Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	Rule	Score	Zero	VT	Player
10681	2023-08-16 18:18	1.html 27f74072d6268b5d96d73107c560d852 Antivirus AntiDebug AntiVM MSOffice File VirusTotal Malware Code Injection exploit crash unpack itself Windows utilities Windows Exploit DNS crashed	2 Keyword trend analysis			3.8	M	8	ZeroCERT

10682	2023-08-16 18:02	1.html 27f74072d6268b5d96d73107c560d852 Antivirus AntiDebug AntiVM MSOffice File VirusTotal Malware Code Injection exploit crash unpack itself Windows utilities Windows Exploit DNS crashed	2 Keyword trend analysis			3.8	M	8	ZeroCERT

10683	2023-08-16 17:57	1.html 27f74072d6268b5d96d73107c560d852 Antivirus AntiDebug AntiVM MSOffice File VirusTotal Malware Code Injection exploit crash unpack itself Windows utilities Windows Exploit DNS crashed	2 Keyword trend analysis			3.8		8	ZeroCERT

10684	2023-08-16 17:48	amday.exe aa486e83365ae67a5778758685ca4d6f Amadey UPX .NET framework(MSIL) Malicious Library Admin Tool (Sysinternals etc ...) Http API HTTP Code injection Internet API AntiDebug AntiVM .NET EXE PE File PE32 Lnk Format GIF Format VirusTotal Malware AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities Windows ComputerName DNS	1 Keyword trend analysis	1	1	12.2	M	32	ZeroCERT

10685	2023-08-16 17:14	cancellationForm.Client.exe a313d9dfd6bddf4cf0412d887719c5be UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware PDB MachineGuid Check memory Checks debugger unpack itself				2.4		8	ZeroCERT

10686	2023-08-16 17:11	NitroGenerator.exe 3b690e2f9f6a1184381063aa68bf0842 AntiDebug AntiVM PE64 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI Creates executable files RWX flags setting unpack itself Collect installed applications Check virtual network interfaces installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed		1		13.6	M	53	ZeroCERT

10687	2023-08-16 17:11	SuWar3Tools.exe ef8272b8854963717097c26092490bf5 RedLine Infostealer UltraVNC UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware PDB suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder Windows Cryptographic key crashed	5 Keyword trend analysis Info http://www.suyx.net/war3/download/README.md http://www.suyx.net/war3/download/getupdate.ashx?l= https://github.com/hegelsu/SuWar3Tools/raw/master/README.md https://raw.githubusercontent.com/hegelsu/SuWar3Tools/master/README.md https://visitor-badge.laobi.icu/badge?page_id=github.com-hegelsu-SuWar3Tools	8		8.4	M	47	ZeroCERT

10688	2023-08-16 15:07	password.chm b5f9cd67cb32f44c138c382e17b06fd6 Generic Malware Antivirus Hide_URL AntiDebug AntiVM CHM Format powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut RWX flags setting unpack itself powershell.exe wrote suspicious process Interception Windows ComputerName Cryptographic key	1 Keyword trend analysis	2	1	6.6	M		ZeroCERT

10689	2023-08-16 10:58	hanacard.chm 2002dd3cf9e2ef96b74a99eee0dd5ec1 Generic Malware Antivirus AntiDebug AntiVM CHM Format PowerShell BMP Format VirusTotal Malware powershell AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key	10 Keyword trend analysis Info http://em.hanacard.co.kr:8080/camp_img/e_footer.gif http://em.hanacard.co.kr:8080/camp_img/e_header_03.gif http://em.hanacard.co.kr:8080/camp_img/e_name_bottom.gif http://safe.amail.co.kr/ems61/safemail.jpg?Q1VTVF9JRD1oYW5hY2FyZC5pbg==&UE9TVF9JRD0yMDIyMDMxNV8zNg==&TV9JRD04NjAyMjYxQTAwOTI0XzE4MjMzMTU=&RU1BSUxfSUQ9ZGY4MzU0YWZjMDg0N2U1MTdiM2NiNDZlZGU5YmZmYmM4ODcxMTM2NzZmMGE1OTczZTlmZjc1MjU1MWI1ZmU= http://em.hanacard.co.kr:8080/camp_img/ico_bull02.gif http://em.hanacard.co.kr:8080/camp_img/e_footer_cs01.gif http://em.hanacard.co.kr:8080/track/Check.jsp?TV9JRD04NjAyMjYxQTAwOTI0XzE4MjMzMTU=&U1RZUEU9QVVUTw==&TElTVF9UQUJMRT1FTVNfQVVUT19TRU5EX0xJU1RfMDE=&UE9TVF9JRD0yMDIyMDMxNV8zNg==&VEM9MjAyMjAzMjI=&S0lORD1P http://www.hanacard.co.kr/js/cmn/wl6.js https://www.hanacard.co.kr/js/cmn/wl6.js https://nobuay.ink/yzkah	6		9.0		21	ZeroCERT

10690	2023-08-16 10:20	2.exe 294fab1523dc3b50cbcc120e67946a5b UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware DNS		1		3.4	M	56	guest

10691	2023-08-16 09:53	nine18.js 92cd4dca66b5bebf62d5bdf1454ab6de Generic Malware Antivirus VirusTotal Malware powershell AutoRuns suspicious privilege Check memory Checks debugger Creates shortcut Creates executable files unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key	12 Keyword trend analysis Info https://tukudewe.com/js/h3b2_jsg/AudioCapture.dll https://tukudewe.com/js/h3b2_jsg/HTCTL32.DLL https://tukudewe.com/js/h3b2_jsg/nskbfltr.inf https://tukudewe.com/js/h3b2_jsg/pcicapi.dll https://tukudewe.com/js/h3b2_jsg/NSM.LIC https://tukudewe.com/js/h3b2_jsg/PCICL32.DLL https://tukudewe.com/js/h3b2_jsg/TCCTL32.DLL https://tukudewe.com/js/h3b2_jsg/client32.ini https://tukudewe.com/js/h3b2_jsg/remcmdstub.exe https://tukudewe.com/js/h3b2_jsg/msvcr100.dll https://tukudewe.com/js/h3b2_jsg/client32.exe https://tukudewe.com/js/h3b2_jsg/PCICHEK.DLL	2		9.2		13	ZeroCERT

10692	2023-08-16 09:53	www.vbs c863717ead17c4488aa7f85b33ba8b20 WSHRAT Hide_EXE Anti_VM PE File VirusTotal Malware VBScript AutoRuns WMI wscript.exe payload download Creates executable files ICMP traffic unpack itself AntiVM_Disk IP Check VM Disk Size Check Windows ComputerName DNS DDNS crashed Dropper	2 Keyword trend analysis	4	1	10.0	M	24	ZeroCERT

10693	2023-08-16 09:50	pass1234_setup.7z 11786f2176a86c420e8ed701afb50b17 Escalate priviledges PWS KeyLogger Anti_VM AntiDebug AntiVM Malware suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself suspicious TLD IP Check DNS DDNS	30 Keyword trend analysis Info http://94.142.138.131/api/firegate.php - rule_id: 32650 http://208.67.104.60/api/tracemap.php - rule_id: 28876 http://193.233.254.61/loghub/master - rule_id: 35736 http://hugersi.com/dl/6523.exe - rule_id: 32660 http://zzz.fhauiehgha.com/m/okka25.exe - rule_id: 34705 http://45.15.156.229/api/tracemap.php - rule_id: 33783 http://app.nnnaajjjgc.com/check/?sid=167814&key=a5b5863dbaf7dd2a9129d0eb6a63011d http://bratzen.duckdns.org/byte/@siddharthabuddh4.txt http://app.nnnaajjjgc.com/check/safe http://87.121.221.58/g.exe - rule_id: 35764 http://apps.identrust.com/roots/dstrootcax3.p7c http://94.142.138.131/api/tracemap.php - rule_id: 28311 http://www.maxmind.com/geoip/v2.1/city/me http://us.imgjeoigaa.com/sts/imagc.jpg - rule_id: 33482 https://busell.store/setup294.exe - rule_id: 35772 https://sun6-21.userapi.com/c240331/u801981293/docs/d28/b38caee84b38/Crypted_protected.bmp?extra=cP0UhZQ7DsEGzDG5yusGNugKDDH8A9awTnKxUIa31ak-D7zxxQ4Glaa16ZQCyuxOyR9CKj1zDPw1PvpKq6vUiyOaNLL9iXmQd2FMup94y46Vex_BYjd7C0OTSvbm-zKz_Xlr5YxXkjok3NPuUw https://db-ip.com/demo/home.php?s=175.208.134.152 https://sun6-22.userapi.com/c235131/u801981293/docs/d27/032758fabac5/clear.bmp?extra=5XcBld5kUgzmhv3FtfQYQUV4KT2dK9QJbuwFoOHwlrBqk4Nekx7pLcPUypGaGZo1Cz_NmalvdtfuH3w8KXnxM9T31dHqKKkbPM2Xzcq4CdJav1eEXnElU-2gbQpSJ1TATU_F8HmilibJPRasHg https://vk.com/doc801981293_667824657?hash=uKjHpXXzaUg2hges0cwPhvWMCHrSb0l3NI2z2GneGIg&dl=rC0OVUQdzEQqIiNmWsrsF5I95cQHuaPEfYtvDMvzEN4&api=1&no_preview=1#rise https://sun6-20.userapi.com/c909518/u801981293/docs/d41/3cf7d0eda40a/WWW1.bmp?extra=5_odXIEdLt4y08ksTj9GuCa8ylxzT-6uKjF9vj-q9W9BHi1K3wfNWBcxp7PPQucA25aFkDcN2xy8iD0qJ6I6lSgYzW3TpTgniC9ifj14O2a05m8BccHcZ6a1BO_R9ioIGPzrVC5U4wQUXbourg https://vk.com/doc801981293_667803773?hash=4TZb5YnWuA82PVbdDAhWZa2MZaLOxCkMyK03PTWXZ7k&dl=ybWpay00uXdDBpwpvEqOzXKaXInNaUyNw2LywEIZEV8&api=1&no_preview=1#new https://db-ip.com/ https://api.db-ip.com/v2/p31e4d59ee6ad1a0b5cc80695a873e43a8fbca06/self https://vk.com/doc801981293_667834241?hash=DvSmghsP3CrPjN2IBNVkYau13cotAZEGt0DiEf3lYJk&dl=S5qg1Y5PMD7JOdzMlHd2FBmNYuu3V7npVPI4Eju0Ezc&api=1&no_preview=1#as https://sun6-21.userapi.com/c909328/u801981293/docs/d35/a666a3b3791a/asca1ex.bmp?extra=RZ1sKKjCs3asL6-Rmb6h9AuFQ8ZVNpKIMhVtjKPrh48gxBkF3Kq4SsN0G4vlkhLK1dKNvuNIlxo9zWuEisI1M65KWbIJZU6_cDnXJZz_hxUHzlIDzbxRwDzUK8BAf9qCLcPQgt-m8-bHe8w4zQ https://sun6-20.userapi.com/c237231/u801981293/docs/d58/52485632444d/Megamode.bmp?extra=Rwi8HSGj9JUJ_V3AlJ39yzh-j3NwSlOmnVNtUYN6A8eJDv89ZLjnGUcNFFkoluNvmJu_lJBvhxLJFO4bf3oq0P8tH9qk6hvwk9-VoCkHlA8-X8YrIXbK0o_RlMG0HEekWoQTtra4kx7e2_7QOg https://sun6-23.userapi.com/c240331/u801981293/docs/d38/08c3097b4817/PMmp.bmp?extra=jKXALYeyUCvHQkJReo2tb_cQUOrJFTfks4qUGTQp77GPuNlmMqcvdsDYqY2jMwst5hE86GoJNWeQChJq1RiJvq1w9lYdui8TlW7no9gU97iRqx2TxX2eFn_5kJVBNrhUCWlnkH-gZxIO5dYKBQ https://vk.com/doc801981293_667784660?hash=zbRiifTp5Av5dg501LOiwMYcMMa5aXebyX8aYn9mHXs&dl=Jq7WTBPcVptnnv1nurEtm5GoILYMRNRKYy1tIIn6BX0&api=1&no_preview=1 https://vk.com/doc801981293_667770193?hash=w5GO9htU1xJzYOUziW88RmhbH6cfAswoB9TZmFBHdS0&dl=eVg6hANxUfZR1q8izxmJ9EYQzFLmsQVg5tfxurAnHj0&api=1&no_preview=1#WW1 https://vk.com/doc801981293_667856853?hash=u4TwZPGmvpaLEXEgEofjgmISgf2DosuyvS7wFUA0tZk&dl=8pK0VUDG0zKxMEJJ6FyyCNKfZqf5zwCbcvZUj3dqtQs&api=1&no_preview=1	51 Info app.nnnaajjjgc.com(154.221.26.108) www.maxmind.com(104.17.215.67) db-ip.com(104.26.4.15) api.myip.com(104.26.8.59) hugersi.com(91.215.85.147) - malware iplis.ru(148.251.234.93) - mailcious sun6-22.userapi.com(95.142.206.2) busell.store(172.67.159.178) - malware zzz.fhauiehgha.com(103.100.211.218) - mailcious sun6-21.userapi.com(95.142.206.1) - mailcious ipinfo.io(34.117.59.81) us.imgjeoigaa.com(103.100.211.218) - mailcious iplogger.org(148.251.234.83) - mailcious sun6-23.userapi.com(95.142.206.3) sun6-20.userapi.com(95.142.206.0) - mailcious vk.com(87.240.129.133) - mailcious bratzen.duckdns.org(84.54.50.42) api.db-ip.com(172.67.75.166) 148.251.234.93 - mailcious 194.169.175.128 - mailcious 154.221.26.108 - mailcious 104.17.215.67 91.215.85.147 - malware 23.43.165.66 208.67.104.60 - mailcious 176.123.9.85 - mailcious 87.121.221.58 - malware 172.67.75.166 172.67.75.163 193.233.254.61 - mailcious 194.26.135.162 - mailcious 87.240.132.78 - mailcious 34.117.59.81 148.251.234.83 84.54.50.42 194.169.175.233 - malware 94.142.138.131 - mailcious 104.21.9.89 - malware 94.142.138.113 - mailcious 77.91.124.231 - malware 45.15.156.229 - mailcious 51.83.170.21 - mailcious 104.26.4.15 95.142.206.3 163.123.143.4 - mailcious 95.142.206.1 - mailcious 95.142.206.0 - mailcious 77.91.124.54 85.208.136.10 - mailcious 95.142.206.2 103.100.211.218 - malware	10 Info http://94.142.138.131/api/firegate.php http://208.67.104.60/api/tracemap.php http://193.233.254.61/loghub/master http://hugersi.com/dl/6523.exe http://zzz.fhauiehgha.com/m/okka25.exe http://45.15.156.229/api/tracemap.php http://87.121.221.58/g.exe http://94.142.138.131/api/tracemap.php http://us.imgjeoigaa.com/sts/imagc.jpg https://busell.store/setup294.exe	7.0	M		ZeroCERT

10694	2023-08-16 09:39	chromium.vbe 8e99881fa155be4f5705fddd924ecd63 Generic Malware Antivirus Hide_URL AntiDebug AntiVM PowerShell VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName Cryptographic key	2 Keyword trend analysis	3		9.4		2	ZeroCERT

10695	2023-08-16 09:38	6271c26a5690c43c59c23239_PDF2-... 4ba303dbb08db50b93fdcf0494257467 PDF ZIP Format Windows utilities Windows	5 Keyword trend analysis Info http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/277_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/280_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/message.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/278_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/281_20_6_20042.zip			1.4			ZeroCERT