popup

Submissions

No Date Request Urls Hosts IDS Rule Score Zero VT Player Etc
8206 2023-09-27 09:58 ntpvip.exe  

f93c6cb12717866ccd7de457c0d2dbce


Malicious Library UPX Antivirus .NET framework(MSIL) Malicious Packer PE File PE32 .NET EXE OS Processor Check AsyncRAT VirusTotal Malware Check memory Checks debugger unpack itself 		2.4 58 ZeroCERT

8207 2023-09-27 09:34 YU.pdf.lnk  

f3f9452aa325321a4b90e7fed0bd97ae


Generic Malware AntiDebug AntiVM GIF Format Lnk Format Malware Code Injection Malicious Traffic Check memory Creates shortcut suspicious process WriteConsoleW DNS crashed 		1 1 2 3.8 ZeroCERT

8208 2023-09-27 09:30 rump_vbs.jpg.exe  

8955b482e59894864bace732302a9927


Malicious Library UPX .NET DLL PE File DLL PE32 OS Processor Check VirusTotal Malware PDB 		1.4 24 ZeroCERT

8209 2023-09-27 07:59 docdav20230926.exe  

909d39242d301cc07ffc6196bb487939


Malicious Library UPX .NET framework(MSIL) Malicious Packer PWS SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger 		4 5 13.4 38 ZeroCERT

8210 2023-09-27 07:54 docyo20230926.exe  

98de1e7dc7330e5737dc6faeaac764b5


Malicious Library PWS SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger 		1 8 8 17.8 M 44 ZeroCERT

8211 2023-09-27 07:52 bawo.exe  

b8d03a02e654dfc840f21297b8dc99b2


Downloader Create Service Socket DGA Escalate priviledges PWS Sniff Audio SMTP DNS ScreenShot Code injection Internet API KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Malware download NetWireRC VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs BitRAT Windows ComputerName DNS Cryptographic key DDNS keylogger 		2 4 12.4 M 28 ZeroCERT

8212 2023-09-27 07:52 documentblur.exe  

5fac40a82226f46504aef22f79233ad7


WebCam KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE XWorm VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process AntiVM_Disk VM Disk Size Check Windows ComputerName Cryptographic key keylogger 		11.4 M 42 ZeroCERT

8213 2023-09-27 07:44 document1.exe  

6a4e90565b00a175a7f721785c103b8c


WebCam KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE XWorm VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process AntiVM_Disk VM Disk Size Check Windows ComputerName Cryptographic key keylogger 		11.2 36 ZeroCERT

8214 2023-09-27 07:42 eee.exe  

0f188231c29fba40e8b3e76792464cff


Emotet Gen1 Malicious Library UPX PE File PE32 DllRegisterServer dll OS Processor Check VirusTotal Malware PDB Check memory suspicious TLD Tofsee 		2 2 1.4 2 ZeroCERT

8215 2023-09-26 21:20 5ea275.exe  

7bf101b7b7b02288a1d5ccfee8ac654d


Malicious Library UPX VMProtect PE File PE32 OS Processor Check VirusTotal Malware Check memory unpack itself Windows utilities suspicious process WriteConsoleW Windows Remote Code Execution 		4.8 M 57 ZeroCERT

8216 2023-09-26 20:50 clip.exe  

77741baf59016656ba0216ec10d12bc0


Downloader UPX MPRESS Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Sniff Audio HTTP DNS ScreenShot Code injection Internet API persistence FTP KeyLogger AntiDebug AntiVM PE File PE32 VirusTotal Malware AutoRuns Code Injection Check memory Creates executable files unpack itself Windows utilities Checks Bios Detects VirtualBox Detects VMWare suspicious process malicious URLs WriteConsoleW VMware anti-virtualization Windows ComputerName Firmware crashed 		10.4 M 35 ZeroCERT

8217 2023-09-26 20:17 Amda.exe  

a38e39cfe409a847b1252327796dd499


Amadey Admin Tool (Sysinternals etc ...) UPX Http API HTTP Code injection Internet API AntiDebug AntiVM PE File PE32 .NET EXE GIF Format Lnk Format Malware download Amadey VirusTotal Malware AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities Windows ComputerName DNS 		1 1 2 1 13.4 M 48 ZeroCERT

8218 2023-09-26 20:15 Adayn.exe  

6fcb383cb180cb2059e64b43ec685754


Amadey UPX .NET framework(MSIL) Http API HTTP Code injection Internet API AntiDebug AntiVM PE File PE32 .NET EXE GIF Format Lnk Format Malware download Amadey VirusTotal Malware AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities Windows ComputerName DNS 		1 1 2 1 12.8 M 52 ZeroCERT

8219 2023-09-26 20:14 55aa5e.exe  

50b75a2eab39366e1ff40211cf784a29


Malicious Library UPX VMProtect PE File PE32 OS Processor Check VirusTotal Malware Check memory unpack itself Windows utilities suspicious process WriteConsoleW Windows 		4.2 47 ZeroCERT

8220 2023-09-26 20:13 Amda.exe  

1ea390a2fbe94a5a7165a4dbc87d21f7


Amadey North Korea UPX Http API HTTP Code injection Internet API AntiDebug AntiVM PE File PE32 .NET EXE GIF Format Lnk Format Malware download Amadey VirusTotal Malware AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities Windows ComputerName Remote Code Execution DNS 		1 1 2 1 13.0 M 50 ZeroCERT

keyword