popup

Submissions

No Date Request Urls Hosts IDS Rule Score Zero VT Player Etc
12661 2023-06-01 18:41 hkcmd.exe  

11424f53ceec0464b125aa0be6d87b36


PWS .NET framework Generic Malware Antivirus SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed 		1 2 1 14.4 M 25 ZeroCERT

12662 2023-06-01 18:40 chu.exe  

f700a3aecc0229163f39fea344c3ced6


PWS .NET framework Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed 		1 2 1 13.2 M 37 ZeroCERT

12663 2023-06-01 18:38 javaw.exe  

a5293c169f7533a080b4487606ec1569


RedLine stealer[m] UPX Malicious Library Malicious Packer AntiDebug AntiVM OS Processor Check PE File PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Collect installed applications WriteConsoleW installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed 		1 3 10.2 M 50 ZeroCERT

12664 2023-06-01 18:38 Facebook.exe  

09bfe56699530e69987a64e76a21ed3e


PWS .NET framework RAT UPX Confuser .NET OS Processor Check .NET EXE PE File PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed 		1 3 6.2 M 54 ZeroCERT

12665 2023-06-01 18:23 hkcmd.exe  

c8007c3ce22859007c4678adeb600457


UPX Malicious Library PE File PE32 PNG Format DLL PE64 VirusTotal Malware Check memory Creates executable files unpack itself AppData folder 		2.8 M 28 ZeroCERT

12666 2023-06-01 18:23 iiiiiiiiiiiiiiiiiiiiii%23%23%2...  

174222aa212b2aecba8abf1b391e096f


MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted RWX flags setting exploit crash Windows Exploit DNS crashed 		1 1 5 5.6 M 35 ZeroCERT

12667 2023-06-01 16:24 sfwedfj.exe  

3d8207e1ce6762ff10db118bee3bd99b


UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware PDB unpack itself 		2.2 51 ZeroCERT

12668 2023-06-01 11:28 fristname.exe  

a15dbd3e3c605d7578581d1cc025c482


RAT Gen1 Gen2 UPX Malicious Library .NET EXE PE File PE32 DLL PE64 OS Processor Check ZIP Format VirusTotal Malware MachineGuid Check memory Checks debugger Creates executable files unpack itself AppData folder Windows Cryptographic key 		4.0 48 ZeroCERT

12669 2023-06-01 09:54 6477e8cb9c716.zip  

faace9f6881e329d12abcb306512fbcd


ZIP Format Malware Malicious Traffic NetSupport 		3 4 3 0.8 ZeroCERT

12670 2023-06-01 09:47 ahsan_newPayload.vbs  

625580c2a215d1a38c95b40bf3268b64


Formbook Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key 		5.2 M 6 ZeroCERT

12671 2023-06-01 09:45 eme_fam_Payload.vbs  

33ce76e16a43ae07a89fca5fbfedc506


Formbook Generic Malware Antivirus PowerShell VirusTotal Malware suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key 		5.2 M 6 ZeroCERT

12672 2023-06-01 09:45 black_Payload.vbs  

7fb3638e8ed0bcf459d9c84177cd6847


Formbook Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key 		5.2 M 6 ZeroCERT

12673 2023-06-01 09:43 internet.exe  

fa2f3757fc80781a717cebf54ed81962


Loki_b Loki_m Malicious Packer PE File PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Malicious Traffic Check memory installed browsers check Browser Email ComputerName DNS Software 		1 1 7 7.6 M 65 ZeroCERT

12674 2023-06-01 09:43 methew_Payload.vbs  

76c64736b96b7abf1849b218ba73d441


Formbook Generic Malware Antivirus PowerShell VirusTotal Malware suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key 		5.2 M 9 ZeroCERT

12675 2023-06-01 09:41 IMG_3360_103pdf.exe  

59ed8fb12afa93b7e89a6d5282a617f0


Loki_b Loki_m PWS .NET framework Generic Malware Antivirus Socket DNS PWS[m] AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell Buffer PE suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote suspicious process malicious URLs installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software 		1 1 16.2 M 48 ZeroCERT

keyword