MalShare

SHA256 Hash	File type	Added	Source	Yara Hits
72e12190ae7a5ab6e30f236d1fb680d7d03817e5cfedc37941f20ccb39d3e70b	HTML	2022-03-05 23:00:08	https://www.advintel.io/post/persist-brick-pr...	YRP/possible_includes_base64_packed_functions YRP/powershell YRP/domain YRP/IP [+] YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/MALW_trickbot_bankBot
35f8d586ae54e428b750718ce148be483e631c2183f71930c6137028eecb0a39	HTML	2022-03-05 11:00:59	https://eclypsium.com/2020/12/03/trickbot-now...	YRP/powershell YRP/domain YRP/url YRP/contentis_base64 [+] YRP/Misc_Suspicious_Strings YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/MALW_trickbot_bankBot
a62350dcb99bff12a40d1b6a12383326b04fc6248c39c96bd30d9fb8121dc142	HTML	2022-03-05 11:00:09	https://www.advintel.io/post/persist-brick-pr...	YRP/possible_includes_base64_packed_functions YRP/powershell YRP/domain YRP/IP [+] YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/MALW_trickbot_bankBot
377d60cd60f12500b9441db24aafbdfa4d9ee82e7c89ddd679e1a962b1119249	data	2021-09-04 06:02:03	User Submission	YRP/domain YRP/contentis_base64 YRP/MALW_trickbot_bankBot
b6aba576f7d9ecde8e958f915ad21cc788e451463ebfc1bb03c56ed93af3ff54	data	2021-09-04 06:01:57	User Submission	YRP/domain YRP/contentis_base64 YRP/MALW_trickbot_bankBot
af54c6193206e92e9453d16a7312d824f23735dab398d1e3cb3244487c7f6326	data	2021-09-04 06:01:50	User Submission	CuckooSandbox/embedded_pe CuckooSandbox/embedded_win_api YRP/domain YRP/contentis_base64 [+] YRP/anti_dbg YRP/win_files_operation YRP/MD5_Constants YRP/MALW_trickbot_bankBot YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library
99c449bfee6c61969b428b6e6b49cffe90a53d9f8b17ceff3546ab96ec1fefd1	data	2021-09-04 06:01:42	User Submission	CuckooSandbox/embedded_pe CuckooSandbox/embedded_win_api YRP/domain YRP/contentis_base64 [+] YRP/SEH__vectored YRP/anti_dbg YRP/win_mutex YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/MALW_trickbot_bankBot YRP/with_sqlite
4e711389f39661c5e3e0728d7c99430fb7ca402b3950822dec78eba00f8ed943	data	2021-09-04 06:01:33	User Submission	CuckooSandbox/embedded_pe YRP/domain YRP/contentis_base64 YRP/win_registry [+] YRP/MALW_trickbot_bankBot YRP/Str_Win32_Http_API
cab957f02bb450177b262a590d915e990be527199ee8cfd3d22f6eb84a23e593	data	2021-09-04 06:01:26	User Submission	CuckooSandbox/embedded_pe CuckooSandbox/embedded_win_api YRP/domain YRP/contentis_base64 [+] YRP/SEH__vectored YRP/anti_dbg YRP/win_files_operation YRP/DES_sbox YRP/MALW_trickbot_bankBot
6d487dffb68cd5ba6d6f03383b00c3c942ce8bebc8ef3bdd10ddf240bd532f2f	data	2021-09-04 06:01:19	User Submission	CuckooSandbox/shellcode CuckooSandbox/embedded_pe CuckooSandbox/embedded_win_api YRP/domain [+] YRP/contentis_base64 YRP/anti_dbg YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MALW_trickbot_bankBot YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library
e07316969b2d2941e9ec6a940d03d03bd36527dae825f30265fd5221a858fca4	PE32	2021-07-09 17:03:38	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/win_mutex YRP/MALW_trickbot_bankBot YRP/Str_Win32_Winsock2_Library FlorianRoth/DragonFly_APT_Sep17_3
cfe698d32a0bd4c84b991f868186c8a5f9d5f86fc330ad1b7e628741f78deba2	PE32	2020-04-08 18:34:02	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64 YRP/MALW_trickbot_bankBot FlorianRoth/DragonFly_APT_Sep17_3
0001ea7292f4c8befdcce6bc8a6fc5f81bf6b67c485c37be0297619527bad0a3	PE32	2020-04-08 17:44:31	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64 YRP/MALW_trickbot_bankBot FlorianRoth/DragonFly_APT_Sep17_3
879bb47933c315e454d47f3fcbf67bf0a006f88ecb349b80ac2480b9ea66b625	PE32	2020-04-06 18:04:07	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64 YRP/MALW_trickbot_bankBot FlorianRoth/DragonFly_APT_Sep17_3
197da9d38b9f0e4ff5b7449e6ddcfacf82af235f919ccfc70e9ef4ac28625285	PE32	2020-04-06 17:44:00	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64 YRP/MALW_trickbot_bankBot FlorianRoth/DragonFly_APT_Sep17_3
7a7f20a2fc2e9261f1debd1523acb43b3aadd05e7fe53db1a3f23ad09e51dc77	PE32	2020-03-25 19:24:14	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64 YRP/MALW_trickbot_bankBot FlorianRoth/DragonFly_APT_Sep17_3
2ec7cd91639e7032393757e9595cb4efc28ab9485583c60b16ba2cd54109bdfa	PE32	2020-03-25 18:54:11	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64 YRP/MALW_trickbot_bankBot FlorianRoth/DragonFly_APT_Sep17_3
ee315108be3f9d2cf27ec35c73b3451f35beeab310d49aface2c95874d352186	PE32	2020-03-18 20:33:47	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64 YRP/MALW_trickbot_bankBot FlorianRoth/DragonFly_APT_Sep17_3
32c59efa3c9a35c1f3a09aa41caf6cbeb7438deb2ec750aaa7edfb857e17e985	PE32	2020-03-18 19:13:48	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64 YRP/MALW_trickbot_bankBot FlorianRoth/DragonFly_APT_Sep17_3
32aa207c8438a5fb96f936a54c055eae30963ccc6ce229ce4c40bb9660561a0b	PE32	2020-03-13 19:13:41	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64 YRP/MALW_trickbot_bankBot FlorianRoth/DragonFly_APT_Sep17_3
245fce6103188e74a4c30dafdd1cad823a5a41134dab7e8d1388cd36f604f6c5	PE32	2020-03-13 19:03:40	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64 YRP/MALW_trickbot_bankBot FlorianRoth/DragonFly_APT_Sep17_3
91dfaccb53e59649a6b01ea1c2332a09670872a5a8750db87395a292be84b86f	PE32	2020-03-12 19:43:40	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64 YRP/MALW_trickbot_bankBot FlorianRoth/DragonFly_APT_Sep17_3
2076def67361fdf5d4299ac1747f2b4156f21dcb4d8b8bdb7a41c013600dffc8	PE32	2020-03-12 18:43:40	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64 YRP/MALW_trickbot_bankBot FlorianRoth/DragonFly_APT_Sep17_3
0219a9d5848f60471712d513e3987d4557daa33aa75387b2ae23ee06b4cf5d06	PE32	2020-03-03 18:53:32	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64 YRP/MALW_trickbot_bankBot FlorianRoth/DragonFly_APT_Sep17_3
089b0340acb30cfdfd359877f729c11ae7b3c9aaa3184be961f323e9489207ab	PE32	2020-03-03 18:53:30	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64 YRP/MALW_trickbot_bankBot FlorianRoth/DragonFly_APT_Sep17_3
f7fc6b78306c733b82ebd534d31cc3578b04349ebeec246bbff8ac0f7ef55c94	PE32	2020-02-28 20:03:25	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64 YRP/MALW_trickbot_bankBot FlorianRoth/DragonFly_APT_Sep17_3
d09aa2a6fc5f68c80380f3af291bc79b74b146989a5599e676b697e558a17374	PE32	2020-02-28 19:53:30	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64 YRP/MALW_trickbot_bankBot FlorianRoth/DragonFly_APT_Sep17_3
27a398a099c8038711a7a7c1a8a1615c4d53efa25188371d7c76ed25a7a4a6a6	data	2020-02-28 18:53:27	User Submission	CuckooSandbox/embedded_win_api YRP/possible_includes_base64_packed_functions YRP/powershell YRP/domain [+] YRP/IP YRP/url YRP/contentis_base64 YRP/Antivirus YRP/Sandboxie_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/Check_Dlls YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/disable_antivirus YRP/inject_thread YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/Advapi_Hash_API YRP/BASE64_table YRP/MALW_trickbot_bankBot YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API FlorianRoth/Msfpayloads_msf_ref
42b6ea6fd6e3386b60e2699ff3a996e5c611f260d57b6cfaf4d1922f91cd4390	PE32	2020-02-20 17:53:18	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64 YRP/MALW_trickbot_bankBot FlorianRoth/DragonFly_APT_Sep17_3
14b869447fb077fa6708c13bc27f7084f0972fba3a6103a2043f4caa3b7949fb	PE32	2020-02-20 17:43:20	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64 YRP/MALW_trickbot_bankBot FlorianRoth/DragonFly_APT_Sep17_3
6cd0d4666553fd7184895502d48c960294307d57be722ebb2188b004fc1a8066	PE32	2020-01-17 20:32:52	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64 YRP/MALW_trickbot_bankBot FlorianRoth/DragonFly_APT_Sep17_3
e0a84622ead21abb133ec17f26d7afec34c12276902199499c22ff2ffabfd0bf	PE32+	2020-01-17 20:02:57	User Submission	YRP/IsPE64 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/inject_thread YRP/escalate_priv YRP/screenshot YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MALW_trickbot_bankBot YRP/Str_Win32_Winsock2_Library
c41010cd1bd4e5837d28caf7881ea4dd27fdf2a19c234f1fee7674fdc1dd53ea	PE32	2020-01-17 19:57:11	User Submission	YRP/Visual_Cpp_2005_DLL_Microsoft YRP/Visual_Cpp_2003_DLL_Microsoft YRP/IsPE32 YRP/IsDLL [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/inject_thread YRP/escalate_priv YRP/screenshot YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MALW_trickbot_bankBot YRP/Str_Win32_Winsock2_Library
d86e5eb6124f766c216fb176b6d65e8eb228d66b36f2ab94b80cd62303bd1bcb	PE32+	2020-01-16 20:37:31	User Submission	YRP/IsPE64 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/anti_dbg YRP/inject_thread YRP/escalate_priv YRP/screenshot YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MALW_trickbot_bankBot YRP/Str_Win32_Winsock2_Library
83f69e6d876deb2c7de7d32fdd7455c119be09b4ef314181e597213f9a2d6db2	PE32	2020-01-16 19:54:14	User Submission	YRP/Visual_Cpp_2005_DLL_Microsoft YRP/Visual_Cpp_2003_DLL_Microsoft YRP/IsPE32 YRP/IsDLL [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/anti_dbg YRP/inject_thread YRP/escalate_priv YRP/screenshot YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MALW_trickbot_bankBot YRP/Str_Win32_Winsock2_Library
5993a0db6f7e138d1d38c5ff8fa288c2bae5118d864b73f49c0a2c82b72d3acb	PE32	2020-01-08 19:22:50	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64 YRP/MALW_trickbot_bankBot FlorianRoth/DragonFly_APT_Sep17_3
069916cefd524bf2ec2bc080bebadea338dcc114030c7d40bce66ff0c5b1d359	PE32	2020-01-08 18:42:38	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64 YRP/MALW_trickbot_bankBot FlorianRoth/DragonFly_APT_Sep17_3
fd07be9662b89a80fe4517c8492e3c5917866bbf05ec7e55ada6c46763d73f97	PE32	2020-01-07 20:12:37	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64 YRP/MALW_trickbot_bankBot FlorianRoth/DragonFly_APT_Sep17_3
199e9d68c5de9e0a761bceb92a2ab1169ed7c896a1e80accd068f383089b5447	PE32	2020-01-07 18:42:36	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64 YRP/MALW_trickbot_bankBot FlorianRoth/DragonFly_APT_Sep17_3
e5867777788d8e7495c51fcdca2e5e90552aa15f0881747c124aac5d5fb8eca4	PE32	2019-12-31 19:32:38	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64 YRP/MALW_trickbot_bankBot FlorianRoth/DragonFly_APT_Sep17_3
b32ed692b513231a8a0959957f7e43a35c5aa2d85aae0323ce7e9d18b0927a2e	PE32	2019-12-31 19:22:16	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64 YRP/MALW_trickbot_bankBot FlorianRoth/DragonFly_APT_Sep17_3
06072fc1d9aac0b8464f3454382e9a8c48b90959051808d5b9e6fb14662f7827	PE32	2019-12-31 18:52:13	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64 YRP/MALW_trickbot_bankBot FlorianRoth/DragonFly_APT_Sep17_3
a5cdfdfadd78650a382a3e5700d837a8c6f2351970750ac32a5314670f079dff	PE32	2019-12-27 19:22:43	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64 YRP/MALW_trickbot_bankBot FlorianRoth/DragonFly_APT_Sep17_3
ab300a8714e5173f65612da3911d2ce950e5a8c8188224c998d80b9b95c37572	PE32	2019-12-27 19:22:38	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64 YRP/MALW_trickbot_bankBot FlorianRoth/DragonFly_APT_Sep17_3
da506289aaf1c38b15614803d2f4c8d55610c03672a5b2e325a3439073ddf59f	PE32+	2019-12-20 20:02:16	User Submission	YRP/IsPE64 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/anti_dbg YRP/inject_thread YRP/escalate_priv YRP/screenshot YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MALW_trickbot_bankBot YRP/Str_Win32_Winsock2_Library
8f91d3e7aaad9daab055a0a5020f189766d281f5f90c887bc23c0a3f6cd32c05	PE32	2019-12-20 19:32:12	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64 YRP/MALW_trickbot_bankBot FlorianRoth/DragonFly_APT_Sep17_3
00448dbd2de976bff71ae7989fadc78a8ba0bbc375f85080ced51f79a03035e1	PE32	2019-12-20 19:12:15	User Submission	YRP/Visual_Cpp_2005_DLL_Microsoft YRP/Visual_Cpp_2003_DLL_Microsoft YRP/IsPE32 YRP/IsDLL [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/anti_dbg YRP/inject_thread YRP/escalate_priv YRP/screenshot YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MALW_trickbot_bankBot YRP/Str_Win32_Winsock2_Library
29b9150d53143536f38faba22ec18f2d58cf25cc246038891bee4313b5205dd4	PE32	2019-12-20 19:02:17	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64 YRP/MALW_trickbot_bankBot FlorianRoth/DragonFly_APT_Sep17_3
8b7af9073d39be17b789fb76c7d366c94c122f34f6670b33ee1b11381cf0833b	PE32+	2019-12-13 19:32:03	User Submission	YRP/IsPE64 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/anti_dbg YRP/inject_thread YRP/escalate_priv YRP/screenshot YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MALW_trickbot_bankBot YRP/Str_Win32_Winsock2_Library
630f05a8b7ce51d95b471895efb29302fe5fccb8f32effe1078af1a7fe1a99a4	PE32	2019-12-13 19:21:49	User Submission	YRP/Visual_Cpp_2005_DLL_Microsoft YRP/Visual_Cpp_2003_DLL_Microsoft YRP/IsPE32 YRP/IsDLL [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/anti_dbg YRP/inject_thread YRP/escalate_priv YRP/screenshot YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MALW_trickbot_bankBot YRP/Str_Win32_Winsock2_Library
1e24acd151dd5e3f29dc388fda90c38b4de0bb732e0ac433f8af38adc8f1b080	PE32	2019-12-13 18:52:09	User Submission	YRP/Visual_Cpp_2005_DLL_Microsoft YRP/Visual_Cpp_2003_DLL_Microsoft YRP/IsPE32 YRP/IsDLL [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/anti_dbg YRP/inject_thread YRP/escalate_priv YRP/screenshot YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MALW_trickbot_bankBot YRP/Str_Win32_Winsock2_Library
264b14f1b8fbe1a779f5e59fe129afb02ebda682c3669c476c07618f6a4c29d7	PE32+	2019-12-13 18:52:02	User Submission	YRP/IsPE64 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/anti_dbg YRP/inject_thread YRP/escalate_priv YRP/screenshot YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MALW_trickbot_bankBot YRP/Str_Win32_Winsock2_Library
289436f5968b89a24f34745bf777b3f6de9d4e47d6c46e7cbdf1d44318be5442	PE32	2019-12-12 18:52:04	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/anti_dbg YRP/inject_thread YRP/escalate_priv YRP/screenshot YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MALW_trickbot_bankBot YRP/Str_Win32_Winsock2_Library
65e8ac061df666cef0e4d12ca5005f9f2a76c90c87097fb9c13504009fe86cb9	PE32	2019-12-10 20:12:02	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64 YRP/MALW_trickbot_bankBot FlorianRoth/DragonFly_APT_Sep17_3
49a474b13be28ed5ae89e508301fefb69eb99a39cd415192c61417b2d872d134	PE32	2019-12-10 20:01:57	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64 YRP/MALW_trickbot_bankBot FlorianRoth/DragonFly_APT_Sep17_3
fa3c2e564ec7637a367d4efbea4c87e88f076e1335a61d0b3ef18fa78b62fb30	PE32	2019-12-06 21:12:03	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64 YRP/MALW_trickbot_bankBot FlorianRoth/DragonFly_APT_Sep17_3
e28777d37792f33507b0fdd7e320a983bb01f331800ed58937a78102308a8cee	PE32	2019-12-06 21:01:36	User Submission	YRP/Visual_Cpp_2005_DLL_Microsoft YRP/Visual_Cpp_2003_DLL_Microsoft YRP/IsPE32 YRP/IsDLL [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/anti_dbg YRP/inject_thread YRP/escalate_priv YRP/screenshot YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MALW_trickbot_bankBot YRP/Str_Win32_Winsock2_Library
cac4ed94d9dd2e367e461d60bc7f1fcaf9f4c746ab41ec9914b4175a30f259d2	PE32+	2019-12-06 20:51:35	User Submission	YRP/IsPE64 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/anti_dbg YRP/inject_thread YRP/escalate_priv YRP/screenshot YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MALW_trickbot_bankBot YRP/Str_Win32_Winsock2_Library
8832e50c06bf262402e00c2a989f4a39f2e7fbdd5da87efc7b4b83761f5a1b56	PE32	2019-12-06 20:31:34	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64 YRP/MALW_trickbot_bankBot FlorianRoth/DragonFly_APT_Sep17_3
8bb38574a0396b9e78997a4212134055ea1f0c77a6fda378b844d14135f3aedf	PE32	2019-12-03 02:12:07	User Submission	YRP/Visual_Cpp_2005_Release_Microsoft YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/DebuggerCheck__QueryInfo YRP/inject_thread YRP/network_dns YRP/win_mutex YRP/win_token YRP/win_files_operation YRP/Advapi_Hash_API YRP/MALW_trickbot_bankBot YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API
36a99734b90ca4b78f75bffbf37ab348f42dc7563637f5edb6a65481b5131705	PE32	2019-12-02 22:31:33	User Submission	YRP/Visual_Cpp_2005_Release_Microsoft YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/DebuggerCheck__QueryInfo YRP/inject_thread YRP/network_dns YRP/win_mutex YRP/win_token YRP/win_files_operation YRP/Advapi_Hash_API YRP/MALW_trickbot_bankBot YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API
d4cb48bd841ebbcff108a8754385c91645a6592f285202d915f2d24df41bdae2	PE32	2019-11-29 19:31:25	User Submission	YRP/Visual_Cpp_2005_DLL_Microsoft YRP/Visual_Cpp_2003_DLL_Microsoft YRP/IsPE32 YRP/IsDLL [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/anti_dbg YRP/inject_thread YRP/escalate_priv YRP/screenshot YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MALW_trickbot_bankBot YRP/Str_Win32_Winsock2_Library
97d85470901861e5f4b2fd7bbe8a51c4bc2ce9dcfea79290ee51977313693651	PE32	2019-11-29 19:21:26	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64 YRP/MALW_trickbot_bankBot FlorianRoth/DragonFly_APT_Sep17_3
53c131714e23f95537736dd35f17c8e9ca4f88637aa9c9f3b6a0bde455276e08	PE32	2019-11-29 19:01:23	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64 YRP/MALW_trickbot_bankBot FlorianRoth/DragonFly_APT_Sep17_3
19037a6c7638125bdba4ee1df8109b2fd26d05c27421247030a7b3922c2fea03	PE32+	2019-11-29 18:51:27	User Submission	YRP/IsPE64 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/anti_dbg YRP/inject_thread YRP/escalate_priv YRP/screenshot YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MALW_trickbot_bankBot YRP/Str_Win32_Winsock2_Library
586dc91f13f8c0c7a99d7b1477d03e00904fbf744a12d525d989b31cafc0244b	PE32	2019-11-28 01:01:22	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64 YRP/MALW_trickbot_bankBot FlorianRoth/DragonFly_APT_Sep17_3
39341c194366c65a9ba6fc83b2a84ede3620fde1f26616ba6352336ad31417c0	PE32	2019-11-28 00:51:22	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64 YRP/MALW_trickbot_bankBot FlorianRoth/DragonFly_APT_Sep17_3
f2d46fd499f683e61f377484ea4899e2356db01df551f92cbb0b97919f309165	PE32	2019-11-25 19:51:46	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64 YRP/MALW_trickbot_bankBot FlorianRoth/DragonFly_APT_Sep17_3
52a8d5d40db9a6f2f65aa7667574438905dda53d6fb9d262543c8ddc1a7ce6cf	PE32	2019-11-25 19:11:31	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64 YRP/MALW_trickbot_bankBot FlorianRoth/DragonFly_APT_Sep17_3
44c6bbe4cf768e933e3aeb8132ddd8b8e43f043a89d456fe2ce6f66fb140ae55	PE32	2019-11-21 06:11:20	User Submission	YRP/Visual_Cpp_2005_Release_Microsoft YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/DebuggerCheck__QueryInfo YRP/inject_thread YRP/network_dns YRP/win_mutex YRP/win_token YRP/win_files_operation YRP/Advapi_Hash_API YRP/MALW_trickbot_bankBot YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API
d614116e0b2209e444fabd27bb4b97912af306f034132d01ad6cec33914f68dc	PE32	2019-11-20 20:11:32	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64 YRP/MALW_trickbot_bankBot FlorianRoth/DragonFly_APT_Sep17_3
ba96f5b54420d0b6bbf46da1ccbfead70bc5945b414dbc2b6309db0a691e04bc	PE32	2019-11-20 20:01:17	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64 YRP/MALW_trickbot_bankBot FlorianRoth/DragonFly_APT_Sep17_3
4146070784ad206a34db001cf55ea102b96141044e512b4438d40b3b7fede33f	PE32+	2019-11-20 19:21:13	User Submission	YRP/IsPE64 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/inject_thread YRP/escalate_priv YRP/screenshot YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MALW_trickbot_bankBot YRP/Str_Win32_Winsock2_Library
1ef35cc8604531c1326ef56bc71191a2d5cb87e75be8c967419200cec2ce6c78	PE32	2019-11-20 19:01:18	User Submission	YRP/Visual_Cpp_2005_DLL_Microsoft YRP/Visual_Cpp_2003_DLL_Microsoft YRP/IsPE32 YRP/IsDLL [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/anti_dbg YRP/inject_thread YRP/escalate_priv YRP/screenshot YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MALW_trickbot_bankBot YRP/Str_Win32_Winsock2_Library
f98dfeb0911f7345d311bbd6822812e1b32ceee1ae3fe2620071ea8c5cb1f9a4	PE32	2019-11-12 17:30:59	User Submission	YRP/Visual_Cpp_2005_DLL_Microsoft YRP/Visual_Cpp_2003_DLL_Microsoft YRP/IsPE32 YRP/IsDLL [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/anti_dbg YRP/inject_thread YRP/escalate_priv YRP/screenshot YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MALW_trickbot_bankBot YRP/Str_Win32_Winsock2_Library
e3215641613b5e3f4e6c412cd47fc567252ffa2fe1932e4f4855c4f344f5c6fc	PE32	2019-11-12 17:21:10	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64 YRP/MALW_trickbot_bankBot FlorianRoth/DragonFly_APT_Sep17_3
9fd236429604b8ad9388bdaa32465deeb8257367915a98b814cb4a2a45a47e95	PE32	2019-11-12 17:11:30	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64 YRP/MALW_trickbot_bankBot FlorianRoth/DragonFly_APT_Sep17_3
c4c8d56cad2f59d64ce0e9b51925eb13f7e5f2be0c1b26d381c196a3e48ac42e	PE32+	2019-11-12 17:11:28	User Submission	YRP/IsPE64 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/anti_dbg YRP/inject_thread YRP/escalate_priv YRP/screenshot YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MALW_trickbot_bankBot YRP/Str_Win32_Winsock2_Library
d767129a5f139bf7ce4bd3b32c8626cd02f53a217f3a4431c89b79b8acd683f5	PE32+	2019-11-07 17:41:11	User Submission	YRP/IsPE64 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/anti_dbg YRP/inject_thread YRP/escalate_priv YRP/screenshot YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MALW_trickbot_bankBot YRP/Str_Win32_Winsock2_Library
d662d3f90d2a1b0f6f2586058b2981e7b8b4df64ad990c0bea9e75f729f93d4f	PE32	2019-11-07 17:30:37	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64 YRP/MALW_trickbot_bankBot FlorianRoth/DragonFly_APT_Sep17_3
989d229de2ba35d211b5c5173c495465497e0a3cbf52f1e8a6ea57e936c9598b	PE32	2019-11-07 17:20:46	User Submission	YRP/Visual_Cpp_2005_DLL_Microsoft YRP/Visual_Cpp_2003_DLL_Microsoft YRP/IsPE32 YRP/IsDLL [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/anti_dbg YRP/inject_thread YRP/escalate_priv YRP/screenshot YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MALW_trickbot_bankBot YRP/Str_Win32_Winsock2_Library
6d2add389158281c6dcdc5109994c49d74228b4b54bf212bc009b1b4d2c03690	PE32	2019-11-07 17:00:51	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64 YRP/MALW_trickbot_bankBot FlorianRoth/DragonFly_APT_Sep17_3
9c3f10890f2b475fd766eeb769039556c2225bf1c5a85951c1bf982fa1ddc73f	PE32	2019-11-06 06:00:40	User Submission	YRP/Visual_Cpp_2005_Release_Microsoft YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/DebuggerCheck__QueryInfo YRP/inject_thread YRP/network_dns YRP/win_mutex YRP/win_token YRP/win_files_operation YRP/Advapi_Hash_API YRP/MALW_trickbot_bankBot YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API
dcbb5dddcd61e105b412d4973b242be0c8b2564b3be371e0ff9ebeb6acdf770c	ASCII	2019-10-25 04:40:24	User Submission	CuckooSandbox/embedded_pe CuckooSandbox/embedded_win_api YRP/powershell YRP/domain [+] YRP/IP YRP/url YRP/contentis_base64 YRP/Antivirus YRP/Misc_Suspicious_Strings YRP/win_files_operation YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/GEN_PowerShell YRP/MALW_trickbot_bankBot YRP/MALW_systeminfo_trickbot_module YRP/MALW_dllinject_trickbot_module YRP/MALW_mailsercher_trickbot_module YRP/Str_Win32_Winsock2_Library YRP/Mimikatz_Memory_Rule_1 YRP/Mimikatz_Memory_Rule_2 YRP/Mimikatz_Logfile FlorianRoth/PowerShell_Susp_Parameter_Combo FlorianRoth/WiltedTulip_ReflectiveLoader
f98fbc48be4223b81b0664b6aa49360f4fc9032d9e7a41fb93d0c73a192f4c37	PE32	2019-10-07 14:49:59	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature [+] YRP/domain YRP/IP YRP/contentis_base64 YRP/DebuggerCheck__QueryInfo YRP/inject_thread YRP/network_dns YRP/win_mutex YRP/win_token YRP/win_files_operation YRP/Advapi_Hash_API YRP/MALW_trickbot_bankBot YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API
9bcea5f7688b4e07d7f911ca32ed74cb524be6fa8f37d0ca1a2a60aa181e2ecd	PE32	2019-10-07 14:49:57	User Submission	YRP/Visual_Cpp_2005_Release_Microsoft YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/DebuggerCheck__QueryInfo YRP/inject_thread YRP/network_dns YRP/win_mutex YRP/win_token YRP/win_files_operation YRP/Advapi_Hash_API YRP/MALW_trickbot_bankBot YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API
c87e5c658430d70e0255778c7621b559d896e1e886a64d7ef0c5492727e71711	PE32	2019-10-06 18:29:49	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature [+] YRP/domain YRP/IP YRP/contentis_base64 YRP/DebuggerCheck__QueryInfo YRP/inject_thread YRP/win_mutex YRP/win_token YRP/win_files_operation YRP/Advapi_Hash_API YRP/MALW_trickbot_bankBot YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API
77eddc6d33c05d28a11b8adffc1c7bacdaa64e2858a33e78c31e5aab46eec7c2	PE32	2019-10-06 12:49:53	User Submission	YRP/Visual_Cpp_2005_Release_Microsoft YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/DebuggerCheck__QueryInfo YRP/inject_thread YRP/network_dns YRP/win_mutex YRP/win_token YRP/win_files_operation YRP/Advapi_Hash_API YRP/MALW_trickbot_bankBot YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API
f20976ca81fd3b50391c79af47cf0859c01c30f2dc5b31fbe0206efb081122c4	PE32	2019-10-06 12:49:49	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature [+] YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/DebuggerCheck__QueryInfo YRP/inject_thread YRP/network_dns YRP/win_mutex YRP/win_token YRP/win_files_operation YRP/Advapi_Hash_API YRP/MALW_trickbot_bankBot YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API
d8b2d7464503fbc81ebd93becde1071e281081d3754b340b120529629abc201d	PE32	2019-10-06 12:09:56	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature [+] YRP/domain YRP/IP YRP/contentis_base64 YRP/DebuggerCheck__QueryInfo YRP/inject_thread YRP/network_dns YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Advapi_Hash_API YRP/MALW_trickbot_bankBot YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API
581b41759b44ed74d9e2065139591af9a1768c40694622bc510b45ad40cd9b19	PE32	2019-10-06 12:09:52	User Submission	YRP/Visual_Cpp_2005_Release_Microsoft YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/DebuggerCheck__QueryInfo YRP/inject_thread YRP/network_dns YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Advapi_Hash_API YRP/MALW_trickbot_bankBot YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API
710ace9a39b187cbbc11f373a5cb74bcbc4621af3e451deb8216612876b0c7c9	PE32	2019-10-06 11:30:00	User Submission	YRP/Visual_Cpp_2005_Release_Microsoft YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/DebuggerCheck__QueryInfo YRP/inject_thread YRP/network_dns YRP/win_mutex YRP/win_token YRP/win_files_operation YRP/Advapi_Hash_API YRP/MALW_trickbot_bankBot YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API
839f0cfb307eb5a8d4cd56e549fd88829c233054bfe19c0a16d26ddcf1199e20	PE32	2019-10-06 11:29:53	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature [+] YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/DebuggerCheck__QueryInfo YRP/inject_thread YRP/network_dns YRP/win_mutex YRP/win_token YRP/win_files_operation YRP/Advapi_Hash_API YRP/MALW_trickbot_bankBot YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API
19deeca0f40263e89f0ba8c2dc691682dda175ed9c194c5fa034db82ee70f670	PE32+	2019-10-06 11:29:52	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI YRP/HasRichSignature [+] YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/DebuggerCheck__QueryInfo YRP/inject_thread YRP/network_dns YRP/win_mutex YRP/win_token YRP/win_files_operation YRP/Advapi_Hash_API YRP/MALW_trickbot_bankBot YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API
e4b25a76e8411d967f64579c0638ab17ec96f102fcc02440ebecc17780e93b73	PE32	2019-10-06 10:50:03	User Submission	YRP/Visual_Cpp_2005_Release_Microsoft YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/DebuggerCheck__QueryInfo YRP/inject_thread YRP/network_dns YRP/win_mutex YRP/win_token YRP/win_files_operation YRP/Advapi_Hash_API YRP/MALW_trickbot_bankBot YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API
dbb96b7f88b35389a5cddcca996f01fa553b9616d4dd3cffa8cd450ed0b2c957	PE32	2019-10-06 10:49:51	User Submission	YRP/Visual_Cpp_2005_Release_Microsoft YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/DebuggerCheck__QueryInfo YRP/inject_thread YRP/network_dns YRP/win_mutex YRP/win_token YRP/win_files_operation YRP/Advapi_Hash_API YRP/MALW_trickbot_bankBot YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API
3ee47c51e420c20a92d2da72a4a81b7bb1344247383a4a70ae3effd3ef35c5d4	PE32	2019-10-06 06:20:28	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature [+] YRP/domain YRP/IP YRP/contentis_base64 YRP/DebuggerCheck__QueryInfo YRP/inject_thread YRP/network_dns YRP/win_mutex YRP/win_token YRP/win_files_operation YRP/Advapi_Hash_API YRP/MALW_trickbot_bankBot YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API
10b4f568bff5b6a42a4e54690f3bca434650af02d5a49f2de2c9bcc69806b738	PE32	2019-10-06 01:49:56	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature [+] YRP/domain YRP/IP YRP/contentis_base64 YRP/DebuggerCheck__QueryInfo YRP/inject_thread YRP/network_dns YRP/win_mutex YRP/win_token YRP/win_files_operation YRP/Advapi_Hash_API YRP/MALW_trickbot_bankBot YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API
6ab3159422f84fdcaff27f5e2c50e0283442700fc4a538fab5f902edfb8af390	PE32	2019-10-06 01:49:53	User Submission	YRP/Visual_Cpp_2005_Release_Microsoft YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/DebuggerCheck__QueryInfo YRP/inject_thread YRP/network_dns YRP/win_mutex YRP/win_token YRP/win_files_operation YRP/Advapi_Hash_API YRP/MALW_trickbot_bankBot YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API
30c740ed2c11f1e17ffbdf29c97b42d5cdf5575d64eafc6834972ba653780578	PE32	2019-10-06 00:29:58	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature [+] YRP/domain YRP/IP YRP/contentis_base64 YRP/DebuggerCheck__QueryInfo YRP/inject_thread YRP/network_dns YRP/win_mutex YRP/win_token YRP/win_files_operation YRP/Advapi_Hash_API YRP/MALW_trickbot_bankBot YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API

Recent Searches
yrp/malw_trickbot_bankbot
yrp/microsoft_visual_cpp_70_dll
yrp/migrate_apc
yrp/aspack_v212_wwwaspackcom_additional
yrp/delphi_strtoint
yrp/exe_additional
yrp/mew_11_se_v11_additional
yrp/big_numbers2
yrp/network_dns
yrp/upack_v011_additional

Search

Recent Searches