MalShare

A free Malware repository providing researchers access to samples, malicous feeds, and Yara results.

Recently added Samples

MD5 Hash	File type	Added	Source	Yara Hits
401b0c9cd91448408e64861079c48be0	PE32+	2019-11-20 09:32:13 UTC	http://211.220.181.146:443/o/cpu64.exe	YRP/Armadillo_v4x YRP/IsPE64 YRP/IsConsole [+] YRP/IsPacked YRP/HasOverlay YRP/HasDigitalSignature YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/Str_Win32_Winsock2_Library YRP/UPX YRP/suspicious_packer_section
edcd97dd0304f785a4c11dc004983669	PE32	2019-11-20 09:32:11 UTC	User Submission	YRP/IsPE32 YRP/IsConsole YRP/IsBeyondImageSize [+] YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VM_Generic_Detection YRP/DebuggerException__SetConsoleCtrl YRP/ThreadControl__Context YRP/SEH__vectored YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/network_udp_sock YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/keylogger YRP/win_registry YRP/win_token YRP/win_files_operation YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/Str_Win32_Winsock2_Library
91849fa36fe10962e05c7bc00dfe2b0c	PE32	2019-11-20 09:32:05 UTC	http://211.220.181.146:443/o/cpu32.exe	YRP/UPX_v0896_v102_v105_v122_Delphi_stub_additional YRP/UPX_v0896_v102_v105_v122_Delphi_stub_Laszlo_Markus YRP/UPX_wwwupxsourceforgenet_additional [+] YRP/MSLRH_V031_emadicius YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h YRP/UPX_v0896_v102_v105_v122_Delphi_stub YRP/UPX_wwwupxsourceforgenet YRP/UPXProtectorv10x2 YRP/IsPE32 YRP/IsConsole YRP/IsPacked YRP/IsBeyondImageSize YRP/domain YRP/contentis_base64 YRP/UPX YRP/suspicious_packer_section
f85403b333a489e09f082e9e785a4f37	PE32+	2019-11-20 09:31:55 UTC	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsConsole [+] YRP/IsBeyondImageSize YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/DebuggerCheck__QueryInfo YRP/DebuggerException__SetConsoleCtrl YRP/anti_dbg YRP/network_udp_sock YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/bitcoin YRP/escalate_priv YRP/keylogger YRP/win_token YRP/win_files_operation YRP/Big_Numbers1 YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/Str_Win32_Winsock2_Library
09ae5ecc5634c5d83a97b5d04dfc4860	PE32+	2019-11-20 09:31:52 UTC	http://211.220.181.146:443/o/amd32.exe	YRP/IsPE64 YRP/IsConsole YRP/IsPacked [+] YRP/IsBeyondImageSize YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/UPX YRP/suspicious_packer_section
d62772aab4ce2a4301fb122de9155e61	PE32	2019-11-20 08:43:12 UTC	http://securefiless-001-site1.ftempurl.com/lmr.exe	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET [+] YRP/Microsoft_Visual_Studio_NET_additional YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/IsBeyondImageSize YRP/domain YRP/IP YRP/contentis_base64
3057c309282fad6f5c203b0c358f05c1	Dalvik	2019-11-20 08:31:03 UTC	User Submission
ee0a0f0e8a6a2f604a83d5a59f2789c4	PE32	2019-11-20 08:05:55 UTC	http://103.1.250.236:8080/4appverif.chm	YRP/Microsoft_Visual_Basic_v50 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsPacked YRP/IsBeyondImageSize YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/suspicious_packer_section
013983576cba765efffa2dc9ba4d328c	PE32	2019-11-20 07:25:45 UTC	http://gomyfiles.info/files/ready_32.exe	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional [+] YRP/Microsoft_Visual_Cpp_50 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/DebuggerCheck__QueryInfo YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_files_operation YRP/win_hook YRP/Delphi_Random
cd01501ae0207eb6f1dba4954ef910f8	PE32	2019-11-20 07:19:44 UTC	http://www.espace-developpement.org/calendar/hope.exe	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/IsBeyondImageSize YRP/domain YRP/IP YRP/contentis_base64

Total Samples: 3457972