Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
8581
2023-09-17 09:38
Invoice_88737.lnk
9226cdef332b7e61317d0d12e76578c8
Generic Malware
Antivirus
UPX
Malicious Library
Malicious Packer
AntiDebug
AntiVM
Lnk Format
GIF Format
PE File
PE64
OS Processor Check
Malware download
VirusTotal
Malware
VBScript
powershell
suspicious privilege
MachineGuid
Code Injection
Check memory
Checks debugger
Creates shortcut
unpack itself
powershell.exe wrote
Check virtual network interfaces
suspicious process
AntiVM_Disk
WriteConsoleW
VM Disk Size Check
Windows
ComputerName
DNS
Cryptographic key
keylogger
Downloader
3
Keyword trend analysis
×
Info
×
http://154.53.50.79:8081/d.ico
http://154.53.50.79:8081/
http://154.53.50.79:8081/cmd.exe
1
Info
×
154.53.50.79 - malware
5
Info
×
ET INFO Dotted Quad Host VBS Request
ET INFO Dotted Quad Host ZIP Request
ET INFO Executable Download from dotted-quad Host
ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
ET HUNTING WebDAV Retrieving .exe
9.2
M
5
ZeroCERT
8582
2023-09-17 09:38
Aoakog.exe
daf5fadf4e42743fe0463d23ffaf8a09
UPX
.NET framework(MSIL)
Http API
ScreenShot
Internet API
AntiDebug
AntiVM
PE File
PE32
.NET EXE
OS Processor Check
VirusTotal
Malware
Buffer PE
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
Windows
Cryptographic key
8.4
M
46
ZeroCERT
8583
2023-09-17 09:38
fud.vbs
1ebbf045b3b0ddb1c1e0be352a6491d2
VirusTotal
Malware
0.4
M
5
ZeroCERT
8584
2023-09-17 09:36
sunor.exe
cf75403e04f4d4527f4fb25958a387c2
UPX
Malicious Library
AntiDebug
AntiVM
PE File
PE32
OS Processor Check
DLL
PDB
Code Injection
Checks debugger
Creates executable files
unpack itself
AppData folder
Remote Code Execution
3.8
M
ZeroCERT
8585
2023-09-17 09:35
167.exe
a96c7ec7bf374b42da5ec0608f383f9e
UPX
Malicious Library
PE File
PE32
OS Processor Check
VirusTotal
Malware
unpack itself
1.2
24
ZeroCERT
8586
2023-09-16 14:23
PO 2023-559.pdf.exe
88c3f4ed7f9935350c69643e463948b6
Generic Malware
task schedule
.NET framework(MSIL)
Antivirus
AntiDebug
AntiVM
PE File
PE32
.NET EXE
VirusTotal
Malware
powershell
Buffer PE
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
Creates shortcut
unpack itself
suspicious process
Windows
ComputerName
DNS
Cryptographic key
DDNS
crashed
2
Info
×
papacy.ddns.net(105.113.32.116)
105.113.32.116
1
Info
×
ET POLICY DNS Query to DynDNS Domain *.ddns .net
12.6
54
ZeroCERT
8587
2023-09-16 14:21
UMLrjk2KC4fpJg5.exe
06518e765cf488856502dd601a907dc9
Generic Malware
.NET framework(MSIL)
Antivirus
DNS
AntiDebug
AntiVM
PE File
PE32
.NET EXE
VirusTotal
Malware
powershell
Buffer PE
PDB
suspicious privilege
MachineGuid
Code Injection
Check memory
Checks debugger
buffers extracted
Creates shortcut
unpack itself
Windows utilities
powershell.exe wrote
suspicious process
WriteConsoleW
human activity check
Windows
ComputerName
DNS
Cryptographic key
1
Info
×
194.180.48.119 - mailcious
15.2
M
41
ZeroCERT
8588
2023-09-16 14:20
c3ccfdb6.exe
741148a4e0ce45677c3efa4635c62325
UPX
Malicious Library
PE File
PE32
OS Processor Check
unpack itself
0.8
ZeroCERT
8589
2023-09-16 14:17
toolspub3.exe
116ddc22e7db24aa1280fec03b1214a2
UPX
Malicious Library
AntiDebug
AntiVM
PE File
PE32
OS Processor Check
VirusTotal
Malware
Code Injection
Checks debugger
buffers extracted
unpack itself
6.8
M
30
ZeroCERT
8590
2023-09-16 14:17
Project7.exe
a7e4e478fbf4a1ff9a1be70ee8afd190
Browser Login Data Stealer
UPX
Malicious Library
ASPack
PE File
PE32
OS Processor Check
DLL
Browser Info Stealer
Malware download
VirusTotal
Email Client Info Stealer
Malware
PDB
Malicious Traffic
Check memory
Creates executable files
unpack itself
AppData folder
Stealc
Browser
Email
DNS
1
Keyword trend analysis
×
Info
×
http://138.201.200.124/loghub/master
1
Info
×
138.201.200.124
2
Info
×
ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1
ET MALWARE [ANY.RUN] Win32/Stealc Checkin (POST)
6.4
48
ZeroCERT
8591
2023-09-16 14:16
Banana.exe
ab01a5c6d7bd2e1c03a532e1ccd03358
Browser Login Data Stealer
UPX
Malicious Library
ASPack
PE File
PE32
OS Processor Check
DLL
Browser Info Stealer
Malware download
VirusTotal
Malware
Malicious Traffic
Check memory
Creates executable files
unpack itself
AppData folder
Stealc
Browser
DNS
1
Keyword trend analysis
×
Info
×
http://138.201.200.124/loghub/master
1
Info
×
138.201.200.124
2
Info
×
ET MALWARE [ANY.RUN] Win32/Stealc Checkin (POST)
ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1
4.8
47
ZeroCERT
8592
2023-09-16 14:15
etty27.exe
c91dc9548823528f7c4f84f5148f044c
UPX
Malicious Packer
PE File
PE64
VirusTotal
Malware
PDB
unpack itself
Tofsee
Remote Code Execution
1
Keyword trend analysis
×
Info
×
https://z.nnnaajjjgc.com/sts/imagd.jpg
2
Info
×
z.nnnaajjjgc.com(156.236.72.121) - malware
156.236.72.121 - mailcious
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
3.6
M
36
ZeroCERT
8593
2023-09-16 14:13
rh111.exe
e6f506f57365deb1b24b84eafbd9271f
ScreenShot
AntiDebug
AntiVM
PE File
PE32
.NET EXE
VirusTotal
Malware
Buffer PE
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
WMI
RWX flags setting
unpack itself
Windows
ComputerName
Cryptographic key
crashed
1
Keyword trend analysis
×
Info
×
http://amxt25.xyz/a6ba5b1ae6dec5f7c/8tkf22v9.ed2jd
2
Info
×
amxt25.xyz(45.131.66.61)
45.131.66.61
10.4
M
40
ZeroCERT
8594
2023-09-16 14:11
welcome.txt.vbs
436149987ce1895d521efedd239e1d66
Generic Malware
Antivirus
VirusTotal
Malware
suspicious privilege
Check memory
Checks debugger
Creates shortcut
unpack itself
suspicious process
WriteConsoleW
Windows
ComputerName
Cryptographic key
1
Keyword trend analysis
×
Info
×
https://freaksbuzz.com/wp-content/uploads/welcome.png
5.2
3
ZeroCERT
8595
2023-09-16 14:10
ss29
46f9e2acbe659c8940c4b5d2de6e1f2b
UPX
Malicious Packer
PE File
PE64
VirusTotal
Malware
PDB
unpack itself
Tofsee
Remote Code Execution
1
Keyword trend analysis
×
Info
×
https://z.nnnaajjjgc.com/sts/imagd.jpg
2
Info
×
z.nnnaajjjgc.com(156.236.72.121) - malware
156.236.72.121 - mailcious
2
Info
×
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
2.0
M
23
ZeroCERT
First
Previous
571
572
573
574
575
576
577
578
579
580
Next
Last
Total : 48,198cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword
