Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
12436
2021-09-15 10:28
3201ZX_PO.scr
90a52829d0ebf1a006ea826a6034cdf0
RAT
PWS
.NET framework
Generic Malware
Antivirus
DNS
AntiDebug
AntiVM
PE File
.NET EXE
PE32
powershell
Buffer PE
AutoRuns
suspicious privilege
MachineGuid
Code Injection
Check memory
Checks debugger
buffers extracted
WMI
Creates shortcut
ICMP traffic
unpack itself
Windows utilities
powershell.exe wrote
suspicious process
WriteConsoleW
human activity check
Windows
ComputerName
DNS
Cryptographic key
DDNS
crashed
6
Info
×
www.youtube.com(142.250.196.110)
raw22.ddns.net(197.210.79.46)
www.google.com(172.217.175.68)
142.250.66.68
142.250.66.110
197.210.79.46
1
Info
×
ET POLICY DNS Query to DynDNS Domain *.ddns .net
16.2
ZeroCERT
12437
2021-09-15 10:37
632514XVC_PO.scr
8a535e9629e030d4656fa875efa4232f
RAT
PWS
.NET framework
Generic Malware
Antivirus
DNS
AntiDebug
AntiVM
PE File
.NET EXE
PE32
powershell
Buffer PE
AutoRuns
suspicious privilege
MachineGuid
Code Injection
Check memory
Checks debugger
buffers extracted
WMI
Creates shortcut
ICMP traffic
unpack itself
Windows utilities
powershell.exe wrote
suspicious process
WriteConsoleW
human activity check
Windows
ComputerName
DNS
Cryptographic key
DDNS
crashed
6
Info
×
www.youtube.com(142.250.196.110)
raw22.ddns.net(197.210.79.46)
www.google.com(172.217.31.164)
216.58.200.78
197.210.79.46
216.58.200.68
1
Info
×
ET POLICY DNS Query to DynDNS Domain *.ddns .net
16.2
ZeroCERT
12438
2021-09-15 10:38
anydesk_resolver.exe
df701faf88644d68ec3e380f72f432be
Gen2
Gen1
Generic Malware
Malicious Library
Malicious Packer
PE64
PE File
OS Processor Check
DLL
.NET DLL
VirusTotal
Malware
suspicious privilege
Creates executable files
Windows
2.8
2
guest
12439
2021-09-15 10:45
DVN~1102002876567833SDM.exe
1c9c420decea026e19abb473e5762913
Generic Malware
Admin Tool (Sysinternals etc ...)
PE File
.NET EXE
PE32
VirusTotal
Malware
Check memory
Checks debugger
unpack itself
1.6
22
ZeroCERT
12440
2021-09-15 10:48
Gck~09837636373-0938763.exe
69db6af19fd456554ef4972e27de4b47
Generic Malware
Admin Tool (Sysinternals etc ...)
DNS
AntiDebug
AntiVM
PE File
.NET EXE
PE32
VirusTotal
Malware
Buffer PE
AutoRuns
suspicious privilege
MachineGuid
Code Injection
Check memory
Checks debugger
buffers extracted
Creates executable files
unpack itself
Windows utilities
suspicious process
AppData folder
WriteConsoleW
human activity check
Windows
ComputerName
DNS
Cryptographic key
DDNS
2
Info
×
1116.hopto.org(185.140.53.9) - mailcious
185.140.53.9 - mailcious
1
Info
×
ET POLICY DNS Query to DynDNS Domain *.hopto .org
15.6
24
ZeroCERT
12441
2021-09-15 10:53
remove.html
782199d0241343a3a5166bf0c8417391
Malicious Packer
Malicious Library
AntiDebug
AntiVM
PE64
PE File
OS Processor Check
DLL
MSOffice File
PNG Format
JPEG Format
Code Injection
RWX flags setting
exploit crash
unpack itself
Windows utilities
Tofsee
Windows
Exploit
DNS
crashed
1
Keyword trend analysis
×
Info
×
http://wiyolo.com/956fb7ffae6a93d9/cover.cab
2
Info
×
wiyolo.com(142.234.157.206)
142.234.157.206
2
Info
×
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
3.8
ZeroCERT
12442
2021-09-15 11:16
Inquiries 35792365544.exe
193fdae9b4146b0cef8fc7ddf46825ea
PWS
.NET framework
Generic Malware
Antivirus
SMTP
KeyLogger
AntiDebug
AntiVM
PE File
.NET EXE
PE32
VirusTotal
Malware
powershell
AutoRuns
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
Creates shortcut
unpack itself
powershell.exe wrote
suspicious process
WriteConsoleW
Windows
ComputerName
Cryptographic key
crashed
12.0
15
ZeroCERT
12443
2021-09-15 11:16
cover.cab
edaa11c6b13f9ea8542884804a53bf67
Malicious Packer
Malicious Library
OS Processor Check
M
ZeroCERT
12444
2021-09-15 11:31
trace_trace.json
1354d104d772e0984b75c363cdf0686a
AntiDebug
AntiVM
Email Client Info Stealer
suspicious privilege
Checks debugger
Creates shortcut
unpack itself
AntiVM_Disk
VM Disk Size Check
installed browsers check
Browser
Email
ComputerName
3.8
guest
12445
2021-09-15 12:12
MF-0983765367389387.exe
037de45eaa5755f338acba0eda72f737
Generic Malware
Admin Tool (Sysinternals etc ...)
DNS
AntiDebug
AntiVM
PE File
.NET EXE
PE32
VirusTotal
Malware
Buffer PE
AutoRuns
suspicious privilege
MachineGuid
Code Injection
Check memory
Checks debugger
buffers extracted
Creates executable files
unpack itself
Windows utilities
suspicious process
AppData folder
WriteConsoleW
human activity check
Windows
ComputerName
DNS
Cryptographic key
DDNS
2
Info
×
1116.hopto.org(185.140.53.9) - mailcious
185.140.53.9 - mailcious
1
Info
×
ET POLICY DNS Query to DynDNS Domain *.hopto .org
15.4
18
ZeroCERT
12446
2021-09-15 12:17
NCV~00983763673938FTS.exe
221a9d3316a9019e58e8b38f3730d499
Generic Malware
Admin Tool (Sysinternals etc ...)
PE File
.NET EXE
PE32
VirusTotal
Malware
Check memory
Checks debugger
unpack itself
crashed
1.8
20
ZeroCERT
12447
2021-09-15 12:20
Order_inquiry_021_014_21.js
836365de25b8b33c14a7971eeca6151b
VirusTotal
Malware
VBScript
AutoRuns
wscript.exe payload download
Windows utilities
suspicious process
WriteConsoleW
Windows
ComputerName
Dropper
1
Keyword trend analysis
×
Info
×
http://grace2020.home-webserver.de:3774/Vre - rule_id: 5149
2
Info
×
grace2020.home-webserver.de(31.210.20.230) - mailcious
31.210.20.230 - mailcious
1
Info
×
http://grace2020.home-webserver.de:3774/Vre
10.0
M
11
ZeroCERT
12448
2021-09-15 12:24
Proforma INV.exe
435508016f12954debf8428e661d4380
RAT
PWS
.NET framework
Generic Malware
Antivirus
SMTP
KeyLogger
AntiDebug
AntiVM
PE File
.NET EXE
PE32
VirusTotal
Malware
powershell
AutoRuns
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
Creates shortcut
unpack itself
powershell.exe wrote
suspicious process
WriteConsoleW
Windows
ComputerName
Cryptographic key
crashed
12.2
20
ZeroCERT
12449
2021-09-15 12:29
REF-ORDER NO PO# 65081740.exe
64e08b4b275565cef9b49ea597d410de
RAT
PWS
.NET framework
Generic Malware
DNS
AntiDebug
AntiVM
PE File
.NET EXE
PE32
VirusTotal
Malware
Buffer PE
AutoRuns
suspicious privilege
MachineGuid
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
Windows utilities
suspicious process
WriteConsoleW
human activity check
Windows
ComputerName
DNS
DDNS
crashed
2
Info
×
mirra.hopto.org(185.140.53.56)
185.140.53.56
1
Info
×
ET POLICY DNS Query to DynDNS Domain *.hopto .org
13.6
20
ZeroCERT
12450
2021-09-15 12:32
Запит на цитату.exe
1192da6bbe33fcfbf4c537c96b7856dd
RAT
PWS
.NET framework
Generic Malware
PE File
.NET EXE
PE32
VirusTotal
Malware
PDB
suspicious privilege
Check memory
Checks debugger
buffers extracted
unpack itself
ComputerName
3.8
25
ZeroCERT
First
Previous
821
822
823
824
825
826
827
828
829
830
Next
Last
Total : 49,427cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword
