Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
10186	2021-07-18 09:11	cvhost.exe bfcf2a43ca7649e12801564b8c58d0d8 UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself				2.2	M	24	ZeroCERT

10187	2021-07-18 09:11	lv.exe fcd64cf71e8faa889ff45a5b62296c22 Gen1 Gen2 UPX Malicious Library Malicious Packer DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Hijack Network Code injection Http API Internet API Steal credential ScreenShot Downloader P2P persistence AntiDebug AntiVM VirusTotal Malware Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Windows		1		7.4	M	34	ZeroCERT

10188	2021-07-18 09:14	astro-grep-setup.exe.doc 9c3d3679ea84ff9bf67bf8c7aa2afc48 PWS .NET framework RAT VBA_macro Generic Malware UPX Malicious Packer PE File OS Processor Check PE32 Vulnerability VirusTotal Malware Creates executable files unpack itself				3.8		38	guest

10189	2021-07-18 09:16	USBrowserInst.exe d188a8526f296c7ce98afad1a4ecca80 Gen1 Generic Malware UPX Malicious Packer PE File PE32 .NET EXE OS Processor Check DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files ICMP traffic unpack itself Collect installed applications Check virtual network interfaces AppData folder installed browsers check Tofsee Ransomware Windows Browser ComputerName Cryptographic key Software crashed	11 Keyword trend analysis Info https://server-downl-8831.xyz/?user=usa1 https://server-downl-8831.xyz/?user=usa2 https://server-downl-8831.xyz/?user=usa3 https://server-downl-8831.xyz/?user=usa4 https://server-downl-8831.xyz/?user=usa5 https://server-downl-8831.xyz/?user=usa6 https://iplogger.org/1ndqr7 https://all-brain-company.xyz/ https://all-brain-company.xyz/api.php?getusers https://iplogger.org/1ZdZs7 https://all-brain-company.xyz/api.php	6	1	11.0	M	23	ZeroCERT

10190	2021-07-18 09:18	browershelper.bin 06728e03a423984c9e43a21ad6d47101 VMProtect PE File PE32 VirusTotal Malware				2.2		49	guest

10191	2021-07-18 09:31	b4e49f1049ffa60d_ms.exe 9c57e654bb81243d958bea07d1c7f840 PWS .NET framework RAT Generic Malware UPX Malicious Packer PE File OS Processor Check PE32 PDB Remote Code Execution				0.8			ZeroCERT

10192	2021-07-19 10:33	app.exe 0e0e1560bc36cdd3dc09c82e08af9b0e UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself				2.2		23	ZeroCERT

10193	2021-07-19 10:33	ABH.exe c99a2c278e2c345bc20d4a5a1a91ad89 Generic Malware Malicious Packer DNS AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows ComputerName		2		12.8		18	ZeroCERT

10194	2021-07-19 10:35	pl_installer.exe 146db5fd6c82cec465194d99eae2e539 UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself				2.2		27	ZeroCERT

10195	2021-07-19 10:35	GoogleInstall.exe 1551af76043294c6fb3b589398df2395 UPX PE File OS Processor Check PE32 GIF Format VirusTotal Malware AutoRuns Check memory Checks debugger Creates shortcut Creates executable files RWX flags setting unpack itself AntiVM_Disk VM Disk Size Check Windows ComputerName				4.8		37	ZeroCERT

10196	2021-07-19 10:47	IMG0073627.exe e8e77ca9cec0090a6266b90755bfa07e Generic Malware UPX PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key crashed				7.4	M	19	ZeroCERT

10197	2021-07-19 10:47	kliper.exe fcc5aaee3cd020a1be8eec599ad48a06 Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key				6.4	M		ZeroCERT

10198	2021-07-19 10:48	svchost.exe 334eaf9d3c65ab489fdec2f7a88c1184 Generic Malware UPX PE File PE64 OS Processor Check VirusTotal Malware unpack itself Windows Remote Code Execution crashed				3.4	M	26	ZeroCERT

10199	2021-07-19 10:49	kmh.exe 2b2121186b27af533bdb05759b757ad5 Generic Malware UPX Malicious Packer DNS AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows ComputerName		2		14.4	M	42	ZeroCERT

10200	2021-07-19 10:49	compan.exe ec079fbd394ed8838d2c8d062bbf1f39 BitCoin Process Kill Generic Malware Themida Packer UPX FindFirstVolume CryptGenKey AntiDebug AntiVM PE File Device_File_Check OS Processor Check PE32 PNG Format .NET EXE JPEG Format MSOffice File Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files RWX flags setting unpack itself Windows utilities Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces suspicious process AppData folder WriteConsoleW VMware anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Firmware Cryptographic key Software crashed	9 Keyword trend analysis Info http://usa01.info/users/content/id03084901/mmow.txt http://usa01.info/app/files/ap/id27315003.php http://usa01.info/function/v2tmp/momomoomomom.php http://usa01.info/books/userpaths/birbik/harrypotter3.txt http://tstamore.info/ http://kurinogti.info/ https://iplogger.com/1Fb797 https://iplogger.com/1Fn797 https://api.ip.sb/geoip	10	8 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET USER_AGENTS Suspicious User-Agent (Installed OK) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO EXE - Served Attached HTTP ET INFO Packed Executable Download ET INFO TLS Handshake Failure SURICATA Applayer Detect protocol only one direction SURICATA HTTP unable to match response to request	17.0	M	23	ZeroCERT