Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
8941
2021-06-16 09:15
shttp3.exe
50aaf6913329c08eb8be0560cb5a2434
PE File
PE32
VirusTotal
Malware
Creates shortcut
unpack itself
DNS
3.4
M
40
ZeroCERT
8942
2021-06-16 09:18
생활비지급.doc
71759cca8c700646b4976b19b9abd6fe
Convert
Image File
VBA_macro
MSOffice File
PNG Format
JPEG Format
Vulnerability
VirusTotal
Malware
unpack itself
DNS
4.4
37
ZeroCERT
8943
2021-06-16 09:18
결의대회초안.doc
d5e974a3386fc99d2932756ca165a451
Convert
Image File
VBA_macro
MSOffice File
PNG Format
Vulnerability
VirusTotal
Malware
unpack itself
3.8
36
ZeroCERT
8944
2021-06-16 09:22
Winvoke.exe
f4d46629ca15313b94992f3798718df7
PE64
PE File
OS Processor Check
GIF Format
Malware download
VirusTotal
Malware
AutoRuns
Malicious Traffic
Check memory
Creates shortcut
Creates executable files
unpack itself
Windows
ComputerName
DNS
4
Info
×
mail.namusoft.kr(182.162.89.146) - mailcious
www.jinjinpig.co.kr(222.122.49.28) - mailcious
182.162.89.146 - mailcious
222.122.49.28 - mailcious
1
Info
×
ET MALWARE Possible Win32/Gapz MSIE 9 on Windows NT 5
5.8
M
49
ZeroCERT
8945
2021-06-16 09:45
updatetes.exe
a4f1f7fe9de324bf060f44976d1e0d17
Malicious Packer
Malicious Library
PE File
OS Processor Check
PE32
VirusTotal
Malware
PDB
unpack itself
Windows
crashed
3.4
M
47
r0d
8946
2021-06-16 09:53
AZ2066 Elektronische Zustellun...
1d82ffe508e8ba642b676645b2d99e79
VirusTotal
Malware
VBScript
Malicious Traffic
Check memory
Checks debugger
WMI
wscript.exe payload download
unpack itself
Windows utilities
suspicious process
suspicious TLD
WriteConsoleW
IP Check
Tofsee
Windows
ComputerName
DNS
crashed
Dropper
2
Keyword trend analysis
×
Info
×
https://rootpass.top/update.php
https://api.ipify.org/
6
Info
×
rootpass.top(8.209.69.171)
raw.githubusercontent.com(185.199.111.133) - malware
api.ipify.org(54.235.190.106)
8.209.69.171
185.199.108.133 - mailcious
54.235.175.90
3
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET DNS Query to a *.top domain - Likely Hostile
10.0
26
ZeroCERT
8947
2021-06-16 10:04
Winvoke.exe
f4d46629ca15313b94992f3798718df7
Lazarus
Generic Malware
PE64
PE File
OS Processor Check
GIF Format
VirusTotal
Malware
AutoRuns
Malicious Traffic
Check memory
Creates shortcut
Creates executable files
unpack itself
AntiVM_Disk
VM Disk Size Check
Windows
ComputerName
2
Keyword trend analysis
×
Info
×
http://www.jinjinpig.co.kr/Anyboard/skin/board.php - rule_id: 2091
http://mail.namusoft.kr/jsp/user/eam/board.jsp - rule_id: 2092
4
Info
×
mail.namusoft.kr(182.162.89.146) - mailcious
www.jinjinpig.co.kr(222.122.49.28) - mailcious
182.162.89.146 - mailcious
222.122.49.28 - mailcious
2
Info
×
http://www.jinjinpig.co.kr/Anyboard/skin/board.php
http://mail.namusoft.kr/jsp/user/eam/board.jsp
5.6
M
49
r0d
8948
2021-06-16 10:07
document-37-1849.xls
c41a21a821bcdea1d3ab26ebef055eed
MSOffice File
VirusTotal
Malware
Creates executable files
unpack itself
Windows utilities
suspicious process
WriteConsoleW
Windows
1
Keyword trend analysis
×
Info
×
https://austinheisey.com/xls/black/index/processingSetRequestDownloadPayloader/?servername=excel
2
Info
×
austinheisey.com(51.195.123.188) - mailcious
51.195.123.188 - mailcious
7.2
30
ZeroCERT
8949
2021-06-16 10:11
Exports promotion highlits may...
f23dd9acbf28f324b290b970fbc40b30
VBA_macro
OS Processor Check
MSOffice File
VirusTotal
Malware
Check memory
unpack itself
2.8
38
ZeroCERT
8950
2021-06-16 10:17
WindowsSecurity.exe
04f7ee1aa5e29d2f2d4ea6b539d20709
PE File
OS Processor Check
PE32
VirusTotal
Malware
PDB
Check memory
DNS
2.2
27
ZeroCERT
8951
2021-06-16 10:57
WindowsSecurity.exe
04f7ee1aa5e29d2f2d4ea6b539d20709
Generic Malware
Admin Tool (Sysinternals etc ...)
PE File
OS Processor Check
PE32
VirusTotal
Malware
PDB
Check memory
1.6
27
r0d
8952
2021-06-16 16:06
vbc.exe
6513d47ea7ab8052f1978201609b2365
PWS
.NET framework
Admin Tool (Sysinternals etc ...)
Malicious Library
SMTP
KeyLogger
AntiDebug
AntiVM
PE File
.NET EXE
PE32
VirusTotal
Malware
Buffer PE
PDB
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
Windows
ComputerName
Cryptographic key
crashed
9.6
14
guest
8953
2021-06-16 18:05
app.dll
3283203daaa2e26233f7fa099fb823b0
Gen1
Gen2
PE File
DLL
PE32
VirusTotal
Malware
PDB
MachineGuid
unpack itself
ComputerName
1.4
2
ZeroCERT
8954
2021-06-16 18:10
vbc.exe
f35e3b19dd1a1522795bea451201881a
PWS
Loki[b]
Loki[m]
.NET framework
Admin Tool (Sysinternals etc ...)
Malicious Library
DNS
Socket
AntiDebug
AntiVM
PE File
.NET EXE
PE32
Browser Info Stealer
FTP Client Info Stealer
VirusTotal
Email Client Info Stealer
Malware
Buffer PE
PDB
MachineGuid
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
malicious URLs
installed browsers check
Windows
Browser
Email
ComputerName
DNS
Cryptographic key
Software
2
Info
×
eyecos.ga(34.106.235.226) - mailcious
34.106.235.226
1
Info
×
ET INFO DNS Query for Suspicious .ga Domain
12.6
M
26
ZeroCERT
8955
2021-06-17 10:18
f7juhkryu4.exe
270c3859591599642bd15167765246e3
Ficker Stealer
PE File
PE32
VirusTotal
Malware
1.6
M
55
guest
First
Previous
591
592
593
594
595
596
597
598
599
600
Next
Last
Total : 48,197cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword