Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
76
2024-09-17 14:12
r.exe
109d640a259b145be1aebeab0fb2842a
Generic Malware
Malicious Library
Malicious Packer
PE File
PE64
VirusTotal
Malware
Check memory
Checks debugger
unpack itself
2.0
M
51
ZeroCERT
77
2024-09-17 14:11
66d48e1330a01_stealcuniq.exe
4670f205038b0092911122bac4cca281
Malicious Library
UPX
PE File
PE32
MZP Format
OS Processor Check
VirusTotal
Malware
unpack itself
ComputerName
crashed
3.2
M
55
ZeroCERT
78
2024-09-17 14:09
66d1e3d95f11a_lgdfef.exe
9d43cace837db35056d25064945455d6
Malicious Library
Antivirus
ScreenShot
AntiDebug
AntiVM
PE File
.NET EXE
PE32
VirusTotal
Malware
PDB
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
7.4
M
56
ZeroCERT
79
2024-09-17 14:09
test.exe
625b58da00616f4d48b7730f6bce9261
UPX
PE File
PE64
OS Processor Check
VirusTotal
Malware
1.4
M
28
ZeroCERT
80
2024-09-17 14:09
acentric.exe
37d198ad751d31a71acc9cb28ed0c64e
Malicious Library
PE File
.NET EXE
PE32
VirusTotal
Malware
AutoRuns
PDB
suspicious privilege
Check memory
Checks debugger
unpack itself
Check virtual network interfaces
Windows
2
Info
×
conditionprovice.pro(81.19.139.138)
81.19.139.138
5.0
M
56
ZeroCERT
81
2024-09-17 14:07
66db37a146f03_cry.exe
d0388e4efe1978e6485fc5292f84ca81
Client SW User Data Stealer
ftp Client
info stealer
Antivirus
Http API
PWS
AntiDebug
AntiVM
PE File
.NET EXE
PE32
VirusTotal
Malware
PDB
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
ComputerName
7.6
M
54
ZeroCERT
82
2024-09-17 14:06
injector.exe
c44b5e54b7b3d5494612bf666d4ea9d3
PE File
PE64
VirusTotal
Malware
PDB
MachineGuid
Check memory
Creates shortcut
unpack itself
ComputerName
2.2
M
16
ZeroCERT
83
2024-09-17 14:05
payload.exe
f90f7d949422778b25441f36018b27b0
Malicious Packer
UPX
PE File
PE32
VirusTotal
Malware
unpack itself
DNS
1
Info
×
185.202.113.6 - malware
4.0
M
62
ZeroCERT
84
2024-09-17 14:04
freedom.exe
d6b80519cb7c625d200d2899c345c8c6
Generic Malware
Malicious Library
Admin Tool (Sysinternals etc ...)
Malicious Packer
UPX
PE File
PE32
MZP Format
OS Processor Check
VirusTotal
Malware
MachineGuid
Check memory
buffers extracted
ICMP traffic
unpack itself
anti-virtualization
ComputerName
DNS
2
Info
×
188.124.59.28
45.156.25.118
7.8
M
59
ZeroCERT
85
2024-09-17 14:03
qq2.exe
ffc6e86b94a45cd05eb5b249209970bd
Generic Malware
UPX
PE File
PE32
VirusTotal
Malware
1.2
M
54
ZeroCERT
86
2024-09-17 14:02
1.exe
adc4317ced6ff9de7e8b5fc1f60b380a
PE File
PE32
VirusTotal
Malware
Checks debugger
3
Info
×
LOCALSERVER.ns01.US(192.227.134.159)
localupdate.ns02.info(192.227.134.159)
192.227.134.159
3.8
M
59
ZeroCERT
87
2024-09-17 14:01
vlst.exe
1b2583d84dca4708d7a0309cf1087a89
RedLine stealer
ILProtector Packer
Malicious Library
.NET framework(MSIL)
UPX
PE File
.NET EXE
PE32
OS Processor Check
VirusTotal
Malware
suspicious privilege
Check memory
Checks debugger
unpack itself
Windows
Cryptographic key
2.6
M
65
ZeroCERT
88
2024-09-17 14:00
66ded9344609c_vhtr12.exe
2cc2bd304829360c40a79c5156173cc5
Stealc
Client SW User Data Stealer
LokiBot
ftp Client
info stealer
Antivirus
Malicious Library
Http API
PWS
HTTP
Code injection
Internet API
AntiDebug
AntiVM
PE File
.NET EXE
PE32
FTP Client Info Stealer
VirusTotal
Malware
Telegram
PDB
MachineGuid
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
WMI
unpack itself
Windows utilities
Collect installed applications
suspicious process
malicious URLs
sandbox evasion
WriteConsoleW
anti-virtualization
installed browsers check
Tofsee
Windows
Browser
ComputerName
DNS
Software
1
Keyword trend analysis
×
Info
×
https://steamcommunity.com/profiles/76561199768374681 - rule_id: 42498
5
Info
×
t.me(149.154.167.99) - mailcious
steamcommunity.com(104.74.170.104) - mailcious
149.154.167.99 - mailcious
78.47.207.136 - mailcious
202.43.50.213
3
Info
×
ET INFO TLS Handshake Failure
ET INFO Observed Telegram Domain (t .me in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
1
Info
×
https://steamcommunity.com/profiles/76561199768374681
15.4
M
55
ZeroCERT
89
2024-09-17 13:57
66d482037838d_stealc_cry.exe
03a84de32e04c6bb091064e95a4b39ad
Client SW User Data Stealer
ftp Client
info stealer
Antivirus
Http API
PWS
AntiDebug
AntiVM
PE File
.NET EXE
PE32
VirusTotal
Malware
PDB
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
ComputerName
7.6
M
55
ZeroCERT
90
2024-09-17 13:57
iy94.exe
d5c6aafff07c61d8102e3998e2fb081e
UPX
PE File
PE32
VirusTotal
Malware
1.2
M
58
ZeroCERT
First
Previous
1
2
3
4
5
6
7
8
9
10
Next
Last
Total : 48,166cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword