Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
8506
2023-09-19 17:50
HTML.vbs
46f70ee3296755c360c84380c1115ee0
Generic Malware
Antivirus
PWS
SMTP
KeyLogger
Hide_URL
AntiDebug
AntiVM
PowerShell
Browser Info Stealer
FTP Client Info Stealer
VirusTotal
Email Client Info Stealer
Malware
powershell
suspicious privilege
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
Creates shortcut
unpack itself
Windows utilities
Check virtual network interfaces
suspicious process
WriteConsoleW
Tofsee
EXPLOIT_KIT
Windows
Exploit
Browser
Email
ComputerName
DNS
Cryptographic key
Software
crashed
2
Keyword trend analysis
×
Info
×
https://firebasestorage.googleapis.com/v0/b/server-555e5.appspot.com/o/rumpe.txt?alt=media&token=21f4cafe-e9ac-408c-a2cd-b2f926f8094a
http://198.46.178.152/window/2/Runtime.txt
3
Info
×
firebasestorage.googleapis.com(172.217.161.202) - phishing
142.251.222.202
198.46.178.152 - malware
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET EXPLOIT_KIT Unknown EK Landing Feb 16 2015 b64 3 M1
16.6
M
3
ZeroCERT
8507
2023-09-19 17:49
Cl1ent.exe
e71b100ba4895671392bebdb6940b58a
Gen1
Malicious Library
UPX
AntiDebug
AntiVM
PE File
PE32
OS Processor Check
.NET EXE
VirusTotal
Malware
PDB
MachineGuid
Code Injection
Check memory
Checks debugger
Creates executable files
unpack itself
WriteConsoleW
Remote Code Execution
DNS
8.0
M
43
ZeroCERT
8508
2023-09-19 17:49
lnvoice__1541436948.js
eabdc42121c405d2b86bb645fa23879c
Generic Malware
Antivirus
powershell
suspicious privilege
Check memory
Checks debugger
Creates shortcut
unpack itself
suspicious process
WriteConsoleW
Windows
ComputerName
Cryptographic key
2
Keyword trend analysis
×
Info
×
http://htlbookingnew.blogspot.com//////////////////////////////atom.xml
https://d9e1c3dd-1fee-48c1-9089-09a70580408e.usrfiles.com/ugd/d9e1c3_a8303097a8ec4539916816725361caeb.txt
4.8
ZeroCERT
8509
2023-09-19 17:47
stubweb3.exe
ef11a166e73f258d4159c1904485623c
.NET framework(MSIL)
PE File
PE64
.NET EXE
VirusTotal
Malware
Check memory
Checks debugger
unpack itself
2.0
M
26
ZeroCERT
8510
2023-09-19 17:46
LatestReceipt_4300843182.htm
7da83c1cc46e1e19a7d2e543eb245ee0
AntiDebug
AntiVM
MSOffice File
VirusTotal
Malware
Code Injection
exploit crash
unpack itself
Windows utilities
Tofsee
Windows
Exploit
DNS
crashed
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
4.0
10
ZeroCERT
8511
2023-09-19 17:45
Lapas.exe
1173a1f0469d241b02c1d57dc29cdf4d
PE File
PE64
VirusTotal
Malware
suspicious privilege
MachineGuid
Check memory
Checks debugger
unpack itself
Windows
ComputerName
Cryptographic key
3.8
M
47
ZeroCERT
8512
2023-09-19 17:44
Invoke-PowerShellTcp.ps1
3fb164866fcea6e910934928d323fc4c
Generic Malware
Antivirus
VirusTotal
Malware
unpack itself
WriteConsoleW
Windows
ComputerName
DNS
Cryptographic key
1
Info
×
72.142.102.153 - malware
3.8
29
ZeroCERT
8513
2023-09-19 17:44
smss.exe
63d2a92b555fca71818d466c3f901b1c
Formbook
.NET framework(MSIL)
AntiDebug
AntiVM
PE File
PE32
.NET EXE
FormBook
Malware download
VirusTotal
Malware
PDB
suspicious privilege
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
unpack itself
suspicious TLD
DNS
1
Keyword trend analysis
×
Info
×
http://www.hcsjwdy.com/ro12/?5jRd6FO=K8a10RzsrhKke8tcwgr2svGLbb4x75xf7cVE3NxXmwguVGjOLh3WhxVhdoB459Phjq/s2ZmC&Ctxx=inHTmJEx
3
Info
×
www.y-12federalcreditunion.top()
www.hcsjwdy.com(172.67.189.193)
172.67.189.193
2
Info
×
ET DNS Query to a *.top domain - Likely Hostile
ET MALWARE FormBook CnC Checkin (GET)
9.6
M
27
ZeroCERT
8514
2023-09-19 11:21
Betro.exe
1c9f3c0258e923c07e1943498c789a3d
Downloader
Create Service
Socket
DGA
Escalate priviledges
PWS
Sniff Audio
SMTP
DNS
ScreenShot
Code injection
Internet API
KeyLogger
AntiDebug
AntiVM
PE File
PE32
.NET EXE
VirusTotal
Malware
AutoRuns
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
Windows utilities
suspicious process
malicious URLs
Ransomware
BitRAT
Windows
ComputerName
DNS
Cryptographic key
keylogger
1
Info
×
185.225.75.68 - mailcious
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (BitRAT)
13.6
M
37
r0d
8515
2023-09-19 11:14
Betro.exe
1c9f3c0258e923c07e1943498c789a3d
Downloader
Create Service
Socket
DGA
Escalate priviledges
PWS
Sniff Audio
SMTP
DNS
ScreenShot
Code injection
Internet API
KeyLogger
AntiDebug
AntiVM
PE File
PE32
.NET EXE
VirusTotal
Malware
AutoRuns
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
Windows utilities
suspicious process
malicious URLs
Ransomware
BitRAT
Windows
ComputerName
DNS
Cryptographic key
keylogger
1
Info
×
185.225.75.68 - mailcious
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (BitRAT)
13.6
M
37
r0d
8516
2023-09-19 11:06
Betro.exe
1c9f3c0258e923c07e1943498c789a3d
Downloader
Create Service
Socket
DGA
Escalate priviledges
PWS
Sniff Audio
SMTP
DNS
ScreenShot
Code injection
Internet API
KeyLogger
AntiDebug
AntiVM
PE File
PE32
.NET EXE
VirusTotal
Malware
AutoRuns
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
Windows utilities
suspicious process
malicious URLs
Ransomware
BitRAT
Windows
ComputerName
DNS
Cryptographic key
keylogger
1
Info
×
185.225.75.68 - mailcious
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (BitRAT)
13.6
M
37
r0d
8517
2023-09-19 10:33
Firefox_Installer.exe
655878c402fe774ad4af71d78ea7d30f
NSIS
Generic Malware
UPX
Malicious Library
PE File
PE32
DLL
OS Processor Check
JPEG Format
Browser Info Stealer
Check memory
Checks debugger
Creates executable files
RWX flags setting
unpack itself
AppData folder
AntiVM_Disk
VM Disk Size Check
installed browsers check
Tofsee
Browser
1
Keyword trend analysis
×
Info
×
https://product-details.mozilla.org/1.0/firefox_versions.json
2
Info
×
product-details.mozilla.org(54.230.176.24)
54.230.176.24
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
4.4
ZeroCERT
8518
2023-09-19 10:32
Google_Chrome.exe
59072d9cedb999a81634e7263885ced5
UPX
Malicious Library
Malicious Packer
.NET framework(MSIL)
Antivirus
PE File
PE32
.NET EXE
OS Processor Check
VirusTotal
Malware
Check memory
Checks debugger
unpack itself
2.4
M
53
ZeroCERT
8519
2023-09-19 10:32
.file.txt.ps1
0be78e194e0d830183a084596c2cad51
Generic Malware
Antivirus
VirusTotal
Malware
unpack itself
WriteConsoleW
Windows
Cryptographic key
1
Keyword trend analysis
×
Info
×
https://lambdacientifica.com/.f/.ACTIVATED.txt
1.2
9
ZeroCERT
8520
2023-09-19 07:53
sandshoezx.exe
102dfca73df9a539a34b886349365381
.NET framework(MSIL)
AntiDebug
AntiVM
PE File
PE32
.NET EXE
MSOffice File
VirusTotal
Malware
Buffer PE
PDB
Code Injection
Check memory
Checks debugger
buffers extracted
RWX flags setting
unpack itself
Disables Windows Security
Windows
crashed
9.0
M
16
ZeroCERT
First
Previous
561
562
563
564
565
566
567
568
569
570
Next
Last
Total : 48,198cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword