Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
8056
2023-10-04 07:44
nvpn.exe
c17f541fdb6b3cb61be539e348d6ee0f
NSIS
Malicious Library
UPX
PE File
PE32
OS Processor Check
VirusTotal
Malware
Check memory
Creates executable files
unpack itself
AppData folder
crashed
4.0
44
ZeroCERT
8057
2023-10-04 07:44
process.exe
78610b12f460bc002beb71104d51db3b
.NET framework(MSIL)
PWS
SMTP
KeyLogger
AntiDebug
AntiVM
PE File
PE32
.NET EXE
Browser Info Stealer
FTP Client Info Stealer
VirusTotal
Email Client Info Stealer
Malware
PDB
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
Browser
Email
ComputerName
Software
crashed
9.2
M
17
ZeroCERT
8058
2023-10-04 07:42
fmodstudio64.exe
5f32065d2330cb09aee6ed9fa7ed1c21
Malicious Library
UPX
PE File
PE32
OS Processor Check
VirusTotal
Malware
Malicious Traffic
Check memory
buffers extracted
unpack itself
suspicious process
Tofsee
ComputerName
Remote Code Execution
2
Keyword trend analysis
×
Info
×
https://passport.weibo.com/visitor/visitor?entry=miniblog&a=enter&url=https%3A%2F%2Fweibo.com%2F&domain=weibo.com&_rand=1696372813674&sudaref=
https://weibo.com/
4
Info
×
passport.weibo.com(36.51.224.27)
weibo.com(36.51.224.114)
36.51.224.27
36.51.224.53
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
4.6
M
15
ZeroCERT
8059
2023-10-04 07:42
Setup.exe
46a22f0849344f152364d921c3c28435
Malicious Library
UPX
PWS
SMTP
AntiDebug
AntiVM
PE File
PE32
OS Processor Check
VirusTotal
Malware
PDB
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
Windows
DNS
Cryptographic key
1
Info
×
185.149.146.17
9.8
M
24
ZeroCERT
8060
2023-10-03 19:50
rahfgnw.txt.exe
53001d5dd35f0f92eb0a676a19dce593
Malicious Library
UPX
Malicious Packer
PE File
PE32
.NET EXE
Browser Info Stealer
FTP Client Info Stealer
Email Client Info Stealer
suspicious privilege
Check memory
Checks debugger
unpack itself
Browser
Email
ComputerName
Software
crashed
3.2
ZeroCERT
8061
2023-10-03 19:49
UpdateSvc.exe
089428711dddec20eabf7732eea8fb8d
Generic Malware
Antivirus
.NET framework(MSIL)
PE File
PE32
.NET EXE
VirusTotal
Malware
suspicious privilege
Check memory
Checks debugger
unpack itself
WriteConsoleW
Ransomware
Windows
ComputerName
5.6
M
53
guest
8062
2023-10-03 19:49
UpdateSvc.exe
089428711dddec20eabf7732eea8fb8d
Generic Malware
Antivirus
.NET framework(MSIL)
PE File
PE32
.NET EXE
VirusTotal
Malware
suspicious privilege
Check memory
Checks debugger
unpack itself
WriteConsoleW
Ransomware
Windows
ComputerName
5.0
M
53
guest
8063
2023-10-03 19:48
UpdateSvc.exe
089428711dddec20eabf7732eea8fb8d
Generic Malware
Antivirus
.NET framework(MSIL)
PE File
PE32
.NET EXE
VirusTotal
Malware
suspicious privilege
Check memory
Checks debugger
unpack itself
WriteConsoleW
Ransomware
Windows
ComputerName
5.6
M
53
guest
8064
2023-10-03 19:47
xYdLlCq2lmVs.exe
358cb653ee7d885c09936997b44cd716
njRAT
backdoor
PE File
PE32
.NET EXE
Malware download
njRAT
VirusTotal
Malware
DNS
DDNS
3
Info
×
patria.duckdns.org(46.246.6.7)
46.246.6.7
2.59.254.111
3
Info
×
ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2.2
61
ZeroCERT
8065
2023-10-03 19:47
UpdateSvc.exe
089428711dddec20eabf7732eea8fb8d
Generic Malware
Antivirus
.NET framework(MSIL)
PE File
PE32
.NET EXE
VirusTotal
Malware
suspicious privilege
Check memory
Checks debugger
unpack itself
WriteConsoleW
Ransomware
Windows
ComputerName
5.0
M
53
guest
8066
2023-10-03 19:46
UpdateSvc.exe
089428711dddec20eabf7732eea8fb8d
Generic Malware
Antivirus
.NET framework(MSIL)
PE File
PE32
.NET EXE
VirusTotal
Malware
suspicious privilege
Check memory
Checks debugger
unpack itself
WriteConsoleW
Ransomware
Windows
ComputerName
5.6
M
53
guest
8067
2023-10-03 19:43
xoiHrcDMQ2n5.exe
c9bad87f14e2fa7872bd26796e81ec0e
Browser Login Data Stealer
Generic Malware
Malicious Library
UPX
Downloader
Malicious Packer
PE File
PE32
OS Processor Check
Remcos
VirusTotal
Malware
Malicious Traffic
Check memory
Windows
keylogger
1
Keyword trend analysis
×
Info
×
http://geoplugin.net/json.gp
4
Info
×
geoplugin.net(178.237.33.50)
war.bumbleshrimp.com(186.102.171.59)
178.237.33.50
186.102.171.59
2
Info
×
ET INFO DYNAMIC_DNS Query to a *.bumbleshrimp .com Domain
ET JA3 Hash - Remcos 3.x TLS Connection
3.4
61
ZeroCERT
8068
2023-10-03 19:43
xCpfJFvnvULI.exe
67f66acafd69e185e297a7fd06c24ed5
Browser Login Data Stealer
Generic Malware
Malicious Library
UPX
Downloader
Malicious Packer
PE File
PE32
OS Processor Check
VirusTotal
Malware
Windows
keylogger
2
Info
×
asegurar100.4cloud.click(181.141.3.182)
181.141.3.182
1
Info
×
ET INFO DYNAMIC_DNS Query to a *.4cloud .click Domain
3.4
60
ZeroCERT
8069
2023-10-03 19:43
xBqAmJwby407.exe
578656857a68dc5dbb566cbf23865afa
UPX
.NET framework(MSIL)
Malicious Packer
PE File
PE32
.NET EXE
Malware download
NetWireRC
VirusTotal
Malware
IP Check
RAT
DNS
DDNS
1
Keyword trend analysis
×
Info
×
http://ip-api.com/json/
4
Info
×
crazydns.linkpc.net(2.59.254.111)
ip-api.com(208.95.112.1)
2.59.254.111
208.95.112.1
3
Info
×
ET INFO Observed DNS Query to DynDNS Domain (linkpc .net)
ET MALWARE Common RAT Connectivity Check Observed
ET POLICY External IP Lookup ip-api.com
2.4
60
ZeroCERT
8070
2023-10-03 19:41
bQsi.exe
036be720d022e86c24c4554cc567945c
Malicious Library
UPX
Antivirus
.NET framework(MSIL)
Malicious Packer
PE File
PE32
.NET EXE
OS Processor Check
VirusTotal
Malware
Check memory
Checks debugger
unpack itself
2.0
56
ZeroCERT
First
Previous
531
532
533
534
535
536
537
538
539
540
Next
Last
Total : 48,230cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword