Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
13081
2021-10-04 18:01
New Purchase Orders.exe
d8998dae32a1fca9f8e11d81d57f7d56
PWS
.NET framework
Generic Malware
Antivirus
DNS
AntiDebug
AntiVM
PE File
.NET EXE
PE32
powershell
Buffer PE
AutoRuns
suspicious privilege
MachineGuid
Code Injection
Check memory
Checks debugger
buffers extracted
Creates shortcut
unpack itself
Windows utilities
Checks Bios
Detects VirtualBox
powershell.exe wrote
suspicious process
WriteConsoleW
VMware
anti-virtualization
human activity check
Windows
ComputerName
DNS
Cryptographic key
DDNS
Software
4
Info
×
sonspices.ddns.net(185.140.53.9) - mailcious
185.140.53.9 - mailcious
37.235.1.174 - mailcious
37.235.1.177 - mailcious
1
Info
×
ET POLICY DNS Query to DynDNS Domain *.ddns .net
18.8
ZeroCERT
13082
2021-10-04 18:03
Payment Swift.exe
67067b34d97401bc13ef0e10cdf23d68
PWS
.NET framework
Generic Malware
Antivirus
DNS
AntiDebug
AntiVM
PE File
.NET EXE
PE32
VirusTotal
Malware
powershell
Buffer PE
AutoRuns
suspicious privilege
MachineGuid
Code Injection
Check memory
Checks debugger
buffers extracted
Creates shortcut
unpack itself
Windows utilities
powershell.exe wrote
suspicious process
WriteConsoleW
human activity check
Windows
ComputerName
DNS
Cryptographic key
DDNS
crashed
4
Info
×
deedee111.ddns.net(194.5.98.11)
37.235.1.177 - mailcious
37.235.1.174 - mailcious
194.5.98.11 - mailcious
1
Info
×
ET POLICY DNS Query to DynDNS Domain *.ddns .net
16.0
33
ZeroCERT
13083
2021-10-04 18:12
SCANNED DOCUMENT_EXPORT FILE_I...
eb5b9a8b304fef5edda1c2f71b69b47d
Generic Malware
Antivirus
DNS
AntiDebug
AntiVM
PE File
.NET EXE
PE32
Buffer PE
AutoRuns
suspicious privilege
MachineGuid
Code Injection
Check memory
Checks debugger
buffers extracted
Creates shortcut
unpack itself
Windows utilities
suspicious process
WriteConsoleW
human activity check
Windows
ComputerName
DNS
Cryptographic key
DDNS
4
Info
×
accept.ddns.net(185.140.53.173)
37.235.1.177 - mailcious
37.235.1.174 - mailcious
185.140.53.173
1
Info
×
ET POLICY DNS Query to DynDNS Domain *.ddns .net
14.2
ZeroCERT
13084
2021-10-04 18:26
55.exe
d6f38bbee25e5e959ee5e3c058e251c6
Generic Malware
Malicious Packer
PE File
.NET EXE
PE32
VirusTotal
Malware
Buffer PE
AutoRuns
suspicious privilege
MachineGuid
Check memory
Checks debugger
buffers extracted
unpack itself
human activity check
Windows
ComputerName
DNS
DDNS
3
Info
×
deli.mywire.org(176.216.222.110)
kraldeli.linkpc.net(176.216.222.110) - mailcious
176.216.222.110
8.4
M
53
ZeroCERT
13085
2021-10-04 18:36
vbc.exe
80deb4864d3e01ae76b938925eabe622
Malicious Library
PE File
OS Processor Check
PE32
VirusTotal
Malware
PDB
unpack itself
Remote Code Execution
2.0
M
28
ZeroCERT
13086
2021-10-04 18:38
5.exe
c25a518c65ab90615c639a1e036abf6c
RAT
PWS
.NET framework
Generic Malware
PE File
OS Processor Check
.NET EXE
PE32
Browser Info Stealer
FTP Client Info Stealer
VirusTotal
Malware
suspicious privilege
Malicious Traffic
Check memory
Checks debugger
buffers extracted
unpack itself
Collect installed applications
Check virtual network interfaces
installed browsers check
Tofsee
Windows
Browser
ComputerName
DNS
Cryptographic key
Software
crashed
1
Keyword trend analysis
×
Info
×
https://api.ip.sb/geoip
3
Info
×
api.ip.sb(172.67.75.172)
104.26.12.31
37.230.112.47
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
7.8
M
34
ZeroCERT
13087
2021-10-04 19:19
SWIFT COPY EXPORTO51052 IMG002...
2f0f161e125227509d9c0dbd5cef40b3
Generic Malware
Antivirus
DNS
AntiDebug
AntiVM
PE File
.NET EXE
PE32
Buffer PE
AutoRuns
suspicious privilege
MachineGuid
Code Injection
Check memory
Checks debugger
buffers extracted
Creates shortcut
unpack itself
Windows utilities
suspicious process
WriteConsoleW
human activity check
Windows
ComputerName
DNS
Cryptographic key
DDNS
4
Info
×
futurist11.ddns.net(194.5.98.46) - mailcious
37.235.1.177 - mailcious
37.235.1.174 - mailcious
194.5.98.46 - mailcious
1
Info
×
ET POLICY DNS Query to DynDNS Domain *.ddns .net
14.8
ZeroCERT
13088
2021-10-04 20:22
scan Invoice - SAS_70467.PDF.e...
508c7474ce38c3ecc5b396a3f1310c96
NSIS
Malicious Library
PE File
PE32
DLL
Malware download
Nanocore
Malware
c&c
Buffer PE
suspicious privilege
MachineGuid
Code Injection
Check memory
Checks debugger
buffers extracted
Creates executable files
unpack itself
Windows utilities
suspicious process
AppData folder
WriteConsoleW
human activity check
Windows
ComputerName
DNS
DDNS
4
Info
×
kenzeey.ddns.net(79.134.225.82)
kenzeey.duckdns.org(192.169.69.25)
192.169.69.25 - mailcious
79.134.225.82
3
Info
×
ET POLICY DNS Query to DynDNS Domain *.ddns .net
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
ET MALWARE Possible NanoCore C2 60B
12.0
ZeroCERT
13089
2021-10-04 20:24
scan Invoice - SAS_70467.PDF.e...
508c7474ce38c3ecc5b396a3f1310c96
NSIS
Malicious Library
PE File
PE32
DLL
Malware download
Nanocore
VirusTotal
Malware
c&c
Buffer PE
suspicious privilege
MachineGuid
Code Injection
Check memory
Checks debugger
buffers extracted
Creates executable files
unpack itself
Windows utilities
suspicious process
AppData folder
WriteConsoleW
human activity check
Windows
ComputerName
DNS
DDNS
4
Info
×
kenzeey.ddns.net(79.134.225.82)
kenzeey.duckdns.org(192.169.69.25)
192.169.69.25 - mailcious
79.134.225.82
3
Info
×
ET POLICY DNS Query to DynDNS Domain *.ddns .net
ET MALWARE Possible NanoCore C2 60B
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
13.4
28
ZeroCERT
13090
2021-10-05 07:52
logs.php
36e4ec009dc1470d8c45ae4bb9a9f70d
Gen2
Malicious Library
PE File
OS Processor Check
DLL
PE32
PDB
unpack itself
crashed
0.8
ZeroCERT
13091
2021-10-05 09:38
LCC.exe
9a56a65a7b5c51d2aa7af350fcb3d342
PWS
Loki[b]
Loki.m
Malicious Packer
PE File
PE32
Browser Info Stealer
FTP Client Info Stealer
VirusTotal
Email Client Info Stealer
Malware
suspicious privilege
MachineGuid
Check memory
AntiVM_Disk
VM Disk Size Check
installed browsers check
Browser
Email
ComputerName
Software
1
Keyword trend analysis
×
Info
×
http://ctp3.xyz/LCC/w2/fre.php
1
Info
×
ctp3.xyz()
6.2
M
61
ZeroCERT
13092
2021-10-05 09:38
donelll.exe
fec24a8696d4ae5ab871bbb2cacaeaaf
PWS
.NET framework
Generic Malware
SMTP
KeyLogger
AntiDebug
AntiVM
PE File
.NET EXE
PE32
VirusTotal
Malware
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
Windows utilities
suspicious process
WriteConsoleW
Windows
ComputerName
crashed
11.2
M
20
ZeroCERT
13093
2021-10-05 09:40
vbc.exe
43b7fdf9c24c1d32de03227943576c0c
Formbook
UPX
PE File
PE32
VirusTotal
Malware
Check memory
RWX flags setting
unpack itself
Remote Code Execution
2.4
M
29
ZeroCERT
13094
2021-10-05 09:41
vbc.exe
0f73289ff5a72fd093fd215e9f60b0d7
UPX
PE File
PE32
VirusTotal
Malware
Check memory
RWX flags setting
unpack itself
2.2
46
ZeroCERT
13095
2021-10-05 09:42
rundll32.exe
ffc69a06b231ccc0f80f95f037aeee46
RAT
PWS
.NET framework
Generic Malware
Admin Tool (Sysinternals etc ...)
AntiDebug
AntiVM
PE File
.NET EXE
PE32
VirusTotal
Malware
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
Windows
Cryptographic key
6.8
10
ZeroCERT
First
Previous
871
872
873
874
875
876
877
878
879
880
Next
Last
Total : 49,428cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword
