MalShare

SHA256 Hash	File type	Added	Source	Yara Hits
771589c7a290e07c63508672de263dbe0b29e8f867e226d391d1a96ec5669dcc	PE32	2022-02-19 04:44:52	User Submission	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/BobSoftMiniDelphiBoBBobSoft YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/borland_delphi_dll YRP/domain YRP/IP YRP/contentis_base64 YRP/Dropper_Strings YRP/disable_taskmanager YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/rat_rdp YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/CRC32_poly_Constant YRP/CRC32_table YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library
e63e89383dda7c714f910e5b71fd2bf67e2109e762f2d104741f8b0d5a5dd808	PE32	2022-02-19 02:59:02	User Submission	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/borland_delphi_dll YRP/domain YRP/IP YRP/contentis_base64 YRP/Browsers YRP/Dropper_Strings YRP/disable_taskmanager YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/rat_rdp YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/CRC32_poly_Constant YRP/CRC32_table YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library
5fed5f7dd7d271473260e28d933f55159c17856b86b5f8f4de00575ffa42450a	PE32	2022-02-18 16:58:14	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Dropper_Strings YRP/disable_registry YRP/disable_taskmanager YRP/network_irc YRP/network_tcp_socket YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/VC8_Random YRP/Str_Win32_Winsock2_Library
0c15456825ee456b14e063a85a533198a02062c91a4f03a6b7d68d12a38bc4e3	PE32	2022-02-18 12:57:10	User Submission	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/Dropper_Strings YRP/disable_taskmanager YRP/network_udp_sock YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/BASE64_table YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Delphi_DecodeDate YRP/Str_Win32_Winsock2_Library YRP/CookieTools
15cb6f35c69e4ff471333ca0a6c913f592d55c557050140ed2319928932f2ed1	PE32	2022-02-18 04:48:20	User Submission	YRP/Borland_Delphi_40_additional YRP/Borland_Delphi_v60_v70_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_v50_KOL [+] YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/BobSoftMiniDelphiBoBBobSoft YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/borland_delphi_dll YRP/domain YRP/IP YRP/contentis_base64 YRP/Browsers YRP/Dropper_Strings YRP/disable_taskmanager YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/rat_rdp YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/CRC32_poly_Constant YRP/CRC32_table YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library
dc60ef0a21d47c7fde63b7793b0932978fa6d2c77cd9e49cb98cc7e4784d42d7	PE32	2022-02-18 04:46:26	User Submission	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/BobSoftMiniDelphiBoBBobSoft YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/borland_delphi_dll YRP/domain YRP/IP YRP/contentis_base64 YRP/Browsers YRP/Dropper_Strings YRP/disable_taskmanager YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/rat_rdp YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/CRC32_poly_Constant YRP/CRC32_table YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library
aba1365a219ce6016083b4a006e77e839be578432fbe17bb7846d2bdd70e2de3	PE32	2022-02-17 22:58:02	User Submission	YRP/Safeguard_103_Simonzh YRP/EXE_Shield_V01b_V03b_SMoKE YRP/EXE_Shield_v01b_v03b_v03_SMoKE YRP/Borland [+] YRP/EXEShieldv01bv03bv03SMoKE YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/borland_delphi_dll YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/contentis_base64 YRP/Browsers YRP/Dropper_Strings YRP/disable_taskmanager YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/rat_rdp YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/CRC32_poly_Constant YRP/CRC32_table YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library
7e517bd143d6ed1404afcbc1a49cf2a99b790db0d32e6a64c79c5a08521179f1	PE32	2022-02-17 22:11:12	User Submission	YRP/Borland_Delphi_40_additional YRP/Borland_Delphi_v60_v70_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional [+] YRP/Borland_Delphi_30_ YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/BobSoftMiniDelphiBoBBobSoft YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/borland_delphi_dll YRP/domain YRP/IP YRP/contentis_base64 YRP/Browsers YRP/Dropper_Strings YRP/disable_taskmanager YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/rat_rdp YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/CRC32_poly_Constant YRP/CRC32_table YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library
198ceb3776aa224b702e0898e48dc6d3b0e8a4d8806e7c6849e7567d09c591eb	PE32	2022-02-17 21:51:06	User Submission	YRP/Borland_Delphi_40_additional YRP/Borland_Delphi_v60_v70_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_v50_KOL [+] YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/BobSoftMiniDelphiBoBBobSoft YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/borland_delphi_dll YRP/domain YRP/IP YRP/contentis_base64 YRP/Browsers YRP/Dropper_Strings YRP/disable_taskmanager YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/rat_rdp YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/CRC32_poly_Constant YRP/CRC32_table YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library
8e7e6d151e7e977f71c78f1ac6a622b2bfff3cfa6b0e7ef566ee0b73ed2faad1	PE32	2022-02-17 21:44:41	User Submission	YRP/Microsoft_Visual_Basic_v50 YRP/PureBasic_4x_Neil_Hodgson_additional YRP/PureBasic_4x_Neil_Hodgson YRP/PureBasic4xNeilHodgson [+] YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/PureBasic YRP/domain YRP/contentis_base64 YRP/disable_taskmanager YRP/inject_thread YRP/network_udp_sock YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_files_operation YRP/win_hook YRP/Str_Win32_Winsock2_Library
918502c71e3ff33a8e44ddd671ffa750ecfbe5d68667d6f63f2c8c07382de306	PE32	2022-02-17 21:21:27	User Submission	YRP/Microsoft_Visual_Basic_v50 YRP/PureBasic_4x_Neil_Hodgson_additional YRP/PureBasic_4x_Neil_Hodgson YRP/PureBasic4xNeilHodgson [+] YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/PureBasic YRP/domain YRP/contentis_base64 YRP/disable_taskmanager YRP/inject_thread YRP/network_udp_sock YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_files_operation YRP/win_hook YRP/Str_Win32_Winsock2_Library
c4f671a05d5a80175e0525b7abca2f2de632f7e561b70124f291c7d2ddd7caea	PE32	2022-02-17 20:10:11	User Submission	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/BobSoftMiniDelphiBoBBobSoft YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/borland_delphi_dll YRP/domain YRP/IP YRP/contentis_base64 YRP/Browsers YRP/Dropper_Strings YRP/disable_taskmanager YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/rat_rdp YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/CRC32_poly_Constant YRP/CRC32_table YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library
e099bac6f7836ec3d98729474fa506d5bb95963e3c3c4e3d9bab3a724f91dc44	PE32	2022-02-17 18:23:44	User Submission	YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h YRP/Borland YRP/MaskPEV20yzkzero YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/borland_delphi_dll YRP/domain YRP/IP YRP/contentis_base64 YRP/Browsers YRP/Dropper_Strings YRP/disable_taskmanager YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/rat_rdp YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/CRC32_poly_Constant YRP/CRC32_table YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/suspicious_packer_section
8e0d969d42c20d9ee7388472a076ec02436982ca9674c70e0914fcb31727a83f	PE32	2022-02-17 16:40:18	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Dropper_Strings YRP/disable_registry YRP/disable_taskmanager YRP/network_irc YRP/network_tcp_socket YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/VC8_Random YRP/Str_Win32_Winsock2_Library
94f332ae97cc94d730fb18f01c216e16d4178afd9c65967008e0a7af199f68af	PE32	2022-02-17 16:21:34	User Submission	YRP/Microsoft_Visual_Basic_v50 YRP/PureBasic_4x_Neil_Hodgson_additional YRP/PureBasic_4x_Neil_Hodgson YRP/PureBasic4xNeilHodgson [+] YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/PureBasic YRP/domain YRP/contentis_base64 YRP/disable_taskmanager YRP/inject_thread YRP/network_udp_sock YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_files_operation YRP/win_hook YRP/Str_Win32_Winsock2_Library
5f34e126a08eb70460611835e9e0497714a4620fd35f77793a8d075c1205bf71	PE32	2022-02-17 13:12:12	User Submission	YRP/UPXv20MarkusLaszloReiser YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/UPX20030XMarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/disable_taskmanager YRP/inject_thread YRP/create_service YRP/network_tcp_listen YRP/network_dropper YRP/network_tcp_socket YRP/escalate_priv YRP/screenshot YRP/rat_webcam YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/UPX YRP/suspicious_packer_section
4d53ee6515fdd2c43d9077075876746c261f7894620e472327b6c638326c8005	PE32	2022-02-17 12:11:37	User Submission	YRP/Borland_Delphi_40_additional YRP/Borland_Delphi_v60_v70_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_v50_KOL [+] YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/BobSoftMiniDelphiBoBBobSoft YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/borland_delphi_dll YRP/domain YRP/IP YRP/contentis_base64 YRP/Browsers YRP/Dropper_Strings YRP/disable_taskmanager YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/rat_rdp YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/CRC32_poly_Constant YRP/CRC32_table YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library
9c53cd090be0664e05497dad21207c63cc2ce7dedfccbf1a4f13dc022bfb2711	PE32	2022-02-17 10:04:27	User Submission	YRP/Microsoft_Visual_Basic_v50 YRP/PureBasic_4x_Neil_Hodgson_additional YRP/PureBasic_4x_Neil_Hodgson YRP/PureBasic4xNeilHodgson [+] YRP/IsPE32 YRP/IsWindowsGUI YRP/PureBasic YRP/domain YRP/IP YRP/contentis_base64 YRP/Dropper_Strings YRP/disable_taskmanager YRP/keylogger YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants FlorianRoth/DragonFly_APT_Sep17_3
68cb033ba2d1df97a89bdbfc4b4a51da07abcbeda1e960a13ac86ea0dd708333	PE32	2022-02-17 06:05:05	User Submission	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/BobSoftMiniDelphiBoBBobSoft YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/borland_delphi_dll YRP/domain YRP/IP YRP/contentis_base64 YRP/Browsers YRP/Dropper_Strings YRP/disable_taskmanager YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/rat_rdp YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/CRC32_poly_Constant YRP/CRC32_table YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library
5f971eea2ec94a9f49813339ddd38205f8d2ee014afd6295021ab9eb2e824f68	PE32	2022-02-17 05:28:11	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/borland_delphi_dll YRP/domain YRP/IP YRP/contentis_base64 YRP/Browsers YRP/Dropper_Strings YRP/disable_taskmanager YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/rat_rdp YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/CRC32_poly_Constant YRP/CRC32_table YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library
eddea0fcd5c9a5de3fd12e77fcbe668e5dab6ebd1f87d3c8f61340a36b9c7e60	PE32	2022-02-17 05:18:46	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/VM_Generic_Detection YRP/Misc_Suspicious_Strings YRP/disable_taskmanager YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/keylogger YRP/rat_webcam YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Delphi_Random YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_DecodeDate YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API
6df7e822fff385788d13c9ba33548be52343fb69dfbd3dac1639b4105be23533	PE32	2022-02-17 01:32:40	User Submission	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/BobSoftMiniDelphiBoBBobSoft YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Dropper_Strings YRP/ThreadControl__Context YRP/disable_taskmanager YRP/inject_thread YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/rat_rdp YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/CRC32_poly_Constant YRP/CRC32_table YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Delphi_DecodeDate YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library
682577083d3baff5ff707e2da5bd2ac3d7740599b17d6d1550f4873d76a8d4ad	PE32	2022-02-16 19:12:50	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/borland_delphi_dll YRP/domain YRP/IP YRP/contentis_base64 YRP/Browsers YRP/Dropper_Strings YRP/disable_taskmanager YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/rat_rdp YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/CRC32_poly_Constant YRP/CRC32_table YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library
0bd4b535ce09b090f632046c99b062cf731a819c21c1c475571d80079d91b3f3	PE32	2022-02-16 14:51:53	User Submission	YRP/Borland_Delphi_40_additional YRP/Borland_Delphi_v60_v70_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_v50_KOL [+] YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/BobSoftMiniDelphiBoBBobSoft YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/borland_delphi_dll YRP/domain YRP/IP YRP/contentis_base64 YRP/Browsers YRP/Dropper_Strings YRP/disable_taskmanager YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/rat_rdp YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/CRC32_poly_Constant YRP/CRC32_table YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library
b81d7e836591df1030969210f8c77ed90c1237809796e530be67e3f6b70341b4	PE32	2022-02-16 10:18:39	User Submission	YRP/Borland YRP/dUP2xPatcherwwwdiablo2oo2cjbnet YRP/MaskPEV20yzkzero YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Dropper_Strings YRP/ThreadControl__Context YRP/disable_taskmanager YRP/inject_thread YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/rat_rdp YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/CRC32_poly_Constant YRP/CRC32_table YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Delphi_DecodeDate YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/suspicious_packer_section
d4fecc3ca24f9513073b6b68ef5fd7f980973286c8ffbd9ddd49f3fa4c441335	PE32	2022-02-16 08:56:23	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Browsers YRP/Dropper_Strings YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/disable_firewall YRP/disable_registry YRP/disable_taskmanager YRP/network_tcp_listen YRP/network_irc YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/keylogger YRP/cred_local YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/suspicious_packer_section
a539b207725bc44ef86a93a0b0c7ed6eba6bb40fe948f1f8c8a30643e94deccd	PE32	2022-02-16 00:11:02	User Submission	YRP/Borland_Delphi_40_additional YRP/Borland_Delphi_v60_v70_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_v50_KOL [+] YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/BobSoftMiniDelphiBoBBobSoft YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/borland_delphi_dll YRP/domain YRP/IP YRP/contentis_base64 YRP/Browsers YRP/Dropper_Strings YRP/disable_taskmanager YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/rat_rdp YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/CRC32_poly_Constant YRP/CRC32_table YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library
0445999ddae573d087424bff088fea057fb168898f786bef76cd5811764a9494	PE32	2022-02-15 22:48:26	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Microsoft_Visual_Cpp_70_DLL YRP/Microsoft_Visual_Cpp_70_DLL_additional YRP/Microsoft_Visual_Cpp_v60_DLL [+] YRP/Microsoft_Visual_Cpp_70_DLL_Method_3 YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VM_Generic_Detection YRP/Misc_Suspicious_Strings YRP/disable_taskmanager YRP/inject_thread YRP/network_tcp_listen YRP/network_dropper YRP/network_tcp_socket YRP/escalate_priv YRP/screenshot YRP/rat_webcam YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library
c7276bb9cea37e90868f3abfabb06738166caea68455211e83c170c64618e314	PE32	2022-02-15 21:33:59	User Submission	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay YRP/borland_delphi_dll YRP/domain YRP/IP YRP/contentis_base64 YRP/Browsers YRP/Dropper_Strings YRP/disable_taskmanager YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/rat_rdp YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/CRC32_poly_Constant YRP/CRC32_table YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library
27dfce98ad502f3012d4abf2cef3632a7b71142c69f4b7e860b992c382029059	PE32	2022-02-15 20:42:21	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/borland_delphi_dll YRP/domain YRP/IP YRP/contentis_base64 YRP/Browsers YRP/Dropper_Strings YRP/disable_taskmanager YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/rat_rdp YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/CRC32_poly_Constant YRP/CRC32_table YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library
5b3a3fc4bf4875a094526de6397c005508fe2f0317d65a22a7dfa18034741fe8	PE32	2022-02-15 20:41:23	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 [+] YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/disable_taskmanager YRP/inject_thread YRP/create_service YRP/network_tcp_listen YRP/network_dropper YRP/network_tcp_socket YRP/escalate_priv YRP/screenshot YRP/rat_webcam YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library
6e6f75d85e35bc34d320808f5a2bded892cb7207c5051dfb8761c3be12124aa2	PE32	2022-02-15 17:57:49	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/IsSuspicious YRP/domain YRP/contentis_base64 YRP/Dropper_Strings YRP/disable_registry YRP/disable_taskmanager YRP/network_irc YRP/network_tcp_socket YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/VC8_Random YRP/Str_Win32_Winsock2_Library
63376a46160b1b8626e699581b5e0432c2e8ca99d72e743150563a1ce47f9efa	PE32	2022-02-11 08:04:53	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsPacked YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/Contains_VBE_File YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/anti_dbg YRP/disable_taskmanager YRP/escalate_priv YRP/screenshot YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/suspicious_packer_section
e7bf2cd1a6e1db431b153f0263ae060e9a176c9310467d6b103a64331c070a38	PE32	2022-02-05 02:00:15	User Submission	YRP/MASMTASM YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsPacked YRP/HasOverlay YRP/HasRichSignature YRP/Contains_VBE_File YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Browsers YRP/Antivirus YRP/VMWare_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/WMI_VM_Detect YRP/disable_taskmanager YRP/screenshot YRP/win_registry YRP/CRC32_poly_Constant YRP/suspicious_packer_section
6cc5aacb807118468a35d88ad2d8cf2818ee2f967950b9a3c7ec28385a5b14c7	ASCII	2022-02-04 00:15:36	http://23.95.137.162:80/ShakeSpear.txt	YRP/powershell YRP/domain YRP/IP YRP/url [+] YRP/contentis_base64 YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/disable_taskmanager
4ad797f3c94ec78381c338c619f6030ad131f402572c68d7f886db53db8e7f0d	ASCII	2022-02-04 00:15:32	http://23.95.137.162:80/ShakeSpear.ps1	YRP/powershell YRP/domain YRP/IP YRP/url [+] YRP/contentis_base64 YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/disable_taskmanager
72f92ba2e8c5aa27156dde91d7144cd5eb7cfc0f144fc3442725c162f9d2e25b	DOS	2022-01-26 06:01:01	User Submission	YRP/domain YRP/contentis_base64 YRP/Antivirus YRP/Dropper_Strings [+] YRP/Misc_Suspicious_Strings YRP/disable_taskmanager YRP/spreading_file
42e4e66240e60f5a0fcd4a7883b339f082522ce1bc63843c2ffb36a67bcf1415	PE32	2022-01-11 11:05:00	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsPacked YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/Contains_VBE_File YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/anti_dbg YRP/disable_taskmanager YRP/escalate_priv YRP/screenshot YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/suspicious_packer_section
304edff857fa25804412b30701ed763a0bb2588b9301e8253951328338a12158	PE32	2022-01-10 09:00:37	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/Contains_VBE_File YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/anti_dbg YRP/disable_taskmanager YRP/escalate_priv YRP/screenshot YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/suspicious_packer_section
3f3d67c996fee6e8830d5d32f6fc34b989e219493d97cd55c329c80eb7f018f4	PE32	2022-01-09 07:00:24	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsPacked YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/Contains_VBE_File YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/anti_dbg YRP/disable_taskmanager YRP/escalate_priv YRP/screenshot YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/suspicious_packer_section
e221aca2f60936d3985af5a2479d06ce6e93f5ae2ca4a0826578f0e3af34a38c	ASCII	2022-01-06 11:00:38	User Submission	YRP/powershell YRP/domain YRP/url YRP/contentis_base64 [+] YRP/System_Tools YRP/Antivirus YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/disable_antivirus YRP/disable_taskmanager
82bb1809904786afc0c13abec22a48b320581ec913bf5bbdddd02fce05ef77e8	PE32	2021-11-25 11:50:08	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/domain [+] YRP/url YRP/contentis_base64 YRP/Antivirus YRP/ThreadControl__Context YRP/SEH__vectored YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/disable_taskmanager YRP/screenshot YRP/win_files_operation YRP/Big_Numbers1 YRP/spyeye
b21006795ed20d95b4aad41ec8d86293a20bd2f7ff0e2aee6552084bf9fceb45	ASCII	2021-11-11 02:13:17	User Submission	YRP/powershell YRP/domain YRP/contentis_base64 YRP/Browsers [+] YRP/disable_firewall YRP/disable_taskmanager
efc5f59b8176c528faf02bef217ea9babf7294c81501e1af81831181136c53d2	PE32	2021-11-03 22:00:14	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/Contains_VBE_File YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/anti_dbg YRP/disable_taskmanager YRP/escalate_priv YRP/screenshot YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG
9899217536850e424b5e89edabac7b8e2d0d911fa3709645a92618267d9e8de7	PE32	2021-10-23 01:29:59	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/maldoc_OLE_file_magic_number YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/disable_registry YRP/disable_taskmanager YRP/network_http YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/spreading_file YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/VC8_Random YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/suspicious_packer_section
596c23c4fbc983c3e7d469463859539724ac201fbe268062f21d840ddc8314c4	PE32	2021-10-19 06:01:56	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/Contains_VBE_File YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/anti_dbg YRP/disable_taskmanager YRP/escalate_priv YRP/screenshot YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG
b45643b2f5e2e0400453c3316e9bb29e1a386553c6f5c58e2f27538a98947aa6	PE32	2021-10-15 00:00:33	User Submission	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/BobSoftMiniDelphiBoBBobSoft YRP/IsPE32 YRP/IsWindowsGUI YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/contentis_base64 YRP/System_Tools YRP/Dropper_Strings YRP/disable_registry YRP/disable_taskmanager YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_files_operation YRP/win_hook YRP/Big_Numbers2 YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Delphi_DecodeDate
a5e57e24a9d5cac8c01746cce2c81d95d6fc0178a3b133985473aad06ba986a9	PE32	2021-09-29 12:20:24	User Submission	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional YRP/Borland_Delphi_v60_v70 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/BobSoftMiniDelphiBoBBobSoft YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/borland_delphi YRP/with_images YRP/with_urls YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/disable_taskmanager YRP/network_udp_sock YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/win_hook YRP/CRC32_poly_Constant YRP/CRC32_table YRP/BLOWFISH_Constants YRP/FGint_FindPrimeGoodCurveAndPoint YRP/BASE64_table YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library
ade7e6dca45548ece7ba35f3d847679404e4b84cb058567f321f11509dc0d956	PE32	2021-09-29 12:06:04	User Submission	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/powershell YRP/domain YRP/contentis_base64 YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/disable_taskmanager YRP/escalate_priv YRP/keylogger YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_DecodeDate
0b01a3b9ea6a2374f16b26c427af6db71c42bb49e956fd6246e67f6ea5e5eda6	PE32	2021-09-29 12:05:47	User Submission	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/powershell YRP/domain YRP/contentis_base64 YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/disable_taskmanager YRP/keylogger YRP/win_registry YRP/win_files_operation YRP/Delphi_CompareCall YRP/Delphi_Copy
f64ced84f1438d56aecfa5e3d380d1a05323eb39653261ed40667316cec660bc	PE32	2021-07-21 21:01:47	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/Contains_VBE_File YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/anti_dbg YRP/disable_taskmanager YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/CRC32_poly_Constant YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/suspicious_packer_section
44ca40e89c1f9013774bca71ac0ffe8c3a0bc676f7d5e22f3697e48f18e6c44d	PE32	2021-06-19 04:01:12	User Submission	CuckooSandbox/vmdetect YRP/possible_includes_base64_packed_functions YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/VMWare_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/vmdetect YRP/anti_dbgtools YRP/antivm_vmware YRP/disable_antivirus YRP/disable_uax YRP/disable_firewall YRP/disable_registry YRP/disable_taskmanager YRP/hijack_network YRP/network_ssl YRP/escalate_priv YRP/spreading_file YRP/rat_rdp YRP/check_patchlevel YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/Cerberus YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Http_API YRP/suspicious_packer_section YRP/IronTiger_Gh0stRAT_variant
6e590d9214e8d824147463c5039418e928a2b6f3c3b4a4e4f33724edc2877b3c	PE32	2021-06-17 19:01:36	https://padlet-uploads.storage.googleapis.com...	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional YRP/Borland_Delphi_v60_v70 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/BobSoftMiniDelphiBoBBobSoft YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/borland_delphi YRP/with_images YRP/with_urls YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/disable_taskmanager YRP/network_udp_sock YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/win_hook YRP/CRC32_poly_Constant YRP/CRC32_table YRP/BLOWFISH_Constants YRP/FGint_FindPrimeGoodCurveAndPoint YRP/BASE64_table YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library
f829bd45e12075c0d95bc76b14ea211f59772e2bf05ecbe32ff336cb6d0ea284	PE32	2021-06-07 06:04:10	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/NETexecutableMicrosoft YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/borland_delphi YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/disable_dep YRP/disable_taskmanager YRP/hijack_network YRP/network_udp_sock YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/network_ssl YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/BASE64_table YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Delphi_DecodeDate YRP/Njrat YRP/win_exe_njRAT YRP/Str_Win32_Winsock2_Library YRP/CookieTools
742ffc85a18a899481c67d95d0e2bc7efed10a09a8ee08987ac03368db172e95	PE32	2021-05-31 15:02:30	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsConsole [+] YRP/IsBeyondImageSize YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Antivirus YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/disable_antivirus YRP/disable_taskmanager YRP/network_tcp_socket YRP/spreading_share YRP/win_mutex YRP/win_files_operation YRP/vmdetect_misc YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library
dae982b9bd7cc2c607fe3eb58aee8c9f231cf42d1f44e77c9f980db6ca2be5f4	PE32	2021-03-02 11:34:40	User Submission	YRP/Microsoft_Visual_Basic_v50 YRP/PureBasic_4x_Neil_Hodgson_additional YRP/PureBasic_4x_Neil_Hodgson YRP/Borland [+] YRP/PureBasic4xNeilHodgson YRP/IsPE32 YRP/IsWindowsGUI YRP/IsBeyondImageSize YRP/PureBasic YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/disable_antivirus YRP/disable_taskmanager YRP/inject_thread YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers2 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/CRC32b_poly_Constant YRP/MD5_Constants YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Delphi_DecodeDate YRP/spyeye YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Internet_API YRP/suspicious_packer_section
5c93fd17f804ee4268e7712b6f070f55a438547ee3fe10b67870806740d1e304	PE32	2021-02-04 11:27:23	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsConsole [+] YRP/IsBeyondImageSize YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Antivirus YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/disable_antivirus YRP/disable_taskmanager YRP/network_tcp_socket YRP/spreading_share YRP/win_mutex YRP/win_files_operation YRP/vmdetect_misc YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library
2bdd720fd387ee0bf00d2557e6b67cfb671c37039160a07ae807a89b129e9a0d	PE32	2020-11-02 02:09:37	User Submission	CuckooSandbox/vmdetect YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional [+] YRP/Microsoft_Visual_Cpp_50 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasDigitalSignature YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/VMWare_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/vmdetect YRP/disable_registry YRP/disable_taskmanager YRP/hijack_network YRP/network_http YRP/escalate_priv YRP/screenshot YRP/spreading_file YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/suspicious_packer_section
817a695e53a1d6e24f2c701751b4d18468f20698f30fada420dfba6e21a09797	PE32	2020-10-19 22:03:17	http://cdn.discordapp.com/attachments/7665071...	YRP/Microsoft_Visual_Basic_v50 YRP/PureBasic_4x_Neil_Hodgson_additional YRP/PureBasic_4x_Neil_Hodgson YRP/PureBasic4xNeilHodgson [+] YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/PureBasic YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Misc_Suspicious_Strings YRP/disable_antivirus YRP/disable_taskmanager YRP/screenshot YRP/keylogger YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants
dd98180045111382c7fbe73791701df1f903523d681b3ca31d47b535f05ce31a	PE32	2020-07-14 18:42:28	User Submission	CuckooSandbox/vmdetect YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsConsole YRP/IsBeyondImageSize YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antivm_virtualbox YRP/disable_antivirus YRP/disable_taskmanager YRP/win_mutex YRP/win_files_operation YRP/vmdetect_misc YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table
7dca54e7c6a957cc456d65f25bbff51875794c0d286850e9dc2735cdd9d0a03d	PE32+	2020-07-14 17:55:58	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsConsole [+] YRP/IsBeyondImageSize YRP/HasRichSignature YRP/powershell YRP/domain YRP/contentis_base64 YRP/System_Tools YRP/Antivirus YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antivm_virtualbox YRP/disable_antivirus YRP/disable_taskmanager YRP/win_mutex YRP/win_files_operation YRP/vmdetect_misc YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table
11c165be4a98af6061c067a664aa2bfb089b31da35a65a781cb7a0c95f9b0b49	PE32	2020-06-30 06:35:38	User Submission	YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h YRP/Borland YRP/MaskPEV20yzkzero YRP/IsPE32 [+] YRP/IsDLL YRP/IsWindowsGUI YRP/borland_delphi_dll YRP/domain YRP/IP YRP/contentis_base64 YRP/Browsers YRP/Dropper_Strings YRP/disable_taskmanager YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/rat_rdp YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/CRC32_poly_Constant YRP/CRC32_table YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/suspicious_packer_section
119ead7846787306e729272f9e4011d69187855ec21423ac09fbf2a9eef59a8d	PE32	2020-06-29 16:50:13	User Submission	YRP/Borland_Delphi_40_additional YRP/Borland_Delphi_50_KOLMCK YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional [+] YRP/Borland_Delphi_30_ YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v50_KOLMCK YRP/Borland_Delphi_v40_v50 YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/BobSoftMiniDelphiBoBBobSoft YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/domain YRP/contentis_base64 YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/disable_registry YRP/disable_taskmanager YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/Delphi_Random YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_DecodeDate YRP/UPX YRP/suspicious_packer_section
5e6f7d071524c104caf6cb9bf9d50df380673f964c0cfc4e9bc0888866638f97	PE32	2020-06-29 15:55:29	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Browsers YRP/Dropper_Strings YRP/disable_taskmanager YRP/hijack_network YRP/network_dropper YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/win_hook YRP/BASE64_table YRP/Str_Win32_Wininet_Library
119db578f1f05b007ccd7cd47e94a324eb6095b1463c20de01596b90b6859b27	PE32	2020-06-29 12:32:52	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/Browsers YRP/disable_taskmanager YRP/win_registry YRP/win_files_operation YRP/win_hook YRP/BASE64_table YRP/Str_Win32_Wininet_Library
1193ede6d42421519dde84b4f7ca4ae25609afe509a5aed62493632ebb77db6e	PE32	2020-06-29 11:37:23	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDebugData YRP/domain YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/disable_antivirus YRP/disable_registry YRP/disable_taskmanager YRP/win_mutex YRP/win_registry FlorianRoth/DragonFly_APT_Sep17_3
11953af8b764ea6c5c78763124f4648c056e40b2bf34ecbd74b807621d9e7770	PE32	2020-06-29 06:22:28	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/borland_delphi YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VM_Generic_Detection YRP/Misc_Suspicious_Strings YRP/disable_taskmanager YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/keylogger YRP/rat_webcam YRP/win_registry YRP/win_token YRP/win_files_operation YRP/MD5_Constants YRP/BASE64_table YRP/Delphi_Random YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
53c1ce417ace05764556e392869fb0d9d626566be1ef3c521a5288d5e4f58d36	PE32	2020-06-29 04:01:42	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/Browsers YRP/disable_taskmanager YRP/win_registry YRP/win_files_operation YRP/win_hook YRP/BASE64_table YRP/Str_Win32_Wininet_Library
09565c4dcf61df05e6efcb39d963473287d7be5493c39d1a2ac1f1a91fa9cfd5	PE32	2020-06-28 13:15:06	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/Browsers YRP/disable_taskmanager YRP/win_registry YRP/win_files_operation YRP/win_hook YRP/BASE64_table YRP/Str_Win32_Wininet_Library
110d4bcaed8a74bbc16c1e46e2d3cf0cadfddf00b9eed206c2d0e492c1b9aba7	PE32	2020-06-28 07:39:14	User Submission	YRP/MingWin32_Dev_Cpp_v4991_h YRP/MingWin32_GCC_3x YRP/Microsoft_Visual_Cpp_v71_DLL_Debug_additional YRP/MingWin32_v_h_additional [+] YRP/MinGW_GCC_3x_additional YRP/Dev_Cpp_4992_Bloodshed_Software_ YRP/Dev_Cpp_4992_Bloodshed_Software YRP/Microsoft_Visual_Cpp_v71_DLL_Debug YRP/MinGW_GCC_3x YRP/MingWin32_GCC_3x_additional YRP/MingWin32_v_h YRP/Dev_Cue_4992_Bloodshed_Software YRP/MingWin32_Dev_Cpp_v4x_h_additional YRP/MingWin32_Dev_Cpp_v4991 YRP/MingWin32_v YRP/MingWin32_Dev_Cpp_v4991_h_additional YRP/MingWin32_Dev_Cpp_v4x_h YRP/MinGWGCC3x YRP/DevC4992BloodshedSoftware YRP/IsPE32 YRP/IsConsole YRP/domain YRP/contentis_base64 YRP/Dropper_Strings YRP/disable_taskmanager YRP/win_registry YRP/Big_Numbers3
117999c4f2f996ade93e7d633bb0d6e3ba4c39d9cd13333deb64a7adbb3e302d	PE32	2020-06-27 20:07:41	User Submission	YRP/Microsoft_Visual_Basic_v50v60 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 YRP/Microsoft_Visual_Basic_v50_additional [+] YRP/Microsoft_Visual_Basic_v50v60_additional YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Dropper_Strings YRP/Base64d_PE YRP/Misc_Suspicious_Strings YRP/SEH__vba YRP/disable_uax YRP/disable_registry YRP/disable_taskmanager YRP/escalate_priv YRP/spreading_file YRP/win_registry YRP/win_token YRP/Base64_encoded_Executable
117a7eb15bff2c24b38fa6cbc6b2a41ffde098935a1d316afabd5d748db775d3	PE32	2020-06-27 17:42:31	User Submission	YRP/LCC_Win32_v1x_additional YRP/Microsoft_Visual_Cpp_30_old_crap YRP/LCC_Win32_1x YRP/LCC_Win32_v1x [+] YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/domain YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/disable_taskmanager YRP/network_dropper YRP/win_registry YRP/win_files_operation YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API FlorianRoth/DragonFly_APT_Sep17_3
ae7267252b1ea79b9d0871fc68765a710ef2b0672ebcc3cacd43931447f421a7	PE32	2020-06-27 11:40:06	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/disable_taskmanager YRP/network_dropper YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/Delphi_Random YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Delphi_DecodeDate YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API
41ef27856d9d3934b334c5d90c1d92f3bafe2912caeffdad6c253bf9c167e45b	PE32	2020-06-27 10:23:12	User Submission	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/borland_delphi_dll YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Browsers YRP/disable_taskmanager YRP/network_udp_sock YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_files_operation YRP/win_hook YRP/Big_Numbers0 YRP/Big_Numbers2 YRP/Big_Numbers3 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/BASE64_table YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Delphi_DecodeDate YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library
112851e7d4131c55bda36ed8adc91e427738c90ae40ba8bc511583e6b38c618b	PE32	2020-06-27 01:50:56	User Submission	YRP/Armadillo_v2xx_CopyMem_II_additional YRP/Microsoft_Visual_Cpp_70_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasRichSignature YRP/with_images YRP/without_attachments YRP/with_urls YRP/domain YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/disable_antivirus YRP/disable_taskmanager YRP/network_smtp_raw YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/win_mutex YRP/win_registry YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers0 YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/suspicious_packer_section
111366ee3d9c888bb2868c662aa540c973aedcc40254e820e6e169b5e0bc8bf1	PE32	2020-06-26 18:36:09	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Antivirus YRP/Misc_Suspicious_Strings YRP/disable_taskmanager YRP/hijack_network YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/MD5_Constants YRP/Str_Win32_Winsock2_Library
fd593d6f1f4ed13328c7624b0f4adc079fb2bc5701bfcf14f70d81087ab65132	PE32	2020-01-15 15:52:46	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser [+] YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VMWare_Detection YRP/Misc_Suspicious_Strings YRP/vmdetect YRP/anti_dbgtools YRP/antivm_vmware YRP/disable_taskmanager YRP/hijack_network YRP/network_udp_sock YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/network_ssl YRP/screenshot YRP/dyndns YRP/keylogger YRP/cred_local YRP/cred_ff YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/MD5_Constants YRP/BASE64_table YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/UPX YRP/suspicious_packer_section YRP/GenerateTLSClientHelloPacket_Test
eb4e054454f761faaa96e822dd9ddcb023bef1ed70ab6675011f5d96299eff48	PE32	2020-01-15 14:44:12	User Submission	YRP/Borland_Cpp_DLL YRP/Borland_Cpp_for_Win32_1999 YRP/Borland_Cpp_DLL_additional YRP/Borland [+] YRP/IsPE32 YRP/IsWindowsGUI YRP/IsBeyondImageSize YRP/borland_cpp YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/DebuggerException__SetConsoleCtrl YRP/disable_taskmanager YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_files_operation YRP/win_hook YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Delphi_DecodeDate
1be78fa0ddbf81527b97e97998ce7be5342cc8407cf4404c8763b34128b96b59	PE32	2020-01-15 14:11:51	User Submission	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/BobSoftMiniDelphiBoBBobSoft YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/borland_delphi YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VM_Generic_Detection YRP/Misc_Suspicious_Strings YRP/disable_taskmanager YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/BASE64_table YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Delphi_DecodeDate YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/UPX YRP/suspicious_packer_section
d107e59c116892d0455b1b33c27bcbdd43731bb31fcd6622fb388c00ab071249	PE32	2020-01-15 14:09:07	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature [+] YRP/domain YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/disable_registry YRP/disable_taskmanager YRP/escalate_priv YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant
c60f4747f1d65dd32175c0cb19326e01faeeb24244b0941219a46086cf70a39a	PE32	2020-01-15 12:03:08	User Submission	YRP/Armadillo_v2xx_CopyMem_II_additional YRP/Microsoft_Visual_Cpp_70_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/DebuggerCheck__QueryInfo YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/disable_antivirus YRP/disable_taskmanager YRP/inject_thread YRP/network_smtp_raw YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API
5cd29a7128e291dbcb5cd71c5f56e0f392b4e3f00af2550f173df9301243763c	PE32	2020-01-15 11:34:18	User Submission	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Antivirus YRP/disable_taskmanager YRP/network_smtp_raw YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_private_profile YRP/win_files_operation YRP/BASE64_table YRP/Delphi_Random YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Str_Win32_Winsock2_Library
49ed49635f78db2252890d714da7e338d01133afe44a99f38de5c2e9d730ee75	PE32	2020-01-15 11:12:36	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Antivirus YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/disable_firewall YRP/disable_registry YRP/disable_taskmanager YRP/network_smtp_raw YRP/network_dropper YRP/network_tcp_socket YRP/win_mutex YRP/win_registry YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API
6fb0b2cb36950143f956655ff5ade4f712efcb7c50244ccc5723aad52175e96b	PE32	2020-01-15 08:53:38	User Submission	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional YRP/Borland_Delphi_v60_v70 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/BobSoftMiniDelphiBoBBobSoft YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/domain YRP/contentis_base64 YRP/System_Tools YRP/Antivirus YRP/Dropper_Strings YRP/disable_registry YRP/disable_taskmanager YRP/inject_thread YRP/create_service YRP/network_tcp_listen YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/rat_rdp YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Delphi_DecodeDate YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
2998c6a1d801fc47fa7dd761186922d15f0a6ec023f64afb475aab306dc4c440	PE32	2020-01-15 08:48:42	User Submission	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay YRP/borland_delphi_dll YRP/domain YRP/IP YRP/contentis_base64 YRP/Browsers YRP/Dropper_Strings YRP/disable_taskmanager YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/rat_rdp YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/CRC32_poly_Constant YRP/CRC32_table YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library
254fa121ab9beb332d2fa337129c86420cccfd1580e205ff26503b1b2c543e09	PE32	2020-01-15 08:47:54	User Submission	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/BobSoftMiniDelphiBoBBobSoft YRP/IsPE32 YRP/IsWindowsGUI YRP/IsBeyondImageSize YRP/borland_delphi YRP/borland_delphi_dll YRP/domain YRP/IP YRP/contentis_base64 YRP/Browsers YRP/Dropper_Strings YRP/disable_taskmanager YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/rat_rdp YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/CRC32_poly_Constant YRP/CRC32_table YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library
0acd3506d303a79d6639067a31231572b71ab54c1551e14758fbbd15a98193e0	PE32	2020-01-15 08:47:33	User Submission	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/UPXv20MarkusLaszloReiser YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/UPXProtectorv10x2 YRP/UPX20030XMarkusOberhumerLaszloMolnarJohnReiser YRP/BobSoftMiniDelphiBoBBobSoft YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Dropper_Strings YRP/ThreadControl__Context YRP/disable_taskmanager YRP/inject_thread YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/rat_rdp YRP/rat_telnet YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/CRC32_poly_Constant YRP/CRC32_table YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Delphi_DecodeDate YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/UPX YRP/suspicious_packer_section
376357b3a3abddcbfabf48a5b6a4fdbc96ff5c054cb0be1eb686d9c7bc631c74	PE32	2020-01-15 08:47:27	User Submission	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/ProtectSharewareV11eCompservCMS YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/borland_delphi YRP/domain YRP/contentis_base64 YRP/System_Tools YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_registry YRP/disable_taskmanager YRP/inject_thread YRP/keylogger YRP/win_registry YRP/win_files_operation YRP/Delphi_Random YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/UPX YRP/suspicious_packer_section
5d9d9b3540f84f771d0d5289688fdc24783620e05cf7a8143bd404664f8bb62a	PE32	2020-01-15 08:42:34	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsPacked YRP/HasOverlay YRP/borland_delphi YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VM_Generic_Detection YRP/Misc_Suspicious_Strings YRP/disable_taskmanager YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/keylogger YRP/rat_webcam YRP/win_registry YRP/win_token YRP/win_files_operation YRP/MD5_Constants YRP/BASE64_table YRP/Delphi_Random YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/UPX YRP/suspicious_packer_section
55b76886dbd59ffb002e66da70cb52382351654ac8d064d35a8f06057756baa7	PE32	2020-01-15 08:42:28	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/borland_delphi YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VM_Generic_Detection YRP/Misc_Suspicious_Strings YRP/disable_taskmanager YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/keylogger YRP/win_registry YRP/win_token YRP/win_files_operation YRP/MD5_Constants YRP/BASE64_table YRP/Delphi_Random YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
63f94188f319f7839ff3ac9b43cd45f148f3f2bcf491f8ac6936a1b86cc9c758	PE32	2020-01-15 08:15:12	User Submission	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/BobSoftMiniDelphiBoBBobSoft YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/disable_taskmanager YRP/network_udp_sock YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/BASE64_table YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Delphi_DecodeDate YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library
f8dab17bd66e6c3aa70e7e629867893e944509da29248822b7591228e4fd9312	PE32	2020-01-15 08:11:17	User Submission	CuckooSandbox/embedded_macho YRP/Borland_Cpp_DLL YRP/Borland_Cpp_for_Win32_1999 YRP/Borland_Cpp_DLL_additional [+] YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/borland_cpp YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Antivirus YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/DebuggerException__SetConsoleCtrl YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/disable_taskmanager YRP/network_udp_sock YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/BASE64_table YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Delphi_DecodeDate YRP/Str_Win32_Winsock2_Library
3b893e22924b6fcd402e2909ecc7d2e86506655b88bbeaa7701c8bc3d4f9846f	PE32	2020-01-13 20:01:59	User Submission	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_taskmanager YRP/inject_thread YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Big_Numbers1 YRP/Delphi_Random YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library
4a95214c19401b94f3a87a0bf56539520bc24974310f210c6e3b9e133d0e32cd	PE32	2020-01-13 18:22:24	User Submission	YRP/Microsoft_Visual_Basic_v50v60 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 YRP/Microsoft_Visual_Basic_v50_additional [+] YRP/Microsoft_Visual_Basic_v50v60_additional YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Dropper_Strings YRP/SEH__vba YRP/disable_uax YRP/disable_registry YRP/disable_taskmanager YRP/escalate_priv YRP/spreading_file YRP/win_registry YRP/win_token
e4eb885912c191ff24206ff09d107597e88f49196b52b02b81646cb28c3c3972	PE32	2020-01-13 17:57:47	User Submission	YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/borland_delphi YRP/borland_delphi_dll YRP/domain YRP/IP YRP/contentis_base64 YRP/Browsers YRP/VM_Generic_Detection YRP/Misc_Suspicious_Strings YRP/disable_taskmanager YRP/inject_thread YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Delphi_Random YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_DecodeDate YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API
6ce1112ca14c94d3a6312622e58161d9ae4d2ef6431e6f17076ff7014c1ffa10	PE32	2020-01-13 17:51:19	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature [+] YRP/domain YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/disable_registry YRP/disable_taskmanager YRP/escalate_priv YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant
13d263b878668c2c37be95a52117a71617ed790637c94b3531af0bd2365679f0	PE32	2020-01-13 16:57:09	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/contentis_base64 YRP/System_Tools YRP/Dropper_Strings YRP/anti_dbgtools YRP/disable_taskmanager YRP/keylogger YRP/win_registry YRP/win_files_operation YRP/Delphi_Copy
132f7e0e086aa77f92b11fb272dc4eae1556308af707b92960dcfaaba10ccc8e	PE32	2020-01-13 14:16:09	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/Browsers YRP/disable_taskmanager YRP/win_registry YRP/win_files_operation YRP/win_hook YRP/BASE64_table YRP/Str_Win32_Wininet_Library
8ac12d093948b4db3b5bad1c5f20e5856b15b596e90bcfcbcd999cc213570997	PE32	2020-01-13 14:15:58	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/Browsers YRP/disable_taskmanager YRP/win_registry YRP/win_files_operation YRP/win_hook YRP/BASE64_table YRP/Str_Win32_Wininet_Library YRP/suspicious_packer_section
61e886c3323c8390c1f8638d17b6fb4d211d47a83a8c2308dc70cf7e354a7b98	PE32	2019-12-24 17:19:18	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Dropper_Strings YRP/disable_taskmanager YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers0 YRP/Big_Numbers1

Recent Searches
yrp/disable_taskmanager
yrp/irontiger_changeport_toolkit_changeportexe
yrp/careto_cnc
yrp/scarhiknstrings
yrp/upackv032betapatchdwing
yrp/ransom_petya
yrp/fgint_ecaddpoints
yrp/vmprotect106107polytech
yrp/microsoft_visual_cpp_8
yrp/careto_cnc_domains

Search

Recent Searches