot Downloader P2P persistence AntiDebug AntiVM DLL PE File PE32 MSOffice File Code Injection Check memory Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	2	3	6.4			Kim.GS

7841	2021-05-04 10:48	http://www.dcma.or.kr 7440d60bec4ccd667368e6ff509040c1 AgentTesla DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Hijack Network Code injection Http API Internet API Steal credential ScreenShot Downloader P2P persistence AntiDebug AntiVM PNG Format MSOffice File Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	51 Keyword trend analysis Info http://www.dcma.or.kr/js/wrest.js http://www.dcma.or.kr/img/bn_04.png http://www.dcma.or.kr/img/bn_13.png http://www.dcma.or.kr/img/bn_02.png http://www.dcma.or.kr/img/bn_03.png http://www.dcma.or.kr/menulink.js http://www.dcma.or.kr/img/arr_p.png http://www.dcma.or.kr/img/on_04.png http://www.dcma.or.kr/img/on.png http://www.dcma.or.kr/img/bn_09.png http://www.dcma.or.kr/ http://www.dcma.or.kr/img/bn_08.png http://www.dcma.or.kr/img/off_01.png http://www.dcma.or.kr/img/bn_05.png http://www.dcma.or.kr/img/bn_15.png http://www.dcma.or.kr/img/bn_07.png http://www.dcma.or.kr/img/foot.png http://www.dcma.or.kr/img/mc_04.png http://www.dcma.or.kr/img/off.png http://www.dcma.or.kr/img/main02.png http://www.dcma.or.kr/jquery-1.7.1.min.js http://www.dcma.or.kr/img/b_002964.png http://www.dcma.or.kr/js/jquery.menu.js http://www.dcma.or.kr/skin/latest/date/style.css http://www.dcma.or.kr/img/arr_n.png http://www.dcma.or.kr/img/off_02.png http://www.dcma.or.kr/img/off_03.png http://www.dcma.or.kr/img/bn_17.png http://www.dcma.or.kr/img/ft_bg.png http://www.dcma.or.kr/img/bn_12.png http://www.dcma.or.kr/css/default.css http://www.dcma.or.kr/img/bn_10.png http://www.dcma.or.kr/img/main04.png http://www.dcma.or.kr/img/mc_02.png http://www.dcma.or.kr/img/bn_11.png http://www.dcma.or.kr/img/logo.png http://www.dcma.or.kr/jquery.motionj.fadeBanner.js http://www.dcma.or.kr/favicon.ico http://www.dcma.or.kr/img/m_notice.png http://www.dcma.or.kr/img/off_04.png http://www.dcma.or.kr/js/jquery-1.8.3.min.js http://www.dcma.or.kr/js/common.js http://www.dcma.or.kr/img/bn_06.png http://www.dcma.or.kr/img/bn_14.png http://www.dcma.or.kr/img/m_discuss.png http://www.dcma.or.kr/img/mc_01.png http://www.dcma.or.kr/img/mc_03.png http://www.dcma.or.kr/img/main01.png http://www.dcma.or.kr/img/main03.png http://fonts.googleapis.com/earlyaccess/nanumgothic.css http://www.dcma.or.kr/jquery.rolling.js	4	2	5.2			ZeroCERT

7842	2021-05-04 11:08	vbc.exe dc6c597848870c7c68143495ba2a1ec0 PWS .NET framework Malicious Library SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	4	4	14.6	M	27	ZeroCERT

7843	2021-05-04 11:09	dchampx.exe 1d66aaa1250b2b26ce545e9bab003b6d SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself suspicious process WriteConsoleW Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger				13.6	M	21	ZeroCERT

7844	2021-05-04 11:10	krNzUd2Snww9hFP.exe 3a52a950c96af984283d291589a1fe9f PWS .NET framework Malicious Library SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed				10.6	M	34	ZeroCERT

7845	2021-05-04 11:12	3DfqE7CuHdKNm2P.exe be5e95f01666864d42d22044ae372f52 Malicious Library .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows DNS Cryptographic key				2.8	M	27	ZeroCERT