MalShare

SHA256 Hash	File type	Added	Source	Yara Hits
58edea9b65d4948a1d597dda5ce2e038de2807a7632e82a46554f01638a2f3ee	PE32	2018-03-07 03:55:01	http://176.107.188.203/msupdate.exe	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
d5b1183cad103ba8d1e8ac590ec9d9af8f29cf4b386957b4a94bb6070d17ba34	PE32	2018-03-07 03:55:27	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
71b0096170ce81b22f524bc51d6b2ca9005ccd7d2ffbed84bc5e4e16f45f08fb	PE32	2018-03-07 03:55:28	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
12651749cd4f3bca50cda8259ee2c82c52034b12ff03f08a985cd6b16b1177e1	PE32	2018-03-07 03:55:29	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
c5f1daaa4d35896b13cdd1e3024ba61ec6fb0ff557dc8594233a46827054c335	PE32	2018-03-07 03:55:30	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
21ca06b18698d14154a45822aaae1e3837d168cc7630bcd3ec3d8c68aaa959e6	PE32	2018-03-07 04:21:20	User Submission	CuckooSandbox/embedded_macho CuckooSandbox/vmdetect FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet [+] BAMFDetect/DarkComet
6ebf97d137b91712b7f3484460be11c31e79f8ccd7a9b92ca6ce68338f8fc67d	PE32	2018-03-07 04:22:06	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
b083affa61742de62cdf8301f777d074d3e23c9e42c35375672d9560c77f8bc6	PE32	2018-04-05 17:44:49	http://onedrivenet.xyz/work/exe/7.exe	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
9385d7e149bcda79e5a4291ad422c160be8297d029d04ee04c50240fe53aa900	PE32+	2018-05-24 02:58:05	User Submission	CuckooSandbox/vmdetect YRP/webshell_iMHaPFtp_2 YRP/webshell_caidao_shell_guo YRP/webshell_cihshell_fix [+] YRP/webshell_asp_EFSO_2 YRP/webshell_caidao_shell_ice_2 YRP/webshell_asp_ice YRP/webshell_asp_404 YRP/webshell_webshell_cnseay02_1 YRP/webshell_php_fbi YRP/webshell_B374kPHP_B374k YRP/webshell_caidao_shell_404 YRP/webshell_ASP_aspydrv YRP/webshell_Dx_Dx YRP/webshell_MySQL_Web_Interface_Version_0_8 YRP/webshell_wsb_idc YRP/webshell_webshell_cnseay_x YRP/webshell_phpkit_0_1a_odd YRP/webshell_Java_Shell YRP/webshell_simple_backdoor YRP/webshell_PHP_c37 YRP/webshell_PHP_b37 YRP/webshell_ghost_source_icesword_silic YRP/webshell_gfs_sh_r57shell_r57shell127_SnIpEr_SA_xxx YRP/webshell_itsec_PHPJackal_itsecteam_shell_jHn YRP/webshell_phpspy_2005_full_phpspy_2005_lite_phpspy_2006_PHPSPY YRP/webshell_webshells_new_con2 YRP/webshell_Expdoor_com_ASP YRP/webshell_webshells_new_php2 YRP/webshell_bypass_iisuser_p YRP/webshell_sig_404super YRP/webshell_webshells_new_JSP YRP/webshell_dev_core YRP/webshell_webshells_new_pHp YRP/webshell_webshells_new_pppp YRP/webshell_webshells_new_code YRP/webshell_webshells_new_xxxx YRP/webshell_webshells_new_PHP1 YRP/webshell_webshells_new_php6 YRP/webshell_GetPostpHp YRP/webshell_webshells_new_php5 YRP/perlbot_pl YRP/php_backdoor_php YRP/Liz0ziM_Private_Safe_Mode_Command_Execuriton_Bypass_Exploit_php YRP/shankar_php_php YRP/Casus15_php_php YRP/small_php_php YRP/shellbot_pl YRP/fuckphpshell_php YRP/ngh_php_php YRP/jsp_reverse_jsp YRP/Tool_asp YRP/NT_Addy_asp YRP/SimAttacker___Vrsion_1_0_0___priv8_4_My_friend_php YRP/phvayvv_php_php YRP/r57shell_php_php YRP/rst_sql_php_php YRP/wh_bindshell_py YRP/lurm_safemod_on_cgi YRP/c99madshell_v2_0_php_php YRP/w3d_php_php YRP/WinX_Shell_html YRP/Dx_php_php YRP/csh_php_php YRP/pHpINJ_php_php YRP/sig_2008_php_php YRP/ak74shell_php_php YRP/Rem_View_php_php YRP/STNC_php_php YRP/aZRaiLPhp_v1_0_php YRP/zacosmall_php YRP/CmdAsp_asp YRP/simple_backdoor_php YRP/mysql_shell_php YRP/Dive_Shell_1_0___Emperor_Hacking_Team_php YRP/Asmodeus_v0_1_pl YRP/Reader_asp YRP/phpshell17_php YRP/SimShell_1_0___Simorgh_Security_MGZ_php YRP/jspshall_jsp YRP/rootshell_php YRP/connectback2_pl YRP/shells_PHP_wso YRP/backdoor1_php YRP/elmaliseker_asp YRP/s72_Shell_v1_1_Coding_html YRP/hidshell_php_php YRP/kacak_asp YRP/PHP_Backdoor_Connect_pl_php YRP/Antichat_Socks5_Server_php_php YRP/Antichat_Shell_v1_3_php YRP/Safe_Mode_Bypass_PHP_4_4_2_and_PHP_5_1_2_php YRP/cyberlords_sql_php_php YRP/Ayyildiz_Tim___AYT__Shell_v_2_1_Biz_html YRP/EFSO_2_asp YRP/lamashell_php YRP/Ajax_PHP_Command_Shell_php YRP/JspWebshell_1_2_jsp YRP/Sincap_php_php YRP/sh_php_php YRP/phpjackal_php YRP/sql_php_php YRP/cgi_python_py YRP/telnetd_pl YRP/php_include_w_shell_php YRP/Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php YRP/shell_php_php YRP/telnet_cgi YRP/ironshell_php YRP/backdoorfr_php YRP/aspydrv_asp YRP/cmdjsp_jsp YRP/h4ntu_shell__powered_by_tsoi_ YRP/Ajan_asp YRP/PHANTASMA_php YRP/MySQL_Web_Interface_Version_0_8_php YRP/multiple_webshells_0002 YRP/multiple_webshells_0003 YRP/multiple_webshells_0005 YRP/multiple_webshells_0010 YRP/multiple_webshells_0015 YRP/multiple_webshells_0016 YRP/multiple_php_webshells YRP/multiple_webshells_0019 YRP/multiple_webshells_0022 YRP/multiple_webshells_0030 YRP/multiple_webshells_0031 YRP/PHP_Cloaked_Webshell_SuperFetchExec YRP/WebShell_simattacker YRP/WebShell_b374k_mini_shell_php_php YRP/WebShell_b374k_php YRP/WebShell_SimAttacker___Vrsion_1_0_0___priv8_4_My_friend YRP/WebShell_h4ntu_shell__powered_by_tsoi_ YRP/WebShell_php_webshells_MyShell YRP/WebShell_Liz0ziM_Private_Safe_Mode_Command_Execuriton_Bypass_Exploit YRP/WebShell_php_backdoor YRP/WebShell_php_webshells_pHpINJ YRP/WebShell_php_webshells_NGH YRP/WebShell_php_webshells_matamu YRP/WebShell_ru24_post_sh YRP/WebShell_hiddens_shell_v1 YRP/WebShell_safe0ver YRP/WebShell_lamashell YRP/WebShell_Simple_PHP_backdoor_by_DK YRP/WebShell_AK_74_Security_Team_Web_Shell_Beta_Version YRP/WebShell_qsd_php_backdoor YRP/WebShell_Ayyildiz_Tim___AYT__Shell_v_2_1_Biz YRP/WebShell_WinX_Shell YRP/WebShell_php_include_w_shell YRP/WebShell_PhpSpy_Ver_2006 YRP/WebShell_go_shell YRP/WebShell_zehir4_asp_php YRP/WebShell_CasuS_1_5 YRP/WebShell__findsock_php_findsock_shell_php_reverse_shell YRP/Unpack_Injectt YRP/FeliksPack3___PHP_Shells_ssh YRP/bin_Client YRP/ZXshell2_0_rar_Folder_ZXshell YRP/RkNTLoad YRP/binder2_binder2 YRP/thelast_orice2 YRP/sendmail YRP/FSO_s_zehir4 YRP/hkshell_hkshell YRP/DarkSpy105 YRP/EditServer_Webshell YRP/FSO_s_reader YRP/svchostdll YRP/HYTop_DevPack_server YRP/vanquish YRP/BIN_Client YRP/Simple_PHP_BackDooR YRP/hkshell_hkrmv YRP/FeliksPack3___PHP_Shells_phpft YRP/bdcli100 YRP/rdrbs084 YRP/HYTop_CaseSwitch_2005 YRP/FSO_s_casus15_2 YRP/installer YRP/elmaliseker YRP/shelltools_g0t_root_resolve YRP/shelltools_g0t_root_Fport YRP/HYTop_DevPack_upload YRP/PasswordReminder YRP/rknt_zip_Folder_RkNT YRP/dbgntboot YRP/PHP_shell YRP/rdrbs100 YRP/Mithril_Mithril YRP/hkdoordll YRP/Mithril_v1_45_dllTest YRP/dbgiis6cli YRP/Debug_cress YRP/FeliksPack3___PHP_Shells_usr YRP/FSO_s_phpinj YRP/xssshell_db YRP/EditServer_Webshell_2 YRP/by064cli YRP/Mithril_dllTest YRP/connector YRP/shelltools_g0t_root_HideRun YRP/regshell YRP/PHP_Shell_v1_7 YRP/xssshell_save YRP/screencap YRP/ZXshell2_0_rar_Folder_zxrecv YRP/_root_040_zip_Folder_deploy YRP/by063cli YRP/icyfox007v1_10_rar_Folder_asp YRP/byshell063_ntboot_2 YRP/shelltools_g0t_root_xwhois YRP/vanquish_2 YRP/ZXshell2_0_rar_Folder_nc YRP/BIN_Server YRP/HYTop2006_rar_Folder_2006 YRP/HDConfig YRP/Pastebin_Webshell YRP/chinese_spam_echoer YRP/blackhole2_jar YRP/blackhole2_jar2 YRP/blackhole2_jar3 YRP/blackhole2_pdf YRP/blackhole1_jar YRP/blackhole2_htm YRP/blackhole2_htm10 YRP/blackhole2_htm11 YRP/blackhole2_htm12 YRP/blackhole2_htm3 YRP/blackhole2_htm4 YRP/blackhole2_htm5 YRP/blackhole2_htm6 YRP/blackhole2_htm8 YRP/phoenix_html YRP/phoenix_html10 YRP/phoenix_html11 YRP/phoenix_html2 YRP/phoenix_html3 YRP/phoenix_html4 YRP/phoenix_html5 YRP/phoenix_html6 YRP/phoenix_html7 YRP/phoenix_html8 YRP/phoenix_html9 YRP/phoenix_jar YRP/phoenix_jar2 YRP/phoenix_jar3 YRP/phoenix_pdf YRP/phoenix_pdf2 YRP/phoenix_pdf3 YRP/sakura_jar YRP/sakura_jar2 YRP/eleonore_jar YRP/eleonore_jar2 YRP/eleonore_jar3 YRP/eleonore_js YRP/eleonore_js2 YRP/eleonore_js3 YRP/zerox88_js2 YRP/zerox88_js3 YRP/crimepack_jar YRP/crimepack_jar3 YRP/angler_flash YRP/angler_flash2 YRP/angler_flash4 YRP/angler_flash5 YRP/angler_flash_uncompressed YRP/angler_html YRP/angler_html2 YRP/angler_js YRP/bleedinglife2_adobe_2010_1297_exploit YRP/bleedinglife2_adobe_2010_2884_exploit YRP/bleedinglife2_jar2 YRP/bleedinglife2_java_2010_0842_exploit YRP/zeus_js YRP/fragus_htm YRP/fragus_js YRP/fragus_js2 YRP/fragus_js_flash YRP/fragus_js_java YRP/fragus_js_quicktime YRP/fragus_js_vml YRP/zeroaccess_css YRP/zeroaccess_css2 YRP/zeroaccess_htm YRP/zeroaccess_js YRP/zeroaccess_js2 YRP/zeroaccess_js3 YRP/zeroaccess_js4 YRP/possible_includes_base64_packed_functions YRP/Microsoft_Visual_Cpp_V80_Debug YRP/Microsoft_Visual_Cpp_80_Debug_ YRP/Microsoft_Visual_Cpp_80_Debug YRP/silent_banker YRP/zbot YRP/Borland YRP/EnigmaProtector1XSukhovVladimirSergeNMarkin YRP/SPLayerv008 YRP/eXPressorv13CGSoftLabs YRP/Upackv032BetaDwing YRP/WiseInstallerStub YRP/AnskyaNTPackerGeneratorAnskya YRP/NsPack14byNorthStarLiuXingPing YRP/EmbedPEV100V124cyclotron YRP/SetupFactoryv6003SetupLauncher YRP/IMPPacker10MahdiHezavehiIMPOSTER YRP/PEProtectv09 YRP/UPXv20MarkusLaszloReiser YRP/PECompactv200alpha38 YRP/FreeCryptor01build001GlOFF YRP/UnnamedScrambler11Cp0ke YRP/PAVCryptorPawningAntiVirusCryptormasha_dev YRP/EncryptPEV22006115WFS YRP/PrincessSandyv10eMiNENCEProcessPatcherPatch YRP/ocBat2Exe10OC YRP/ASDPack20asd YRP/EXECryptor2021protectedIAT YRP/ThemidaWinLicenseV1XNoCompressionSecureEngineOreansTechnologies YRP/WinUpackv030betaByDwing YRP/ExeSafeguardv10simonzh YRP/PrivateEXEProtector20SetiSoft YRP/NTkrnlSecureSuite01015DLLNTkrnlSoftware YRP/UPXHiTv001DJSiba YRP/Vpackerttui YRP/eXPressorv12CGSoftLabs YRP/Enigmaprotector110111VladimirSukhov YRP/Obsidium1336ObsidiumSoftware YRP/MarjinZEXEScramblerSEbyMarjinZ YRP/Packman0001Bubbasoft YRP/aPackv098bDSESnotsaved YRP/ASProtectvIfyouknowthisversionpostonPEiDboardh2 YRP/AntiDote12DLLDemoSISTeam YRP/Themida1201OreansTechnologies YRP/ASProtectSKE21xexeAlexeySolodovnikov YRP/EXECryptorV21Xsoftcompletecom YRP/RCryptorv11Vaska YRP/nSpackV2xLiuXingPing YRP/MetrowerksCodeWarriorv20GUI YRP/UnnamedScrambler21Beta211p0ke YRP/NoodleCryptv20 YRP/BlindSpot10s134k YRP/DropperCreatorV01Conflict YRP/dUP2xPatcherwwwdiablo2oo2cjbnet YRP/EXECryptor2223compressedcodewwwstrongbitcom YRP/PolyCryptPE214b215JLabSoftwareCreationshoep YRP/MetrowerksCodeWarriorv20Console YRP/Upackv036alphaDwing YRP/NETDLLMicrosoft YRP/CelsiusCrypt21Z3r0 YRP/CreateInstallv200335 YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/Petite21 YRP/VProtectorvcasm YRP/XPackv142 YRP/ExeSplitter13SplitCryptMethodBillPrisonerTPOC YRP/EXECryptor224StrongbitSoftCompleteDevelopmenth3 YRP/ASProtectv12AlexeySolodovnikovh1 YRP/LY_WGKXwwwszleyucom YRP/Enigmaprotector110unregistered YRP/Upackv037v038BetaStripbaserelocationtableOptionDwing YRP/NTkrnlSecureSuiteNTkrnlteam YRP/AaseCrypterbysantasdad YRP/aPackv098bJibz YRP/UPackv011Dwing YRP/NsPacKNetLiuXingPing YRP/RLPv073betaap0x YRP/MetrowerksCodeWarriorDLLv20 YRP/PESpinv04x YRP/D1NS1GD1N YRP/MoleBoxv230Teggo YRP/Petite14 YRP/Petite13 YRP/RosAsm2050aBetov YRP/ACProtect14xRISCOsoft YRP/PEZipv10byBaGIE YRP/NsPackV2XLiuXingPing YRP/KBysPacker028BetaShoooo YRP/AntiDote12DemoSISTeam YRP/VProtector0X12Xvcasm YRP/VIRUSIWormKLEZ YRP/OpenSourceCodeCrypterp0ke YRP/QrYPt0rbyNuTraL YRP/EXECryptor2xxmaxcompressedresources YRP/MSLRHv032aemadicius YRP/EXECryptor2xxcompressedresources YRP/PolyBoxCAnskya YRP/UPolyXv05 YRP/PrivatePersonalPackerPPP102ConquestOfTroycom YRP/ENIGMAProtectorSukhovVladimir YRP/PuNkMoD1xPuNkDuDe YRP/InnoSetupModulev2018 YRP/AntiDote10Demo12SISTeam YRP/nSpackV23LiuXingPing YRP/NsPackv23NorthStar YRP/NTkrnlSecureSuite01015NTkrnlSoftware YRP/CrunchPEv40 YRP/hmimysProtectv10 YRP/PEPaCKv10CCopyright1998byANAKiN YRP/Upack022023betaDwing YRP/kkrunchyv017FGiesen YRP/ACProtectUltraProtect10X20XRiSco YRP/RLPV073betaap0x YRP/yCv13byAshkbizDanehkar YRP/PerlApp602ActiveState YRP/UPXProtectorv10x2 YRP/CodeVirtualizer1310OreansTechnologies YRP/VProtector13Xvcasm YRP/PEQuake006forgat YRP/D1S1Gv11BetaScrambledEXED1N YRP/UPX20030XMarkusOberhumerLaszloMolnarJohnReiser YRP/UnnamedScrambler12Bp0ke YRP/LauncherGeneratorv103 YRP/NakedPacker10byBigBoote YRP/ActiveMARK5xTrymediaSystemsInc YRP/AsCryptv01SToRM2 YRP/AsCryptv01SToRM3 YRP/AsCryptv01SToRM4 YRP/PackItBitch10archphase YRP/SafeDiscv4 YRP/EXECryptorv153 YRP/Crunch5Fusion4 YRP/NorthStarPEShrinkerv13byLiuxingping YRP/Armadillo430aSiliconRealmsToolworks YRP/STProtectorV15SilentSoftware YRP/ANDpakk2006DmitryAndreev YRP/NETexecutableMicrosoft YRP/AZProtect0001byAlexZakaAZCRC YRP/ExeSplitter12BillPrisonerTPOC YRP/Morphinev27Holy_FatherRatter29A YRP/EnigmaProtector11X13XSukhovVladimirSergeNMarkin YRP/AsCryptv01SToRM1 YRP/MaskPE16yzkzero YRP/ASProtectv20 YRP/UnnamedScrambler10p0ke YRP/UPXHiT001DJSiba YRP/yPv10bbyAshkbizDanehkar YRP/MSLRHv031a YRP/Upackv039finalDwing YRP/FakeNinjav28Spirit YRP/DragonArmorOrient YRP/Upackv032BetaPatchDwing YRP/Apex30alpha500mhz YRP/ExeSplitter13SplitMethodBillPrisonerTPOC YRP/RJoiner12aVaska YRP/UPXInlinerv10byGPcH YRP/SLVc0deProtector060SLVICU YRP/Upackv029Betav031BetaDwing YRP/AlexProtector10beta2byAlex YRP/MoleBoxv254Teggo YRP/Themida10xx18xxnocompressionOreansTechnologies YRP/PolyBoxDAnskya YRP/nBinderv40 YRP/SimplePack12build3009Method2bagie YRP/RSCsProcessPatcherv151 YRP/VMProtect106107PolyTech YRP/USSR031bySpirit YRP/ASProtectv123RC4build0807exeAlexeySolodovnikov YRP/eXPressorProtection150XCGSoftLabs YRP/XHider10GlobaL YRP/UnnamedScrambler25Ap0ke YRP/InnoSetupModule YRP/FreeCryptor01build002GlOFF YRP/NTPackerV2XErazerZ YRP/SiliconRealmsInstallStub YRP/MoleBoxv20 YRP/AI1Creator1Beta2byMZ YRP/Setup2GoInstallerStub YRP/mkfpackllydd YRP/PrivateexeProtectorV18SetiSoftTeam YRP/DotFixNiceProtect21GPcHSoft YRP/SimplePackV11XMethod2bagie YRP/NullsoftInstallSystemv20 YRP/SLVc0deProtectorv11SLV YRP/PEArmor04600759hying YRP/RpolycryptbyVaska2003071841 YRP/DevCv4 YRP/DevCv5 YRP/UnderGroundCrypterbyBooster2000 YRP/PrivateEXEProtector18 YRP/PolyCryptPE214b215JLabSoftwareCreationshsigned YRP/MEW10byNorthfox YRP/MaskPEV20yzkzero YRP/ChinaProtectdummy YRP/MinkeV101Codius YRP/ElicenseSystemV4000ViaTechInc YRP/PEStubOEPv1x YRP/EXECryptor2117StrongbitSoftCompleteDevelopment YRP/GHFProtectorpackonlyGPcH YRP/UPXV194MarkusOberhumerLaszloMolnarJohnReiser YRP/SoftComp1xBGSoftPT YRP/PeCompact2253276BitSumTechnologies YRP/FlyCrypter10ut1lz YRP/RSCsProcessPatcherv14 YRP/hmimysPacker10hmimys YRP/RLPackV112V114LZMA430ap0x YRP/EXECryptorV22Xsoftcompletecom YRP/PeStubOEPv1x YRP/DEFv10 YRP/UnnamedScrambler251Beta2252p0ke YRP/PrivateEXEProtector18SetiSoft YRP/Safe20 YRP/MZ_Crypt10byBrainSt0rm YRP/NTKrnlPackerAshkbizDanehkar YRP/NME11Publicbyredlime YRP/FakeNinjav28AntiDebugSpirit YRP/EnigmaProtector10XSukhovVladimir YRP/PEProtect09byCristophGabler1998 YRP/RCryptorv16dVaska YRP/Enigmaprotector112VladimirSukhov YRP/PolyEnEV001LennartHedlund YRP/TrainerCreationKitv5Trainer YRP/EXEStealthv273 YRP/EXEStealthv274 YRP/ProtectSharewareV11eCompservCMS YRP/Upackv035alphaDwing YRP/InnoSetupModulev304betav306v307 YRP/ASDPackv10asd YRP/ORiENV1XV2XFisunAV YRP/ARMProtector03bySMoKE YRP/DzAPatcherv13Loader YRP/NullsoftPiMPInstallSystemv1x YRP/EXECryptor2223protectedIAT YRP/Morphinev33SilentSoftwareSilentShieldc2005 YRP/VMProtect07x08PolyTech YRP/WerusCrypter10Kas YRP/PEQuakev006byfORGAT YRP/Anti007V26LiuXingPing YRP/aPackv098m YRP/BamBamv001Bedrock YRP/EXEStealthv25 YRP/Shrinker33 YRP/Shrinker32 YRP/Shrinker34 YRP/eXPressorv120b YRP/SCObfuscatorSuperCRacker YRP/eXPressorv14CGSoftLabs YRP/PUNiSHERV15FEUERRADER YRP/nMacrorecorder10 YRP/iPBProtectv013 YRP/PrivateEXEProtector197SetiSoft YRP/FSGv20 YRP/SimplePack1XMethod2bagie YRP/FishPEShield112116HellFish YRP/PrivateexeProtector20SetiSoftTeam YRP/PEBundlev310 YRP/PECompactv2xx YRP/Armadillo440SiliconRealmsToolworks YRP/EXEStealth276UnregisteredWebtoolMaster YRP/ABCCryptor10byZloY YRP/RLPackV112V114aPlib043ap0x YRP/Crypter31SLESH YRP/FreeCryptor02build002GlOFF YRP/PackItBitchV10archphase YRP/NullsoftInstallSystemv20b4 YRP/BeRoEXEPackerV100BeRo YRP/VIRUSIWormHybris YRP/GPInstallv50332 YRP/VIRUSIWormBagle YRP/UnnamedScrambler20p0ke YRP/NsPackv31NorthStar YRP/HyingsPEArmor075exeHyingCCG YRP/SimplePack121build0909Method2bagie YRP/UnnamedScrambler12C12Dp0ke YRP/AlexProtectorv04beta1byAlex YRP/FishPEShield101HellFish YRP/PrivateexeProtector21522XSetiSoftTeam YRP/PiCryptor10byScofield YRP/PEArmor07600765hying YRP/VBOXv43v46 YRP/ARMProtectorv01bySMoKE YRP/NullsoftInstallSystemv20a0 YRP/D1S1Gv11betaD1N YRP/INCrypter03INinYbyz3e_NiFe YRP/MorphineV27Holy_FatherRatter29A YRP/nBinderv361 YRP/MatrixDongleTDiGmbH YRP/NullsoftInstallSystemv20RC2 YRP/MSLRHv01emadicius YRP/VProtector11A12vcasm YRP/codeCrypter031 YRP/RLPackFullEditionV11Xap0x YRP/Escargot01byueMeat YRP/ACProtectv135riscosoftwareIncAnticrackSoftware YRP/winrar_sfx YRP/mpress_2_xx_net YRP/rpx_1_xx YRP/dotfuscator YRP/AutoIt_2 YRP/IsPE64 YRP/IsWindowsGUI YRP/HasTaggantSignature YRP/HasRichSignature YRP/free_pascal YRP/borland_delphi_dll YRP/AutoIt YRP/email_Ukraine_power_attack_content YRP/davivienda YRP/with_attachment YRP/content YRP/CryptoWall_Resume_phish YRP/possible_exploit YRP/XDP_embedded_PDF YRP/Contains_hidden_PE_File_inside_a_sequence_of_numbers YRP/Contains_UserForm_Object YRP/powershell YRP/maldoc_API_hashing YRP/maldoc_indirect_function_call_1 YRP/maldoc_indirect_function_call_2 YRP/maldoc_indirect_function_call_3 YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/macrocheck YRP/malrtf_ole2link YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/maldoc_OLE_file_magic_number YRP/System_Tools YRP/Browsers YRP/RE_Tools YRP/Antivirus YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Parallels_Detection YRP/Qemu_Detection YRP/Dropper_Strings YRP/AutoIT_compiled_script YRP/Obfuscated_Strings YRP/Base64d_PE YRP/Misc_Suspicious_Strings YRP/BITS_CLSID YRP/DebuggerCheck__PEB YRP/DebuggerCheck__GlobalFlags YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/DebuggerHiding__Active YRP/DebuggerException__ConsoleCtrl YRP/DebuggerException__SetConsoleCtrl YRP/ThreadControl__Context YRP/DebuggerCheck__DrWatson YRP/SEH__v3 YRP/SEH__v4 YRP/SEH__vba YRP/SEH__vectored YRP/Check_Wine YRP/vmdetect YRP/Check_FilePaths YRP/Check_OutputDebugStringA_iat YRP/WMI_VM_Detect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/antivm_vmware YRP/disable_antivirus YRP/disable_firewall YRP/disable_dep YRP/inject_thread YRP/create_service YRP/create_com_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_dyndns YRP/network_smtp_dotNet YRP/network_smtp_raw YRP/network_smtp_vb YRP/network_p2p_win YRP/network_irc YRP/network_http YRP/network_dropper YRP/network_ftp YRP/network_tcp_socket YRP/network_dns YRP/network_ssl YRP/network_dga YRP/bitcoin YRP/escalate_priv YRP/screenshot YRP/lookupip YRP/lookupgeo YRP/keylogger YRP/cred_local YRP/sniff_audio YRP/cred_ff YRP/cred_vnc YRP/cred_ie7 YRP/sniff_lan YRP/migrate_apc YRP/spreading_file YRP/spreading_share YRP/rat_vnc YRP/rat_rdp YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/vmdetect_misc YRP/genericSMS YRP/genericSMS2 YRP/dropper YRP/tachi YRP/android_meterpreter YRP/android_metasploit YRP/dowgin YRP/adware YRP/dropperMapin YRP/Mapin YRP/SlemBunk YRP/xbot007 YRP/moscow_fake YRP/marcher1 YRP/marcher2 YRP/marcher3 YRP/Trojan_Dendroid YRP/SpyNet YRP/smsfraud1 YRP/Mal_http_EXE YRP/cve_2013_0074 YRP/Linux_DirtyCow_Exploit YRP/Exploit_MS15_077_078 YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers2 YRP/Big_Numbers3 YRP/Prime_Constants_char YRP/Prime_Constants_long YRP/Advapi_Hash_API YRP/Crypt32_CryptBinaryToString_API YRP/CRC32c_poly_Constant YRP/CRC32_poly_Constant YRP/CRC32_table YRP/CRC32_table_lookup YRP/CRC32b_poly_Constant YRP/CRC16_table YRP/FlyUtilsCnDES_ECB_Encrypt YRP/FlyUtilsCnDES_ECB_Decrypt YRP/Elf_Hash YRP/BLOWFISH_Constants YRP/MD5_Constants YRP/MD5_API YRP/RC6_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/TEAN YRP/WHIRLPOOL_Constants YRP/DarkEYEv3_Cryptor YRP/Miracl_powmod YRP/Miracl_crt YRP/CryptoPP_a_exp_b_mod_c YRP/CryptoPP_modulo YRP/FGint_MontgomeryModExp YRP/FGint_FGIntModExp YRP/FGint_MulByInt YRP/FGint_DivMod YRP/FGint_FGIntDestroy YRP/FGint_Base10StringToGInt YRP/FGint_ConvertBase256to64 YRP/FGint_ConvertHexStringToBase256String YRP/FGint_Base256StringToGInt YRP/FGint_FGIntToBase256String YRP/FGint_ConvertBase256StringToHexString YRP/FGint_PGPConvertBase256to64 YRP/FGint_RSAEncrypt YRP/FGint_RsaDecrypt YRP/FGint_RSAVerify YRP/FGint_FindPrimeGoodCurveAndPoint YRP/FGint_ECElGamalEncrypt YRP/FGint_ECAddPoints YRP/FGint_ECPointKMultiple YRP/FGint_ECPointDestroy YRP/FGint_DSAPrimeSearch YRP/FGint_DSASign YRP/FGint_DSAVerify YRP/DES_Long YRP/DES_sbox YRP/DES_pbox_long YRP/OpenSSL_BN_mod_exp2_mont YRP/OpenSSL_BN_mod_exp_mont YRP/OpenSSL_BN_mod_exp_recp YRP/OpenSSL_BN_mod_exp_simple YRP/OpenSSL_BN_mod_exp_inverse YRP/OpenSSL_DSA YRP/FGint_RsaSign YRP/LockBox_RsaEncryptFile YRP/LockBox_DecryptRsaEx YRP/LockBox_EncryptRsaEx YRP/LockBox_TlbRsaKey YRP/BigDig_bpInit YRP/BigDig_mpModExp YRP/BigDig_mpModInv YRP/BigDig_mpModMult YRP/BigDig_mpModulo YRP/BigDig_spModExpB YRP/BigDig_spModInv YRP/BigDig_spModMult YRP/CryptoPP_ApplyFunction YRP/CryptoPP_RsaFunction YRP/CryptoPP_Integer_constructor YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_CHAR_inv YRP/RijnDael_AES_LONG YRP/RsaRef2_NN_modExp YRP/RsaRef2_NN_modInv YRP/RsaRef2_NN_modMult YRP/RsaRef2_RsaPrivateDecrypt YRP/RsaRef2_RsaPrivateEncrypt YRP/RsaRef2_RsaPublicDecrypt YRP/RsaRef2_RsaPublicEncrypt YRP/RsaEuro_NN_modInv YRP/RsaEuro_NN_modMult YRP/Miracl_Big_constructor YRP/Miracl_mirvar YRP/Miracl_mirsys_init YRP/BASE64_table YRP/Delphi_Random YRP/Delphi_RandomRange YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_IntToStr YRP/Delphi_StrToInt YRP/Delphi_DecodeDate YRP/Unknown_Random YRP/VC6_Random YRP/VC8_Random YRP/DCP_RIJNDAEL_Init YRP/DCP_RIJNDAEL_EncryptECB YRP/DCP_BLOWFISH_Init YRP/DCP_BLOWFISH_EncryptCBC YRP/DCP_DES_Init YRP/DCP_DES_EncryptECB YRP/TeslaCrypt YRP/Shifu YRP/WoolenGoldfish_Generic_3 YRP/Cerberus YRP/dump_sales_quote_payment YRP/dump_sales_order YRP/md5_64651cede2467fdeb1b3b7e6ff3f81cb YRP/md5_6bf4910b01aa4f296e590b75a3d25642 YRP/fopo_webshell YRP/eval_post YRP/spam_mailer YRP/md5_2c37d90dd2c9c743c273cb955dd83ef6 YRP/md5_3ccdd51fe616c08daafd601589182d38 YRP/md5_4b69af81b89ba444204680d506a8e0a1 YRP/md5_71a7c769e644d8cf3cf32419239212c7 YRP/md5_87cf8209494eedd936b28ff620e28780 YRP/md5_fb9e35bf367a106d18eb6aa0fe406437 YRP/md5_8e5f7f6523891a5dcefcbb1a79e5bbe9 YRP/eval_base64_decode_a YRP/md5_ab63230ee24a988a4a9245c2456e4874 YRP/md5_d30b23d1224438518d18e90c218d7c8b YRP/md5_24f2df1b9d49cfb02d8954b08dba471f YRP/md5_fd141197c89d27b30821f3de8627ac38 YRP/visbot YRP/md5_4c4b3d4ba5bce7191a5138efa2468679 YRP/md5_6eb201737a6ef3c4880ae0b8983398a9 YRP/md5_d201d61510f7889f1a47257d52b15fa2 YRP/md5_06e3ed58854daeacf1ed82c56a883b04 YRP/md5_28690a72362e021f65bb74eecc54255e YRP/fake_magentoupdate_site YRP/md5_4aa900ddd4f1848a15c61a9b7acd5035 YRP/glassrat YRP/iexpl0reCode YRP/iexpl0reStrings YRP/iexpl0re YRP/memory_pivy YRP/memory_shylock YRP/Cloaked_as_JPG YRP/rtf_yahoo_ken YRP/ZXProxy YRP/EmiratesStatement YRP/SpyGate_v2_9 YRP/qadars YRP/shylock YRP/spyeye YRP/spyeye_plugins YRP/callTogether_certificate YRP/qti_certificate YRP/DownExecute_A YRP/Pandora YRP/Base64_encoded_Executable YRP/Invoke_mimikittenz YRP/Bublik YRP/Derkziel YRP/EquationGroup_elgingamble YRP/EquationGroup_sambal YRP/EquationGroup__jparsescan_parsescan_5 YRP/EquationGroup_Toolset_Apr17_Gen2 YRP/EquationGroup_Toolset_Apr17_ntevt YRP/EquationGroup_Toolset_Apr17_EXPA YRP/EquationGroup_Toolset_Apr17_DiBa_Target_BH YRP/EquationGroup_Toolset_Apr17_DiBa_Target YRP/EquationGroup_Toolset_Apr17_msgkd_msslu64_msgki_mssld YRP/EquationGroup_Toolset_Apr17__vtuner_vtuner_1 YRP/EquationGroup_Toolset_Apr17__ELV_ESKE_ETBL_ETRE_EVFR_11 YRP/LogPOS YRP/apt_regin_legspin YRP/apt_regin_rc5key YRP/apt_regin_dispatcher_disp_dll YRP/GEN_PowerShell YRP/backdoor_apt_pcclient YRP/apt_hellsing_implantstrings YRP/SharedStrings YRP/Njrat YRP/njrat1 YRP/win_exe_njRAT YRP/network_traffic_njRAT YRP/xDedic_SysScan_unpacked YRP/Ransom_CryptXXX_Dropper YRP/Ransom_CryptXXX_Real YRP/WimmieShellcode YRP/WimmieStrings YRP/Wimmie YRP/XOR_DDosv1 YRP/KelihosHlux YRP/Wabot YRP/TROJAN_Notepad YRP/CrowdStrike_Shamoon_DroppedFile YRP/EldoS_RawDisk YRP/APT_bestia YRP/FavoriteCode YRP/FavoriteStrings YRP/Trojan_W32_Gh0stMiancha_1_0_0 YRP/ThreatGroup3390_C2 YRP/korlia YRP/APT_DeputyDog_Fexel YRP/APT_DeputyDog YRP/onimiki YRP/backoff YRP/NaikonCode YRP/NaikonStrings YRP/Naikon YRP/PubSabCode YRP/PubSabStrings YRP/PubSab YRP/ChickenDOS_Linux YRP/DDosTf YRP/Win7Elevatev2 YRP/UACME_Akagi YRP/MacControlCode YRP/MacControlStrings YRP/MacControl YRP/CookiesStrings YRP/Cookies YRP/alina YRP/YayihCode YRP/YayihStrings YRP/Yayih YRP/viotto_keylogger YRP/MongalCode YRP/MongalStrings YRP/Mongal YRP/BoousetCode YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/StuxNet_Malware_1 YRP/Scieron YRP/IMulerCode YRP/IMulerStrings YRP/IMuler YRP/Furtim_nativeDLL YRP/GlassesCode YRP/Glasses YRP/EQGRP_create_dns_injection YRP/EQGRP_tunnel_state_reader YRP/EQGRP_eligiblecandidate YRP/EQGRP_sniffer_xml2pcap YRP/EQGRP_BananaAid YRP/EQGRP_shellcode YRP/EQGRP_jetplow_SH YRP/EQGRP_extrabacon YRP/EQGRP_sploit_py YRP/EQGRP_StoreFc YRP/EQGRP_callbacks YRP/EQGRP_Unique_Strings YRP/EQGRP_RC5_RC6_Opcode YRP/GoziRule YRP/gh0st YRP/WarpCode YRP/WarpStrings YRP/Warp YRP/HTTPSCANNER YRP/EnfalCode YRP/EnfalStrings YRP/Enfal YRP/QuarianStrings YRP/QuarianCode YRP/Quarian YRP/urausy_skype_dat YRP/AAR YRP/Ap0calypse YRP/Arcom YRP/BlackNix YRP/BlueBanana YRP/ClientMesh YRP/DarkRAT YRP/Greame YRP/HawkEye YRP/Imminent YRP/Infinity YRP/JavaDropper YRP/LostDoor YRP/LuminosityLink YRP/LuxNet YRP/NanoCore YRP/Paradox YRP/Plasma YRP/PredatorPain YRP/Punisher YRP/PythoRAT YRP/QRat YRP/SmallNet YRP/SpyGate YRP/Sub7Nation YRP/UPX YRP/Vertex YRP/unrecom YRP/dubseven_dropper_dialog_remains YRP/maindll_mutex YRP/SLServer_dialog_remains YRP/SLServer_mutex YRP/SLServer_command_and_control YRP/SLServer_campaign_code YRP/SLServer_unknown_string YRP/T5000Strings YRP/T5000 YRP/Misdat_Backdoor YRP/SType_Backdoor YRP/Zlib_Backdoor YRP/Ransom_Satana YRP/Ransom_Satana_Dropper YRP/dubrute YRP/universal_1337_stealer_serveur YRP/PoisonIvy_2 YRP/PE_File_pyinstaller YRP/ZhoupinExploitCrew YRP/BackDoorLogger YRP/Jasus YRP/NetC YRP/ShellCreator2 YRP/SmartCopy2 YRP/SynFlooder YRP/TinyZBot YRP/antivirusdetector YRP/csext YRP/kagent YRP/mimikatzWrapper YRP/pvz_in YRP/pvz_out YRP/wndTest YRP/zhCat YRP/zhLookUp YRP/zhmimikatz YRP/Zh0uSh311 YRP/OPCLEAVER_BackDoorLogger YRP/OPCLEAVER_Jasus YRP/OPCLEAVER_NetC YRP/OPCLEAVER_ShellCreator2 YRP/OPCLEAVER_SmartCopy2 YRP/OPCLEAVER_SynFlooder YRP/OPCLEAVER_TinyZBot YRP/OPCLEAVER_ZhoupinExploitCrew YRP/OPCLEAVER_antivirusdetector YRP/OPCLEAVER_csext YRP/OPCLEAVER_kagent YRP/OPCLEAVER_mimikatzWrapper YRP/OPCLEAVER_pvz_in YRP/OPCLEAVER_pvz_out YRP/OPCLEAVER_wndTest YRP/OPCLEAVER_zhLookUp YRP/OPCLEAVER_zhmimikatz YRP/Bolonyokte YRP/LinuxAESDDoS YRP/LinuxBillGates YRP/LinuxElknot YRP/LinuxMrBlack YRP/LinuxTsunami YRP/rootkit YRP/exploit YRP/ldpreload YRP/Locky_Ransomware YRP/Locky_Ransomware_2 YRP/BlackRev YRP/Retefe YRP/EzcobStrings YRP/Ezcob YRP/BlackShades2 YRP/BlackShades_4 YRP/BlackShades YRP/BlackShades_25052015 YRP/Tedroo YRP/Molerats_certs YRP/RSharedStrings YRP/GmRemoteStrings YRP/GmRemote YRP/SurtrStrings YRP/SurtrCode YRP/Surtr YRP/KeyBoy_Dropper YRP/KeyBoy_Backdoor YRP/apt_sofacy_xtunnel YRP/Payload_Exe2Hex YRP/Codoso_Gh0st_3 YRP/Codoso_Gh0st_1 YRP/Codoso_PGV_PVID_3 YRP/Codoso_PGV_PVID_1 YRP/EliseLotusBlossom YRP/Win32Toxic YRP/Crimson YRP/Win32OPCHavex YRP/Win32FertgerHavex YRP/Havex_Trojan_PHP_Server YRP/CSIT_14003_03 YRP/Turla_APT_Malware_Gen2 YRP/turla_dropper YRP/nAspyUpdateCode YRP/nAspyUpdateStrings YRP/nAspyUpdate YRP/dump_tool YRP/misc_pos YRP/unknown YRP/regex_pos YRP/regexpr_pos YRP/reg_pos YRP/sets_pos YRP/monitor_tool_pos YRP/keyfinder_tool YRP/memdump_diablo YRP/blazingtools YRP/sysocmgr YRP/lacy_keylogger YRP/searchinject YRP/heistenberg_pos YRP/pos_jack YRP/pos_memory_scrapper_ YRP/pos_uploader YRP/pos_chewbacca YRP/Cythosia YRP/Powerkatz_DLL_Generic YRP/APT_Win_Pipcreat YRP/NSFreeCode YRP/NSFreeStrings YRP/NSFree YRP/Careto_OSX_SBD YRP/Careto_CnC YRP/Careto_CnC_domains YRP/apt_win_exe_trojan_derusbi YRP/Trojan_Derusbi YRP/APT_Derusbi_DeepPanda YRP/APT_Derusbi_Gen YRP/derusbi_kernel YRP/apt_win32_dll_bergard_pgv_pvid_variant YRP/shimrat YRP/shimratreporter YRP/APT_Hikit_msrv YRP/RooterCode YRP/Rooter YRP/RookieStrings YRP/Rookie YRP/sinlesspleasure_com YRP/amasty_biz YRP/amasty_biz_js YRP/cloudfusion_me YRP/grelos_v YRP/hacked_domains YRP/jquery_code_su YRP/jquery_code_su_multi YRP/Trafficanalyzer_js YRP/atob_js YRP/googieplay_js YRP/mag_php_js YRP/thetech_org_js YRP/md5_cdn_js_link_js YRP/sendsafe YRP/BangatCode YRP/BangatStrings YRP/Bangat YRP/PassCV_Sabre_Malware_Signing_Cert YRP/PassCV_Sabre_Malware_Excalibur_1 YRP/PassCV_Sabre_Malware_5 YRP/apt_c16_win_memory_pcclient YRP/apt_c16_win_swisyn YRP/apt_c16_win_wateringhole YRP/Worm_Gamarue YRP/FiveEyes_QUERTY_Malwaresig_20123_cmdDef YRP/FiveEyes_QUERTY_Malwareqwerty_20123 YRP/FiveEyes_QUERTY_Malwaresig_20120_dll YRP/FiveEyes_QUERTY_Malwaresig_20120_cmdDef YRP/FiveEyes_QUERTY_Malwaresig_20121_cmdDef YRP/legion_777 YRP/APT3102Code YRP/apt_equation_exploitlib_mutexes YRP/apt_equation_equationlaser_runtimeclasses YRP/apt_equation_cryptotable YRP/apt_equation_keyword YRP/with_sqlite YRP/AthenaHTTP YRP/AthenaHTTP_v2 YRP/AthenaIRC YRP/APT_NGO_wuaclt YRP/Potao YRP/Meterpreter_Reverse_Tcp YRP/genome YRP/APT9002Code YRP/APT9002Strings YRP/APT9002 YRP/FE_APT_9002 YRP/Greenbug_Malware_4 YRP/WaterBug_wipbot_2013_dll YRP/WaterBug_wipbot_2013_core YRP/WaterBug_turla_dropper YRP/WaterBug_fa_malware YRP/WaterBug_sav YRP/Ransom_Alpha YRP/Ransom_Alfa YRP/Ransom YRP/Insta11Code YRP/Insta11Strings YRP/Insta11 YRP/Casper_Included_Strings YRP/Casper_SystemInformation_Output YRP/suspicious_packer_section YRP/Hsdfihdf YRP/DarkComet_2 YRP/DarkComet_3 YRP/DarkComet_4 YRP/Grozlex YRP/Indetectables_RAT YRP/CryptoLocker_set1 YRP/CryptoLocker_rule2 YRP/BackdoorFCKG YRP/Empire_Get_SecurityPackages YRP/Empire_Invoke_EgressCheck YRP/Empire_PowerShell_Framework_Gen2 YRP/Empire_Invoke_CredentialInjection_Invoke_Mimikatz_Gen YRP/CyberGate YRP/Trj_Elex_Installer YRP/Trj_Elex_Service64 YRP/Intel_Virtualization_Wizard_exe YRP/Intel_Virtualization_Wizard_dll YRP/WindowsCredentialEditor YRP/Amplia_Security_Tool YRP/PScan_Portscan_1 YRP/HackTool_Samples YRP/Fierce2 YRP/Ncrack YRP/SQLMap YRP/PortScanner YRP/NetBIOS_Name_Scanner YRP/FeliksPack3___Scanners_ipscan YRP/CGISscan_CGIScan YRP/IP_Stealing_Utilities YRP/PortRacer YRP/scanarator YRP/_Bitchin_Threads_ YRP/portscan YRP/ProPort_zip_Folder_ProPort YRP/StealthWasp_s_Basic_PortScanner_v1_2 YRP/BluesPortScan YRP/scanarator_iis YRP/Angry_IP_Scanner_v2_08_ipscan YRP/crack_Loader YRP/CN_Hacktool_1433_Scanner_Comp2 YRP/WCE_Modified_1_1014 YRP/BypassUac_3 YRP/APT_Proxy_Malware_Packed_dev YRP/Hacktools_CN_Panda_Burst YRP/Hacktools_CN_Burst_Blast YRP/Jc_WinEggDrop_Shell YRP/LinuxHacktool_eyes_pscan2 YRP/CN_Portscan YRP/Mimikatz_Memory_Rule_1 YRP/Mimikatz_Memory_Rule_2 YRP/VSSown_VBS YRP/LIGHTDART_APT1 YRP/AURIGA_APT1 YRP/BANGAT_APT1 YRP/BISCUIT_GREENCAT_APT1 YRP/BOUNCER_APT1 YRP/BOUNCER_DLL_APT1 YRP/CALENDAR_APT1 YRP/COMBOS_APT1 YRP/DAIRY_APT1 YRP/GLOOXMAIL_APT1 YRP/GOGGLES_APT1 YRP/HACKSFASE1_APT1 YRP/HACKSFASE2_APT1 YRP/KURTON_APT1 YRP/MACROMAIL_APT1 YRP/MANITSME_APT1 YRP/MINIASP_APT1 YRP/NEWSREELS_APT1 YRP/SEASALT_APT1 YRP/STARSYPOUND_APT1 YRP/SWORD_APT1 YRP/thequickbrow_APT1 YRP/TABMSGSQL_APT1 YRP/CCREWBACK1 YRP/TrojanCookies_CCREW YRP/GEN_CCREW1 YRP/Elise YRP/EclipseSunCloudRAT YRP/MoonProject YRP/ccrewDownloader1 YRP/ccrewDownloader2 YRP/ccrewMiniasp YRP/ccrewSSLBack2 YRP/ccrewSSLBack3 YRP/ccrewSSLBack1 YRP/ccrewDownloader3 YRP/ccrewQAZ YRP/metaxcd YRP/MiniASP YRP/DownloaderPossibleCCrew YRP/APT1_LIGHTBOLT YRP/APT1_GETMAIL YRP/APT1_GDOCUPLOAD YRP/APT1_WEBC2_Y21K YRP/APT1_WEBC2_YAHOO YRP/APT1_WEBC2_UGX YRP/APT1_WEBC2_TOCK YRP/APT1_WEBC2_RAVE YRP/APT1_WEBC2_QBP YRP/APT1_WEBC2_HEAD YRP/APT1_WEBC2_GREENCAT YRP/APT1_WEBC2_DIV YRP/APT1_WEBC2_CSON YRP/APT1_WEBC2_CLOVER YRP/APT1_WEBC2_BOLID YRP/APT1_WEBC2_ADSPACE YRP/APT1_WEBC2_AUSOV YRP/APT1_WARP YRP/APT1_TARSIP_ECLIPSE YRP/APT1_TARSIP_MOON YRP/APT1_RARSilent_EXE_PDF YRP/APT1_aspnetreport YRP/APT1_Revird_svc YRP/APT1_dbg_mess YRP/APT1_known_malicious_RARSilent YRP/ShadowTech YRP/SafeNetCode YRP/SafeNetStrings YRP/SafeNet YRP/RegSubDatStrings YRP/RegSubDat YRP/Zegost YRP/gholeeV1 YRP/MW_gholee_v1 YRP/NetpassStrings YRP/NetPass YRP/NetTravStrings YRP/NetTravExports YRP/NetTraveler YRP/FVEY_ShadowBrokers_Jan17_Screen_Strings YRP/NetWiredRC_B YRP/cxpidStrings YRP/cxpidCode YRP/Spora YRP/unk_packer YRP/zoxPNG_RAT YRP/xtreme_rat YRP/XtremeRATCode YRP/XtremeRATStrings YRP/XtremeRAT YRP/xtremrat YRP/Mozart YRP/IndiaCharlie_One YRP/IndiaCharlie_Two YRP/RomeoEcho YRP/DeltaCharlie YRP/PapaAlfa YRP/IndiaAlfa_One YRP/Lightweight_Backdoor1 YRP/LightweightBackdoor2 YRP/LightweightBackdoor3 YRP/LightweightBackdoor4 YRP/LightweightBackdoor5 YRP/LightweightBackdoor6 YRP/ProxyTool1 YRP/ProxyTool2 YRP/ProxyTool3 YRP/DestructiveTargetCleaningTool5 YRP/DestructiveTargetCleaningTool6 YRP/DestructiveTargetCleaningTool7 YRP/Malwareusedbycyberthreatactor1 YRP/Malwareusedbycyberthreatactor2 YRP/Malwareusedbycyberthreatactor3 YRP/WhiskeyAlfa YRP/SierraBravo_packed YRP/LimaCharlie YRP/RomeoJuliettMikeTwo YRP/SierraCharlie YRP/RomeoCharlie YRP/IndiaBravo_PapaAlfa YRP/IndiaBravo_RomeoCharlie YRP/IndiaBravo_RomeoBravo YRP/IndiaBravo_generic YRP/TangoAlfa YRP/wiper_unique_strings YRP/wiper_encoded_strings YRP/createP2P YRP/WhiskeyDelta YRP/REDLEAVES_DroppedFile_ObfuscatedShellcodeAndRAT_handkerchief YRP/REDLEAVES_CoreImplant_UniqueStrings YRP/PLUGX_RedLeaves YRP/diamond_fox YRP/COZY_FANCY_BEAR_pagemgr_Hunt YRP/LuckyCatCode YRP/OlyxCode YRP/OlyxStrings YRP/Olyx YRP/cerber3 YRP/cerber4 YRP/cerber5 YRP/VidgrabStrings YRP/Vidgrab YRP/PrikormkaDropper YRP/PrikormkaModule YRP/Prikormka YRP/PlugXStrings YRP/plugX YRP/lost_door YRP/ScarhiknStrings YRP/ScarhiknCode YRP/Scarhikn YRP/Tinba2 YRP/MirageStrings YRP/Mirage YRP/Mirage_APT YRP/IronTiger_ASPXSpy YRP/IronTiger_ChangePort_Toolkit_driversinstall YRP/IronTiger_ChangePort_Toolkit_ChangePortExe YRP/IronTiger_dllshellexc2010 YRP/IronTiger_dnstunnel YRP/IronTiger_EFH3_encoder YRP/IronTiger_GetPassword_x64 YRP/IronTiger_GetUserInfo YRP/IronTiger_Gh0stRAT_variant YRP/IronTiger_GTalk_Trojan YRP/IronTiger_HTTPBrowser_Dropper YRP/IronTiger_HTTP_SOCKS_Proxy_soexe YRP/IronTiger_NBDDos_Gh0stvariant_dropper YRP/IronTiger_PlugX_DosEmulator YRP/IronTiger_PlugX_FastProxy YRP/IronTiger_PlugX_Server YRP/IronTiger_ReadPWD86 YRP/IronTiger_Ring_Gh0stvariant YRP/IronTiger_wmiexec YRP/IronPanda_Malware_Htran YRP/citadel13xy YRP/Citadel_Malware YRP/Trojan_Win32_PlaSrv YRP/Trojan_Win32_Platual YRP/Trojan_Win32_Plaplex YRP/Trojan_Win32_Dipsind_B YRP/Trojan_Win32_PlaKeylog_B YRP/Trojan_Win32_Adupib YRP/Trojan_Win32_PlaLsaLog YRP/Trojan_Win32_Plakelog YRP/Trojan_Win32_Plainst YRP/Trojan_Win32_Plagicom YRP/Trojan_Win32_Plaklog YRP/Trojan_Win32_Plapiio YRP/Trojan_Win32_Plabit YRP/Trojan_Win32_Placisc2 YRP/Trojan_Win32_Placisc3 YRP/Trojan_Win32_Placisc4 YRP/Adzok YRP/CAP_HookExKeylogger YRP/TerminatorRat YRP/TROJAN_Notepad_shell_crew YRP/IMPLANT_1_v3 YRP/IMPLANT_1_v7 YRP/IMPLANT_2_v3 YRP/IMPLANT_2_v15 YRP/IMPLANT_2_v17 YRP/IMPLANT_3_v1 YRP/IMPLANT_3_v3 YRP/IMPLANT_4_v2 YRP/IMPLANT_4_v3_AlternativeRule YRP/IMPLANT_4_v4 YRP/IMPLANT_4_v5 YRP/IMPLANT_4_v9 YRP/IMPLANT_4_v10 YRP/IMPLANT_4_v11 YRP/IMPLANT_5_v2 YRP/IMPLANT_5_v3 YRP/IMPLANT_5_v4 YRP/IMPLANT_6_v1 YRP/IMPLANT_6_v2 YRP/IMPLANT_7_v1 YRP/IMPLANT_8_v1 YRP/IMPLANT_10_v2 YRP/Unidentified_Malware_Two YRP/pony YRP/TreasureHunt YRP/easterjackpos YRP/Ransom_Petya YRP/Odinaff_swift YRP/apt_backspace YRP/Dubnium_Sample_SSHOpenSSL YRP/Mirai_Generic_Arch YRP/Mirai_MIPS_LSB YRP/Mirai_MIPS_MSB YRP/Mirai_ARM_LSB YRP/Mirai_Renesas_SH YRP/Mirai_PPC_Cisco YRP/Mirai_SPARC_MSB YRP/Mirai_4 YRP/Mirai_Dwnl YRP/Mirai_5 YRP/OpClandestineWolf YRP/xRAT20 YRP/dexter_strings YRP/liudoor YRP/BlackWorm YRP/BernhardPOS YRP/rovnix_downloader YRP/Bozok YRP/WinntiPharma YRP/Unit78020_Malware_Gen1 YRP/DMALocker YRP/DMALocker4 YRP/lateral_movement YRP/ws_f0xy_downloader YRP/xRAT YRP/ELF_Linux_Torte_domains YRP/NionSpy YRP/skeleton_key_patcher YRP/skeleton_key_injected_code YRP/Atmos_Builder FlorianRoth/Exploit_MS15_077_078 FlorianRoth/Empire_Get_SecurityPackages FlorianRoth/Empire_Invoke_EgressCheck FlorianRoth/Empire_PowerShell_Framework_Gen2 FlorianRoth/Empire_Invoke_CredentialInjection_Invoke_Mimikatz_Gen FlorianRoth/FiveEyes_QUERTY_Malwaresig_20123_cmdDef FlorianRoth/FiveEyes_QUERTY_Malwareqwerty_20123 FlorianRoth/FiveEyes_QUERTY_Malwaresig_20120_dll FlorianRoth/FiveEyes_QUERTY_Malwaresig_20120_cmdDef FlorianRoth/FiveEyes_QUERTY_Malwaresig_20121_cmdDef FlorianRoth/Mal_http_EXE FlorianRoth/EQGRP_create_dns_injection FlorianRoth/EQGRP_tunnel_state_reader FlorianRoth/EQGRP_eligiblecandidate FlorianRoth/EQGRP_sniffer_xml2pcap FlorianRoth/EQGRP_BananaAid FlorianRoth/EQGRP_shellcode FlorianRoth/EQGRP_jetplow_SH FlorianRoth/EQGRP_extrabacon FlorianRoth/EQGRP_sploit_py FlorianRoth/EQGRP_StoreFc FlorianRoth/EQGRP_callbacks FlorianRoth/EQGRP_Unique_Strings FlorianRoth/EQGRP_RC5_RC6_Opcode FlorianRoth/OPCLEAVER_BackDoorLogger FlorianRoth/OPCLEAVER_Jasus FlorianRoth/OPCLEAVER_NetC FlorianRoth/OPCLEAVER_ShellCreator2 FlorianRoth/OPCLEAVER_SmartCopy2 FlorianRoth/OPCLEAVER_SynFlooder FlorianRoth/OPCLEAVER_TinyZBot FlorianRoth/OPCLEAVER_ZhoupinExploitCrew FlorianRoth/OPCLEAVER_antivirusdetector FlorianRoth/OPCLEAVER_csext FlorianRoth/OPCLEAVER_kagent FlorianRoth/OPCLEAVER_mimikatzWrapper FlorianRoth/OPCLEAVER_pvz_in FlorianRoth/OPCLEAVER_pvz_out FlorianRoth/OPCLEAVER_wndTest FlorianRoth/OPCLEAVER_zhLookUp FlorianRoth/OPCLEAVER_zhmimikatz FlorianRoth/RAT_AAR FlorianRoth/RAT_Adzok FlorianRoth/RAT_Ap0calypse FlorianRoth/RAT_Arcom FlorianRoth/RAT_BlackNix FlorianRoth/RAT_BlackShades FlorianRoth/RAT_BlueBanana FlorianRoth/RAT_Bozok FlorianRoth/RAT_ClientMesh FlorianRoth/RAT_CyberGate FlorianRoth/RAT_DarkComet FlorianRoth/RAT_DarkRAT FlorianRoth/RAT_Greame FlorianRoth/RAT_HawkEye FlorianRoth/RAT_Imminent FlorianRoth/RAT_Infinity FlorianRoth/RAT_JavaDropper FlorianRoth/RAT_LostDoor FlorianRoth/RAT_LuminosityLink FlorianRoth/RAT_LuxNet FlorianRoth/RAT_NanoCore FlorianRoth/RAT_Pandora FlorianRoth/RAT_Paradox FlorianRoth/RAT_Plasma FlorianRoth/RAT_PoisonIvy FlorianRoth/RAT_PredatorPain FlorianRoth/RAT_Punisher FlorianRoth/RAT_PythoRAT FlorianRoth/RAT_QRat FlorianRoth/RAT_Sakula FlorianRoth/RAT_ShadowTech FlorianRoth/RAT_SmallNet FlorianRoth/RAT_SpyGate FlorianRoth/RAT_Sub7Nation FlorianRoth/RAT_Vertex FlorianRoth/RAT_unrecom FlorianRoth/RAT_xRAT FlorianRoth/ZxShell_Jul17 FlorianRoth/Casper_Included_Strings FlorianRoth/Casper_SystemInformation_Output FlorianRoth/FVEY_ShadowBrokers_Jan17_Screen_Strings FlorianRoth/Furtim_nativeDLL FlorianRoth/dubseven_dropper_dialog_remains FlorianRoth/maindll_mutex FlorianRoth/SLServer_mutex FlorianRoth/SLServer_command_and_control FlorianRoth/SLServer_campaign_code FlorianRoth/SLServer_unknown_string FlorianRoth/Greenbug_Malware_4 FlorianRoth/derusbi_kernel FlorianRoth/Indetectables_RAT FlorianRoth/EquationGroup_elgingamble FlorianRoth/EquationGroup_sambal FlorianRoth/EquationGroup__jparsescan_parsescan_5 FlorianRoth/EquationGroup_Toolset_Apr17_Gen2 FlorianRoth/EquationGroup_Toolset_Apr17_ntevt FlorianRoth/EquationGroup_Toolset_Apr17_EXPA FlorianRoth/EquationGroup_Toolset_Apr17_DiBa_Target_BH FlorianRoth/EquationGroup_Toolset_Apr17_DiBa_Target FlorianRoth/EquationGroup_Toolset_Apr17_msgkd_msslu64_msgki_mssld FlorianRoth/EquationGroup_Toolset_Apr17__vtuner_vtuner_1 FlorianRoth/EquationGroup_Toolset_Apr17__ELV_ESKE_ETBL_ETRE_EVFR_11 FlorianRoth/apt_regin_legspin FlorianRoth/skeleton_key_patcher FlorianRoth/skeleton_key_injected_code FlorianRoth/Unit78020_Malware_Gen1 FlorianRoth/apt_ProjectSauron_MyTrampoline FlorianRoth/apt_ProjectSauron_encryption FlorianRoth/APT_Liudoor FlorianRoth/PassCV_Sabre_Malware_Signing_Cert FlorianRoth/PassCV_Sabre_Malware_Excalibur_1 FlorianRoth/PassCV_Sabre_Malware_5 FlorianRoth/DarkEYEv3_Cryptor FlorianRoth/IronPanda_Malware_Htran FlorianRoth/Locky_Ransomware FlorianRoth/StoneDrill_ntssrvr32 FlorianRoth/DeepPanda_htran_exe FlorianRoth/apt_equation_exploitlib_mutexes FlorianRoth/apt_equation_equationlaser_runtimeclasses FlorianRoth/apt_equation_cryptotable FlorianRoth/apt_equation_keyword FlorianRoth/CrowdStrike_Shamoon_DroppedFile FlorianRoth/ChinaChopper_Generic FlorianRoth/Payload_Exe2Hex FlorianRoth/WaterBug_wipbot_2013_dll FlorianRoth/WaterBug_wipbot_2013_core FlorianRoth/WaterBug_turla_dropper FlorianRoth/WaterBug_fa_malware FlorianRoth/WaterBug_sav FlorianRoth/xDedic_SysScan_unpacked FlorianRoth/apt_hellsing_implantstrings FlorianRoth/apt_backspace FlorianRoth/IMPLANT_1_v3 FlorianRoth/IMPLANT_1_v7 FlorianRoth/IMPLANT_2_v3 FlorianRoth/IMPLANT_2_v15 FlorianRoth/IMPLANT_2_v17 FlorianRoth/IMPLANT_3_v1 FlorianRoth/IMPLANT_3_v3 FlorianRoth/IMPLANT_4_v2 FlorianRoth/IMPLANT_4_v3_AlternativeRule FlorianRoth/IMPLANT_4_v4 FlorianRoth/IMPLANT_4_v5 FlorianRoth/IMPLANT_4_v9 FlorianRoth/IMPLANT_4_v10 FlorianRoth/IMPLANT_4_v11 FlorianRoth/IMPLANT_5_v2 FlorianRoth/IMPLANT_5_v3 FlorianRoth/IMPLANT_5_v4 FlorianRoth/IMPLANT_6_v1 FlorianRoth/IMPLANT_6_v2 FlorianRoth/IMPLANT_7_v1 FlorianRoth/IMPLANT_8_v1 FlorianRoth/IMPLANT_10_v2 FlorianRoth/Unidentified_Malware_Two FlorianRoth/BernhardPOS FlorianRoth/Prikormka FlorianRoth/Turla_APT_Malware_Gen2 FlorianRoth/StuxNet_Malware_1 FlorianRoth/APT_Project_Sauron_Scripts FlorianRoth/APT_Project_Sauron_arping_module FlorianRoth/APT_Project_Sauron_kblogi_module FlorianRoth/APT_Project_Sauron_basex_module FlorianRoth/APT_Project_Sauron_dext_module FlorianRoth/Win7Elevatev2 FlorianRoth/UACME_Akagi FlorianRoth/REDLEAVES_DroppedFile_ObfuscatedShellcodeAndRAT_handkerchief FlorianRoth/REDLEAVES_CoreImplant_UniqueStrings FlorianRoth/PLUGX_RedLeaves FlorianRoth/Invoke_mimikittenz FlorianRoth/Codoso_Gh0st_3 FlorianRoth/Codoso_Gh0st_1 FlorianRoth/Codoso_PGV_PVID_3 FlorianRoth/Codoso_PGV_PVID_1 FlorianRoth/ThreatGroup3390_C2 FlorianRoth/shimrat FlorianRoth/shimratreporter FlorianRoth/Dubnium_Sample_SSHOpenSSL FlorianRoth/EldoS_RawDisk FlorianRoth/WoolenGoldfish_Generic_3 FlorianRoth/apt_win_exe_trojan_derusbi FlorianRoth/HTTPSCANNER FlorianRoth/apt_sofacy_xtunnel FlorianRoth/Powerkatz_DLL_Generic FlorianRoth/apt_RU_MoonlightMaze_customlokitools FlorianRoth/apt_RU_MoonlightMaze_customsniffer FlorianRoth/loki2crypto FlorianRoth/apt_RU_MoonlightMaze_cle_tool FlorianRoth/apt_RU_MoonlightMaze_xk_keylogger FlorianRoth/subTee_nativecmd FlorianRoth/Trojan_Win32_PlaSrv FlorianRoth/Trojan_Win32_Platual FlorianRoth/Trojan_Win32_Plaplex FlorianRoth/Trojan_Win32_Dipsind_B FlorianRoth/Trojan_Win32_PlaKeylog_B FlorianRoth/Trojan_Win32_Adupib FlorianRoth/Trojan_Win32_PlaLsaLog FlorianRoth/Trojan_Win32_Plakelog FlorianRoth/Trojan_Win32_Plainst FlorianRoth/Trojan_Win32_Plagicom FlorianRoth/Trojan_Win32_Plaklog FlorianRoth/Trojan_Win32_Plapiio FlorianRoth/Trojan_Win32_Plabit FlorianRoth/Trojan_Win32_Placisc2 FlorianRoth/Trojan_Win32_Placisc3 FlorianRoth/Trojan_Win32_Placisc4 KevTheHermit/Paradox KevTheHermit/Bozok KevTheHermit/ClientMesh KevTheHermit/unrecom KevTheHermit/DarkRAT KevTheHermit/Greame KevTheHermit/JavaDropper KevTheHermit/Infinity KevTheHermit/Arcom KevTheHermit/LostDoor KevTheHermit/BlackShades KevTheHermit/PoisonIvy KevTheHermit/Punisher KevTheHermit/Sub7Nation KevTheHermit/BlueBanana KevTheHermit/PythoRAT KevTheHermit/AAR KevTheHermit/LuminosityLink KevTheHermit/Crimson KevTheHermit/NanoCore KevTheHermit/LuxNet KevTheHermit/SpyGate KevTheHermit/BlackNix KevTheHermit/SmallNet KevTheHermit/CyberGate KevTheHermit/xRAT KevTheHermit/DarkComet KevTheHermit/Pandora KevTheHermit/Imminent KevTheHermit/Ap0calypse KevTheHermit/Adzok KevTheHermit/ShadowTech KevTheHermit/Vertex KevTheHermit/HawkEye BAMFDetect/dexter_strings BAMFDetect/Cythosia BAMFDetect/BlackWorm BAMFDetect/PoisonIvy BAMFDetect/BlackShadesServer BAMFDetect/CyberGate BAMFDetect/diamond_fox BAMFDetect/backoff BAMFDetect/Xtreme BAMFDetect/DarkComet BAMFDetect/alina BAMFDetect/NanoCore BAMFDetect/glassrat BAMFDetect/pony BAMFDetect/AthenaHTTP BAMFDetect/easterjackpos BAMFDetect/genome BAMFDetect/Bozok BAMFDetect/njrat BAMFDetect/dendroid
c624fd8ae555f5bff65fcb83347bce06005826b7b28ecb630ed899c0321dc630	PE32	2018-06-22 12:28:49	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
230351e5b4ee08a6583797d942967b059aec63c32eb26427f45d4ff64701b3fe	PE32	2018-06-22 16:20:57	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
ac2831214221571005f8ec0905f41aaa5ffec0dbb0a1f51c8daa2fa076c5f4b3	PE32	2018-06-22 17:05:05	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
6c42d09cb956bcc92031f99ab79065c318985fa063ae5eacc07ddbbbe34652f7	PE32	2018-06-23 10:41:03	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
6ce4b455f4e6726ad081915f12236200b8ea2bebf973c7f286be9d2a01f737ee	PE32	2018-06-23 10:49:50	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
010f230904f9bb029f1622c8cbd9becd954dd9986a7411131a70275f154d8ccd	PE32	2018-07-13 10:37:08	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
e7bc1cd67b6d40cb5231bf1f5217475e84c52c5e684b3b9ce6378eebd9b2b1e0	data	2018-07-23 22:38:42	User Submission	CuckooSandbox/embedded_pe CuckooSandbox/embedded_win_api CuckooSandbox/vmdetect FlorianRoth/Empire_Get_SecurityPackages [+] FlorianRoth/Empire_Invoke_PowerDump FlorianRoth/Empire_Invoke_ShellcodeMSIL FlorianRoth/Empire_Invoke_SmbScanner FlorianRoth/Empire_Invoke_EgressCheck FlorianRoth/Empire_Invoke_PostExfil FlorianRoth/Empire_Invoke_SMBAutoBrute FlorianRoth/Empire_Get_Keystrokes FlorianRoth/Empire_Invoke_DllInjection FlorianRoth/Empire_KeePassConfig FlorianRoth/Empire_PowerShell_Framework_Gen1 FlorianRoth/Empire_PowerUp_Gen FlorianRoth/Empire_PowerShell_Framework_Gen2 FlorianRoth/Empire_KeePassConfig_Gen FlorianRoth/Empire_Invoke_Portscan_Gen FlorianRoth/Empire_Invoke_CredentialInjection_Invoke_Mimikatz_Gen FlorianRoth/Empire_Invoke_Gen FlorianRoth/Mal_http_EXE FlorianRoth/Mal_PotPlayer_DLL FlorianRoth/ScanBox_Malware_Generic FlorianRoth/EQGRP_create_dns_injection FlorianRoth/EQGRP_screamingplow FlorianRoth/EQGRP_MixText FlorianRoth/EQGRP_tunnel_state_reader FlorianRoth/EQGRP_payload FlorianRoth/EQGRP_eligiblecandidate FlorianRoth/EQGRP_BUSURPER_2211_724 FlorianRoth/EQGRP_networkProfiler_orderScans FlorianRoth/EQGRP_epicbanana_2_1_0_1 FlorianRoth/EQGRP_sniffer_xml2pcap FlorianRoth/EQGRP_BananaAid FlorianRoth/EQGRP_config_jp1_UA FlorianRoth/EQGRP_userscript FlorianRoth/EQGRP_BUSURPER_3001_724 FlorianRoth/EQGRP_workit FlorianRoth/EQGRP_tinyhttp_setup FlorianRoth/EQGRP_EPBA FlorianRoth/EQGRP_jetplow_SH FlorianRoth/EQGRP_extrabacon FlorianRoth/EQGRP_sploit_py FlorianRoth/EQGRP_uninstallPBD FlorianRoth/EQGRP_BICECREAM FlorianRoth/EQGRP_BFLEA_2201 FlorianRoth/EQGRP_StoreFc FlorianRoth/EQGRP_BBALL FlorianRoth/EQGRP_BARPUNCH_BPICKER FlorianRoth/EQGRP_Implants_Gen5 FlorianRoth/EQGRP_pandarock FlorianRoth/EQGRP_BananaUsurper_writeJetPlow FlorianRoth/EQGRP_Implants_Gen4 FlorianRoth/EQGRP_Implants_Gen3 FlorianRoth/EQGRP_BLIAR_BLIQUER FlorianRoth/EQGRP_sploit FlorianRoth/EQGRP_Implants_Gen2 FlorianRoth/EQGRP_Implants_Gen1 FlorianRoth/EQGRP_ssh_telnet_29 FlorianRoth/EQGRP_callbacks FlorianRoth/EQGRP_Extrabacon_Output FlorianRoth/EQGRP_Unique_Strings FlorianRoth/OPCLEAVER_BackDoorLogger FlorianRoth/OPCLEAVER_Jasus FlorianRoth/OPCLEAVER_ShellCreator2 FlorianRoth/OPCLEAVER_SmartCopy2 FlorianRoth/OPCLEAVER_TinyZBot FlorianRoth/OPCLEAVER_ZhoupinExploitCrew FlorianRoth/OPCLEAVER_antivirusdetector FlorianRoth/OPCLEAVER_csext FlorianRoth/OPCLEAVER_kagent FlorianRoth/OPCLEAVER_mimikatzWrapper FlorianRoth/OPCLEAVER_pvz_in FlorianRoth/OPCLEAVER_zhLookUp FlorianRoth/OPCLEAVER_zhmimikatz FlorianRoth/OPCLEAVER_CCProxy_Config FlorianRoth/RAT_Adzok FlorianRoth/RAT_Ap0calypse FlorianRoth/RAT_BlackShades FlorianRoth/RAT_BlueBanana FlorianRoth/RAT_Bozok FlorianRoth/RAT_ClientMesh FlorianRoth/RAT_DarkComet FlorianRoth/RAT_DarkRAT FlorianRoth/RAT_JavaDropper FlorianRoth/RAT_LostDoor FlorianRoth/RAT_NanoCore FlorianRoth/RAT_Paradox FlorianRoth/RAT_QRat FlorianRoth/RAT_ShadowTech FlorianRoth/RAT_Sub7Nation FlorianRoth/RAT_Vertex FlorianRoth/RAT_unrecom FlorianRoth/Casper_Included_Strings FlorianRoth/Casper_SystemInformation_Output FlorianRoth/FVEY_ShadowBrokers_Jan17_Screen_Strings FlorianRoth/OilRig_Malware_Campaign_Gen2 FlorianRoth/Greenbug_Malware_4 FlorianRoth/Greenbug_Malware_5 FlorianRoth/EquationGroup_elgingamble FlorianRoth/EquationGroup_cmsd FlorianRoth/EquationGroup_ebbshave FlorianRoth/EquationGroup_eggbasket FlorianRoth/EquationGroup_sambal FlorianRoth/EquationGroup_cmsex FlorianRoth/EquationGroup_DUL FlorianRoth/EquationGroup_slugger2 FlorianRoth/EquationGroup_jackpop FlorianRoth/EquationGroup_epoxyresin_v1_0_0 FlorianRoth/EquationGroup_estesfox FlorianRoth/EquationGroup__ftshell_ftshell_v3_10_3_0 FlorianRoth/EquationGroup__scanner_scanner_v2_1_2 FlorianRoth/EquationGroup__ghost_sparc_ghost_x86_3 FlorianRoth/EquationGroup__jparsescan_parsescan_5 FlorianRoth/EquationGroup__ftshell FlorianRoth/EquationGroup_Toolset_Apr17_Eternalromance FlorianRoth/EquationGroup_Toolset_Apr17_Gen2 FlorianRoth/EquationGroup_Toolset_Apr17__DoubleFeatureReader_DoubleFeatureReader_0 FlorianRoth/EquationGroup_Toolset_Apr17__EAFU_ecwi_ESKE_EVFR_RPC2_4 FlorianRoth/Regin_Related_Malware FlorianRoth/Unit78020_Malware_Gen1 FlorianRoth/Unit78020_Malware_Gen3 FlorianRoth/APT_Liudoor FlorianRoth/IronPanda_DNSTunClient FlorianRoth/IronPanda_Malware_Htran FlorianRoth/DeepPanda_lot1 FlorianRoth/DeepPanda_htran_exe FlorianRoth/GRIZZLY_STEPPE_Malware_2 FlorianRoth/Sofacy_Fybis_ELF_Backdoor_Gen1 FlorianRoth/PoseidonGroup_Malware FlorianRoth/apt_equation_equationlaser_runtimeclasses FlorianRoth/EquationDrug_HDDSSD_Op FlorianRoth/Payload_Exe2Hex FlorianRoth/WaterBug_wipbot_2013_dll FlorianRoth/apt_hellsing_implantstrings FlorianRoth/IMPLANT_3_v1 FlorianRoth/BernhardPOS FlorianRoth/FVEY_ShadowBroker_Auct_Dez16_Strings FlorianRoth/Turla_APT_Malware_Gen1 FlorianRoth/Turla_APT_Malware_Gen2 FlorianRoth/Turla_APT_Malware_Gen3 FlorianRoth/APT_Project_Sauron_Scripts FlorianRoth/APT_Project_Sauron_arping_module FlorianRoth/APT_Project_Sauron_kblogi_module FlorianRoth/APT_Project_Sauron_basex_module FlorianRoth/APT_Project_Sauron_dext_module FlorianRoth/REDLEAVES_CoreImplant_UniqueStrings FlorianRoth/PLUGX_RedLeaves FlorianRoth/Invoke_mimikittenz FlorianRoth/APT_Malware_PutterPanda_Rel FlorianRoth/Codoso_CustomTCP_4 FlorianRoth/Codoso_Gh0st_3 FlorianRoth/Codoso_Gh0st_1 FlorianRoth/Codoso_PGV_PVID_1 FlorianRoth/shimrat FlorianRoth/shimratreporter FlorianRoth/WoolenGoldfish_Sample_1 FlorianRoth/WoolenGoldfish_Generic_3 FlorianRoth/Hacktool_Strings_p0wnedShell FlorianRoth/Nanocore_RAT_Gen_1 FlorianRoth/Nanocore_RAT_Gen_2 FlorianRoth/apt_RU_MoonlightMaze_customlokitools FlorianRoth/apt_RU_MoonlightMaze_customsniffer FlorianRoth/apt_RU_MoonlightMaze_de_tool FlorianRoth/apt_RU_MoonlightMaze_cle_tool FlorianRoth/apt_RU_MoonlightMaze_xk_keylogger FlorianRoth/Trojan_Win32_Plaplex FlorianRoth/Trojan_Win32_Adupib KevTheHermit/Paradox KevTheHermit/Bozok KevTheHermit/unrecom KevTheHermit/DarkRAT KevTheHermit/JavaDropper KevTheHermit/LostDoor KevTheHermit/BlackShades KevTheHermit/Sub7Nation KevTheHermit/BlueBanana KevTheHermit/Crimson KevTheHermit/NanoCore KevTheHermit/DarkComet KevTheHermit/Ap0calypse KevTheHermit/Adzok KevTheHermit/ShadowTech KevTheHermit/Vertex BAMFDetect/dexter_strings BAMFDetect/BlackShadesServer BAMFDetect/diamond_fox BAMFDetect/backoff BAMFDetect/DarkComet BAMFDetect/alina BAMFDetect/NanoCore BAMFDetect/pony BAMFDetect/easterjackpos BAMFDetect/genome BAMFDetect/Bozok BAMFDetect/dendroid
eea28c4be63a94ad6947e5f624070923421120a298b493c6bb53bd6e5bacd333	Composite	2018-08-08 04:49:24	User Submission	CuckooSandbox/shellcode CuckooSandbox/embedded_pe CuckooSandbox/embedded_win_api YRP/Borland [+] YRP/domain YRP/IP YRP/contentis_base64 YRP/maldoc_OLE_file_magic_number YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
a6588d9549dcf2534a17f2b0b157c17c510b7d6a91d901093759a4b1920f9dbf	PE32	2018-09-07 13:15:25	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
82c35d734910bbe83a0ecae8b285c3873ca68764b02b24ff19340e47ff584260	PE32	2018-09-07 16:22:22	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
20b0413d15d442aa044b57e73a095ad7462a2e9047553d7473a4283a6d4112cc	PE32	2018-09-07 16:46:43	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
8bd26de1a49b8e75e4feb8f23cdc1a9f29577b07666fcd7e5dccc44da27bc480	PE32	2018-09-10 15:12:22	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
d73f54887c6adfb31ff51a7ac58da5220dadc1461df64d6e81d0cc6aec0bc409	PE32	2018-09-18 02:45:37	User Submission	CuckooSandbox/embedded_macho CuckooSandbox/vmdetect FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet [+] BAMFDetect/DarkComet
d6fe6a66d0ef46fc15a7b747b19253ddba7880dae2815f6c69414bc333b1bb57	PE32	2018-09-29 03:49:22	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
a5a0b1f0743cf6ead2209ba4f05e844863f7ebe4e6d5db9be9462419b40021a8	PE32	2018-10-09 16:00:11	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
a6735bf2d9ca41662a24f2f7ed675d6947ae93bf2c7452b0131b6ba43e82dae2	PE32	2018-10-09 16:00:17	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
926aa9a65e11729ec8d70c96078ba62c25114aa454a0e182287e427014cbc88a	Composite	2018-10-12 11:20:41	User Submission	CuckooSandbox/shellcode CuckooSandbox/embedded_pe CuckooSandbox/embedded_win_api YRP/Borland [+] YRP/domain YRP/IP YRP/contentis_base64 YRP/maldoc_OLE_file_magic_number YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
61aa788c92173825ed5c7898d6b475fb7263851324dd2e0051ef6691a42466dc	PE32	2018-10-13 16:57:14	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
93c73eb25200189aaba22851e73f869512096c00f5c4653707c9e41b014795d5	PE32	2018-10-14 15:00:42	http://botnetsystem.com/second.exe	FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
714990d80343cedb96eb4c7fb1c304fbc32cd050fbf04cc992d54fb18a01e683	PE32	2018-10-30 16:48:43	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
fef27b267beb569c3cf604d3d6c2185b35a8e0a875555ed452a31ed7c65d81c0	PE32	2018-11-02 08:31:29	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
e89dd740b3acdb0aa0227afaeae51a7e1a81c2d83820920a493918dc8660a09c	PE32	2018-11-09 02:00:18	http://smilerryan.com/dev/R/DarkComet.exe	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
4e43764bc78d8134e2bd4e9daff085e5f20d6b51c1231fe0f21a6828f6b694b4	JPEG	2018-11-11 13:50:03	https://pasteboard.co/images/HLoGpNO.jpg/down...	CuckooSandbox/shellcode CuckooSandbox/embedded_pe CuckooSandbox/embedded_win_api YRP/Borland [+] YRP/Embedded_EXE_Cloaking YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/disable_antivirus YRP/hijack_network YRP/win_mutex YRP/Big_Numbers1 YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
b22b2d1e592b4a7af634805a398222af210b9e3a35b6e2d90ae7ba53cda7d415	PE32	2018-11-13 13:02:32	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
908404e0ad6185c39c638e99edd820e4406acb1a82dff8e267fc79c0b8cb5ed3	PE32	2018-11-13 13:09:15	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
97de336904be5efd2c053cf22f3eb18edaa79fc9d15626fd00d68bd584138e07	PE32	2018-11-13 13:44:02	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
cb418735bd747772f9e0b9870bc0e6ff4f3670d8077ef166b5a4e2e4d2044a81	PE32	2018-11-14 09:08:02	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
8de3b7637c2a61356820e7ba770b6e0f88b75b6da8c096534abc9a5544f68131	PE32	2018-11-14 10:36:16	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
d8403ecf3183e9a60a045885dbeb78f3f0857d35f8e8317b72670105f308aa7f	PE32	2018-11-14 17:18:26	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
803d0ca17c1167fefa6d26d8457d0f03c662043190332bc23936deb3a2151fa4	PE32	2018-11-14 17:21:12	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
3fdf29cbb7fef9f55fbce88bee3d77a1dbc7af45b81ebee4f4ec0da1500807d5	PE32	2018-11-14 18:25:27	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/UPXv20MarkusLaszloReiser YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser [+] YRP/UPXProtectorv10x2 YRP/UPX20030XMarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/UPX YRP/suspicious_packer_section YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
f1b673739a766483be57088494cdb1f1c6e43b5c93880e859a9547295fb22c97	PE32	2018-11-14 18:30:21	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
022b984f99267def67a9dfce1e9ebecfdf469e71e79cfbb3b2b4b9669fb292b0	PE32	2018-11-14 19:51:21	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
e6ac6434edad0109f902ce8fb769412f1ebd91c41f733d38be299bb2f587802f	PE32	2018-12-03 01:48:02	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
f57bf84d84fb9c61317c13ce17098eb4aa840b74923a529fddc19ccb190321be	Composite	2018-12-22 17:22:19	User Submission	CuckooSandbox/shellcode CuckooSandbox/embedded_pe CuckooSandbox/embedded_win_api YRP/Borland [+] YRP/domain YRP/IP YRP/contentis_base64 YRP/maldoc_OLE_file_magic_number YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
468d8b84d9f376d87b2d188b7c344f1daba63e47f5e3e3d903909331b19a8e57	PE32	2018-12-26 14:14:16	http://host.gomencom.website/Downloads/svihos...	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
b835085bd6161a2f09ec005a09a4639a46e46a758fdcc37307ca39789100512f	PE32	2018-12-26 14:15:19	http://host.gomencom.website/Downloads/mdsm.e...	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
fb7658379140afd5d8367d19db0756a70adf396b2b61cf5384a57a76639ce299	PE32	2019-01-29 01:58:06	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
254327714be491551c44b7d5e9d7d8979cff95599eb9e692c4f4ffa2d880f26b	PE32	2019-01-29 03:02:54	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
7a7ce58f908febd5a608d2e2ba77d5ab41675a95bfd7f3022d29e49b91afb0c2	PE32	2019-02-09 02:21:21	http://cubeuser.tk/UPLOAD_PICTURE/uploads/sec...	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
f88effe81447be32b8ce1fec1f180d9d33a7535da9defb5e0691e3f0718e4202	PE32	2019-02-09 02:24:52	http://cubeuser.tk/UPLOAD_PICTURE/uploads/sec...	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
637abfc54859b7b6f6ce7e1d6c31f7f37e0b3018ba2924341570b227f60fcf67	PE32	2019-02-25 13:50:32	http://logincl4u.hi2.ro/wdm.exe	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
09110962bbe33f8ba363290b9d23922c9780b4009114bca939a259c3885f98d2	PE32	2019-02-25 14:00:59	http://aifonu.hi2.ro/guzy.exe	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
8245cef8a4d4eb2f550502c66a6ac790858e8a141517a917dd2aac1bad382adc	PE32	2019-05-02 03:02:30	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
b1e03afafd587780892c0b74f913168e7c1bca37dfbc7cb75b7c6f43443c4a87	PE32	2019-05-04 19:18:54	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
54cbfaea0492b5d2206b36919e9851da43dbc444f0eea631abd7b532425e6b98	Composite	2019-05-11 21:24:36	User Submission	CuckooSandbox/shellcode CuckooSandbox/embedded_pe CuckooSandbox/embedded_win_api YRP/Borland [+] YRP/domain YRP/IP YRP/contentis_base64 YRP/maldoc_OLE_file_magic_number YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
38c3e057a936511528fd811aceba6e69449a26f3210a0f0d7b7d00ca8de82369	PE32	2019-05-18 03:10:52	http://mgggp.lisx.ru/DK.exe	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
216ba04ea8b14a31c7f95f318ffd3ad730b4e3921dc1875febd61a1a081cea9c	Composite	2019-06-18 23:17:11	User Submission	CuckooSandbox/shellcode CuckooSandbox/embedded_pe CuckooSandbox/embedded_win_api YRP/Borland [+] YRP/domain YRP/IP YRP/contentis_base64 YRP/maldoc_OLE_file_magic_number YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
134f108a97b8214289a509d34e7bfb6587bd95bff4c6eb9276b568d986a4a1c6	PE32	2019-07-30 13:58:47	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/NETexecutableMicrosoft YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/borland_delphi YRP/MinGW_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/disable_dep YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/network_dga YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/MD5_Constants YRP/BASE64_table YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Nanocore_RAT_Gen_2 YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/NanoCore YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet FlorianRoth/RAT_NanoCore FlorianRoth/Nanocore_RAT_Gen_2 KevTheHermit/NanoCore KevTheHermit/DarkComet BAMFDetect/DarkComet BAMFDetect/NanoCore
0528099f0ca2fda56f7d3e938a40d9611e50de110faef11e40697f514c36024d	PE32	2019-08-02 18:48:49	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/NETexecutableMicrosoft YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/borland_delphi YRP/MinGW_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/disable_dep YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/network_dga YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/MD5_Constants YRP/BASE64_table YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Nanocore_RAT_Gen_2 YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/NanoCore YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet FlorianRoth/RAT_NanoCore FlorianRoth/Nanocore_RAT_Gen_2 KevTheHermit/NanoCore KevTheHermit/DarkComet BAMFDetect/DarkComet BAMFDetect/NanoCore
214018c923bca8493dfefa0401ba7eeb836a6bd7ab7212b85d97fe44385aac51	PE32	2019-10-13 14:03:14	http://83.170.193.178/icons/al.exe	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_60_70 YRP/Borland YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsBeyondImageSize YRP/borland_delphi YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/DebuggerException__SetConsoleCtrl YRP/ThreadControl__Context YRP/anti_dbg YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/CRC32_poly_Constant YRP/MD5_Constants YRP/BASE64_table YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Delphi_DecodeDate YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 YRP/easterjackpos FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet BAMFDetect/easterjackpos
1d3490d483add4321d1e7e36b261ca531f044add59aa92503f65653beabf98a7	PE32	2019-10-13 14:04:09	http://83.170.193.178/icons/stub.exe	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
c38787d9ec611ffc0bf51bba81fa954cfa5c7762294da81fecca4d393721f4e2	PE32	2019-10-18 02:03:13	http://rogor.beget.tech/update.exe	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
0049b99fa85aebfcb6cb552c8c438b0d6db09f69fecb03197727a06055b594e3	PE32	2019-10-29 13:06:28	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
7845e3ad0296d12893b2735d4030376213e1b68f335c679c5e150f6a021618e0	PE32	2019-10-30 13:00:43	https://cdn.discordapp.com/attachments/603167...	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
c439c14021fc0aa06d37ea075b6629e4eedee4518a5960f73941bc82291cf784	PE32	2019-11-08 01:03:24	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
8a365e949368e51294b2b4004b4e71bbfe99df71062a00324bdaf589a772e0a7	PE32	2019-11-09 13:05:49	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
768a4eda06f87e6c415058ca55dd956526f5e21c7f667e689fce3882b0dd79b3	PE32	2019-11-10 13:04:28	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
5002fedc9050fc2b3d7fe9cc8a97636841bd7849bde1a11c19c0b7d87e0b2dcc	PE32	2019-11-11 13:01:34	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
375cc3c9de66c7ee2095982f7554cd117a938310c79c45650231c458ef9457ab	PE32	2019-11-17 14:44:35	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
851adabc7f662c66216e1a8cd7c591086336499cd6b429602855e3d7bd039ad3	PE32	2019-11-25 01:01:01	https://cdn.discordapp.com/attachments/543105...	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
b258996dcbc86beabcc1d037825d572005ed3ead620df1517f2118f4eaa8de3b	PE32	2019-11-25 01:06:25	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
731bf93dd8c38122503a1d07c57060bfbbeb0456f6148762dabd8481982f6a2c	PE32	2019-11-30 13:02:38	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
7d5175fbb32b888f3adeea3e169b4a77de6eeed3e264bacd5c234542d02dddff	PE32	2019-11-30 13:02:41	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
148605f3fd9b81d231705978f77c535fc3359c04775028bfcb0360785d96593b	PE32	2019-12-01 13:03:23	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
cc51f7d4dea27bb91f5f414cefe825ea45a52d9250858256e4412bd45a68e5c1	PE32	2019-12-01 13:03:25	https://cdn.discordapp.com/attachments/341529...	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
29695b55ee35dbb3518fa5def7b60f81dc0a80221761e3994e72d943b5c9c335	PE32	2019-12-19 00:25:16	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
106ab81f2ef0b9c595f3636a0b66cadad29f65111e78b1222c283e4740daa51b	PE32	2020-01-15 09:41:43	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
582035e362c45975270e6868f215f00ee07866ae05e7a7b63fbaab44381bf423	PE32	2020-01-15 09:42:11	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
30d0a1ce69c85c51d3a09ae7003a047e95fbbfded828c1193e1c303f7d69d22c	PE32	2020-01-15 09:42:15	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
0198e4ece40cebc1f98328360ca69e4b5386c2ff444596b268eb9af4ff137c97	PE32	2020-01-15 09:45:30	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
162771fef67e08f55047d7acd1c309e71d276e30fd1a60c14434b08a90d2928d	PE32	2020-06-27 10:48:14	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
67e357ef2a5f3ad0b57a41cd1aa5c6367d3c386334b44504c6b3a1f8460c3775	PE32	2020-06-27 22:13:55	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
00bafc075224d7f64e56ed9d1163c024a4049f195c8fb2ed623a754916db31b6	PE32	2020-07-07 10:12:15	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/anti_dbg YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/network_dga YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/BLOWFISH_Constants YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/BASE64_table YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
2fa59f06afb2e3c9bfa441137dbb4edeaec4c3c6ebf1fab6a7bf33cfa253a588	PE32	2020-07-07 15:51:05	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
e6ff204abdda3b4dc069e7688f8913ecf8f50639b5ef993ddf73b09364ed4385	PE32	2020-07-07 21:31:20	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
a207dcc816a09d6e115c0a08015779c283906a358b66c94d531df9f6e73b1033	PE32	2020-07-08 22:50:11	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
6cf389d3702a54bfed32188a18fff18ccdef3047601c93597b30cc0a3c4930f4	PE32	2020-07-11 01:10:41	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
de19d8ea2911ff7e337823576e214151ad4426206db8e9ea9880778f2592f935	PE32	2021-05-25 12:01:19	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
86866c168eb4c338f51d21e7585a7a854efc662e87f2109a19903c79b9e03aa4	PE32	2021-06-15 17:02:55	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
ff69421b187848fd2cdf09cf5ecf9fc9d1b8758a79bafe1bae2240ad29993429	PE32	2021-06-29 10:01:03	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
8eb3881ba7d320c0760042529414e8ee87b8bfc648c34d87dd36ed854b0c8b7b	PE32	2021-07-19 21:00:45	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/NETexecutableMicrosoft YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/disable_dep YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Njrat YRP/win_exe_njRAT YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
c1b32a3c7242d5ee0f85b5e7f7c5af993b827b9478c8bc9dd8c440811830dd66	PE32	2021-07-21 12:00:56	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
d64c2da29df9186c58c5fceb4b2f1dca1c3360c74a342f4a61227e9a97a79d0f	PE32	2021-07-31 17:00:27	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
8b96f06dd85d4881cce875663d61af6f8927dbf6536fcad9b792b9d20494411e	PE32	2021-08-30 09:07:36	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/UPXv20MarkusLaszloReiser YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser [+] YRP/UPX20030XMarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/suspicious_packer_section YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
c29d545bd166e0fc8f641c4ba229bfe991bb35b66a87e41122af702007eb6e30	PE32	2021-08-31 09:05:47	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
eadb655f8e92bf218894b479082dc74e0fce5a44cef4d74a6c3cf51c1773e4e3	PE32	2021-08-31 09:06:04	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
802b67f035f6b75aa99b4c04c7701ca80f132ec5007d066f04c174e304423f94	PE32	2021-08-31 13:06:38	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
1c85f500e9ca0788bfd183ad5c8a5a8dafe9dd89e76ed7cef7e025f942cd8df4	PE32	2021-08-31 13:09:09	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
494f1f9db5268247533e28b2a3785de4bea7cd123e050d97700964943922a6db	PE32	2021-09-01 03:09:23	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
caf514da7bc3aa87587e72da8f1c348533f4a212fc29c8d3d8ae6cc92194e53b	PE32	2021-09-01 03:09:26	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet

Recent Searches
bamfdetect/darkcomet
yrp/vprotector13xvcasm
yrp/ikat_command_lines_agent
yrp/webshell_ironshell
yrp/upx_v30_exe_lzma_markus_oberhumer_laszlo_molnar_john_reiser_additional
yrp/upack022023betadwing
yrp/havex_trojan_php_server
yrp/angler_html
yrp/scobfuscatorsupercracker
florianroth/zxshell_jul17

Search

Recent Searches