Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	VT	Player
11746	2023-07-05 17:26	davincizx.exe 33bd3e1ca73b982e214dc01855fac397 LokiBot Generic Malware Antivirus Socket PWS DNS AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself suspicious process malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software		1		15.2	43	ZeroCERT

11747	2023-07-05 17:25	FA002.exe 4ca5a34884534a5751b8e59d41cecdcb UPX PE File PE32 VirusTotal Malware crashed				1.4	29	ZeroCERT

11748	2023-07-05 17:21	plugmanzx.exe 53c2300cd80cc19026ff56c95835ecc9 PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself				2.2	24	ZeroCERT

11749	2023-07-05 17:21	rrcrrcrrcrrcrrcrrcrrcrrcrrcrrc... cd50d67ceed86dfca39f4c375e548ab0 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Exploit DNS crashed	1 Keyword trend analysis	1	1	5.0	35	ZeroCERT

11750	2023-07-05 17:21	Guardian.exe b6224676697824f203b0a7c4face0c27 Gen1 Generic Malware UPX Malicious Library Malicious Packer Anti_VM OS Processor Check PE File PE64 DLL ZIP Format VirusTotal Malware Check memory Creates executable files WriteConsoleW Ransomware				3.0	9	ZeroCERT

11751	2023-07-05 17:21	obizx.doc 4ba517cee0b4e4c77e6178a1f77d862b MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic RWX flags setting exploit crash IP Check Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	3	7 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	4.8	28	ZeroCERT

11752	2023-07-05 17:19	fa3333.txt.ps1 a63dad914bebe79580df3eec4f58aef6 Generic Malware Antivirus VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key		2	2	9.4	18	ZeroCERT

11753	2023-07-05 17:04	SErvKxEjge.msi a70a3341d608bc64552ba5b3fcef5ec9 CAB MSOffice File unpack itself crashed				0.6		ZeroCERT

11754	2023-07-05 15:08	5a5ad5743da1c888bf3b54ccc3e34f... 5a5ad5743da1c888bf3b54ccc3e34ff5 Gen1 Emotet njRAT backdoor Eredel Stealer Extended Generic Malware Suspicious_Script UPX Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer Downloader .NET framework(MSIL) ASPack OS Processor Check MZP Format PE File PE32 DLL icon CAB MS VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check human activity check Tofsee Ransomware Windows ComputerName	19 Keyword trend analysis Info http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl http://go.microsoft.com/fwlink/?prd=11324&pver=netfx&sbp=Net48Rel1&plcid=0x409&clcid=0x409&ar=04115.00&sar=amd64&o1=netfx_Patch_x64.msp http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl http://go.microsoft.com/fwlink/?prd=11324&pver=netfx&sbp=Net48Rel1&plcid=0x409&clcid=0x409&ar=03761.00&sar=amd64&o1=netfx_Full_x64.msi http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl http://go.microsoft.com/fwlink/?LinkId=862008 http://go.microsoft.com/fwlink/?prd=11324&pver=netfx&sbp=Net48Rel1&plcid=0x409&clcid=0x409&ar=03761.00&sar=amd64&o1=netfx_Full.mzz http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl http://go.microsoft.com/fwlink/?LinkId=249120&clcid=0x409 http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl http://go.microsoft.com/fwlink/?prd=11324&pver=netfx&sbp=Net48Rel1&plcid=0x409&clcid=0x412&ar=03761.00&sar=amd64&o1=NDP48-x86-x64-AllOS-KOR.exe http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl https://download.visualstudio.microsoft.com/download/pr/375f6a02-34bc-4b7d-ad8b-957789cf81e8/e4abafc291524af6e2b478f5d4857f0a/netfx_full_x64.msi https://download.visualstudio.microsoft.com/download/pr/c2ad65ab-bab3-4d24-ada4-aaf2ff0c1266/2a3f786c480c1122ff3696ba1ad9564b/ndp48-x86-x64-allos-kor.exe https://download.visualstudio.microsoft.com/download/pr/9acd2157-dc1e-41fc-9f4d-35d56fc49f6b/c84b7777456bf0dc89c15571ffdb8e49/netfx_full_x64.msi https://download.visualstudio.microsoft.com/download/pr/7afca223-55d2-470a-8edc-6a1739ae3252/f3ce41d8623e237d717257d9ae4cec5f/netfx_full_cab.exe https://download.visualstudio.microsoft.com/download/pr/887938c3-2a46-4069-a0b1-207035f1dd82/f0771dabc43ba46cfe9e3481840a7944/windows6.1-kb4019990-x64.cab https://download.visualstudio.microsoft.com/download/pr/2d6bb6b2-226a-4baa-bdec-798822606ff1/55e5b1321b16ab92f5e8fd2ea9169147/netfx_patch_x64.msp	4	1	11.8	1	guest

11755	2023-07-05 11:32	obizx.exe c1095a10913a5b0bf7952a253fc80d59 Generic Malware Antivirus PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed keylogger		2	2	13.8	30	r0d

11756	2023-07-05 11:20	obizx.exe c1095a10913a5b0bf7952a253fc80d59 Formbook Generic Malware Antivirus PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed keylogger		2	2	14.8	30	r0d

11757	2023-07-05 11:08	wealthzx.exe 844a7515a88d095b9cbaea9345ca55b0 Formbook PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Browser Email ComputerName Cryptographic key Software crashed keylogger				11.0	35	r0d

11758	2023-07-05 11:03	mazx.exe 60822680920de27aed07c2352674f05c Formbook Generic Malware .NET framework(MSIL) Antivirus AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware powershell PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key				10.2	48	r0d

11759	2023-07-05 10:23	oplasx.vbs 84d15dddd6d6d156f0b26f47c2584852 Generic Malware Antivirus SMTP KeyLogger Hide_URL AntiDebug AntiVM PowerShell Browser Info Stealer VirusTotal Email Client Info Stealer Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process Windows Exploit Browser Email ComputerName DNS Cryptographic key crashed	2 Keyword trend analysis	3	2	10.0	5	ZeroCERT

11760	2023-07-05 09:48	Flightpath.lnk 256acb98c1c970818640ec89f1060458 PDF ZIP Format Windows utilities Windows	5 Keyword trend analysis Info http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/277_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/281_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/280_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/278_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/message.zip			1.4		ZeroCERT