Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
8776	2023-11-25 18:03	Jqjfw.exe 6866f4e7450d085b19ad1aa9adaca819 Malicious Library .NET framework(MSIL) UPX Socket Http API ScreenShot PWS HTTP SMTP DNS Code injection Internet API AntiDebug AntiVM PE32 PE File .NET EXE OS Processor Check JPEG Format VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName DNS Cryptographic key		3		12.6	M	45	ZeroCERT

8777	2023-11-25 17:59	build.exe b1886e56eee344b730dbd3ca44cc8545 Malicious Library UPX PE32 PE File OS Processor Check VirusTotal Malware PDB unpack itself				2.2	M	51	ZeroCERT

8778	2023-11-25 17:58	decord.exe faa78f58b4f091f8c56ea622d8576703 Generic Malware NSIS Malicious Library UPX Antivirus Malicious Packer Admin Tool (Sysinternals etc ...) Anti_VM PE32 PE File .NET EXE PNG Format OS Processor Check ZIP Format JPEG Format BMP Format CHM Format DLL icon PE64 CAB MZP Format MSOffice File Wor VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check Ransomware				7.0	M	54	ZeroCERT

8779	2023-11-25 17:56	decord.exe faa78f58b4f091f8c56ea622d8576703 Generic Malware NSIS Malicious Library UPX Antivirus Malicious Packer Admin Tool (Sysinternals etc ...) Anti_VM PE32 PE File .NET EXE PNG Format OS Processor Check ZIP Format JPEG Format BMP Format CHM Format DLL icon PE64 CAB MZP Format MSOffice File Wor VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check Ransomware				7.0	M	54	ZeroCERT

8780	2023-11-25 17:55	Loader%20Resou%E2%80%AEnls.scr 21bc89b62236a92090a9b9732ce09b5e PE32 PE File .NET EXE PDB Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee		2	1	1.4	M		ZeroCERT

8781	2023-11-25 10:40	plugmanzx.exe d58652b6bd76ac545da4b9dd4f70e032 Formbook .NET framework(MSIL) PWS DNS AntiDebug AntiVM PE32 PE File .NET EXE VirusTotal Malware Buffer PE AutoRuns PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows ComputerName DNS DDNS		2	1	14.4	M	19	ZeroCERT

8782	2023-11-24 11:14	Order_Information.url 7f4085aab74f2da761e65d5fb41fd40f AntiDebug AntiVM URL Format MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	1	2	5.4			ZeroCERT

8783	2023-11-24 11:12	Payment.url 1009a583d82ccd724ae13dc4d378de59 AntiDebug AntiVM URL Format MSOffice File VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	1	2	6.0		14	ZeroCERT

8784	2023-11-24 11:03	Payment_Information.url 9eb31a50bbe8cc0146b9f778d270ddd4 AntiDebug AntiVM URL Format MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	1	2	5.4			ZeroCERT

8785	2023-11-24 11:00	Order_Information.url 73461871b344c75f77323047fbafd617 AntiDebug AntiVM URL Format MSOffice File VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	1	2	5.8		5	ZeroCERT

8786	2023-11-24 10:58	Invoice.url 90962de04e13d0f8e7b96a094ec6b77a AntiDebug AntiVM URL Format MSOffice File VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	1	2	5.8		5	ZeroCERT

8787	2023-11-23 19:02	tfsoft.exe 1d6edfa073e4a8f072df28cfd5321bba PE32 PE File Emotet VirusTotal Malware Buffer PE suspicious privilege Code Injection Malicious Traffic buffers extracted unpack itself Windows utilities Detects VMWare suspicious process AppData folder sandbox evasion VMware Tofsee Windows crashed	10 Keyword trend analysis Info http://rip.oeklms.com/api/r/ip http://cdn.cuilet.com/API/General/lsrpu http://cdn.cuilet.com/API/General/client_log_user http://ddjf8dkd.wifi95.com/API/General/arearst http://cdn.cuilet.com/api/filegoto1/81b1e3e4c7ac0cfc http://ddjf8dkd.wifi95.com/api/userconfig/uc_2bd4378e4519b0a0f73b3cd533996173.json http://9xcb.oeklms.com/api/r/mcm http://ddjf8dkd.wifi95.com/API/General/lsrpu http://apps.game.qq.com/comm-htdocs/ip/get_ip.php http://ddjf8dkd.wifi95.com/API/General/thenewseven	17 Info c9g6lqgo.sched.sma.tdnsstic1.cn(116.136.12.139) rip.oeklms.com(139.196.190.229) 9xcb.oeklms.com(106.14.120.14) ddjf8dkd.wifi95.com.cdn.dnsv1.com(175.43.23.80) time.pool.aliyun.com(182.92.12.11) apps.game.qq.com(101.227.134.49) ddjf8dkd.wifi95.com(116.136.12.139) cdn.cuilet.com(175.43.23.67) sp0.baidu.com(119.63.197.151) 119.63.197.139 106.14.120.14 118.212.235.111 182.92.12.11 101.227.134.27 139.196.190.229 114.114.114.114 175.43.23.80	1	11.6	M	57	guest

8788	2023-11-23 07:53	PhXExiF.exe 607e6e48bb7398dd40783cdf86ee4670 .NET framework(MSIL) UPX PE32 PE File .NET EXE Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee crashed		2	1	1.4			ZeroCERT

8789	2023-11-22 22:33	remcos_agent.exe 75f62d50ae96fe8ff94fc9a933b4fc77 Generic Malware Malicious Library Downloader UPX PE32 PE File Checks debugger WriteConsoleW				1.0			ZeroCERT

8790	2023-11-22 22:33	payload.exe 798245e360f6ab00125f5872d2859315 PE32 PE File .NET EXE VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself				1.6		6	ZeroCERT