Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
14926
2023-03-12 11:05
vbc.exe
a1dd43a9d43a94f384c3cbbec7c36a1d
Admin Tool (Sysinternals etc ...)
SMTP
KeyLogger
AntiDebug
AntiVM
.NET EXE
PE32
PE File
Browser Info Stealer
FTP Client Info Stealer
VirusTotal
Email Client Info Stealer
Malware
AutoRuns
PDB
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
Creates executable files
unpack itself
Windows utilities
suspicious process
AppData folder
malicious URLs
WriteConsoleW
Windows
Browser
Email
ComputerName
Cryptographic key
Software
crashed
14.4
M
43
ZeroCERT
14927
2023-03-12 10:22
photo_004.exe
f655a619448889c239ef41f4b068a5ef
UPX
Malicious Library
OS Processor Check
PE32
PE File
unpack itself
Remote Code Execution
1.2
M
ZeroCERT
14928
2023-03-12 10:20
photo_004.exe
6a06a13a83adb68d3b6e59560911ebca
UPX
Malicious Library
OS Processor Check
PE32
PE File
unpack itself
Remote Code Execution
1.2
ZeroCERT
14929
2023-03-12 10:18
loader_p1_dll_64_n1_x64_inf.dl...
1821abde4a17d5c775e197217ca2a1d6
UPX
OS Processor Check
DLL
PE64
PE File
VirusTotal
Malware
PDB
Checks debugger
crashed
1.6
13
ZeroCERT
14930
2023-03-12 10:18
10032b.exe
488720af6f69c898d6d6395031aa85c3
UPX
Malicious Library
OS Processor Check
PE32
PE File
VirusTotal
Malware
unpack itself
Remote Code Execution
2.4
52
ZeroCERT
14931
2023-03-12 10:18
ape2.exe
bc2bec9810f53c3b1ca1220d05b0fea7
Malicious Library
PE32
PE File
VirusTotal
Malware
PDB
1
Info
×
mnxrxyulbk05pdg.docywg7eumhcj4sgz()
1.4
M
22
ZeroCERT
14932
2023-03-12 10:15
umciavi64.exe
f2e85a7b8620fac7c035704e4168f942
Gen2
Malicious Library
PE32
PE File
VirusTotal
Malware
1.2
M
19
ZeroCERT
14933
2023-03-12 10:15
photo_004.exe
ae28959ef2fe4fd7eb141320972a6fb5
UPX
Malicious Library
OS Processor Check
PE32
PE File
unpack itself
Remote Code Execution
1.2
ZeroCERT
14934
2023-03-12 10:13
Vejlensisk90.vbs
5794e47d892a3cab512697ca7dc223f4
Generic Malware
Antivirus
Remcos
VirusTotal
Malware
powershell
suspicious privilege
Malicious Traffic
Check memory
Checks debugger
buffers extracted
WMI
Creates shortcut
unpack itself
Windows utilities
suspicious process
anti-virtualization
Windows
ComputerName
DNS
Cryptographic key
crashed
3
Keyword trend analysis
×
Info
×
http://geoplugin.net/json.gp
http://194.180.48.211/zara/Dedepseud52.toc
http://194.180.48.211/zara/BWTqkhVBTwqHOjTU152.psm
4
Info
×
geoplugin.net(178.237.33.50)
178.237.33.50
185.225.74.90
194.180.48.211 - mailcious
1
Info
×
ET JA3 Hash - Remcos 3.x TLS Connection
9.0
4
ZeroCERT
14935
2023-03-11 21:16
Lovey Butt Nickols.vcf
0f18c900864e76aab925ea75c8d817c8
email
stealer
DGA
ScreenShot
Internet API
PWS[m]
HTTP
KeyLogger
Escalate priviledges
Http API
AntiDebug
AntiVM
Email Client Info Stealer
MachineGuid
unpack itself
malicious URLs
installed browsers check
Browser
Email
2.6
BRY
14936
2023-03-11 16:39
prewarm.db-shm
6aceb5827268b99af3d7f6d6a38f7cfb
AntiDebug
AntiVM
Email Client Info Stealer
suspicious privilege
Checks debugger
Creates shortcut
unpack itself
installed browsers check
Browser
Email
ComputerName
3.4
BRY
14937
2023-03-11 10:47
p-Qfdyajl.exe
d9e77c8ca14edd3fabf09c01f61c566a
PWS
.NET framework
RAT
Generic Malware
Downloader
UPX
Antivirus
Socket
SMTP
Internet API
PWS[m]
AntiDebug
AntiVM
OS Processor Check
.NET EXE
PE32
PE File
VirusTotal
Malware
Buffer PE
PDB
suspicious privilege
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
Creates shortcut
unpack itself
Check virtual network interfaces
suspicious process
Windows
ComputerName
DNS
Cryptographic key
1
Keyword trend analysis
×
Info
×
http://80.66.75.36/p-Vrilmtqt.png
1
Info
×
80.66.75.36 - malware
12.0
M
20
ZeroCERT
14938
2023-03-11 10:45
1221.exe
655f6edee75a4cc49a8fa34567037da9
UPX
Malicious Packer
.NET EXE
PE32
PE File
VirusTotal
Malware
suspicious privilege
MachineGuid
Check memory
Checks debugger
WMI
unpack itself
anti-virtualization
ComputerName
DNS
3
Info
×
songs-travel.at.ply.gg(209.25.142.223)
209.25.142.223
125.253.92.50
6.6
M
45
ZeroCERT
14939
2023-03-11 10:43
Aztec.exe
679f7bb9c60003a65a6a98d474f3fb0e
Malicious Library
PE64
PE File
VirusTotal
Cryptocurrency Miner
Malware
DNS
CoinMiner
4
Info
×
anaida.evisyn.lol(172.67.149.91)
pool.hashvault.pro(131.153.76.130) - mailcious
104.21.41.183
125.253.92.50
2
Info
×
ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (CoinMiner)
1.2
M
20
ZeroCERT
14940
2023-03-11 10:41
payload.exe
f9848320841dff02edb5938d0854c4be
RAT
UPX
Malicious Library
OS Processor Check
.NET EXE
PE32
PE File
PE64
VirusTotal
Cryptocurrency Miner
Malware
PDB
Check memory
Checks debugger
Creates executable files
unpack itself
DNS
CoinMiner
5
Info
×
anaida.evisyn.lol(172.67.149.91)
pool.hashvault.pro(125.253.92.50) - mailcious
104.21.41.183
172.67.191.103 - mailcious
125.253.92.50
2
Info
×
ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (CoinMiner)
4.2
M
43
ZeroCERT
First
Previous
991
992
993
994
995
996
997
998
999
1000
Next
Last
Total : 49,696cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword
