Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
12961
2021-09-30 10:20
vbc.exe
01a73a74c0f01ff769fcd5fcaae92598
Generic Malware
UPX
PE File
PE32
VirusTotal
Malware
Check memory
RWX flags setting
unpack itself
Remote Code Execution
2.2
M
38
r0d
12962
2021-09-30 12:21
recital-621114164.xls
7f0d5c3db358b67db20e4d1484741c89
MSOffice File
RWX flags setting
unpack itself
suspicious process
Tofsee
3
Keyword trend analysis
×
Info
×
https://gillcart.com/Cdpmoyhr/key.xml
https://geit.in/MeOlE9Xxd/key.xml
https://mercanets.com/9DPZqAfZdq5z/key.xml
6
Info
×
mercanets.com(162.222.225.250)
geit.in(162.251.80.22)
gillcart.com(199.79.63.251)
162.251.80.22 - mailcious
162.222.225.250
199.79.63.251
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
3.6
guest
12963
2021-09-30 12:23
recital-620880605.xls
8df7d1b7b0019bc9cadd47099d1ca654
MSOffice File
RWX flags setting
unpack itself
suspicious process
Tofsee
3
Keyword trend analysis
×
Info
×
https://gillcart.com/Cdpmoyhr/key.xml
https://geit.in/MeOlE9Xxd/key.xml
https://mercanets.com/9DPZqAfZdq5z/key.xml
6
Info
×
mercanets.com(162.222.225.250)
geit.in(162.251.80.22)
gillcart.com(199.79.63.251)
162.251.80.22 - mailcious
162.222.225.250
199.79.63.251
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
3.6
guest
12964
2021-09-30 12:25
recital-621140784.xls
458a329a8f6f1d05aba86736569d67ea
MSOffice File
RWX flags setting
unpack itself
suspicious process
Tofsee
3
Keyword trend analysis
×
Info
×
https://gillcart.com/Cdpmoyhr/key.xml
https://geit.in/MeOlE9Xxd/key.xml
https://mercanets.com/9DPZqAfZdq5z/key.xml
6
Info
×
mercanets.com(162.222.225.250)
geit.in(162.251.80.22)
gillcart.com(199.79.63.251)
162.251.80.22 - mailcious
162.222.225.250
199.79.63.251
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
3.6
guest
12965
2021-09-30 12:27
recital-621339044.xls
bfe60638a48147b533f2bee0bfd91a6b
MSOffice File
RWX flags setting
unpack itself
suspicious process
Tofsee
3
Keyword trend analysis
×
Info
×
https://gillcart.com/Cdpmoyhr/key.xml
https://geit.in/MeOlE9Xxd/key.xml
https://mercanets.com/9DPZqAfZdq5z/key.xml
6
Info
×
mercanets.com(162.222.225.250)
geit.in(162.251.80.22)
gillcart.com(199.79.63.251)
162.251.80.22 - mailcious
162.222.225.250
199.79.63.251
2
Info
×
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
3.6
guest
12966
2021-09-30 14:22
invoice_2818144.vbs
fce037aad780c08c85db2f24bff80cfa
Malicious Library
PE File
DLL
PE32
VirusTotal
Malware
VBScript
buffers extracted
WMI
wscript.exe payload download
Creates executable files
unpack itself
suspicious process
AppData folder
Tofsee
ComputerName
crashed
Dropper
2
Info
×
paste.ee(104.26.5.223) - mailcious
104.26.5.223 - mailcious
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
10.0
M
1
ZeroCERT
12967
2021-09-30 14:22
ASSYY Bypass.txt.ps1
995b51523526051e54b217309b0213af
Generic Malware
Antivirus
VirusTotal
Malware
Check memory
unpack itself
WriteConsoleW
Windows
Cryptographic key
1.6
M
12
ZeroCERT
12968
2021-09-30 16:36
34b53cd683f60800ac4057d25b24d8...
02c2a68ce9a35f5f0e1b3456e09d6cc9
Word 2007 file format(docx)
VirusTotal
Malware
unpack itself
1
Keyword trend analysis
×
Info
×
http://maq.com.pk/
2
Info
×
maq.com.pk(203.124.43.227) - mailcious
203.124.43.227 - mailcious
2.0
M
26
guest
12969
2021-09-30 18:09
runvd.exe
92a1673a000e107b4375959e5d366e3f
Malicious Library
PE File
OS Processor Check
PE32
VirusTotal
Malware
PDB
unpack itself
Remote Code Execution
2.4
M
24
ZeroCERT
12970
2021-09-30 18:09
mavzx.exe
7fce2046129269b69e2a8ff2358968fc
PWS
.NET framework
Generic Malware
SMTP
KeyLogger
AntiDebug
AntiVM
PE File
.NET EXE
PE32
VirusTotal
Malware
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
Windows
ComputerName
crashed
8.6
M
16
ZeroCERT
12971
2021-09-30 18:11
PO98848.exe
9f75f8681717e1035a190dc2e849e1fc
PWS
.NET framework
Generic Malware
PE File
.NET EXE
PE32
VirusTotal
Malware
suspicious privilege
Code Injection
Check memory
Checks debugger
unpack itself
5.0
M
27
ZeroCERT
12972
2021-10-01 08:03
t.msi
b5748cd7d495d76fb3293cf4da83632f
Generic Malware
Admin Tool (Sysinternals etc ...)
MSOffice File
VirusTotal
Malware
suspicious privilege
Check memory
Checks debugger
unpack itself
AntiVM_Disk
VM Disk Size Check
ComputerName
2.2
9
ZeroCERT
12973
2021-10-01 09:26
vbc.exe
18e6b6c1a6f3f7aaa2be58edaa8c1121
Malicious Library
PE File
OS Processor Check
PE32
VirusTotal
Malware
PDB
unpack itself
Remote Code Execution
2.4
28
ZeroCERT
12974
2021-10-01 09:27
D776885863728261937.PDF.exe
f6f1800d0147b3bbc7b32048e4da21d2
PWS
.NET framework
Generic Malware
AntiDebug
AntiVM
PE File
.NET EXE
PE32
FormBook
Malware download
VirusTotal
Malware
suspicious privilege
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
unpack itself
Windows utilities
AppData folder
Windows
1
Keyword trend analysis
×
Info
×
http://www.geektranslate.com/vngb/?JBZ4nZ=Q4CGzn1VncUUPAEFqsK/pHj8DKtg7vyclW3zJ4058Xxlika/T9k0LuqOpNqWt8Dck45MXS4C&BXLtz=E2J8YjahMr5
3
Info
×
www.yektaburgers.com()
www.geektranslate.com(104.21.88.45)
172.67.172.138
1
Info
×
ET MALWARE FormBook CnC Checkin (GET)
10.2
22
ZeroCERT
12975
2021-10-01 09:28
toolspab2.exe
9bdd14001733628651187797c3619b23
Malicious Library
AntiDebug
AntiVM
PE File
PE32
VirusTotal
Malware
PDB
Code Injection
Checks debugger
buffers extracted
unpack itself
Remote Code Execution
7.0
22
ZeroCERT
First
Previous
861
862
863
864
865
866
867
868
869
870
Next
Last
Total : 49,428cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword
