YRP/domain YRP/prc YRP/Browsers YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/network_tcp_socket YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/rat_rdp YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Armadillo_v1xx_v2xx_additional YRP/Microsoft_Visual_Cpp_60_DLL_additional YRP/Microsoft_Visual_Cpp_v70_DLL YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Microsoft_Visual_Cpp_60_DLL_Debug YRP/Armadillo_v1xx_v2xx YRP/Microsoft_Visual_Cpp_v60_DLL YRP/Microsoft_Visual_Cpp_60_DLL YRP/Microsoft_Visual_Cpp_60 YRP/Armadillov1xxv2xx YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature FlorianRoth/GhostDragon_Gh0stRAT

YRP/rip YRP/android_meterpreter

YRP/excel_XML YRP/gem YRP/pgml YRP/amf YRP/prc YRP/xaml YRP/x3d YRP/_3dxml YRP/disable_dep YRP/keylogger YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI

YRP/wmf YRP/SEH__vba YRP/Microsoft_Visual_Basic_v50v60 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 YRP/Microsoft_Visual_Basic_v50_additional YRP/Microsoft_Visual_Basic_v50v60_additional YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature

YRP/contentis_base64 YRP/domain YRP/url YRP/png YRP/sqlite YRP/excel_2007 YRP/excel_XML YRP/corel_draw_compressed YRP/gem YRP/odg YRP/pgml YRP/amf YRP/jt YRP/x3d YRP/_3dxml YRP/_3dxml_compressed YRP/System_Tools YRP/anti_dbg YRP/win_files_operation YRP/Str_Win32_Winsock2_Library YRP/with_sqlite YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature

YRP/Microsoft_Visual_Basic_v50v60 YRP/Microsoft_Visual_Basic_40 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 YRP/Microsoft_Visual_Basic_v50_additional YRP/Microsoft_Visual_Basic_v50v60_additional YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature FlorianRoth/DragonFly_APT_Sep17_3

YRP/url YRP/excel_2007 YRP/excel_XML YRP/gif_bitmap YRP/corel_draw_compressed YRP/odg YRP/pgml YRP/wmf YRP/amf YRP/x3d YRP/_3dxml YRP/_3dxml_compressed YRP/keylogger YRP/win_registry YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/suspicious_packer_section YRP/ASProtect_v123_RC1 YRP/ASProtect_v12x_New_Strain_additional YRP/Microsoft_Visual_Basic_v50 YRP/ASProtect_v12x_New_Strain YRP/ASProtect_v11_BRS YRP/ASProtect_V2X_Registered_Alexey_Solodovnikov YRP/ASProtect_133_21_Registered_Alexey_Solodovnikov YRP/VMProtect_1704_phpbb3 YRP/ASProtect_v12_additional YRP/ASProtect_123_RC4_130824_Solodovnikov_Alexey YRP/ASProtect_133_21_Registered_Alexey_Solodovnikov_additional YRP/ASProtect13321RegisteredAlexeySolodovnikov YRP/ASProtectv12xNewStrain YRP/ASProtectv123RC1 YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay

YRP/VirtualPC_Detection YRP/vmdetect YRP/anti_dbg YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasRichSignature

YRP/excel_XML YRP/pgml YRP/wmf YRP/amf YRP/x3d YRP/_3dxml YRP/escalate_priv YRP/screenshot YRP/win_token YRP/win_private_profile YRP/AHTeam_EP_Protector_03_fake_PCGuard_403_415_FEUERRADER YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature