Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
9601
2023-08-09 17:16
dns.exe
6efabb64de8a8835ebfe9f189fe14bdf
Admin Tool (Sysinternals etc ...)
.NET EXE
PE File
PE32
VirusTotal
Malware
Check memory
Checks debugger
unpack itself
Check virtual network interfaces
2
Info
×
i.ibb.co(104.194.8.143) -
104.194.8.120 -
2.2
36
ZeroCERT
9602
2023-08-09 17:15
loader.hta
2c3231b88b767d7d01eefbd05868b3a8
Hide_EXE
Generic Malware
UPX
Malicious Library
Malicious Packer
Http API
PWS
ScreenShot
KeyLogger
AntiDebug
AntiVM
OS Processor Check
DLL
PE64
PE File
VirusTotal
Email Client Info Stealer
Malware
MachineGuid
Code Injection
Check memory
Checks debugger
RWX flags setting
exploit crash
unpack itself
installed browsers check
Windows
Exploit
Browser
Email
Cryptographic key
crashed
5.2
4
ZeroCERT
9603
2023-08-09 17:14
Terminator.sys
21e13f2cb269defeae5e1d09887d47bb
Generic Malware
UPX
Antivirus
OS Processor Check
PE64
PE File
VirusTotal
Malware
PDB
1.0
16
ZeroCERT
9604
2023-08-09 17:13
en-win-upd(localchr).url
f8bf0dddb23f80f69552a2fb661393b5
AntiDebug
AntiVM
Malware
powershell
suspicious privilege
MachineGuid
Code Injection
Malicious Traffic
Check memory
Checks debugger
Creates shortcut
unpack itself
Windows utilities
powershell.exe wrote
suspicious process
Windows
ComputerName
DNS
Cryptographic key
4
Keyword trend analysis
×
Info
×
http://94.156.6.203/Downloads/desktop.ini
http://94.156.6.203/Downloads
http://94.156.6.203/Downloads/revenue-en-local.lnk
http://94.156.6.203/
1
Info
×
94.156.6.203 -
6.6
ZeroCERT
9605
2023-08-09 17:12
smokeyzx.exe
023724470a84b79a9efbde752322ddec
AgentTesla
SMTP
KeyLogger
AntiDebug
AntiVM
.NET EXE
PE File
PE32
Browser Info Stealer
FTP Client Info Stealer
VirusTotal
Email Client Info Stealer
Malware
AutoRuns
PDB
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
Check virtual network interfaces
IP Check
Windows
Browser
Email
ComputerName
Cryptographic key
Software
crashed
keylogger
2
Info
×
api.ipify.org(104.237.62.211) -
173.231.16.76 -
12.8
21
ZeroCERT
9606
2023-08-09 17:11
kellyzx.doc
b98806523c4916585df3f414296d0905
MS_RTF_Obfuscation_Objects
RTF File
doc
VirusTotal
Malware
RWX flags setting
exploit crash
Exploit
crashed
3.2
35
ZeroCERT
9607
2023-08-09 17:10
built.exe
4f0138b76666d40673be97ceaa9245b4
UPX
.NET framework(MSIL)
.NET EXE
PE File
PE32
VirusTotal
Malware
PDB
Check memory
Checks debugger
unpack itself
Windows
ComputerName
Cryptographic key
2.8
30
ZeroCERT
9608
2023-08-09 17:08
loki.exe
137141a66c13ca84d8d5856f1bc176c1
UPX
Malicious Library
OS Processor Check
PE File
PE32
VirusTotal
Malware
unpack itself
Remote Code Execution
2.0
31
ZeroCERT
9609
2023-08-09 17:08
alertzx.doc
f46867432dd7f3b315b6c29d52ed0edb
MS_RTF_Obfuscation_Objects
RTF File
doc
VirusTotal
Malware
Malicious Traffic
RWX flags setting
exploit crash
Exploit
DNS
crashed
1
Keyword trend analysis
×
Info
×
http://2.59.254.18/_errorpages/alertzx.exe
3
Info
×
smtp.hengshlusa.com(208.91.199.225) -
208.91.198.143 -
2.59.254.18 -
5.0
27
ZeroCERT
9610
2023-08-09 17:07
MinerFullDetect.exe
f810de3ef202723a9fa3637e69115da6
UPX
Malicious Library
PE File
PE32
VirusTotal
Malware
Check memory
Checks debugger
unpack itself
crashed
1.8
13
ZeroCERT
9611
2023-08-09 17:07
Amday_soft.exe
c9e4b5e6adfd9dc39449b3de59e562de
Amadey
UPX
Admin Tool (Sysinternals etc ...)
Http API
HTTP
Code injection
Internet API
AntiDebug
AntiVM
.NET EXE
PE File
PE32
GIF Format
VirusTotal
Malware
AutoRuns
PDB
suspicious privilege
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
Creates shortcut
Creates executable files
unpack itself
Windows utilities
Windows
ComputerName
DNS
2
Keyword trend analysis
×
Info
×
http://45.9.74.182/b7djSDcPcZ/index.php - rule_id: 35747
http://45.9.74.182/b7djSDcPcZ/index.php
1
Info
×
45.9.74.182 -
1
Info
×
http://45.9.74.182/b7djSDcPcZ/index.php
12.0
24
ZeroCERT
9612
2023-08-09 17:07
rovezx.doc
4c86d493d7393a80dc6638a810daed30
MS_RTF_Obfuscation_Objects
RTF File
doc
VirusTotal
Malware
Malicious Traffic
exploit crash
unpack itself
Exploit
DNS
DDNS
crashed
2
Keyword trend analysis
×
Info
×
http://194.55.224.13/_errorpages/rove.exe
http://64.188.25.4/gnTHyJvVqELjdK41.bin
4
Info
×
agent.servegame.com(192.154.229.70) -
192.154.229.70 -
64.188.25.4 -
194.55.224.13 -
6.0
32
ZeroCERT
9613
2023-08-09 17:03
damianozx.doc
86588b34f68fad2817ac9c8b7eee8568
MS_RTF_Obfuscation_Objects
RTF File
doc
VirusTotal
Malware
Malicious Traffic
exploit crash
unpack itself
IP Check
Exploit
DNS
crashed
1
Keyword trend analysis
×
Info
×
http://2.59.254.18/_errorpages/damianozx.exe
3
Info
×
api.ipify.org(104.237.62.211) -
2.59.254.18 -
104.237.62.211 -
4.8
29
ZeroCERT
9614
2023-08-09 17:03
rainbow_loop.exe
d6dc6b4155cfc36fe8ea78aa82949533
PE File
PE32
VirusTotal
Malware
1.0
19
ZeroCERT
9615
2023-08-09 17:03
kellyzx.exe
7bb907d4c3ec7bb44a0f25f41bad22d2
LokiBot
Socket
PWS
DNS
AntiDebug
AntiVM
.NET EXE
PE File
PE32
Browser Info Stealer
FTP Client Info Stealer
VirusTotal
Email Client Info Stealer
Malware
PDB
suspicious privilege
MachineGuid
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
unpack itself
malicious URLs
AntiVM_Disk
VM Disk Size Check
installed browsers check
Browser
Email
ComputerName
DNS
Software
1
Keyword trend analysis
×
Info
×
http://194.55.224.15/kelly/five/fre.php
1
Info
×
194.55.224.15 -
15.0
39
ZeroCERT
First
Previous
641
642
643
644
645
646
647
648
649
650
Next
Last
Total : 48,166cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword
