Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
12121	2023-06-20 07:34	pamac2.1.exe 27070e69754c12f67e5541c7f0203f0a NSIS UPX Malicious Library PE File PE32 OS Processor Check DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Telegram suspicious privilege Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Check virtual network interfaces AppData folder IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger	1 Keyword trend analysis	4	4		10.2	M	38	ZeroCERT

12122	2023-06-20 07:33	nejorg2.1.exe a679e481d2868515a01976a1120c909c NSIS UPX Malicious Library PE File PE32 OS Processor Check DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed keylogger	1 Keyword trend analysis	2	1		8.8	M	39	ZeroCERT

12123	2023-06-20 07:31	3eef203fb515bda85f514e168abb59... 94516556bb1c18df471daa662b0d21e5 Malicious Library PE File PE32 VirusTotal Malware PDB unpack itself					2.2	M	56	ZeroCERT

12124	2023-06-20 07:31	toolspub2.exe 5fb4661d4331b84fd2eef4710a0bcb49 UPX Malicious Library AntiDebug AntiVM OS Processor Check PE File PE32 VirusTotal Malware Code Injection Checks debugger buffers extracted unpack itself Remote Code Execution					7.2	M	39	ZeroCERT

12125	2023-06-20 07:29	game2.exe ad0f1f3418da5e70c0e898a6546128ef Generic Malware UPX Admin Tool (Sysinternals etc ...) Malicious Packer PE File PE32 Malware download VirusTotal Malware Malicious Traffic buffers extracted Creates executable files RWX flags setting unpack itself AntiVM_Disk VM Disk Size Check Windows DNS crashed	1 Keyword trend analysis	1	6 Info ET MALWARE Possible Malicious Macro DL EXE Feb 2016 ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		4.8		23	ZeroCERT

12126	2023-06-20 07:29	100K.exe 673a1f3904a40a0f5fa40dbbf1615d78 PWS .NET framework(MSIL) UPX Confuser .NET OS Processor Check .NET EXE PE File PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware suspicious privilege Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	3		7.6		51	ZeroCERT

12127	2023-06-20 07:27	aaaaa.exe 90e6a6cb38ff2a0b219f1caf29b5c4a2 PWS .NET framework(MSIL) UPX Malicious Library OS Processor Check .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself					2.0		61	ZeroCERT

12128	2023-06-20 07:27	Hceea.exe 54c9a4eb41248f7280822eee5c61e65a AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself ComputerName DNS		1			10.4		43	ZeroCERT

12129	2023-06-20 03:29	BrowserMetrics-646763C6-2660.p... bbdf5b4dc35b72aa6869a546cc51473a AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName					3.4			guest

12130	2023-06-20 02:10	StartupProfileData-Interactive 3dbc7eff4536a4ccbaf91b9d3da7a094 AntiDebug AntiVM Email Client Info Stealer Code Injection Check memory Checks debugger unpack itself installed browsers check Browser Email					3.2			guest

12131	2023-06-19 18:09	cred64.dll 7b4ebf09cf37a88ab510a9fc4657f15e Browser Login Data Stealer UPX Malicious Library OS Processor Check DLL PE64 PE File VirusTotal Malware PDB Checks debugger unpack itself installed browsers check Browser ComputerName					2.6	M	55	r0d

12132	2023-06-19 18:00	RedGiant Activation Service Un... ef86450ca1ef20a87f9b3297aa8bb8e8 Generic Malware UPX Malicious Library Malicious Packer Anti_VM OS Processor Check MZP Format PE32 PE File PE64 DLL VirusTotal Malware suspicious privilege Checks debugger WMI Creates shortcut Creates executable files unpack itself Windows utilities AppData folder WriteConsoleW installed browsers check Windows Browser ComputerName					4.6		2	guest

12133	2023-06-19 17:43	wqewqewqewqeqwqewqewqewqewqe%2... f184e823c303d399c0dda9de40c7f45b MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic exploit crash Tofsee Windows Exploit DNS crashed	2 Keyword trend analysis	3	7 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)		4.2	M	34	ZeroCERT

12134	2023-06-19 17:15	mig.exe 46f330a312007fc9d230ca90cded266d PWS Ave Maria WARZONE RAT Gen1 Emotet CoinMiner Gen2 Generic Malware Suspicious_Script_Bin Downloader UPX Malicious Library Antivirus Malicious Packer Admin Tool (Sysinternals etc ...) Create Service DGA Socket DNS Steal credential Code injection HTTP S VirusTotal Cryptocurrency Miner Malware Cryptocurrency powershell AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger WMI Creates shortcut Creates executable files unpack itself Windows utilities Disables Windows Security powershell.exe wrote suspicious process AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check Windows ComputerName Remote Code Execution DNS Cryptographic key crashed	2 Keyword trend analysis	1	3	2	15.0	M	38	ZeroCERT

12135	2023-06-19 17:11	wqewqewqewqeqwqewqewqewqewqe%2... f184e823c303d399c0dda9de40c7f45b MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware RWX flags setting exploit crash Exploit crashed					3.2		30	ZeroCERT