Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
9976
2021-07-13 18:01
qOwCKaSXeZMljlf.exe
2dab0d745c246721391b048cedf0dc0e
Generic Malware
Admin Tool (Sysinternals etc ...)
PE32
PE File
.NET EXE
VirusTotal
Malware
Check memory
Checks debugger
unpack itself
crashed
2.2
23
ZeroCERT
9977
2021-07-13 18:02
dll.jpg
a081999ab017d1f1354d235391cb521c
Ave Maria
WARZONE RAT
UPX
Antivirus
PE32
PE File
OS Processor Check
VirusTotal
Malware
powershell
AutoRuns
suspicious privilege
Code Injection
Check memory
Checks debugger
Creates shortcut
unpack itself
powershell.exe wrote
suspicious process
AntiVM_Disk
WriteConsoleW
VM Disk Size Check
Windows
ComputerName
Remote Code Execution
Cryptographic key
2
Info
×
publicvm.casacam.net(105.111.42.73)
105.111.42.73
9.8
56
ZeroCERT
9978
2021-07-13 18:04
vbc.exe
ca7b3646f761b2095fda351b5a735d0d
PWS
.NET framework
Generic Malware
Admin Tool (Sysinternals etc ...)
PE32
PE File
.NET EXE
VirusTotal
Malware
Check memory
Checks debugger
unpack itself
crashed
2.2
20
ZeroCERT
9979
2021-07-13 18:04
DoublesidePassport.jpg.lnk
041cc53c6152bc5ac0ada6fb7cb12bb4
UPX
AntiDebug
AntiVM
GIF Format
PE32
PE File
OS Processor Check
JPEG Format
VirusTotal
Malware
Code Injection
Check memory
WMI
Creates shortcut
Creates executable files
RWX flags setting
unpack itself
Windows utilities
suspicious process
AppData folder
WriteConsoleW
Windows
ComputerName
7.8
14
ZeroCERT
9980
2021-07-13 18:06
setup_c.exe
6ca76d8eaf1ec1e760ac41c0b1386d07
Generic Malware
Anti_VM
PE32
PE File
VirusTotal
Malware
Check memory
Checks debugger
unpack itself
Checks Bios
Detects VirtualBox
Detects VMWare
suspicious process
WriteConsoleW
VMware
anti-virtualization
Windows
ComputerName
Firmware
crashed
7.6
20
ZeroCERT
9981
2021-07-13 18:06
DNBAeYMT2WEKoZK.exe
8499ede977c860b8c6c07776081a3dea
PWS
Loki[b]
Loki[m]
.NET framework
Generic Malware
Admin Tool (Sysinternals etc ...)
DNS
Socket
AntiDebug
AntiVM
PE32
PE File
.NET EXE
Browser Info Stealer
FTP Client Info Stealer
VirusTotal
Email Client Info Stealer
Malware
suspicious privilege
MachineGuid
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
unpack itself
malicious URLs
AntiVM_Disk
VM Disk Size Check
installed browsers check
Windows
Browser
Email
ComputerName
DNS
Cryptographic key
Software
crashed
1
Keyword trend analysis
×
Info
×
http://185.227.139.18/dsaicosaicasdi.php/uirKQcHWX0e7x - rule_id: 2584
1
Info
×
185.227.139.18 - mailcious
1
Info
×
http://185.227.139.18/dsaicosaicasdi.php
13.8
M
37
ZeroCERT
9982
2021-07-13 18:08
ConsoleApp6.exe
b46c2cfc05bc1e8fe659d143ccf77375
AgentTesla
PWS
.NET framework
RAT
browser
info stealer
Generic Malware
Google
Chrome
User Data
Antivirus
Socket
Create Service
Sniff Audio
Escalate priviledges
KeyLogger
Code injection
Downloader
AntiDebug
AntiVM
PE32
PE File
.NET EXE
VirusTotal
Malware
powershell
AutoRuns
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
Creates shortcut
Creates executable files
unpack itself
suspicious process
WriteConsoleW
Windows
ComputerName
DNS
Cryptographic key
DDNS
crashed
keylogger
2
Info
×
freightmgmt.duckdns.org(194.5.98.207) - mailcious
194.5.98.207 - mailcious
13.8
25
ZeroCERT
9983
2021-07-13 18:10
000628389672_1.xlsm
be08be775737dbd2ef07cd65b3c95d7e
VBA_macro
VirusTotal
Malware
unpack itself
1.6
9
ZeroCERT
9984
2021-07-13 18:11
270c3859591599642bd15167765246...
270c3859591599642bd15167765246e3
Ficker Stealer
UPX
PE32
PE File
Browser Info Stealer
FTP Client Info Stealer
VirusTotal
Malware
Cryptocurrency wallets
Cryptocurrency
MachineGuid
Check memory
ICMP traffic
Collect installed applications
sandbox evasion
anti-virtualization
IP Check
installed browsers check
Ransomware
Browser
ComputerName
Software
1
Keyword trend analysis
×
Info
×
http://api.ipify.org/?format=xml
4
Info
×
api.ipify.org(23.21.173.155)
pospvisis.com(95.213.179.67) - mailcious
50.19.100.233
95.213.179.67
8.8
M
60
ZeroCERT
9985
2021-07-13 18:29
umbr.exe
f9d986194bfbc6d9e56e62a7e6f3f1f7
RAT
Process Kill
Generic Malware
UPX
FindFirstVolume
CryptGenKey
Http API
Steal credential
ScreenShot
AntiDebug
AntiVM
PE32
PE File
OS Processor Check
Device_File_Check
.NET EXE
VirusTotal
Malware
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
Creates executable files
unpack itself
AntiVM_Disk
suspicious TLD
VM Disk Size Check
Windows
Cryptographic key
1
Keyword trend analysis
×
Info
×
http://newja.webtm.ru/mad.zip - rule_id: 2289
2
Info
×
newja.webtm.ru(92.53.96.150) - malware
92.53.96.150 - mailcious
1
Info
×
http://newja.webtm.ru/mad.zip
8.4
M
48
guest
9986
2021-07-14 07:24
vato.js
d5cb6592fb3cb1e72b2cff6fca5f3528
Antivirus
VirusTotal
Malware
powershell
AutoRuns
suspicious privilege
Check memory
Checks debugger
WMI
Creates shortcut
ICMP traffic
unpack itself
Windows utilities
Check virtual network interfaces
suspicious process
WriteConsoleW
Windows
ComputerName
Cryptographic key
3
Info
×
vendorcreditglobal.online() - malware
google.com(142.250.196.142)
172.217.24.78
8.6
17
ZeroCERT
9987
2021-07-14 07:31
2206.dotm
196977d3c5e6d635fdd60ac4d9f5e127
VBA_macro
Vulnerability
VirusTotal
Malware
unpack itself
1
Keyword trend analysis
×
Info
×
http://188.166.41.131/momo.php
1
Info
×
188.166.41.131
3.8
5
ZeroCERT
9988
2021-07-14 07:34
.................................
d50bdf90927dc53f961c0d4fd864b978
RTF File
doc
AntiDebug
AntiVM
Malware
MachineGuid
Malicious Traffic
Check memory
exploit crash
unpack itself
Exploit
DNS
crashed
3
Keyword trend analysis
×
Info
×
http://www.massapequapublicschools.com/usur/
http://198.12.107.11/wwtt/svch.exe
http://www.massapequapublicschools.com/usur/?h0DlqZ5=IzcjEjhJ8bSaryQ/4Cv3QMoV1Z8qC83Tm6cW42EOAqVI+2mFAfmm5fPhAgjqk56EtwynR/Gw&MJBx=FdCxIn0H-pvHhbPP
5
Info
×
www.jadeena.com(154.222.229.57)
www.massapequapublicschools.com(212.32.237.92)
198.12.107.11
154.222.229.57
63.143.32.83
5.4
ZeroCERT
9989
2021-07-14 07:44
svch.exe
f9bc884d392b1cf3476d36733d443bea
PWS
.NET framework
Generic Malware
Admin Tool (Sysinternals etc ...)
PE32
PE File
.NET EXE
Check memory
Checks debugger
unpack itself
1.2
ZeroCERT
9990
2021-07-14 07:44
mad.zip
2dd394b649d386e88e6d6da28be926d5
VirusTotal
Malware
0.6
19
ZeroCERT
First
Previous
661
662
663
664
665
666
667
668
669
670
Next
Last
Total : 48,198cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword