Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
13381
2021-10-11 10:29
lv.exe
91b1dc3f70f739111bfa2b2e42ea30b5
Gen1
Gen2
Themida Packer
Generic Malware
Malicious Library
Anti_VM
Malicious Packer
PE File
PE32
DLL
PE64
VirusTotal
Malware
Check memory
Creates executable files
unpack itself
Checks Bios
Detects VMWare
AppData folder
VMware
anti-virtualization
Windows
Firmware
crashed
7.0
M
53
ZeroCERT
13382
2021-10-11 10:31
lis-01.exe
8279edc14cc42685f7fceefe384ddf0d
PWS
.NET framework
Generic Malware
AntiDebug
AntiVM
PE File
PE32
.NET EXE
VirusTotal
Malware
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
8.4
M
36
ZeroCERT
13383
2021-10-11 15:40
asdfasdfasdfasdfasdfasdfasdfas...
2a600aaf4954388f5ad11abba8f8c351
RAT
Generic Malware
Malicious Library
PE64
PE File
PE32
OS Processor Check
VirusTotal
Malware
MachineGuid
Check memory
Checks debugger
Creates executable files
ICMP traffic
unpack itself
Tofsee
DNS
crashed
2
Info
×
mas.to(88.99.75.82)
88.99.75.82
3
Info
×
ET DNS Query for .to TLD
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
4.0
9
ZeroCERT
13384
2021-10-11 15:50
doc-1427846338.xls
ec95f43035b619c9374c932e5c757cf2
Downloader
MSOffice File
RWX flags setting
unpack itself
suspicious process
Tofsee
3
Keyword trend analysis
×
Info
×
https://rabedc.com/msdcluV8y5nf/rob.html
https://shyamsgroup.com/s9kytsfb/robe.html
https://partiuvamosviajar.com/xYIJTUcGxvF1/rober.html
5
Info
×
rabedc.com(192.185.145.142)
partiuvamosviajar.com(192.185.177.14)
shyamsgroup.com(192.185.145.142)
192.185.145.142 - mailcious
192.185.177.14 - mailcious
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
3.6
guest
13385
2021-10-11 15:52
doc-1427925674.xls
c7485eb16b88c257ac69ece7e0c17a93
Downloader
MSOffice File
RWX flags setting
unpack itself
suspicious process
Tofsee
3
Keyword trend analysis
×
Info
×
https://rabedc.com/msdcluV8y5nf/rob.html
https://shyamsgroup.com/s9kytsfb/robe.html
https://partiuvamosviajar.com/xYIJTUcGxvF1/rober.html
5
Info
×
rabedc.com(192.185.145.142)
partiuvamosviajar.com(192.185.177.14)
shyamsgroup.com(192.185.145.142)
192.185.145.142 - mailcious
192.185.177.14 - mailcious
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
3.6
guest
13386
2021-10-11 15:54
doc-1428955211.xls
03b2713c7f9d51bd6404cfcea20b127a
Downloader
MSOffice File
RWX flags setting
unpack itself
suspicious process
Tofsee
3
Keyword trend analysis
×
Info
×
https://rabedc.com/msdcluV8y5nf/rob.html
https://shyamsgroup.com/s9kytsfb/robe.html
https://partiuvamosviajar.com/xYIJTUcGxvF1/rober.html
5
Info
×
rabedc.com(192.185.145.142)
shyamsgroup.com(192.185.145.142)
partiuvamosviajar.com(192.185.177.14)
192.185.145.142 - mailcious
192.185.177.14 - mailcious
2
Info
×
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
3.6
guest
13387
2021-10-12 09:26
ID_0398765346378-3098746739767...
bcd7995ce0e59de03845fb9b5cdc5eee
RAT
PWS
.NET framework
Generic Malware
DNS
AntiDebug
AntiVM
PE File
PE32
.NET EXE
VirusTotal
Malware
Buffer PE
AutoRuns
suspicious privilege
MachineGuid
Code Injection
Check memory
Checks debugger
buffers extracted
Creates executable files
unpack itself
Windows utilities
suspicious process
AppData folder
WriteConsoleW
human activity check
Windows
ComputerName
DNS
DDNS
2
Info
×
1116.hopto.org(185.140.53.9) - mailcious
185.140.53.9 - mailcious
1
Info
×
ET POLICY DNS Query to DynDNS Domain *.hopto .org
16.8
21
ZeroCERT
13388
2021-10-12 09:26
AMC P.O1082021.jpg.scr
6a4e9c8b6e38bab16622b8d26164b3fd
Generic Malware
Malicious Library
Malicious Packer
DNS
AntiDebug
AntiVM
PE File
PE32
OS Processor Check
VirusTotal
Malware
Buffer PE
AutoRuns
PDB
suspicious privilege
MachineGuid
Code Injection
Check memory
Checks debugger
buffers extracted
Creates executable files
unpack itself
Windows utilities
suspicious process
AppData folder
WriteConsoleW
human activity check
Windows
ComputerName
Remote Code Execution
DNS
DDNS
crashed
3
Info
×
strongodss.ddns.net(197.210.79.200) - mailcious
197.210.79.200
185.19.85.175 - mailcious
1
Info
×
ET POLICY DNS Query to DynDNS Domain *.ddns .net
17.4
45
ZeroCERT
13389
2021-10-12 09:27
ORL49357390844.JPG.scr
d8abec927aa5885f549ad9c5d83e09c3
Generic Malware
Malicious Library
PE File
PE32
OS Processor Check
VirusTotal
Malware
Buffer PE
AutoRuns
PDB
Check memory
Checks debugger
buffers extracted
Creates executable files
unpack itself
Windows
Remote Code Execution
crashed
5.6
44
ZeroCERT
13390
2021-10-12 09:27
Purchase Order.exe
f03b9597f173e572809be641e0e83c55
PWS
.NET framework
NPKI
Generic Malware
DNS
AntiDebug
AntiVM
PE File
PE32
.NET EXE
VirusTotal
Malware
Buffer PE
AutoRuns
suspicious privilege
MachineGuid
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
human activity check
Windows
DNS
DDNS
3
Info
×
deedee111.ddns.net(194.5.98.11) - mailcious
37.235.1.174 - mailcious
194.5.98.11 - mailcious
1
Info
×
ET POLICY DNS Query to DynDNS Domain *.ddns .net
12.8
22
ZeroCERT
13391
2021-10-12 09:30
Quotation usd pdf.exe
25d4ce2fc9f3bb502ddf88a0d46cdd2b
PWS
.NET framework
NPKI
Generic Malware
Antivirus
DNS
AntiDebug
AntiVM
PE File
PE32
.NET EXE
powershell
Buffer PE
AutoRuns
suspicious privilege
MachineGuid
Code Injection
Check memory
Checks debugger
buffers extracted
Creates shortcut
ICMP traffic
unpack itself
Windows utilities
powershell.exe wrote
suspicious process
WriteConsoleW
human activity check
Windows
ComputerName
DNS
Cryptographic key
DDNS
3
Info
×
norly519.ddns.net(154.113.173.1) - mailcious
154.113.173.1
37.235.1.174 - mailcious
1
Info
×
ET POLICY DNS Query to DynDNS Domain *.ddns .net
15.0
ZeroCERT
13392
2021-10-12 09:30
SRE2021.34935374.JPG.scr
dd663bb6a23cd47928fcd9e34ddb98e3
Generic Malware
Malicious Library
Malicious Packer
DNS
AntiDebug
AntiVM
PE File
PE32
OS Processor Check
VirusTotal
Malware
Buffer PE
AutoRuns
PDB
suspicious privilege
MachineGuid
Code Injection
Check memory
Checks debugger
buffers extracted
Creates executable files
unpack itself
Windows utilities
suspicious process
WriteConsoleW
human activity check
Windows
ComputerName
Remote Code Execution
DNS
DDNS
crashed
3
Info
×
strongodss.ddns.net(197.210.79.200) - mailcious
197.210.79.200
185.19.85.175 - mailcious
1
Info
×
ET POLICY DNS Query to DynDNS Domain *.ddns .net
16.2
34
ZeroCERT
13393
2021-10-12 09:32
AnnualXretirementXplan.5425456...
18662d6c1cc7c38c848608ff1a22964f
Excel Binary Workbook file format(xlsb)
VirusTotal
Malware
MachineGuid
Check memory
Checks debugger
WMI
RWX flags setting
unpack itself
Windows utilities
suspicious process
WriteConsoleW
Windows
ComputerName
crashed
5.0
5
ZeroCERT
13394
2021-10-12 09:32
PO-08YGK.pdf
4bcd422bbc3db021a18e1298bf1577d7
PDF
unpack itself
Windows utilities
Windows
1.4
ZeroCERT
13395
2021-10-12 09:49
System-Solution-Aldehad-Projec...
3a89764bbd823da3c227f839f05ecd25
UPX
Malicious Library
PE File
PE32
VirusTotal
Malware
0.8
19
ZeroCERT
First
Previous
891
892
893
894
895
896
897
898
899
900
Next
Last
Total : 49,435cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword
