Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
7996
2024-07-08 17:04
Chrome_Password_Remover.exe
f308be1162c86c3d72ad06c4c85a67d4
Generic Malware
Malicious Library
Malicious Packer
UPX
Anti_VM
PE File
PE64
DllRegisterServer
dll
OS Processor Check
VirusTotal
Malware
crashed
1.8
M
56
ZeroCERT
7997
2024-07-08 17:03
cc.exe
f84d08aa136cff60ce8e8c45202190af
UPX
PE File
PE64
suspicious privilege
Windows utilities
WriteConsoleW
Windows
DNS
1
Info
×
43.143.246.38 - malware
3.0
M
ZeroCERT
7998
2024-07-08 17:02
windows.exe
9345f62e4c352920a96fe1ef4f295a9a
Malicious Library
Malicious Packer
Antivirus
.NET framework(MSIL)
UPX
PE File
.NET EXE
PE32
OS Processor Check
VirusTotal
Malware
Check memory
Checks debugger
unpack itself
2.0
M
59
ZeroCERT
7999
2024-07-08 17:01
sync.exe
69bf43760932bcccc3f1d58edc80bef9
UPX
PE File
PE64
VirusTotal
Malware
2.0
M
19
ZeroCERT
8000
2024-07-08 17:01
pc9.chm
7d101e683e7dbdfb83788c109c7b7de3
AntiDebug
AntiVM
CHM Format
PNG Format
JPEG Format
VirusTotal
Malware
MachineGuid
Code Injection
Check memory
RWX flags setting
unpack itself
ComputerName
2.8
4
ZeroCERT
8001
2024-07-08 16:56
Alingme.exe
2a16ef4fbdab9645dbd0dff6f3c1b0af
Malicious Library
SMTP
AntiDebug
AntiVM
PE File
.NET EXE
PE32
VirusTotal
Malware
AutoRuns
PDB
suspicious privilege
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
WMI
unpack itself
Windows utilities
Check virtual network interfaces
WriteConsoleW
Windows
ComputerName
DNS
Cryptographic key
1
Keyword trend analysis
×
Info
×
http://voucher-01-static.com/kvro/997.txt
5
Info
×
voucher-01-static.com(91.92.243.32) - malware
fallback-01-static.com(111.90.145.132)
111.90.145.132 - mailcious
45.152.67.101 - malware
91.92.243.32 - malware
1
Info
×
ET DROP Spamhaus DROP Listed Traffic Inbound group 13
14.4
M
44
ZeroCERT
8002
2024-07-08 16:54
cab.exe
5aefab6d98b943df267e28b42b5871e0
UPX
PE File
PE32
VirusTotal
Malware
suspicious privilege
Windows utilities
WriteConsoleW
Windows
DNS
2
Info
×
172.67.133.143
45.152.67.101 - malware
4.4
M
47
ZeroCERT
8003
2024-07-08 16:53
2019년 졸업자 취업통계조사 붙임.chm...
972be4aec6506e8bf4dc8d72491099f6
AntiDebug
AntiVM
CHM Format
VirusTotal
Malware
Code Injection
Check memory
unpack itself
crashed
2.6
28
ZeroCERT
8004
2024-07-08 16:53
Uialn.exe
4104370a4f4d897292560d55666cdb10
Generic Malware
Malicious Library
Antivirus
AntiDebug
AntiVM
PE File
.NET EXE
PE32
VirusTotal
Malware
powershell
PDB
suspicious privilege
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
Creates shortcut
unpack itself
powershell.exe wrote
Check virtual network interfaces
suspicious process
Windows
ComputerName
Cryptographic key
crashed
1
Keyword trend analysis
×
Info
×
http://voucher-01-static.com/rkei/1068.txt
5
Info
×
strang-02-static.com(111.90.145.141)
strang-01-static.com(111.90.145.141)
voucher-01-static.com(91.92.243.32) - malware
111.90.145.141
91.92.243.32 - malware
1
Info
×
ET DROP Spamhaus DROP Listed Traffic Inbound group 13
15.0
M
52
ZeroCERT
8005
2024-07-08 16:52
svchost.exe
cb146d2042ae0df2c95f3afde7256583
UPX
PE File
PE64
VirusTotal
Malware
suspicious privilege
Windows utilities
suspicious TLD
WriteConsoleW
Windows
DNS
1
Keyword trend analysis
×
Info
×
http://source-update.hugratcat.top:2095/ws
3
Info
×
source-update.hugratcat.top(172.67.133.143)
172.67.133.143
39.97.52.57 - malware
2
Info
×
ET DNS Query to a *.top domain - Likely Hostile
ET INFO HTTP Request to a *.top domain
4.0
M
19
ZeroCERT
8006
2024-07-08 16:51
venture45.hta
e17e0242e9fe3834c192513619013b92
VirusTotal
Malware
unpack itself
crashed
1.4
23
ZeroCERT
8007
2024-07-08 16:50
Erlnb.exe
9352ddda312eeb93823ee2e6cc9a83bc
Generic Malware
Malicious Library
.NET framework(MSIL)
Antivirus
AntiDebug
AntiVM
PE File
.NET EXE
PE32
VirusTotal
Malware
powershell
PDB
suspicious privilege
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
WMI
Creates shortcut
unpack itself
powershell.exe wrote
Check virtual network interfaces
suspicious process
Windows
ComputerName
Cryptographic key
1
Keyword trend analysis
×
Info
×
http://voucher-01-static.com/rkei/1085.txt
2
Info
×
voucher-01-static.com(91.92.243.32) - malware
91.92.243.32 - malware
1
Info
×
ET DROP Spamhaus DROP Listed Traffic Inbound group 13
13.6
M
50
ZeroCERT
8008
2024-07-08 16:50
cp.exe
a40cfc38fce8d0285fd1462bd2d7abd1
UPX
PE File
PE64
VirusTotal
Malware
suspicious privilege
Windows utilities
WriteConsoleW
Windows
DNS
1
Info
×
39.97.52.57 - malware
3.8
M
20
ZeroCERT
8009
2024-07-08 14:24
INVESTIGATION_OF_SEXUAL_HARASS...
9345d52abd5bab4320c1273eb2c90161
ZIP Format
Word 2007 file format(docx)
VirusTotal
Malware
exploit crash
unpack itself
Tofsee
Exploit
crashed
2
Keyword trend analysis
×
Info
×
http://x1.i.lencr.org/
https://investigation04.session-out.com/fbd901_harassment/doc.rtf - rule_id: 41091
4
Info
×
investigation04.session-out.com(89.150.40.43) - mailcious
x1.i.lencr.org(23.52.33.11)
89.150.40.43 - mailcious
23.41.113.9
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
1
Info
×
https://investigation04.session-out.com/fbd901_harassment/doc.rtf
2.6
M
4
ZeroCERT
8010
2024-07-08 14:16
482c30dc5680e0c01b8a117ce969ae...
482c30dc5680e0c01b8a117ce969aef0
MSOffice File
VirusTotal
Malware
unpack itself
suspicious TLD
1
Info
×
aloud.relax98.bilotora.ru() - mailcious
2.0
3
ZeroCERT
First
Previous
531
532
533
534
535
536
537
538
539
540
Next
Last
Total : 53,887cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword
