Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
12376
2021-09-14 10:06
pay.exe
6622363be06db7fabf23393755e05b0b
Malicious Library
PE File
PE32
Malware download
VirusTotal
Malware
GhostRAT
AutoRuns
sandbox evasion
Windows
Backdoor
DNS
1
Info
×
1.14.61.188 - malware
2
Info
×
ET MALWARE Backdoor family PCRat/Gh0st CnC traffic
ET MALWARE Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 102
5.0
M
52
ZeroCERT
12377
2021-09-14 10:06
qu2.exe
a8ea59af5d4d2b6d07e62e9e26b9259d
Emotet
Gen2
RAT
PWS
.NET framework
Generic Malware
Themida Packer
Malicious Packer
Anti_VM
Malicious Library
UPX
PE File
OS Processor Check
.NET EXE
PE32
Browser Info Stealer
FTP Client Info Stealer
VirusTotal
Malware
suspicious privilege
Malicious Traffic
Check memory
Checks debugger
buffers extracted
WMI
Creates executable files
unpack itself
Checks Bios
Collect installed applications
Detects VMWare
Check virtual network interfaces
AppData folder
suspicious TLD
VMware
anti-virtualization
installed browsers check
Tofsee
Windows
Browser
ComputerName
Remote Code Execution
Firmware
DNS
Cryptographic key
Software
crashed
2
Keyword trend analysis
×
Info
×
http://sherence.ru/qYnjfKljhYhAhBx.exe
https://api.ip.sb/geoip
5
Info
×
sherence.ru(104.21.48.37) - malware
api.ip.sb(104.26.12.31)
104.26.12.31
172.67.176.114 - malware
45.129.236.209
3
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
13.8
M
26
ZeroCERT
12378
2021-09-14 10:11
ขอใบเสนอราคา.exe
e36a661f77f3fca72978bfa46cb22000
RAT
PWS
.NET framework
Generic Malware
PE File
.NET EXE
PE32
VirusTotal
Malware
suspicious privilege
Check memory
Checks debugger
buffers extracted
unpack itself
ComputerName
3.0
22
ZeroCERT
12379
2021-09-14 10:16
0913_1576787967287.doc
8c85a65a764bc1e9e30bc0f7e7cf90bc
VBA_macro
Generic Malware
MSOffice File
GIF Format
VirusTotal
Malware
Malicious Traffic
Checks debugger
buffers extracted
Creates shortcut
Creates executable files
RWX flags setting
unpack itself
Check virtual network interfaces
suspicious TLD
IP Check
ComputerName
1
Keyword trend analysis
×
Info
×
http://api.ipify.org/
4
Info
×
weveresroyeas.ru(91.226.80.10) - mailcious
api.ipify.org(50.19.119.155)
50.19.104.221
91.226.80.10 - mailcious
1
Info
×
ET POLICY External IP Lookup api.ipify.org
8.4
M
10
ZeroCERT
12380
2021-09-14 10:19
43894826741893.JPG.scr
e63e0da10c77c350dff54975e94b3170
Gen2
Gen1
Generic Malware
Malicious Library
Malicious Packer
DNS
AntiDebug
AntiVM
PE File
OS Processor Check
PE32
VirusTotal
Malware
Buffer PE
AutoRuns
PDB
suspicious privilege
MachineGuid
Code Injection
Check memory
Checks debugger
buffers extracted
Creates executable files
unpack itself
Windows utilities
suspicious process
WriteConsoleW
human activity check
Windows
ComputerName
Remote Code Execution
DNS
DDNS
crashed
3
Info
×
strongodss.ddns.net(197.210.79.201) - mailcious
197.210.79.201
185.19.85.175
1
Info
×
ET POLICY DNS Query to DynDNS Domain *.ddns .net
16.2
31
ZeroCERT
12381
2021-09-14 10:20
IMG.2310000001.JPG.scr
f8b18f7f06521cd1007494ffa3d96307
Gen2
Gen1
Generic Malware
Malicious Library
Malicious Packer
DNS
AntiDebug
AntiVM
PE File
OS Processor Check
PE32
VirusTotal
Malware
Buffer PE
AutoRuns
PDB
suspicious privilege
MachineGuid
Code Injection
Check memory
Checks debugger
buffers extracted
Creates executable files
unpack itself
Windows utilities
suspicious process
WriteConsoleW
human activity check
Windows
ComputerName
Remote Code Execution
DNS
DDNS
crashed
3
Info
×
strongodss.ddns.net(197.210.79.201) - mailcious
197.210.79.201
185.19.85.175
1
Info
×
ET POLICY DNS Query to DynDNS Domain *.ddns .net
16.2
32
ZeroCERT
12382
2021-09-14 10:21
BTRU_0498763892I3HJ.exe
6c095aa22ec999e590500d62c00cdcc2
Generic Malware
Admin Tool (Sysinternals etc ...)
DNS
AntiDebug
AntiVM
PE File
.NET EXE
PE32
VirusTotal
Malware
Buffer PE
AutoRuns
suspicious privilege
MachineGuid
Code Injection
Check memory
Checks debugger
buffers extracted
Creates executable files
unpack itself
Windows utilities
suspicious process
AppData folder
WriteConsoleW
human activity check
Windows
ComputerName
DNS
Cryptographic key
DDNS
2
Info
×
1116.hopto.org(185.140.53.9)
185.140.53.9 - mailcious
1
Info
×
ET POLICY DNS Query to DynDNS Domain *.hopto .org
15.6
27
ZeroCERT
12383
2021-09-14 10:31
Order_inquiry_012_013_21.js
9beeb0cd672264c6db9a47fc34e0fd7a
VBScript
AutoRuns
wscript.exe payload download
ICMP traffic
Windows utilities
suspicious process
WriteConsoleW
Windows
ComputerName
Dropper
1
Keyword trend analysis
×
Info
×
http://grace2020.home-webserver.de:3774/Vre
2
Info
×
grace2020.home-webserver.de(31.210.20.230) - mailcious
31.210.20.230
10.0
ZeroCERT
12384
2021-09-14 10:32
PDB_30983765367389387TM.exe
b95a105bddbd178f6ef1fea492816177
Generic Malware
Admin Tool (Sysinternals etc ...)
DNS
AntiDebug
AntiVM
PE File
.NET EXE
PE32
VirusTotal
Malware
Buffer PE
AutoRuns
suspicious privilege
MachineGuid
Code Injection
Check memory
Checks debugger
buffers extracted
Creates executable files
unpack itself
Windows utilities
suspicious process
AppData folder
WriteConsoleW
human activity check
Windows
ComputerName
DNS
Cryptographic key
DDNS
2
Info
×
1116.hopto.org(185.140.53.9)
185.140.53.9 - mailcious
1
Info
×
ET POLICY DNS Query to DynDNS Domain *.hopto .org
15.6
22
ZeroCERT
12385
2021-09-14 10:36
Solicitud de presupuesto.exe
886d720611c97f9b5453909385a37912
RAT
PWS
.NET framework
Generic Malware
SMTP
KeyLogger
AntiDebug
AntiVM
PE File
.NET EXE
PE32
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
Windows
ComputerName
crashed
8.0
ZeroCERT
12386
2021-09-14 10:36
Запит на цитату.exe
e36a661f77f3fca72978bfa46cb22000
RAT
PWS
.NET framework
Generic Malware
PE File
.NET EXE
PE32
VirusTotal
Malware
suspicious privilege
Check memory
Checks debugger
buffers extracted
unpack itself
ComputerName
3.0
22
ZeroCERT
12387
2021-09-14 10:47
qYnjfKljhYhAhBx.exe
82d526a3173aca4b9c9c978cb3281e4e
RAT
PWS
.NET framework
NPKI
Generic Malware
Malicious Packer
UPX
Malicious Library
DGA
DNS
Socket
Create Service
Sniff Audio
Escalate priviledges
KeyLogger
Code injection
HTTP
Internet API
FTP
ScreenShot
Http API
Steal credential
Downloader
P2P
AntiDebug
Code Injection
AppData folder
WriteConsoleW
Tofsee
ComputerName
DNS
3
Info
×
api.telegram.org(149.154.167.220)
185.92.150.213
149.154.167.220
2
Info
×
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
4.8
ZeroCERT
12388
2021-09-14 14:19
admin.php
dcbcd8c4fcdd17079caa96f80be4dd04
PE File
OS Processor Check
DLL
PE32
VirusTotal
Malware
PDB
0.8
15
ZeroCERT
12389
2021-09-14 15:38
admin.php
dcbcd8c4fcdd17079caa96f80be4dd04
Generic Malware
Antivirus
PE File
OS Processor Check
DLL
PE32
.NET DLL
VirusTotal
Malware
powershell
PDB
suspicious privilege
Check memory
Checks debugger
Creates shortcut
Creates executable files
unpack itself
Windows utilities
powershell.exe wrote
Check virtual network interfaces
suspicious process
AppData folder
WriteConsoleW
Windows
ComputerName
DNS
Cryptographic key
1
Keyword trend analysis
×
Info
×
http://168.188.127.217/notice.png
3
Info
×
34.64.143.34
34.123.161.169
168.188.127.217
8.8
15
ZeroCERT
12390
2021-09-14 15:54
34.64.143.34.ps1
bf2045debff7cbd7dc1210ca6535efd9
Generic Malware
Antivirus
PE File
.NET DLL
DLL
PE32
Email Client Info Stealer
powershell
suspicious privilege
Check memory
Checks debugger
Creates shortcut
Creates executable files
unpack itself
Windows utilities
Check virtual network interfaces
suspicious process
AppData folder
WriteConsoleW
Windows
Email
ComputerName
DNS
Cryptographic key
2
Info
×
34.64.143.34
34.123.161.169
9.2
ZeroCERT
First
Previous
821
822
823
824
825
826
827
828
829
830
Next
Last
Total : 49,427cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword
