Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
13096
2023-05-22 08:51
damianozx.exe
c0e139b4721c1f3203f34732659fbf7e
PWS
.NET framework
KeyLogger
AntiDebug
AntiVM
.NET EXE
PE File
PE32
Browser Info Stealer
FTP Client Info Stealer
VirusTotal
Email Client Info Stealer
Malware
PDB
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
Check virtual network interfaces
IP Check
Tofsee
Windows
Browser
Email
ComputerName
Cryptographic key
Software
crashed
1
Keyword trend analysis
×
Info
×
https://api.ipify.org/
2
Info
×
api.ipify.org(173.231.16.76)
104.237.62.211
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
12.0
M
47
ZeroCERT
13097
2023-05-22 08:48
clp2.exe
114802905a97d79114782772cc7106cb
UPX
Malicious Library
OS Processor Check
PE64
PE File
VirusTotal
Malware
1.4
21
ZeroCERT
13098
2023-05-22 08:48
drvsa.hta
43ce488c4c6cc45f7c380dba9a86dad8
Generic Malware
Antivirus
AntiDebug
AntiVM
PowerShell
PNG Format
MSOffice File
JPEG Format
powershell
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
Creates shortcut
ICMP traffic
RWX flags setting
exploit crash
unpack itself
Windows utilities
Check virtual network interfaces
suspicious process
WriteConsoleW
Windows
Exploit
ComputerName
DNS
Cryptographic key
crashed
Downloader
1
Keyword trend analysis
×
Info
×
https://pel63.bio/bFx180.bat
2
Info
×
pel63.bio(149.102.225.1)
149.102.225.1
10.0
ZeroCERT
13099
2023-05-22 08:47
pablozx.exe
de810661253723f2addc77820dc81aeb
PWS
.NET framework
SMTP
KeyLogger
Anti_VM
AntiDebug
AntiVM
.NET EXE
PE File
PE32
Browser Info Stealer
FTP Client Info Stealer
VirusTotal
Email Client Info Stealer
Malware
AutoRuns
PDB
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
Check virtual network interfaces
IP Check
Tofsee
Windows
Browser
Email
ComputerName
Cryptographic key
Software
crashed
1
Keyword trend analysis
×
Info
×
https://api.ipify.org/
2
Info
×
api.ipify.org(104.237.62.211)
64.185.227.155
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
12.6
M
48
ZeroCERT
13100
2023-05-22 08:46
b2.exe
2afcac7aaede32980c96fda99c8c8677
UPX
PE64
PE File
VirusTotal
Malware
crashed
1.6
16
ZeroCERT
13101
2023-05-22 08:44
bonder.exe
d60031ffc48a89ab83986641703d4b82
RAT
Generic Malware
Antivirus
Anti_VM
.NET EXE
PE File
PE32
VirusTotal
Malware
powershell
suspicious privilege
MachineGuid
Check memory
Checks debugger
buffers extracted
Creates shortcut
Creates executable files
unpack itself
Windows utilities
powershell.exe wrote
suspicious process
WriteConsoleW
Windows
ComputerName
Cryptographic key
7.6
M
58
ZeroCERT
13102
2023-05-22 08:44
ilillil%23%23%23%23%23%23%23%2...
f83050a49383b5c615b9a84543254f4e
MS_RTF_Obfuscation_Objects
RTF File
doc
VirusTotal
Malware
buffers extracted
RWX flags setting
exploit crash
Exploit
crashed
3.4
M
28
ZeroCERT
13103
2023-05-20 16:32
mn.php
8fc84574c4e42940483c171e278c9338
UPX
Malicious Library
OS Processor Check
DLL
PE64
PE File
Checks debugger
unpack itself
ComputerName
DNS
crashed
6
Info
×
34.254.140.99
214.43.249.250
2.228.251.38
57.182.80.190
92.119.178.40
62.4.213.138
3.8
M
ZeroCERT
13104
2023-05-20 16:31
oloriii.exe
e15fce57d8180b568e6e27bb06ddbe23
RAT
SMTP
KeyLogger
AntiDebug
AntiVM
.NET EXE
PE File
PE32
Browser Info Stealer
FTP Client Info Stealer
VirusTotal
Email Client Info Stealer
Malware
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
Check virtual network interfaces
IP Check
Tofsee
Windows
Browser
Email
ComputerName
Cryptographic key
Software
crashed
1
Keyword trend analysis
×
Info
×
https://api.ipify.org/
2
Info
×
api.ipify.org(64.185.227.155)
173.231.16.76
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
11.0
M
43
ZeroCERT
13105
2023-05-20 16:29
vbc.exe
88f4d678b79d16820bf90404170118c7
RAT
.NET EXE
PE File
PE32
VirusTotal
Malware
PDB
Check memory
Checks debugger
unpack itself
2.4
M
30
ZeroCERT
13106
2023-05-20 16:29
bs1.exe
10f3b2556027848e861bdf1fa3fad046
UPX
PE64
PE File
VirusTotal
Malware
crashed
1.6
M
19
ZeroCERT
13107
2023-05-20 16:28
wealthzx.exe
a5c83c6ebe289f10bc234898385e889e
KeyLogger
AntiDebug
AntiVM
PE64
PE File
Browser Info Stealer
VirusTotal
Email Client Info Stealer
Malware
Telegram
PDB
suspicious privilege
MachineGuid
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
Check virtual network interfaces
IP Check
Tofsee
Windows
Browser
Email
ComputerName
DNS
crashed
keylogger
1
Keyword trend analysis
×
Info
×
https://api.ipify.org/
4
Info
×
api.ipify.org(64.185.227.155)
api.telegram.org(149.154.167.220)
173.231.16.76
149.154.167.220
4
Info
×
ET HUNTING Telegram API Domain in DNS Lookup
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI)
11.8
M
43
ZeroCERT
13108
2023-05-20 16:27
mn.php
f19e4ec96f8b163760b236127387c5a8
UPX
Malicious Library
OS Processor Check
DLL
PE64
PE File
Checks debugger
unpack itself
ComputerName
DNS
crashed
6
Info
×
34.254.140.99
214.43.249.250
2.228.251.38
57.182.80.190
92.119.178.40
62.4.213.138
3.8
M
ZeroCERT
13109
2023-05-20 16:25
firefoxport.exe
d55045e55d930facae1dda5cb8ef3cc1
Generic Malware
UPX
Malicious Library
OS Processor Check
PE File
PE32
VirusTotal
Malware
unpack itself
WriteConsoleW
2.0
M
25
ZeroCERT
13110
2023-05-20 16:25
variables.php
21e1167deef484bba34629762fd317bd
ZIP Format
M
ZeroCERT
First
Previous
871
872
873
874
875
876
877
878
879
880
Next
Last
Total : 49,428cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword
