Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
8851
2023-09-06 18:07
급상여대장_20230831.chm
6b414303f67873e1a23d2ce99d46f06e
AntiDebug
AntiVM
CHM Format
VirusTotal
Malware
Code Injection
Check memory
crashed
2.0
19
ZeroCERT
8852
2023-09-06 17:27
Server.exe
fe262ce1be6d20d9bb8cd378a73d5a3f
UPX
PE File
PE32
VirusTotal
Malware
AutoRuns
RWX flags setting
suspicious TLD
Windows
DNS
4
Info
×
lqwljs.top()
lqwljs.cn()
194.147.140.199
182.42.105.12 - malware
1
Info
×
ET DNS Query to a *.top domain - Likely Hostile
6.0
M
47
ZeroCERT
8853
2023-09-06 17:25
chungzx.exe
841f2ea46f3c391a7d41eeb64d0f9c4c
Client SW User Data Stealer
Backdoor
RemcosRAT
browser
info stealer
Downloader
Google
Chrome
User Data
.NET framework(MSIL)
Create Service
Socket
P2P
DGA
Steal credential
Http API
Escalate priviledges
PWS
Sniff Audio
HTTP
DNS
ScreenShot
Code injection
Int
VirusTotal
Malware
Buffer PE
AutoRuns
PDB
Code Injection
Check memory
Checks debugger
buffers extracted
Creates executable files
unpack itself
Windows utilities
WriteConsoleW
Windows
DNS
DDNS
keylogger
2
Info
×
ascoitaliasasummer.duckdns.org(194.147.140.199)
194.147.140.199
2
Info
×
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
10.8
M
22
ZeroCERT
8854
2023-09-06 17:24
166.exe
fc5c376212d49e490f9e790b36ea7252
Malicious Library
UPX
Malicious Packer
OS Processor Check
PE File
PE32
VirusTotal
Malware
Check memory
Checks debugger
unpack itself
Windows
DNS
Cryptographic key
1
Info
×
65.21.155.238
4.2
M
48
ZeroCERT
8855
2023-09-06 17:22
55aa5e.exe
78eb8723e130e9fa470b87208650fe31
Emotet
Malicious Library
UPX
VMProtect
PE File
PE32
VirusTotal
Malware
Check memory
RWX flags setting
unpack itself
Windows utilities
suspicious process
WriteConsoleW
Windows
Remote Code Execution
5.2
M
43
ZeroCERT
8856
2023-09-06 17:22
5ea275.exe
806c5dc2a6f886c12d877c8db78ae212
Malicious Library
UPX
VMProtect
OS Processor Check
PE File
PE32
VirusTotal
Malware
Check memory
RWX flags setting
unpack itself
Windows utilities
suspicious process
WriteConsoleW
Windows
4.4
M
35
ZeroCERT
8857
2023-09-06 17:04
plugmanzx.exe
830d847bc734ebb8b375da6c9eb64a24
Client SW User Data Stealer
Backdoor
RemcosRAT
browser
info stealer
Google
Chrome
User Data
Downloader
.NET framework(MSIL)
PWS
ScreenShot
Create Service
Socket
Escalate priviledges
Sniff Audio
DNS
Internet API
KeyLogger
AntiDebug
AntiVM
PE File
.NET EXE
Browser Info Stealer
Remcos
VirusTotal
Email Client Info Stealer
Malware
PDB
suspicious privilege
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
unpack itself
AntiVM_Disk
sandbox evasion
VM Disk Size Check
installed browsers check
Windows
Browser
Email
ComputerName
DNS
DDNS
keylogger
1
Keyword trend analysis
×
Info
×
http://geoplugin.net/json.gp
4
Info
×
geoplugin.net(178.237.33.50)
b6079658.sytes.net(193.42.32.88) - mailcious
178.237.33.50
193.42.32.88
2
Info
×
ET JA3 Hash - Remcos 3.x TLS Connection
ET INFO DYNAMIC_DNS Query to a *.sytes.net Domain
12.8
M
24
ZeroCERT
8858
2023-09-06 17:03
dollzx.exe
f5b121d5f5efb1e9ec7aba0a67c1be48
.NET framework(MSIL)
PE File
.NET EXE
PE32
VirusTotal
Malware
PDB
Check memory
Checks debugger
unpack itself
2.2
M
22
ZeroCERT
8859
2023-09-06 17:03
file2.exe
d2b7f7a2b18d3b88f01e08dd0ca0b0db
Generic Malware
Malicious Library
UPX
Malicious Packer
Anti_VM
OS Processor Check
PE File
PE64
VirusTotal
Malware
crashed
1.8
10
ZeroCERT
8860
2023-09-06 17:03
HKA6kdXx7NGuWbk.exe
81abca731625a26c26b7831db81c0e1e
Generic Malware
.NET framework(MSIL)
Antivirus
PWS
DNS
AntiDebug
AntiVM
PE File
.NET EXE
PE32
VirusTotal
Malware
powershell
Buffer PE
PDB
suspicious privilege
MachineGuid
Code Injection
Check memory
Checks debugger
buffers extracted
Creates shortcut
unpack itself
Windows utilities
powershell.exe wrote
suspicious process
WriteConsoleW
human activity check
Windows
ComputerName
DNS
Cryptographic key
DDNS
2
Info
×
discojockeylight.duckdns.org(194.180.48.119)
194.180.48.119
2
Info
×
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
15.0
M
15
ZeroCERT
8861
2023-09-06 16:59
clips.exe
a5c6dcf7ef6eac4c0157b5e2f0155424
Downloader
UPX
MPRESS
Create Service
Socket
P2P
DGA
Steal credential
Http API
Escalate priviledges
PWS
Sniff Audio
HTTP
DNS
ScreenShot
Code injection
Internet API
persistence
FTP
KeyLogger
AntiDebug
AntiVM
PE File
PE32
VirusTotal
Malware
AutoRuns
Code Injection
Check memory
Creates executable files
unpack itself
Windows utilities
Checks Bios
Detects VirtualBox
Detects VMWare
suspicious process
malicious URLs
WriteConsoleW
VMware
anti-virtualization
Windows
ComputerName
Remote Code Execution
Firmware
crashed
10.8
M
41
ZeroCERT
8862
2023-09-06 16:59
buman.exe
fd1fedb09303bfb50a8854657593da35
Malicious Library
UPX
OS Processor Check
PE File
PE32
DLL
VirusTotal
Malware
PDB
unpack itself
suspicious process
AppData folder
Remote Code Execution
3.0
M
55
ZeroCERT
8863
2023-09-06 16:57
pusan.exe
fc73efb93daeca8321f16794d2f25160
Malicious Library
UPX
AntiDebug
AntiVM
OS Processor Check
PE File
PE32
DLL
VirusTotal
Malware
PDB
Code Injection
Checks debugger
Creates executable files
unpack itself
AppData folder
Remote Code Execution
4.4
M
34
ZeroCERT
8864
2023-09-06 16:57
SweetPotato.exe
29274ca90e6dcf5ae4762739fcbadf01
Generic Malware
.NET framework(MSIL)
PE File
.NET EXE
PE32
VirusTotal
Malware
PDB
suspicious privilege
Check memory
Checks debugger
unpack itself
WriteConsoleW
3.2
M
53
ZeroCERT
8865
2023-09-06 16:56
ORo0LtlX0gmac.exe
14d292bf807057abe213a87a80b25f21
NSIS
Malicious Library
UPX
PE File
PE32
OS Processor Check
VirusTotal
Malware
Check memory
Creates executable files
unpack itself
AppData folder
3.8
M
31
ZeroCERT
First
Previous
591
592
593
594
595
596
597
598
599
600
Next
Last
Total : 48,198cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword
