popup

Submissions

No Date Request Urls Hosts IDS Rule Score Zero VT Player Etc
13876 2023-04-13 16:55 bodya.exe  

85ba8fa95c94e8014afd16f176033044


RedLine stealer[m] RAT UPX AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Windows Browser ComputerName DNS Cryptographic key crashed 		1 10.6 M 38 ZeroCERT

13877 2023-04-13 16:54 bin-cr.exe  

50d9ad764597d6970f0480b58c4cf88e


NPKI PWS .NET framework RAT .NET EXE PE32 PE File VirusTotal Malware Check memory Checks debugger unpack itself ComputerName 		2.2 M 42 ZeroCERT

13878 2023-04-13 16:51 auto.dll  

f983bbe67c157f9debd63b5d434982a0


Generic Malware DLL PE64 PE File VirusTotal Malware unpack itself ComputerName 		1.8 M 19 r0d

13879 2023-04-13 15:48 cdump.exe  

6799f43f598169aebc476455c624f014


UPX PE32 PE File Browser Info Stealer VirusTotal Malware WriteConsoleW Browser 		3.2 M 48 r0d

13880 2023-04-13 09:54 File_pass1234.7z  

5ce7e6a25d84c2c2dbcb96b30a608643


PWS[m] Escalate priviledges KeyLogger AntiDebug AntiVM Malware suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself IP Check Tofsee DNS 		4 9 2 1 4.2 M ZeroCERT

13881 2023-04-13 09:49 ClaimCopy-1337.pdf  

fa243a28cdcbca70891853bfbbead0c1


Code injection PDF AntiDebug AntiVM MSOffice File Browser Info Stealer MachineGuid Code Injection Checks debugger Creates shortcut RWX flags setting exploit crash unpack itself Windows utilities malicious URLs human activity check installed browsers check Ransomware Windows Exploit Browser crashed keylogger 		3 3 9.4 ZeroCERT

13882 2023-04-13 09:33 xo.exe  

18116ef04d182e14002d6d0928bf4283


UPX Malicious Library OS Processor Check PE32 PE File VirusTotal Malware Checks debugger unpack itself 		1.8 M 41 ZeroCERT

13883 2023-04-13 09:20 cdump.exe  

6799f43f598169aebc476455c624f014


PE32 PE File Browser Info Stealer VirusTotal Malware WriteConsoleW Browser 		3.2 M 48 ZeroCERT

13884 2023-04-13 09:18 Qlzkyfcl.wsf  

4b62317026915bef2b7980659f5f4b6e


Generic Malware Antivirus AntiDebug AntiVM powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself suspicious process Windows ComputerName Cryptographic key 		8 5.6 ZeroCERT

13885 2023-04-13 09:16 inst.exe  

3df74698e0964dc8c5363d39a0537d74


NPKI PWS .NET framework RAT Generic Malware UPX Antivirus AntiDebug AntiVM .NET EXE PE32 PE File VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself powershell.exe wrote suspicious process AppData folder WriteConsoleW Windows ComputerName Cryptographic key crashed 		12.4 M 21 ZeroCERT

13886 2023-04-13 09:15 (电-子--发-票).exe  

d06c243962c54d2763c2ffb8b16208e9


UPX Antivirus PE32 PE File VirusTotal Malware sandbox evasion Remote Code Execution 		2.4 44 ZeroCERT

13887 2023-04-13 09:14 dsync.exe  

cbffe8bea10e64e86ede27ab60f61038


NPKI Malicious Library Malicious Packer ASPack Antivirus Create Service Socket DNS PWS[m] Escalate priviledges AntiDebug AntiVM PE32 PE File Browser Info Stealer VirusTotal Malware suspicious privilege Code Injection buffers extracted malicious URLs sandbox evasion WriteConsoleW Ransomware Browser Backdoor crashed 		10.2 M 16 ZeroCERT

13888 2023-04-13 09:12 Wmap.wsf  

505d7be384da38242035373266cec718


Generic Malware Antivirus AntiDebug AntiVM suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself suspicious process Windows ComputerName Cryptographic key 		8 5.6 ZeroCERT

13889 2023-04-13 09:12 Keep.QnUw617.wsf  

5dcf8b7a4e61bd39867f9c15361fb614


Generic Malware Admin Tool (Sysinternals etc ...) Antivirus AntiDebug AntiVM powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself suspicious process Windows ComputerName Cryptographic key 		6 5.6 ZeroCERT

13890 2023-04-13 09:12 suntblanditiis.php  

32b586b744af3a25908808914355aa7b


ZIP Format 		M ZeroCERT

keyword