Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
10156
2024-04-30 07:39
lbb.exe
e990e7571cdb06c5d0f093176cecf414
BlackMatter Ransomware
PE File
PE32
VirusTotal
Malware
unpack itself
2.2
M
62
ZeroCERT
10157
2024-04-30 07:38
lazagne.exe
68d3bf2c363144ec6874ab360fdda00a
Gen1
Generic Malware
Malicious Library
UPX
PE64
PE File
OS Processor Check
DLL
VirusTotal
Malware
Creates executable files
unpack itself
2.6
M
52
ZeroCERT
10158
2024-04-30 07:37
Iss.exe
955211d8050bb619846140050fe5b6da
Generic Malware
Malicious Library
PE File
PE32
VirusTotal
Malware
2.0
M
52
ZeroCERT
10159
2024-04-30 07:35
nc.exe
a5a74d73fbf4a6f0b75f074de316277e
NMap
Malicious Library
PE File
PE32
VirusTotal
Malware
PDB
WriteConsoleW
1.4
39
ZeroCERT
10160
2024-04-30 07:35
lb.exe
6fd558cf3add096970e15d1e62ca1957
BlackMatter Ransomware
PE File
PE32
VirusTotal
Malware
unpack itself
2.2
63
ZeroCERT
10161
2024-04-29 14:39
Exodus.exe
3b43da1be0c39802b78f6b2c55c4d7e6
HelloXD Ransomware
PE64
PE File
VirusTotal
Malware
DNS
2
Info
×
xmr-eu1.nanopool.org(51.15.193.130) - mailcious
54.37.232.103
1
Info
×
ET POLICY Observed DNS Query to Coin Mining Domain (nanopool .org)
1.4
M
52
guest
10162
2024-04-29 11:09
Exodus.exe
3b43da1be0c39802b78f6b2c55c4d7e6
HelloXD Ransomware
PE64
PE File
VirusTotal
Malware
DNS
2
Info
×
xmr-eu1.nanopool.org(163.172.154.142) - mailcious
51.89.23.91
1
Info
×
ET POLICY Observed DNS Query to Coin Mining Domain (nanopool .org)
1.4
M
52
r0d
10163
2024-04-29 10:32
1.jpg
e34edde9e1fcae0ffaac450491a0b7a6
Generic Malware
Malicious Library
UPX
PE File
PE32
OS Processor Check
VirusTotal
Malware
PDB
unpack itself
2.0
M
31
ZeroCERT
10164
2024-04-29 10:14
mariogame.dll
a239211f31bbaaeb73d1a985c4cd163c
Malicious Library
Malicious Packer
PE File
DLL
PE32
.NET DLL
VirusTotal
Malware
PDB
1.4
M
48
ZeroCERT
10165
2024-04-29 09:36
xie.exe
f44bcedfb71262dd1484bcbb63122ba5
Gen1
HermeticWiper
Generic Malware
Malicious Library
UPX
Malicious Packer
Admin Tool (Sysinternals etc ...)
Obsidium protector
.NET framework(MSIL)
Anti_VM
PE File
PE32
JPEG Format
ftp
DLL
.NET DLL
PNG Format
OS Processor Check
OS Memory Check
OS Name Che
VirusTotal
Malware
suspicious privilege
Malicious Traffic
Check memory
Checks debugger
Creates executable files
unpack itself
Check virtual network interfaces
AppData folder
Ransomware
Windows
ComputerName
Cryptographic key
2
Keyword trend analysis
×
Info
×
http://zhngxie.wf/22_2/huge.dat
http://bageyou.xyz/c/g
4
Info
×
zhngxie.wf(104.21.13.240) - malware
bageyou.xyz(104.21.45.251)
104.21.45.251
172.67.133.129 - malware
2
Info
×
ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))
ET POLICY PE EXE or DLL Windows file download HTTP
7.2
M
25
ZeroCERT
10166
2024-04-29 09:34
eveninggreatformonkeykingtound...
c63cbdfeaddd4e1867b5d9aedf4b77dd
MS_RTF_Obfuscation_Objects
RTF File
doc
VirusTotal
Malware
VBScript
Malicious Traffic
buffers extracted
exploit crash
unpack itself
Tofsee
Exploit
DNS
crashed
3
Keyword trend analysis
×
Info
×
http://apps.identrust.com/roots/dstrootcax3.p7c
http://23.95.60.77/eveningxla.vbs
https://paste.ee/d/EmOjM
6
Info
×
paste.ee(172.67.187.200) - mailcious
uploaddeimagens.com.br(172.67.215.45) - malware
104.21.84.67 - malware
23.95.60.77 - mailcious
104.21.45.138 - malware
182.162.106.33 - malware
3
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
ET INFO Dotted Quad Host VBS Request
5.0
M
38
ZeroCERT
10167
2024-04-29 09:33
done.exe
d5141d80d46fd3df879495cca103caba
NSIS
Generic Malware
Malicious Library
UPX
Antivirus
PE File
PE32
VirusTotal
Malware
powershell
suspicious privilege
Check memory
Checks debugger
Creates shortcut
Creates executable files
unpack itself
suspicious process
WriteConsoleW
Windows
ComputerName
Cryptographic key
6.6
25
ZeroCERT
10168
2024-04-29 09:33
csgg.exe
3e1fb053e8ca0281a2952fbdced68d1e
NSIS
Generic Malware
Malicious Library
UPX
Antivirus
PE File
PE32
VirusTotal
Malware
powershell
suspicious privilege
Check memory
Checks debugger
Creates shortcut
Creates executable files
unpack itself
suspicious process
WriteConsoleW
Windows
ComputerName
Cryptographic key
7.0
M
44
ZeroCERT
10169
2024-04-29 09:26
morningworkingforgetbackwithen...
bd7a9eba72d2a2a8cc97260ec906b842
MS_RTF_Obfuscation_Objects
RTF File
doc
VirusTotal
Malware
Malicious Traffic
buffers extracted
exploit crash
unpack itself
Exploit
DNS
crashed
1
Keyword trend analysis
×
Info
×
http://23.95.60.77/morningxla.js
1
Info
×
23.95.60.77 - mailcious
5.0
M
38
ZeroCERT
10170
2024-04-29 07:31
setup294.exe
82b92970234eeb94883182381e626c63
Generic Malware
Malicious Library
UPX
PE File
PE32
OS Processor Check
DLL
VirusTotal
Malware
PDB
unpack itself
suspicious process
AppData folder
RCE
3.0
M
47
ZeroCERT
First
Previous
671
672
673
674
675
676
677
678
679
680
Next
Last
Total : 54,215cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword
