Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
14401
2023-03-20 10:09
vbc.exe
badfd20331bbd073b8efe745d71b4797
UPX
Malicious Library
Malicious Packer
PE32
PE File
JPEG Format
Remcos
VirusTotal
Malware
AutoRuns
Malicious Traffic
Check memory
Creates executable files
unpack itself
AppData folder
human activity check
Windows
keylogger
1
Keyword trend analysis
×
Info
×
http://geoplugin.net/json.gp
4
Info
×
geoplugin.net(178.237.33.50)
top.not2beabused01.xyz(38.117.65.122)
178.237.33.50
38.117.65.122
1
Info
×
ET JA3 Hash - Remcos 3.x TLS Connection
6.6
M
49
ZeroCERT
14402
2023-03-20 10:07
711b8121-1755-40dd-8840-d49d5f...
fb0deff37fe12bbc4f0c1fe21e2d15ef
UPX
Malicious Library
OS Processor Check
PE32
PE File
VirusTotal
Malware
Check memory
unpack itself
anti-virtualization
crashed
2.8
M
22
ZeroCERT
14403
2023-03-20 10:06
vbc.exe
ca8572b2750b75f7b137637093922152
PWS
.NET framework
RAT
UPX
Admin Tool (Sysinternals etc ...)
.NET EXE
PE32
PE File
VirusTotal
Malware
AutoRuns
suspicious privilege
Check memory
Checks debugger
unpack itself
Windows utilities
Windows
Cryptographic key
crashed
6.4
M
52
ZeroCERT
14404
2023-03-20 10:05
FixDefError.exe
1b664f2a0bede6c47e44ca8c0aad3de7
RAT
PWS
.NET framework
Generic Malware
UPX
Antivirus
.NET EXE
PE32
PE File
VirusTotal
Malware
powershell
AutoRuns
PDB
suspicious privilege
Malicious Traffic
Check memory
Checks debugger
Creates shortcut
Creates executable files
unpack itself
Windows utilities
powershell.exe wrote
suspicious process
AppData folder
WriteConsoleW
Tofsee
Windows
Google
ComputerName
Cryptographic key
2
Keyword trend analysis
×
Info
×
http://apps.identrust.com/roots/dstrootcax3.p7c
http://www.google.com/
5
Info
×
rentry.co(198.251.88.130) - malware
www.google.com(142.250.206.228)
142.250.204.68
198.251.88.130
121.254.136.57
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET HUNTING Terse Unencrypted Request for Google - Likely Connectivity Check
7.6
M
45
ZeroCERT
14405
2023-03-20 10:04
foto0132.exe
db22505e6712eebddb11bae0fcdc0aed
Gen1
Emotet
UPX
Malicious Library
CAB
PE32
PE File
Browser Info Stealer
FTP Client Info Stealer
AutoRuns
PDB
suspicious privilege
Check memory
Checks debugger
buffers extracted
WMI
Creates executable files
unpack itself
Disables Windows Security
Collect installed applications
AntiVM_Disk
VM Disk Size Check
installed browsers check
Windows
Update
Browser
ComputerName
Remote Code Execution
DNS
Cryptographic key
Software
crashed
1
Info
×
193.233.20.30
10.4
M
ZeroCERT
14406
2023-03-20 10:02
14KDIJUFJD
218ddf74d466267211be24dac160e93a
AntiDebug
AntiVM
VirusTotal
Email Client Info Stealer
Malware
Code Injection
Check memory
Checks debugger
unpack itself
installed browsers check
Browser
Email
3.6
M
2
ZeroCERT
14407
2023-03-20 10:02
Slava.exe
1fa21564b4463aa7a564a20fa00dafba
NPKI
Generic Malware
UPX
Malicious Library
Malicious Packer
OS Processor Check
PE64
PE File
VirusTotal
Malware
crashed
1.2
M
39
ZeroCERT
14408
2023-03-20 10:00
fuddedneu.exe
07b3856c2f6ffe6560d3982b0319648c
NPKI
PWS
.NET framework
RAT
UPX
Malicious Library
OS Processor Check
.NET EXE
PE32
PE File
VirusTotal
Malware
Check memory
Checks debugger
unpack itself
ComputerName
2.2
M
44
ZeroCERT
14409
2023-03-20 10:00
matywonexe.exe
0191cb1f788338484c31712a343f0b52
PWS
.NET framework
RAT
UPX
OS Processor Check
.NET EXE
PE32
PE File
Browser Info Stealer
FTP Client Info Stealer
VirusTotal
Malware
suspicious privilege
Check memory
Checks debugger
buffers extracted
unpack itself
Collect installed applications
installed browsers check
Windows
Browser
ComputerName
DNS
Cryptographic key
Software
crashed
1
Info
×
85.31.54.181
6.2
M
54
ZeroCERT
14410
2023-03-20 09:58
taskshostw.exe
e538f67d529d672c55304f3c9ad05392
RAT
North Korea
Antivirus
.NET EXE
PE32
PE File
VirusTotal
Malware
AutoRuns
suspicious privilege
MachineGuid
Check memory
Checks debugger
Creates executable files
unpack itself
Windows utilities
Check virtual network interfaces
suspicious process
AppData folder
WriteConsoleW
Tofsee
Windows
ComputerName
DNS
Cryptographic key
1
Keyword trend analysis
×
Info
×
https://pastebin.com/raw/x7kBE3DJ
5
Info
×
6.tcp.eu.ngrok.io(3.68.171.119)
pastebin.com(172.67.34.170) - mailcious
3.69.115.178
18.197.239.109
104.20.67.143 - mailcious
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO DNS Query to a *.ngrok domain (ngrok.io)
8.6
M
53
ZeroCERT
14411
2023-03-20 09:57
zhiga.exe
79583ef72d557666796293419281c161
Malicious Library
PE32
PE File
VirusTotal
Malware
PDB
unpack itself
1.8
M
27
ZeroCERT
14412
2023-03-20 09:56
1.exe
9bb5a7746bac70b497a64ca379a82d5a
Malicious Library
AntiDebug
AntiVM
PE64
PE File
VirusTotal
Malware
Buffer PE
PDB
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
Windows utilities
Windows
Cryptographic key
crashed
7.4
M
41
ZeroCERT
14413
2023-03-20 09:56
16512243-04d2-4591-82a9-0281c3...
6986f1d3d40626f825b3ebf0415fc54c
.NET EXE
PE32
PE File
VirusTotal
Malware
PDB
Check memory
Checks debugger
unpack itself
1.8
M
25
ZeroCERT
14414
2023-03-20 09:54
123ds.exe
20b01b94fec9143a2adf624945aa41c3
PWS
.NET framework
RAT
UPX
OS Processor Check
.NET EXE
PE32
PE File
Browser Info Stealer
FTP Client Info Stealer
VirusTotal
Malware
suspicious privilege
Check memory
Checks debugger
buffers extracted
unpack itself
Collect installed applications
installed browsers check
Windows
Browser
ComputerName
DNS
Cryptographic key
Software
crashed
2
Info
×
66.42.108.195
78.47.226.24
6.2
M
42
ZeroCERT
14415
2023-03-20 09:53
123andy.exe
d4da20f99003446d674869a51d350673
PWS
.NET framework
RAT
UPX
OS Processor Check
.NET EXE
PE32
PE File
Browser Info Stealer
FTP Client Info Stealer
VirusTotal
Malware
suspicious privilege
Check memory
Checks debugger
buffers extracted
unpack itself
Collect installed applications
installed browsers check
Windows
Browser
ComputerName
DNS
Cryptographic key
Software
crashed
1
Info
×
207.246.108.255
6.2
M
58
ZeroCERT
First
Previous
961
962
963
964
965
966
967
968
969
970
Next
Last
Total : 49,444cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword
