popup

Submissions

No Date Request Urls Hosts IDS Rule Score Zero VT Player Etc
11236 2021-08-11 19:00 clip.exe  

8e0858c676bfce53f2a0473fb3c353be


RAT PWS .NET framework Generic Malware Malicious Packer AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName Cryptographic key 		10.6 M 42 ZeroCERT

11237 2021-08-11 19:02 blaqzx.exe  

93f325bfdd9507345527f4e5f533bec0


RAT PWS .NET framework Generic Malware UPX Admin Tool (Sysinternals etc ...) .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself Windows Cryptographic key 		5.2 M 20 ZeroCERT

11238 2021-08-11 19:05 .svchost.exe  

8056c1da01723959661caf103a001271


UPX PE File PE32 VirusTotal Malware RWX flags setting unpack itself 		1.8 M 12 ZeroCERT

11239 2021-08-11 19:06 racoon.exe  

2919f1a121d1156f2a62696343002ba3


UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware PDB unpack itself 		1.8 M 24 ZeroCERT

11240 2021-08-11 19:08 GetFile3  

60df31268d2ac9f2c363a9c6d025e3ce


UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware PDB unpack itself 		1.8 M 28 ZeroCERT

11241 2021-08-12 09:16 ANN.exe  

f69d8f7707fd214fad1dbf3f1f1765a9


RAT Generic Malware Malicious Packer .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself 		2.0 M 27 ZeroCERT

11242 2021-08-12 09:16 ner.exe  

ce977f0eaaaba80afc05abb7e1832269


UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware PDB unpack itself 		2.0 M 30 ZeroCERT

11243 2021-08-12 09:18 MKS.exe  

c97a48d4ff50d8301b799e3cfef5e4ea


Generic Malware Malicious Packer DNS ScreenShot AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows ComputerName 		2 13.4 25 ZeroCERT

11244 2021-08-12 09:18 dcc7975c8a99514da06323f0994cd7...  

810308e1db8489816c1475430c55b791


UPX Malicious Library OS Processor Check PE File PE32 PDB DNS 		1 1.2 ZeroCERT

11245 2021-08-12 09:18 kbdindev.exe  

1ca618bba986d71007c944f585faad2c


RAT NPKI email stealer Generic Malware Malicious Packer DNS Escalate priviledges KeyLogger Code injection Downloader persistence AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer VirusTotal Email Client Info Stealer Malware MachineGuid Code Injection Check memory Checks debugger buffers extracted WMI Creates executable files ICMP traffic unpack itself Windows utilities suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Browser Email ComputerName crashed 		2 14.0 22 ZeroCERT

11246 2021-08-12 09:20 alfile.exe  

9292c91e8862b1f54b316ac8aee11bc7


UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware PDB unpack itself 		1.8 23 ZeroCERT

11247 2021-08-12 09:21 dllhost.exe  

b19143d7e738e319d499fad66a36356d


RAT PWS .NET framework Generic Malware UPX Admin Tool (Sysinternals etc ...) Socket AntiDebug AntiVM .NET EXE PE File PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key 		1 3 1 8.2 27 ZeroCERT

11248 2021-08-12 09:23 file.exe  

82d9399220654cb33ce6042db6d7780c


Generic Malware Antivirus .NET EXE PE File PE32 VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger WMI Creates shortcut ICMP traffic unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed 		1 8.8 24 ZeroCERT

11249 2021-08-12 09:23 GetFile3  

2c488e751cc8d933035d0f5dc398d6ef


UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware PDB unpack itself 		2.2 24 ZeroCERT

11250 2021-08-12 09:25 start.EXE  

fb5278d8e4a377946c05dca2033f3ac7


Emotet Gen1 UPX Malicious Library Antivirus PE64 PE File VirusTotal Malware powershell AutoRuns PDB suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Remote Code Execution Cryptographic key 		6.2 14 ZeroCERT

keyword