Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
12196	2021-09-08 09:59	enumusers0904.exe 109c2133f17fa4e495f63c99429835f9 UPX PE File PE32 VirusTotal Malware Check memory WriteConsoleW					3.0	M	38	ZeroCERT

12197	2021-09-08 09:59	apines.exe 5dc89acaae4edda1b0519ff9657b763a Malicious Library PE File PE32 OS Processor Check VirusTotal Malware PDB unpack itself Remote Code Execution					2.2	M	33	ZeroCERT

12198	2021-09-08 10:02	vbc.exe dad20c2f942a638d3d556961f92af143 PWS .NET framework Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key	6 Keyword trend analysis Info http://www.mercurydatas.com/24ng/?EZUTzDu=73RKxnoEEGPHaiqYHtD+jTsNxYvkw6Ei3DrZaFJsPwj3AJHixVrZdfXfQY48NHPO2bpqzq2Z&DzrLW=VBZtT4dPwd244h - rule_id: 4594 http://www.sunshineenergyind.com/24ng/?EZUTzDu=35iWi52lGojBS87VvIGnpLKhNq28n3UubyUFC8niPWNy7gVZgtz7k+ypAgcpiko10aWgDcvJ&DzrLW=VBZtT4dPwd244h http://www.myfreezic.com/24ng/?EZUTzDu=YF1kztGDlRJpsfA9HLEjfHWM3KfZfu6pVivDrAZmlPi8ADA1cW10jKFzSf6SS65dyB8FAXy7&DzrLW=VBZtT4dPwd244h - rule_id: 4978 http://www.getzlppi.com/24ng/?EZUTzDu=L5LGxFrJmFFW7+IY9g8iVUirVSu4fjeQj90+j0oTYvKK8rEJklo6J2dxJua7XjT6OpHJ/fPt&DzrLW=VBZtT4dPwd244h - rule_id: 4824 http://www.brightstarqr.com/24ng/?EZUTzDu=8v1BaeXDdHouIcyDdFDGzu6REvBUz6OB3JNjO8R+mAtpk36d8yYIQhxbWZgde9Q6oLtpMRoQ&DzrLW=VBZtT4dPwd244h - rule_id: 4826 http://www.inanavcifitnessclub.com/24ng/?EZUTzDu=7B/mxEe684X+Fe8GJ5WQJKEToqxOKLoYRHSlnqT22Suhy7fkAEyyqsV6IsAMnECK+ppvVgFJ&DzrLW=VBZtT4dPwd244h - rule_id: 4825	16 Info www.jogiyoga.support() www.brightstarqr.com(54.157.58.70) www.mercurydatas.com(91.194.91.202) www.tonailcure.icu() www.equltycol.com() www.operationbuy.com() www.getzlppi.com(34.102.136.180) www.sunshineenergyind.com(99.83.154.118) www.inanavcifitnessclub.com(209.99.40.222) www.myfreezic.com(103.139.0.32) 103.139.0.32 - mailcious 209.99.40.222 - mailcious 18.205.36.100 99.83.154.118 - mailcious 34.102.136.180 - mailcious 91.194.91.202 - mailcious	2	5	8.0	M	30	ZeroCERT

12199	2021-09-08 10:02	kernel.exe 8c4b4ab56eb5d879334e5f92ed70ecc3 RAT Generic Malware Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Windows ComputerName Cryptographic key crashed	1 Keyword trend analysis	2	1	1	10.4	M	28	ZeroCERT

12200	2021-09-08 10:04	0n1y_53r10u5.exe 1a077c94c3eb2f099100f3bb12315334 Themida Packer Anti_VM PE File PE32 VirusTotal Malware unpack itself Windows utilities Checks Bios Detects VirtualBox Detects VMWare WriteConsoleW VMware anti-virtualization Windows ComputerName Firmware crashed					6.6	M	40	ZeroCERT

12201	2021-09-08 10:06	judecrypted.exe d1afdf5f45a0fe6b6629f82c19e178d1 PE File PE32 VirusTotal Malware Tofsee	1 Keyword trend analysis	2	2		1.0	M	30	ZeroCERT

12202	2021-09-08 10:07	bankzx.exe 604eadeb6c2ff6e10801d33156daff00 PWS .NET framework Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key	1 Keyword trend analysis	4	2		10.0	M	36	ZeroCERT

12203	2021-09-08 10:09	update365_0831042.exe 00d86a679c41b1dbe1b5de1926cf771a RAT Generic Malware Antivirus PE File PE32 .NET EXE VirusTotal Malware powershell suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process Windows ComputerName Cryptographic key					5.0	M	22	ZeroCERT

12204	2021-09-08 10:09	DLT_85620000107.exe 18ca3863bfd1ea32400b29d56e2fdf1f PWS .NET framework Generic Malware Antivirus AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut ICMP traffic unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed	8 Keyword trend analysis Info http://www.bloombathbombs.com/wdhc/ http://www.xn--i1b6ewaaie7gm.com/wdhc/?XRm0zD6x=0LiCscd4a7tI1zgKVF8S+rUGSV/54ZmkWb1WgMQi+fSgg1lYhx/FQ5t44sMewl7CbCPqX6d4&V4=CXFL6 http://www.ez-skin.com/wdhc/?XRm0zD6x=hHcB1VF6gDirRlefmXVbqwZcvdb0sQI2CijSGZ0QjQGvt1HSnIQLaIN/81JJPY4ZtN7YRgzA&V4=CXFL6 http://www.webtinchap.com/wdhc/ http://www.ez-skin.com/wdhc/ http://www.xn--i1b6ewaaie7gm.com/wdhc/ http://www.bloombathbombs.com/wdhc/?XRm0zD6x=Es2RL7ETYJMjLsjERN1lcxAyqHM3gPvC7jfKXp5P0BAnxIVDyWZz5xeNY17RRs6Z+z5zNg1k&V4=CXFL6 http://www.webtinchap.com/wdhc/?XRm0zD6x=OWqWFeXUvcYjnVbfh3wKs9xVY9LZ1xcjdI/DmFSv+ONwutCEFIA/Zdh+BBdL9yWKptOZcTg1&V4=CXFL6	13 Info www.webtinchap.com(172.217.175.83) www.ez-skin.com(23.227.38.74) www.toyotadongthap.com() dns.google(8.8.4.4) www.bloombathbombs.com(23.227.38.74) time.google.com(216.239.35.4) www.mygahannaohhomes.com() www.xn--i1b6ewaaie7gm.com(34.98.99.30) www.thefundraisingguru.com() 142.250.204.115 23.227.38.74 - mailcious 216.239.35.0 34.98.99.30 - phishing	1		13.0		14	ZeroCERT

12205	2021-09-08 10:11	topboizx.exe 717e06c7704f3f9ea2307879791ace04 PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName Cryptographic key crashed					10.8	M	22	ZeroCERT

12206	2021-09-08 10:11	DONBUILD.exe 54e4176aa7edcbc7ed79e0080422998e RAT Generic Malware UPX PE File PE32 .NET EXE VirusTotal Malware Buffer PE PDB Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Windows ComputerName DNS Cryptographic key	2 Keyword trend analysis	3	2		4.8	M	17	ZeroCERT

12207	2021-09-08 10:13	sureboizx.exe c92c0b6795aed0105803141b35b2a31c Generic Malware PE File PE32 .NET EXE VirusTotal Malware Check memory Checks debugger unpack itself Windows Cryptographic key					1.8	M	21	ZeroCERT

12208	2021-09-08 10:13	dohcrypted.exe 6d3632abf3c43b6da3bcef47d3343da1 Generic Malware UPX Malicious Packer PE File PE32 VirusTotal Malware RWX flags setting unpack itself AntiVM_Disk VM Disk Size Check					2.8	M	61	ZeroCERT

12209	2021-09-08 10:15	BLT-7501033098.exe 391130ad385ed32583fd74ab73bb6c8e PWS .NET framework Generic Malware Antivirus AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware powershell Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI Creates shortcut ICMP traffic RWX flags setting unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed		3			11.8	M	24	ZeroCERT

12210	2021-09-08 10:25	testqcwqebqweqwe.dll cab6437671ab5df296ea3d63d4a2d65d Generic Malware PE File PE32 .NET DLL DLL VirusTotal Malware PDB					1.0		29	ZeroCERT