Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
8251
2023-12-23 18:27
QubpyznbC7neo.exe
cccb899d6c57a95d4266155e87a8aabe
Antivirus
.NET framework(MSIL)
UPX
PE32
PE File
.NET EXE
VirusTotal
Malware
PDB
Check memory
Checks debugger
unpack itself
ComputerName
2.8
M
40
ZeroCERT
8252
2023-12-23 18:24
lumtru.exe
700a9938d0fcff91df12cbefe7435c88
Malicious Library
PE32
PE File
VirusTotal
Malware
PDB
unpack itself
Remote Code Execution
2.4
M
64
ZeroCERT
8253
2023-12-23 18:23
f305ba-b4b69ab5.exe
683c060ccca9ee3a5dad65946c8c9a88
Generic Malware
UPX
Antivirus
PWS
AntiDebug
AntiVM
PE32
PE File
.NET EXE
OS Processor Check
PNG Format
ZIP Format
Browser Info Stealer
VirusTotal
Malware
Cryptocurrency wallets
Cryptocurrency
powershell
PDB
suspicious privilege
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
WMI
Creates shortcut
unpack itself
Windows utilities
powershell.exe wrote
Check virtual network interfaces
suspicious process
IP Check
Tofsee
Ransomware
Windows
Discord
Browser
ComputerName
DNS
Cryptographic key
crashed
3
Keyword trend analysis
×
Info
×
http://apps.identrust.com/roots/dstrootcax3.p7c
http://ip-api.com/json/?fields=225545
https://gstatic.com/generate_204
9
Info
×
discord.com(162.159.128.233) - mailcious
ip-api.com(208.95.112.1)
artemis.community(172.67.193.142) - malware
gstatic.com(142.250.206.227)
162.159.137.232 - mailcious
208.95.112.1
172.67.193.142 - malware
23.50.121.137
142.250.199.67
4
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO Observed Discord Domain (discord .com in TLS SNI)
ET POLICY External IP Lookup ip-api.com
ET INFO Observed Discord Domain in DNS Lookup (discord .com)
15.4
M
49
ZeroCERT
8254
2023-12-23 18:22
setup294.dll
f8da2527550d3cd4ace397705dcfc72d
Malicious Library
PE32
PE File
DLL
VirusTotal
Malware
1.4
M
28
ZeroCERT
8255
2023-12-23 18:22
Testing.dot
3dfddb91261f5565596e3f014f9c495a
VBA_macro
Generic Malware
MSOffice File
VirusTotal
Malware
RWX flags setting
exploit crash
unpack itself
Exploit
crashed
2.6
M
22
ZeroCERT
8256
2023-12-23 18:20
xxx.exe
9cf34288dda36ca0b013d6978d1acfe4
Formbook
Generic Malware
task schedule
Antivirus
.NET framework(MSIL)
AntiDebug
AntiVM
PE32
PE File
.NET EXE
Lnk Format
GIF Format
VirusTotal
Malware
AutoRuns
PDB
MachineGuid
Code Injection
Check memory
Checks debugger
buffers extracted
Creates shortcut
Creates executable files
unpack itself
Windows
ComputerName
Cryptographic key
9.4
M
48
ZeroCERT
8257
2023-12-23 18:20
4ygvd.exe
c6c66e0ae7e62194bd95e52e85f69aa1
AgentTesla
.NET framework(MSIL)
PWS
SMTP
KeyLogger
AntiDebug
AntiVM
PE32
PE File
.NET EXE
Browser Info Stealer
FTP Client Info Stealer
VirusTotal
Email Client Info Stealer
Malware
PDB
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
Windows
Browser
Email
ComputerName
Cryptographic key
Software
crashed
10.0
M
53
ZeroCERT
8258
2023-12-23 18:19
etopt.exe
f77abc2f79780428ca514c0041c8b9e9
Emotet
Generic Malware
Malicious Library
UPX
PE32
PE File
PNG Format
DLL
OS Processor Check
BMP Format
Lnk Format
GIF Format
VirusTotal
Malware
Check memory
Checks debugger
Creates shortcut
Creates executable files
RWX flags setting
unpack itself
AppData folder
ComputerName
Firmware
4.2
M
28
ZeroCERT
8259
2023-12-23 18:18
setup294.exe
7e563b190589c303d58f64ecd73e0cf6
Malicious Library
UPX
PE32
PE File
OS Processor Check
DLL
PDB
unpack itself
suspicious process
AppData folder
Remote Code Execution
1.8
ZeroCERT
8260
2023-12-23 03:12
SHIPMENT.html
eee94ac7a87b9751276ff8a8f2dd1545
AntiDebug
AntiVM
MSOffice File
PNG Format
Code Injection
RWX flags setting
exploit crash
unpack itself
Windows utilities
Tofsee
Windows
Exploit
DNS
crashed
1
Keyword trend analysis
×
Info
×
https://i.gyazo.com/4522caeb250b902767ea9d7dbee510fb.png
2
Info
×
i.gyazo.com(104.18.25.163)
104.18.25.163
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
3.8
guest
8261
2023-12-22 15:00
OperaGXSetup.exe
46431992aa566007949fc4acbc058856
Generic Malware
PE32
PE File
VirusTotal
Malware
Malicious Traffic
unpack itself
Tofsee
ComputerName
1
Keyword trend analysis
×
Info
×
http://www.msk-post.com/server/init.php
2
Info
×
www.msk-post.com(91.228.225.55)
91.228.225.55
2
Info
×
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
3.2
M
47
ZeroCERT
8262
2023-12-22 13:52
48cda9ff.exe
b6d9df296551816e5de88db1a3878e97
Malicious Library
UPX
PE32
PE File
OS Processor Check
VirusTotal
Malware
PDB
unpack itself
2.0
35
ZeroCERT
8263
2023-12-22 09:05
xp_amp_app_usage_dnu-2023-12-2...
e4ca61ab3ea153cee21ca7b13f7006e0
AntiDebug
AntiVM
Email Client Info Stealer
suspicious privilege
Checks debugger
Creates shortcut
unpack itself
installed browsers check
Browser
Email
ComputerName
3.4
guest
8264
2023-12-22 08:27
ma.exe
4737e1a615b8b7d377586394589844d4
PE File
PE64
.NET EXE
unpack itself
Windows
Remote Code Execution
crashed
2.0
M
ZeroCERT
8265
2023-12-22 08:25
cp.exe
8fc868f86ee50172a6135d3a58d3495f
Downloader
Malicious Library
VMProtect
UPX
Create Service
Socket
DGA
Http API
ScreenShot
Escalate priviledges
Steal credential
PWS
Sniff Audio
HTTP
DNS
Code injection
Internet API
persistence
FTP
KeyLogger
P2P
AntiDebug
AntiVM
PE32
PE File
AutoRuns
Code Injection
Check memory
Creates executable files
Windows utilities
suspicious process
WriteConsoleW
Windows
ComputerName
Remote Code Execution
5.4
M
ZeroCERT
First
Previous
551
552
553
554
555
556
557
558
559
560
Next
Last
Total : 50,085cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword
