Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	Score	Zero	VT	Player
13021	2021-10-01 22:27	bsdedit.exe 605299ab524fe98acbe5628e341482e3 RAT Generic Malware Malicious Packer Antivirus PE64 PE File VirusTotal Malware powershell AutoRuns suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key			7.0		23	ZeroCERT

13022	2021-10-01 22:29	eresizebar.png 81e4eb77718fdbfac2b0a40d9bc0eb87 Emotet Gen1 Malicious Packer UPX Malicious Library PE File OS Processor Check PE32 Malware PDB suspicious privilege Malicious Traffic buffers extracted unpack itself Check virtual network interfaces suspicious process ComputerName DNS crashed	1 Keyword trend analysis	4	5.8			ZeroCERT

13023	2021-10-01 22:30	2.exe fcdf7ac67101861b39623dc6ac5d10b7 RAT Generic Malware Antivirus Malicious Packer DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenShot Http API Steal credential Downloader P2P AntiDebug AntiVM PE File PE32 PE64 VirusTotal Malware powershell AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key			8.2	M	46	ZeroCERT

13024	2021-10-01 22:31	file.exe 69dce54e4a4ae2dd643fb18d2fe99341 Malicious Library PE File PE32 VirusTotal Malware PDB unpack itself Remote Code Execution			2.0	M	22	ZeroCERT

13025	2021-10-01 22:33	.winlogon.exe d077e295db4627393844c14991d54cb2 PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName DNS crashed		1	10.4	M	22	ZeroCERT

13026	2021-10-01 22:35	runvd.exe d5eff41f5439c86a15b26aa5e04252c2 Malicious Library PE File PE32 VirusTotal Malware PDB unpack itself Remote Code Execution			2.0	M	21	ZeroCERT

13027	2021-10-01 22:55	0929_966655534820.doc 0fe8ca5d6100d9a3b6fa3a1512e091be VBA_macro Generic Malware MSOffice File VirusTotal Malware unpack itself			2.6		31	ZeroCERT

13028	2021-10-01 22:55	0929_977822708747.doc c43018a5f38a2b74bbc5198bbf40e98a VBA_macro Generic Malware MSOffice File VirusTotal Malware RWX flags setting unpack itself			3.0		32	ZeroCERT

13029	2021-10-01 22:57	0929_9545200010193.doc 58ee7d9fd3de8e9e0b2344784ab3d112 VBA_macro Generic Malware MSOffice File VirusTotal Malware RWX flags setting unpack itself			3.0		30	ZeroCERT

13030	2021-10-02 12:54	270bb2b722b4260011.exe 4d0f90fb39427a8bf7072403f5e0d746 Generic Malware Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Remote Code Execution			2.6		33	ZeroCERT

13031	2021-10-02 12:54	hfs.exe 759e5f4dbc7432a87a19bcff1ae50ab7 Generic Malware PE File PE32 VirusTotal Malware AutoRuns Check memory Creates executable files RWX flags setting unpack itself AppData folder AntiVM_Disk sandbox evasion VM Disk Size Check Windows Browser crashed		6	7.2		46	ZeroCERT

13032	2021-10-02 12:56	3306.exe 22858abb5a0f5c76115674d9ef7fe1cc Malicious Packer UPX Malicious Library PE File OS Processor Check PE32 DLL AutoRuns Windows Remote Code Execution DNS		3	2.2			ZeroCERT

13033	2021-10-02 12:57	lv.exe cba1da9d96a786e7f94ce71acc9c2901 Emotet Gen1 Gen2 Themida Packer Generic Malware Malicious Library UPX Anti_VM Malicious Packer DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Hijack Network Internet API FTP ScreenShot Http API Steal credentia VirusTotal Malware AutoRuns Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Windows crashed		1	7.0		23	ZeroCERT

13034	2021-10-02 12:58	tfhm2.exe 3a5b7d5f6a117df62b659581127ff18c Malicious Packer UPX Malicious Library PE File OS Processor Check PE32 DLL AutoRuns Windows Remote Code Execution		2	1.6			ZeroCERT

13035	2021-10-02 13:02	mup.exe c532ac418f3e867907c2757a7ca56a53 Malicious Packer Admin Tool (Sysinternals etc ...) Malicious Library PE File PE32 VirusTotal Malware AutoRuns Checks debugger ICMP traffic Disables Windows Security Windows DNS		28 Info www.update.microsoft.com(52.185.71.28) 217.30.163.6 89.236.216.4 46.41.210.169 178.253.102.214 52.137.90.34 5.236.202.102 78.154.58.250 42.248.183.204 213.230.69.229 89.236.233.147 187.230.102.45 80.191.99.108 151.239.29.44 2.178.208.211 187.156.53.199 88.204.223.198 178.169.31.126 217.219.197.194 151.234.111.115 2.190.108.57 42.248.182.162 42.248.182.199 42.248.182.94 46.70.75.105 31.184.160.220 42.248.182.142 186.94.107.91	8.4		49	ZeroCERT