Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
7921
2024-07-11 09:23
1.exe
835246232dbb706d3958d28677176332
Malicious Library
UPX
PE File
PE32
OS Processor Check
VirusTotal
Malware
unpack itself
2.2
M
32
ZeroCERT
7922
2024-07-11 09:22
c.exe
2cf12d7981e0434dbd32f02c9b5647f2
Malicious Library
.NET framework(MSIL)
AntiDebug
AntiVM
PE File
.NET EXE
PE32
VirusTotal
Malware
PDB
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
Windows
DNS
Cryptographic key
crashed
1
Info
×
104.243.242.165
10.2
M
27
ZeroCERT
7923
2024-07-11 09:22
3.exe
293460728c83e7be2fccc67283815c03
Malicious Library
UPX
PE File
PE32
OS Processor Check
VirusTotal
Malware
unpack itself
2.4
M
55
ZeroCERT
7924
2024-07-11 09:21
a.exe
56fae07d0d9ee560ef2fb4c536868b11
Malicious Library
.NET framework(MSIL)
DNS
AntiDebug
AntiVM
PE File
.NET EXE
PE32
VirusTotal
Malware
Buffer PE
AutoRuns
PDB
suspicious privilege
MachineGuid
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
human activity check
Windows
DNS
DDNS
3
Info
×
maxlogs.webhop.me() - mailcious
newsddawork.3utilities.com(104.243.242.169)
104.243.242.169
2
Info
×
ET POLICY DNS Query to DynDNS Domain *.3utilities .com
ET POLICY DNS Query to DynDNS Domain *.webhop .me
13.4
M
42
ZeroCERT
7925
2024-07-11 09:18
gh.gh.gh.ghghghgh.doc
feb6e59fff619a84e6e391a4c95a6650
MS_RTF_Obfuscation_Objects
RTF File
doc
Malware download
VirusTotal
Malware
Malicious Traffic
exploit crash
unpack itself
Tofsee
Exploit
DNS
crashed
3
Keyword trend analysis
×
Info
×
http://139.99.220.222/66266/ucancrosstheflowerbeautiytogetin.gIF
http://198.46.176.133/Upload/vbs.jpeg
https://pastecode.dev/raw/6l7qjjrz/paste1.txt
4
Info
×
pastecode.dev(172.66.43.27) - mailcious
172.66.40.229 - mailcious
198.46.176.133
139.99.220.222
3
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET MALWARE Base64 Encoded MZ In Image
ET MALWARE Malicious Base64 Encoded Payload In Image
4.8
M
40
ZeroCERT
7926
2024-07-11 09:17
ghj.ghj.ghj.ghj.doc
d55328b7b87c986b84e60450453840c1
MS_RTF_Obfuscation_Objects
RTF File
doc
VirusTotal
Malware
RWX flags setting
exploit crash
Exploit
crashed
3.2
34
ZeroCERT
7927
2024-07-10 22:48
4b98d2919533ab614a7571aa0ef7c8...
ad27be427dd7f922143e57fd1fa64f98
Browser Login Data Stealer
Generic Malware
Downloader
Malicious Library
Malicious Packer
UPX
PE File
PE32
OS Processor Check
JPEG Format
VirusTotal
Malware
AutoRuns
Check memory
Creates executable files
unpack itself
suspicious process
AppData folder
Windows
DNS
keylogger
1
Info
×
185.157.162.75 - mailcious
9.8
29
guest
7928
2024-07-10 22:42
4b98d2919533ab614a7571aa0ef7c8...
ad27be427dd7f922143e57fd1fa64f98
Browser Login Data Stealer
Generic Malware
Downloader
Malicious Library
Malicious Packer
UPX
PE File
PE32
OS Processor Check
JPEG Format
VirusTotal
Malware
AutoRuns
Check memory
Creates executable files
unpack itself
suspicious process
AppData folder
Windows
DNS
keylogger
1
Info
×
185.157.162.75 - mailcious
9.2
29
guest
7929
2024-07-10 16:10
Plugin_0703.exe.bak
7fb098ac9cc8d730ac0ea7111805a553
Emotet
Gen1
Generic Malware
Malicious Library
UPX
Antivirus
PE File
PE32
CAB
OS Processor Check
DLL
Lnk Format
GIF Format
ZIP Format
AutoRuns
Checks debugger
Creates shortcut
Creates executable files
unpack itself
Windows utilities
Auto service
AntiVM_Disk
sandbox evasion
Firewall state off
VM Disk Size Check
Windows
Browser
ComputerName
RCE
7.6
guest
7930
2024-07-10 13:45
wh.vbs
23454878fb50859c4849ac2b6e256789
Generic Malware
Antivirus
VirusTotal
Malware
powershell
suspicious privilege
Check memory
Checks debugger
Creates shortcut
unpack itself
Windows utilities
Check virtual network interfaces
suspicious process
WriteConsoleW
Tofsee
Windows
ComputerName
Cryptographic key
4
Info
×
www.almrwad.com(184.171.244.231) - mailcious
www.erp-royal-crown.info(148.251.114.233)
148.251.114.233
184.171.244.231 - mailcious
3
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
SURICATA TLS invalid record type
SURICATA TLS invalid record/traffic
8.4
22
ZeroCERT
7931
2024-07-10 13:43
mg.vbs
8df76af54c38d5d4c2cd9f6d18eedf92
Generic Malware
Antivirus
VirusTotal
Malware
powershell
suspicious privilege
Check memory
Checks debugger
Creates shortcut
unpack itself
Windows utilities
Check virtual network interfaces
suspicious process
WriteConsoleW
Tofsee
Windows
ComputerName
Cryptographic key
4
Info
×
www.almrwad.com(184.171.244.231) - mailcious
www.erp-royal-crown.info(148.251.114.233)
148.251.114.233
184.171.244.231 - mailcious
3
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
SURICATA TLS invalid record type
SURICATA TLS invalid record/traffic
8.2
19
ZeroCERT
7932
2024-07-10 13:42
rustdesk.exe
05d5f32d7a756924b7480ea0e3a36152
Generic Malware
Malicious Library
WinRAR
UPX
PE File
PE32
OS Processor Check
VirusTotal
Malware
PDB
suspicious privilege
Check memory
Checks debugger
Creates executable files
sandbox evasion
WriteConsoleW
Windows
RCE
5.2
M
22
ZeroCERT
7933
2024-07-10 13:39
sostener.vbs
af7ba7e4a9c914e8497936eb7b6ae725
Generic Malware
Antivirus
PowerShell
VBScript
powershell
suspicious privilege
Check memory
Checks debugger
wscript.exe payload download
Creates shortcut
unpack itself
Check virtual network interfaces
suspicious process
WriteConsoleW
Tofsee
Windows
ComputerName
Cryptographic key
Dropper
2
Keyword trend analysis
×
Info
×
https://pastecode.dev/raw/6l7qjjrz/paste1.txt
https://ia803405.us.archive.org/16/items/new_image_202406/new_image.jpg
4
Info
×
pastecode.dev(172.66.43.27)
ia803405.us.archive.org(207.241.232.195) - mailcious
172.66.40.229
207.241.232.195 - mailcious
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
10.0
ZeroCERT
7934
2024-07-10 09:52
Update2.js
1d07102e4ad699b952201104aca88770
VBScript
wscript.exe payload download
unpack itself
Tofsee
crashed
Dropper
1
Keyword trend analysis
×
Info
×
https://wvgbc.parish.chuathuongxot.org/orderReview
2
Info
×
wvgbc.parish.chuathuongxot.org(23.95.182.12)
23.95.182.12 - mailcious
2
Info
×
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
10.0
guest
7935
2024-07-10 09:52
Update.js
94a69d2789ce8db937bd23160c7cf57b
VBScript
wscript.exe payload download
Tofsee
crashed
Dropper
1
Keyword trend analysis
×
Info
×
https://pyous.parish.chuathuongxot.org/orderReview
2
Info
×
pyous.parish.chuathuongxot.org(23.95.182.12)
23.95.182.12 - mailcious
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
10.0
guest
First
Previous
521
522
523
524
525
526
527
528
529
530
Next
Last
Total : 53,867cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword
