Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
1366
2024-08-09 16:41
66b45c742e0a1_123p.exe
488d85695b6e76307aa595f8db6a48fc
PE File
PE64
VirusTotal
Cryptocurrency Miner
Malware
DNS
CoinMiner
2
Info
×
pool.hashvault.pro(125.253.92.50) - mailcious
131.153.76.130 - mailcious
1
Info
×
ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro)
1.6
M
36
ZeroCERT
1367
2024-08-09 16:33
ghgadadas.exe
eae8fea1fe3a77450002d315167b3471
UPX
PE File
PE32
VirusTotal
Malware
PDB
Remote Code Execution
1.6
41
ZeroCERT
1368
2024-08-09 16:27
Snake_IT_Project.exe
9fa15d43ebdd6d22539f1ac310be032a
Gen1
NSIS
Generic Malware
Malicious Library
UPX
Malicious Packer
Antivirus
Anti_VM
Javascript_Blob
PE File
PE32
Lnk Format
GIF Format
DLL
OS Processor Check
PE64
suspicious privilege
Code Injection
Check memory
Creates shortcut
Creates executable files
unpack itself
AppData folder
AntiVM_Disk
sandbox evasion
VM Disk Size Check
installed browsers check
Ransomware
Browser
ComputerName
crashed
6.2
ZeroCERT
1369
2024-08-09 16:23
107.hta
e17602e8561e5da8a321f44610fd119b
Generic Malware
Antivirus
AntiDebug
AntiVM
PowerShell
PE File
DLL
PE32
.NET DLL
Malware
powershell
suspicious privilege
MachineGuid
Code Injection
Malicious Traffic
Check memory
Checks debugger
Creates shortcut
Creates executable files
RWX flags setting
unpack itself
Windows utilities
powershell.exe wrote
suspicious process
AppData folder
Windows
ComputerName
DNS
Cryptographic key
1
Keyword trend analysis
×
Info
×
http://192.3.176.138/107/sahost.exe
1
Info
×
192.3.176.138 - malware
3
Info
×
ET INFO Executable Download from dotted-quad Host
ET POLICY PE EXE or DLL Windows file download HTTP
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
10.8
ZeroCERT
1370
2024-08-09 16:22
Invoice.pdf.lnk
4d0c856b7c6eabdfc58568e3ea4aa729
Generic Malware
Antivirus
AntiDebug
AntiVM
Lnk Format
GIF Format
VirusTotal
Malware
powershell
suspicious privilege
Code Injection
Check memory
Checks debugger
Creates shortcut
unpack itself
powershell.exe wrote
suspicious process
WriteConsoleW
Windows
ComputerName
Cryptographic key
1
Keyword trend analysis
×
Info
×
https://divorcelawyeroxnard.com/rtr/ghgadadas
4.8
12
ZeroCERT
1371
2024-08-09 16:19
66b31de809837_main.exe
ffed603d138764ec3f02116843bbdf26
RedLine stealer
Malicious Library
Antivirus
.NET framework(MSIL)
PE File
.NET EXE
PE32
VirusTotal
Malware
PDB
suspicious privilege
Code Injection
Check memory
Checks debugger
unpack itself
5.8
M
46
ZeroCERT
1372
2024-08-09 16:18
MicrosoftWordUpdater.log.exe
0d1dca5eaad49c2dbd979e1bf0b5f8d0
Generic Malware
Malicious Library
UPX
PE File
PE64
OS Processor Check
VirusTotal
Malware
1.2
18
ZeroCERT
1373
2024-08-09 16:17
66adc1d3f237b_mine.exe
4b005e8541f7ed9bd82d80ce58c55c7c
Stealc
Client SW User Data Stealer
LokiBot
ftp Client
info stealer
Malicious Library
.NET framework(MSIL)
UPX
ASPack
Http API
PWS
HTTP
Code injection
Internet API
AntiDebug
AntiVM
PE File
.NET EXE
PE32
OS Processor Check
FTP Client Info Stealer
VirusTotal
Malware
Telegram
PDB
suspicious privilege
MachineGuid
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
WMI
unpack itself
Windows utilities
Collect installed applications
suspicious process
malicious URLs
sandbox evasion
WriteConsoleW
anti-virtualization
installed browsers check
Tofsee
Windows
Browser
ComputerName
DNS
Software
3
Keyword trend analysis
×
Info
×
https://steamcommunity.com/profiles/76561199747278259 - rule_id: 41798
https://steamcommunity.com/profiles/76561199747278259
https://t.me/armad2a
5
Info
×
t.me(149.154.167.99) - mailcious
steamcommunity.com(184.29.170.106) - mailcious
149.154.167.99 - mailcious
188.245.87.202 - mailcious
23.77.13.219
3
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO Observed Telegram Domain (t .me in TLS SNI)
ET INFO TLS Handshake Failure
1
Info
×
https://steamcommunity.com/profiles/76561199747278259
17.6
M
55
ZeroCERT
1374
2024-08-09 16:17
svc.exe
53d19fb9a95e384638e297557ebf523d
Generic Malware
Malicious Library
UPX
PE File
PE32
OS Processor Check
VirusTotal
Malware
unpack itself
2.2
M
56
ZeroCERT
1375
2024-08-09 16:15
66ae9b60d9863_otr.exe
3d3191283ae8325423342c1e29e4472b
Malicious Library
.NET framework(MSIL)
UPX
ScreenShot
AntiDebug
AntiVM
PE File
.NET EXE
PE32
VirusTotal
Malware
PDB
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
9.0
M
49
ZeroCERT
1376
2024-08-09 16:15
Rage.exe
ca817109712a3e97bf8026cdc810743d
Generic Malware
Malicious Library
UPX
PE File
PE32
OS Processor Check
VirusTotal
Malware
Check memory
Checks debugger
buffers extracted
Creates executable files
3.0
M
40
ZeroCERT
1377
2024-08-09 16:13
iden.doc
1ee73b17111ab0ffb2f62690310f4ada
VBA_macro
Generic Malware
Malicious Library
UPX
Anti_VM
MSOffice File
PE File
PE64
OS Processor Check
VirusTotal
Malware
heapspray
exploit crash
unpack itself
Exploit
crashed
5.6
36
ZeroCERT
1378
2024-08-09 16:07
iden.doc
1ee73b17111ab0ffb2f62690310f4ada
VBA_macro
Generic Malware
Malicious Library
UPX
Anti_VM
MSOffice File
PE File
PE64
OS Processor Check
VirusTotal
Malware
heapspray
exploit crash
unpack itself
Exploit
crashed
5.6
36
ZeroCERT
1379
2024-08-09 15:52
iden.doc
1ee73b17111ab0ffb2f62690310f4ada
VBA_macro
Generic Malware
Malicious Library
UPX
Anti_VM
MSOffice File
PE File
PE64
OS Processor Check
Vulnerability
VirusTotal
Malware
heapspray
unpack itself
6.2
36
ZeroCERT
1380
2024-08-09 15:29
test.xls
f2a0f05417b7ea87683d05d66298cea1
MSOffice File
unpack itself
0.4
guest
First
Previous
91
92
93
94
95
96
97
98
99
100
Next
Last
Total : 48,230cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword