popup

Submissions

No Date Request Urls Hosts IDS Rule Score Zero VT Player Etc
13666 2023-04-24 17:55 %23%23%23%23%23%23%23%23%23%23...  

1d82f9e6e4d17095ad3b65ead5dcaa54


MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Windows Exploit DNS crashed Downloader 		1 1 6 4.8 29 ZeroCERT

13667 2023-04-24 17:51 vbc.exe  

eb149283fb1ba797a3a178cc8c061b9c


UPX .NET EXE PE32 PE File VirusTotal Malware Check memory Checks debugger unpack itself ComputerName 		2.0 33 ZeroCERT

13668 2023-04-24 10:17 견적 -328.pdf.z  

216584648bfa1c2b2e65e3e35b6289ff


AntiDebug AntiVM VirusTotal Email Client Info Stealer Malware suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName 		4.6 42 r0d

13669 2023-04-24 09:12 127.exe  

75e3b5b17db31f0f3d44131fe28d44ff


AgentTesla NPKI browser info stealer Generic Malware Themida Packer Downloader UPX Malicious Library Antivirus Create Service DGA Socket DNS BitCoin Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges per Browser Info Stealer FTP Client Info Stealer VirusTotal Malware powershell Buffer PE AutoRuns PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Checks Bios Collect installed applications Detects VMWare powershell.exe wrote Check virtual network interfaces suspicious process malicious URLs WriteConsoleW VMware anti-virtualization IP Check installed browsers check Tofsee Windows Exploit Browser ComputerName Remote Code Execution Firmware DNS Cryptographic key Software crashed 		3 8 2 26.6 M 50 ZeroCERT

13670 2023-04-24 09:10 slip.exe  

cf0317eb2f3828913433ea00085bfad1


RAT SMTP PWS[m] AntiDebug AntiVM .NET EXE PE32 PE File VirusTotal Malware AutoRuns Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs Windows ComputerName Cryptographic key 		9.8 M 52 ZeroCERT

13671 2023-04-24 09:08 svchost.exe  

ebec1eabb4b5a57b45230566adc8112f


RAT AntiDebug AntiVM .NET EXE PE32 PE File VirusTotal Malware AutoRuns Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs Windows ComputerName Cryptographic key 		10.2 M 45 ZeroCERT

13672 2023-04-24 09:06 Logs-1.exe  

6dc9032c2c6ab3dd737990cec8cbaf94


PWS .NET framework NPKI PE64 .NET EXE PE File VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself DNS 		1 2.4 M 23 ZeroCERT

13673 2023-04-24 09:03 foto34.exe  

07fe33e8669e5b8c48fa1e2d824487e8


Gen1 Emotet UPX Malicious Library CAB PE32 PE File Browser Info Stealer FTP Client Info Stealer AutoRuns PDB suspicious privilege MachineGuid Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Disables Windows Security Collect installed applications AntiVM_Disk VM Disk Size Check installed browsers check Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed 		1 10.6 M ZeroCERT

13674 2023-04-24 09:03 installer.exe  

fa24733f5a6a6f44d0e65d7d98b84aa6


Gen2 Generic Malware UPX Antivirus Malicious Library Malicious Packer OS Processor Check PE32 PE File DLL MSOffice File VirusTotal Malware Buffer PE PDB suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder AntiVM_Disk VM Disk Size Check Tofsee Interception ComputerName Remote Code Execution crashed 		3 4 1 8.8 M 41 ZeroCERT

13675 2023-04-24 09:02 vbc.exe  

517a2af8cbc2a04148b2b0ef0e9530a7


PWS .NET framework Generic Malware Antivirus SMTP KeyLogger AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer powershell PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows Browser Email ComputerName Cryptographic key Software crashed 		11.8 M ZeroCERT

13676 2023-04-24 09:01 setup.exe  

9f390e9ca00464a6f7e1ce321baceb22


RedLine stealer[m] Emotet RAT Gen2 Generic Malware UPX WinRAR Malicious Library Malicious Packer PWS[m] Javascript_Blob AntiDebug AntiVM OS Processor Check PE32 PE File PE64 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications Check virtual network interfaces AppData folder WriteConsoleW installed browsers check Tofsee Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed 		1 4 1 14.4 M 44 ZeroCERT

13677 2023-04-24 08:57 clip64.dll  

cfe2ef912f30ac9bc36d8686888ca0d3


UPX Admin Tool (Sysinternals etc ...) Malicious Library OS Processor Check DLL PE32 PE File VirusTotal Malware PDB Checks debugger unpack itself 		2.0 M 59 ZeroCERT

13678 2023-04-24 08:56 Documentos.jpg  

60dc47e69afcdadc8f4e744f7a40a87b


PWS .NET framework RAT Generic Malware task schedule Antivirus PWS[m] AntiDebug AntiVM .NET EXE PE32 PE File PowerShell VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key 		2 10.0 34 ZeroCERT

13679 2023-04-24 08:55 foto0171.exe  

d5f53a529d7ca25cc9d341990c85db4c


Gen1 Emotet UPX Malicious Library CAB PE32 PE File Browser Info Stealer FTP Client Info Stealer AutoRuns PDB suspicious privilege Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Collect installed applications AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed 		1 8.2 ZeroCERT

13680 2023-04-24 08:54 build_2.exe  

7e2d328e7e2552be4a862e83f9c7177e


PWS .NET framework RAT UPX OS Processor Check .NET EXE PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed 		2 3 2 8.0 M 64 ZeroCERT

keyword