MD5 Hash File type Added Source Yara Hits
c081d9645e75f1d78543fdc7b39828d2 PE32 2017-10-08 16:19:26 YRP/CAP_HookExKeylogger YRP/suspicious_packer_section YRP/maldoc_OLE_file_magic_number YRP/System_Tools [+]
c5efdc0bbacbe3fcdb7751d260d2f55a PE32 2017-10-08 16:47:55 YRP/CAP_HookExKeylogger YRP/suspicious_packer_section YRP/maldoc_OLE_file_magic_number YRP/System_Tools [+]
d6e4b906ca99cf3f84efc3ee5ef57ccd PE32 2017-10-08 18:07:14 YRP/CAP_HookExKeylogger YRP/suspicious_packer_section YRP/maldoc_OLE_file_magic_number YRP/System_Tools [+]
84e3ad0d62d21739d632d2106864e79e ELF 2017-10-16 01:20:43 CuckooSandbox/shellcode CuckooSandbox/embedded_pe CuckooSandbox/embedded_win_api CuckooSandbox/vmdetect [+]
b3d26632c4077e731ef2da329974519d ELF 2017-10-16 01:33:40 CuckooSandbox/shellcode CuckooSandbox/embedded_pe CuckooSandbox/embedded_win_api CuckooSandbox/vmdetect [+]
24734ef952fe363415cd4c2f7322276f ELF 2017-10-16 01:37:29 CuckooSandbox/shellcode CuckooSandbox/embedded_pe CuckooSandbox/embedded_win_api CuckooSandbox/vmdetect [+]
6c94186a94972bdd760179628ba72fa5 PE32 2017-10-20 12:45:19http://chekmypro.usite.pro/3.png YRP/Str_Win32_Winsock2_Library YRP/Antivirus YRP/VM_Generic_Detection YRP/contentis_base64 [+]
d374e400c3daf4fc84078776ef193cb6 PE32+ 2017-10-20 12:45:26http://chekmypro.usite.pro/6.png YRP/Str_Win32_Winsock2_Library YRP/Antivirus YRP/VM_Generic_Detection YRP/contentis_base64 [+]
c1da1a3df550e4db2e8826ece1032645 PE32 2017-10-24 00:45:23http://chekmypro.usite.pro/3.png YRP/Str_Win32_Winsock2_Library YRP/Antivirus YRP/VM_Generic_Detection YRP/contentis_base64 [+]
da5a9f26cc98911406ec75385f0cb8ca PE32+ 2017-10-24 00:45:29http://chekmypro.usite.pro/6.png YRP/Str_Win32_Winsock2_Library YRP/Antivirus YRP/VM_Generic_Detection YRP/contentis_base64 [+]
8ea2703acbd07d4313cf57a225783ae6 PE32 2017-11-08 00:45:32http://snapcrackleshot.com/wp-content/uploads... YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+]
8b91f51ef05d18df6b720a487d13d389 PE32 2017-11-08 00:45:32http://snapcrackleshot.com/wp-content/uploads... YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+]
fa96e7ef567e26c7f4aeb1e4b2028657 PE32 2017-11-19 00:48:56http://fbcom.review/f/17.exe YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
db19d34e5935f9f230ee3c8dcaed8d7b PE32 2017-11-22 12:47:14http://42.51.45.51:8080/win.exe YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+]
1fa0813be4b9f23613204c94e74efc9d PE32 2017-11-28 16:40:59 YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasRichSignature [+]
914e9c4c54fa210ad6d7ed4f47ec285f PE32 2017-11-28 16:41:06 YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasRichSignature [+]
e22d02796cfb908aaf48e2e058a0890a PE32 2017-11-28 16:41:11 YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+]
272cb6c16e083ca143d40c63005753a2 PE32 2017-11-28 20:34:06 YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+]
7417951fa405af9f80bf3e008843faee PE32 2018-01-11 12:45:17http://torroot.ru/shares/SteelSeries.exe YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+]
f920a53744c2e7e04c31d6f031774719 PE32 2018-02-02 08:32:24 YRP/VC8_Microsoft_Corporation YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+]
b74aae3a441fec6888c5c9efcd5e0251 PE32 2018-02-20 14:07:34http://219.147.91.86:8099/692.exe YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+]
88cf967d1353cfd582fb2083d4b7e45c PE32 2018-02-20 15:33:05http://93.95.97.230/pay4.exe YRP/Microsoft_Visual_Basic_v50v60 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 YRP/Microsoft_Visual_Basic_v50_additional [+]
0c5e2a40d0042a71b8af662132a77bfb PE32+ 2018-02-20 23:42:31 YRP/IsPE64 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay [+]
83804b01321457bb6e994e2c7b17f815 PE32 2018-02-21 12:57:30http://93.95.97.230/pay4.exe YRP/Microsoft_Visual_Basic_v50v60 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 YRP/Microsoft_Visual_Basic_v50_additional [+]
9af08181c198776c8752a0a9870b2a2e PE32 2018-02-22 20:21:22 YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+]
963962b7bff0d04d0190c89a212e86d1 PE32 2018-02-22 21:05:22 YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+]
276e03434303fd01a11f9ebdaf7e90fb PE32 2018-02-22 21:06:11 YRP/IsPE32 YRP/IsWindowsGUI YRP/IsBeyondImageSize YRP/HasRichSignature [+]
3f32898bc1ea7fd90392900e8d99042e PE32 2018-02-23 04:24:17 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
231af98afa9420da45dbeff33867e39f PE32 2018-02-23 05:47:53 CuckooSandbox/vmdetect YRP/Armadillo_v1xx_v2xx_additional YRP/Microsoft_Visual_Cpp_60_DLL_additional YRP/Microsoft_Visual_Cpp_v70_DLL [+]
c0f0c03bad1946efc4222a2226472c17 PE32 2018-02-23 05:48:09 YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/IsPacked [+]
68aef7ebed01c1b5b211fdeb2a7b5781 PE32 2018-02-23 08:30:01 YRP/UPXv20MarkusLaszloReiser YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/UPX20030XMarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 [+]
7ad5828066cbecd6b14babdb5056dec8 PE32 2018-02-23 20:12:49 YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+]
b189ceae840f3e629534457ccb841778 PE32 2018-02-23 20:12:50 YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+]
8394265da6646e78b0cf7180be9a36fc PE32 2018-02-23 20:13:15 YRP/IsPE32 YRP/IsDLL YRP/IsConsole YRP/HasOverlay [+]
1449f9b7c6a751542f7cb729c90abcaf PE32 2018-02-24 04:27:27 YRP/Borland_Cpp_DLL YRP/Borland_Cpp_for_Win32_1999 YRP/Borland_Cpp_DLL_additional YRP/Borland [+]
f8ace76c19bddd2283bb046b40d7c7e3 PE32 2018-02-24 04:52:39 YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+]
4fa150e59f84a1e045e44d51860e8af3 PE32 2018-02-25 16:36:00 YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+]
09d20d2b6ba079500fd4b86688e860b2 PE32 2018-02-25 22:50:49 YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/IsPacked [+]
3646f820aace64a7244606b1e99a5b69 MS 2018-02-26 23:55:47 YRP/powershell YRP/domain YRP/url YRP/contentis_base64 [+]
393147bb89a83d8903c1d19dba203e6e PE32 2018-02-27 10:26:04 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
2c5dcaae18bbbfbf847dc78cc7da8374 PE32 2018-02-27 10:26:08 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
4d5690f311e210528997c4a1bbe856c8 PE32 2018-02-27 10:55:46 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
255d03c677bb326be0090d5c99cd7faf PE32 2018-02-27 11:15:46 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
fc7016bd53643d3efe9f1c76e2d61a84 PE32 2018-02-27 11:15:53 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
2ac8b2e4fea89f3cb7fce2b72990fdc2 PE32 2018-02-27 11:26:02 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
afdd4247fd1f5e2d1c5e625b650550f4 PE32 2018-02-27 11:26:06 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
e85c8117c583b048e400bbeb26047890 PE32 2018-02-27 19:06:02 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
1b7d9e51ca8a3300bdd12c9b603468fb MS 2018-02-28 05:36:00 YRP/powershell YRP/domain YRP/url YRP/contentis_base64 [+]
fcb817fe3f9bcc0e75b4a46807ae3d80 MS 2018-02-28 07:06:00 YRP/powershell YRP/domain YRP/url YRP/contentis_base64 [+]
04c8c586d0241253733532954a5aae02 MS 2018-02-28 07:26:00 YRP/powershell YRP/domain YRP/contentis_base64 YRP/Antivirus
525516e7f7302b6c4b99f440b5a9f8b6 PE32 2018-02-28 07:55:46 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI YRP/HasModified_DOS_Message [+]
1ae06109d969ace9cccc244ec826dc6a PE32 2018-02-28 07:55:50 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature [+]
7be091df6a9341ec45719ae41aafe2d6 PE32 2018-02-28 07:55:54 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
36430f68193b2a9d83dd6a3da47ed76c PE32 2018-02-28 08:06:02 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI YRP/HasModified_DOS_Message [+]
5efc203cf6073e319d969483d7bc22a3 Composite 2018-02-28 14:26:05 CuckooSandbox/shellcode CuckooSandbox/embedded_pe CuckooSandbox/embedded_win_api YRP/maldoc_find_kernel32_base_method_1 [+]
d9eb55df51e7ef3be12e277176f9c27c MS 2018-02-28 17:46:03 YRP/domain YRP/Browsers YRP/Antivirus YRP/Dropper_Strings [+]
e1a8302a39a0d1847551b65969be4278 PE32 2018-03-01 21:06:05 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
4eed3e3b192d1be5232d698b4aadbc5d PE32 2018-03-01 22:06:04 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
940d9dfe491d816d913484bd964fdeec PE32 2018-03-01 22:26:05 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
33c678654027a0815fc762c9529cb7dc PE32 2018-03-01 22:55:48 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
97afe0daacf0c67dfad0fe435c0d1fbe PE32 2018-03-01 23:26:04 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
5705c4391c9bdedcfc825a967e4e30f3 PE32 2018-03-01 23:26:09 YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+]
9419e0d3e24dff7a2a9d0419084bb5c4 MS 2018-03-02 01:36:02 YRP/powershell YRP/domain YRP/contentis_base64 YRP/Antivirus
5cbbccc5b065407c7ad563e2e12f024f MS 2018-03-02 01:55:48 YRP/powershell YRP/domain YRP/contentis_base64 YRP/Antivirus
75ef00507704239143bf53485ae67cc7 PE32 2018-03-02 10:06:09 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
f929188bc09d7b3a3a477108b68b934e PE32 2018-03-02 10:26:07 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
f4b889ec5ee868baa3d7b0a42aab1d1e PE32 2018-03-02 10:36:09 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
ed6f65b999497a5858c8098fd32c17b2 PE32 2018-03-02 10:36:13 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
b09dfb4adbafd63c2ff7e879b06b0ccd PE32 2018-03-02 10:46:04 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
022757bdf889fe0a43a29b10ade615bf MS 2018-03-02 19:18:30 YRP/domain YRP/Browsers YRP/Antivirus YRP/Dropper_Strings [+]
9030dc26d31933468a5dd0143863e510 MS 2018-03-02 21:06:02 YRP/powershell YRP/domain YRP/url YRP/contentis_base64 [+]
9ab7960f4c472f62953675f2c6fe1301 PE32 2018-03-03 02:55:51 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
23da2995cd02b3b59a8fad961b7e7170 PE32 2018-03-03 03:15:50 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
2baba7e0812644ef977543173bf69958 PE32 2018-03-03 03:36:04 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
a9bae2f51a6008b18f99ff85096f3496 PE32 2018-03-03 03:36:08 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
ee23dd1be1347dc59f24a07a9a812d00 PE32 2018-03-03 03:55:49 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
d3fb4d6181c8e99079a9360ef7c680e3 PE32 2018-03-03 04:55:52 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
f3a7d3315205a8e51d43aec52163c8a5 PE32 2018-03-03 14:15:51 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
73ff2a622ee86381fce4673fa80f663d PE32 2018-03-03 14:26:05 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
dccbb3d61c4253512798d94c298587da PE32 2018-03-03 15:36:04 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
f54b51889409d4acf4fe52a167969084 PE32 2018-03-03 16:46:06 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI YRP/HasModified_DOS_Message [+]
490835f3ceb9af17e2c1f1143cd81f21 PE32 2018-03-03 17:26:06 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI YRP/HasModified_DOS_Message [+]
898e5d1642c51c2795d591347c77af45 MS 2018-03-03 17:26:08 YRP/powershell YRP/domain YRP/url YRP/contentis_base64 [+]
00b9260d8b4ca0f0d55a9a7176b305a1 PE32 2018-03-03 21:06:08 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
20bb8fa35bf8b642df8c1805832db565 PE32 2018-03-04 10:26:06 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
d5a6fc817528f3481f14c914e598a70a PE32 2018-03-04 10:26:11 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
254243f51fba11c9ec41e6c219cb9528 PE32 2018-03-04 10:36:07 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
d7c6cc2d23feb9b7c9ff2192d0012944 MS 2018-03-04 17:06:04 YRP/powershell YRP/domain YRP/contentis_base64 YRP/Antivirus
cdd30511aa0957aaa9864817e85c84f5 MS 2018-03-04 17:06:07 YRP/domain YRP/Browsers YRP/Antivirus YRP/Dropper_Strings [+]
09844c066a495a6659ec7df434a272f3 PE32 2018-03-04 17:35:52 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
64a3753793d3f8d2c31b67527e7e63a9 MS 2018-03-04 17:36:15 YRP/powershell YRP/domain YRP/contentis_base64 YRP/Antivirus [+]
6051e6c1baf5cb8ea984c7465baf0f26 PE32 2018-03-04 17:55:51 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
2967ceb1d179eb63a491e7800cc47851 PE32 2018-03-04 18:26:22 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
3aa2189d2205a5ebde88e80190178867 data 2018-03-04 19:17:07 CuckooSandbox/shellcode CuckooSandbox/embedded_win_api YRP/maldoc_find_kernel32_base_method_1 YRP/domain [+]
e7a95fb438e215e6ed47277b8e542ef9 MS-DOS 2018-03-04 19:36:05 YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/url YRP/contentis_base64 [+]
f8188f6b8d46ebdd4f4f68fef0df38cf PE32 2018-03-05 05:55:53 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
33b8b4a65f61cdc3dad92a09616b8e8d PE32 2018-03-05 05:55:57 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
4345af2391fe19c62129d4af2a8ea200 PE32 2018-03-05 06:06:06 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
32bbf73eeddf1b82bb3ba06e92b4bc1a Composite 2018-03-05 16:55:50 YRP/powershell YRP/domain YRP/url YRP/contentis_base64 [+]
c074577386a3113fe203f8b54d84565e PE32 2018-03-06 18:36:09 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
9ac0ad87866bceb2ea9da0b6d516bd83 PE32 2018-03-06 18:55:53 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
175b4116c3edb94b50a3df4aa91ac9c5 PE32 2018-03-06 18:55:57 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
0d40134a120e0e38e385a3993f989e38 PE32 2018-03-06 19:06:08 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
aaa540846fb0e667839d79864438ae26 PE32 2018-03-06 19:27:56http://119.29.236.22/1.exe YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+]
ab7916c9a174cef6ae0bf35518efd926 PE32 2018-03-06 19:28:27http://119.29.236.22/gj1jk.exe YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+]
2ea061462cb09e8e390cd4996d0f932e DOS 2018-03-06 19:29:35http://13.82.96.22/exploit/launcher.bat CuckooSandbox/embedded_win_api YRP/powershell YRP/domain YRP/IP [+]
3a8317e5b1f76daefff63bad655fdd44 ASCII 2018-03-06 19:29:59http://13.82.96.22/exploit/resume CuckooSandbox/embedded_win_api YRP/powershell YRP/domain YRP/contentis_base64 [+]
41192681c661877afce4e25caf9eefdc PE32 2018-03-06 19:35:59 YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+]
55fa8e96c0271ef219abbdb1b0f2ce24 PE32 2018-03-06 19:36:06http://159.203.225.195/HWMonitor_x32.exe YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+]
1ce3a984520973efb92f44d9836b2d67 PE32+ 2018-03-06 19:36:12http://159.203.225.195/HWMonitor_x64.exe YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI YRP/HasOverlay [+]
ba4820fe8ef8e16487608098ccc70d6b PE32 2018-03-06 19:36:57http://103.68.190.250/Malware//JackPos.v1.0/B... YRP/IsPE32 YRP/IsWindowsGUI YRP/IsBeyondImageSize YRP/HasRichSignature [+]
0fff1f0c7a4f2a3a2f36f3de8d9141f6 PE32 2018-03-06 19:39:40http://120.25.231.162/5521.exe YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+]
24c983c8e591ed584227d966a02af989 PE32 2018-03-06 19:40:25 YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+]
9645538707ed11a57ecc8ae22ab8674b PE32 2018-03-06 19:42:39http://159.203.225.195/KillZA.exe YRP/Microsoft_Visual_Basic_v50v60 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 YRP/Microsoft_Visual_Basic_v50_additional [+]
0e69f0d7dff33025d9706dbf2d1afc67 PE32 2018-03-06 19:44:02http://159.203.225.195/RKill.exe YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsConsole [+]
6632dd1df554e1afda14f86676204b5d PE32 2018-03-06 19:44:53http://159.203.225.195/SFCFix.exe YRP/Visual_Cpp_2005_Release_Microsoft YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+]
31c452ee156c82519c52b6c1fb4c6794 PE32+ 2018-03-06 19:47:49 YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI YRP/HasOverlay [+]
417aac1ac34c02942a296aef865bfa72 PE32+ 2018-03-06 19:47:57 YRP/IsPE64 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay [+]
7a20775dcf8eb02152288f8a3d51199a PE32 2018-03-06 19:48:49 YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+]
6d0330c14ac269e0c145362d98ad29a6 PE32 2018-03-06 19:49:03 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
512be5bea99d02d82bb8b44a07f25a80 PE32 2018-03-06 19:49:21 CuckooSandbox/vmdetect YRP/possible_includes_base64_packed_functions YRP/Visual_Cpp_2005_Release_Microsoft YRP/VC8_Microsoft_Corporation [+]
810272cc77881456078fa1a2c7d4dc00 ASCII 2018-03-06 19:52:57 YRP/domain YRP/contentis_base64 YRP/Antivirus YRP/android_meterpreter
7d419cd096fec8bcf945e00e70a9bc41 PE32 2018-03-06 19:57:00http://94.130.104.170/5ffd4c5e1766196ac1cbd79... YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI YRP/IsBeyondImageSize [+]
0dfe021b0f0087a0dd24feebb7e14d4c PE32 2018-03-06 20:26:06 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
0047c4a00161a8478df31dbdea44a19e PE32 2018-03-06 21:13:04 YRP/Armadillo_v1xx_v2xx_additional YRP/Microsoft_Visual_Cpp_60_DLL_additional YRP/Microsoft_Visual_Cpp_v70_DLL YRP/Microsoft_Visual_Cpp_v50v60_MFC [+]
2c35ed272225b4e134333bea2b657a3f PE32 2018-03-06 21:24:39 YRP/Armadillo_v1xx_v2xx_additional YRP/Microsoft_Visual_Cpp_60_DLL_additional YRP/Microsoft_Visual_Cpp_v70_DLL YRP/Microsoft_Visual_Cpp_v50v60_MFC [+]
303b7527db5b417719daf9b0ae5b89aa PE32 2018-03-06 21:25:59 YRP/Armadillo_v1xx_v2xx_additional YRP/Microsoft_Visual_Cpp_60_DLL_additional YRP/Microsoft_Visual_Cpp_v70_DLL YRP/Microsoft_Visual_Cpp_v50v60_MFC [+]
41d1e22fabd1ce4d21f5f7be352b3a07 PE32 2018-03-06 21:28:06 YRP/Armadillo_v1xx_v2xx_additional YRP/Microsoft_Visual_Cpp_60_DLL_additional YRP/Microsoft_Visual_Cpp_v70_DLL YRP/Microsoft_Visual_Cpp_v50v60_MFC [+]
487e79347d92f44507200792a7795c7b PE32 2018-03-06 21:29:02 YRP/Armadillo_v1xx_v2xx_additional YRP/Microsoft_Visual_Cpp_60_DLL_additional YRP/Microsoft_Visual_Cpp_v70_DLL YRP/Microsoft_Visual_Cpp_v50v60_MFC [+]
4ea931a432bb9555483b41b3bc8e78e4 PE32 2018-03-06 21:30:46 YRP/Armadillo_v1xx_v2xx_additional YRP/Microsoft_Visual_Cpp_60_DLL_additional YRP/Microsoft_Visual_Cpp_v70_DLL YRP/Microsoft_Visual_Cpp_v50v60_MFC [+]
8bb0c5181d8ab57b879dea3f987fbedf PE32 2018-03-06 21:42:00 YRP/Armadillo_v1xx_v2xx_additional YRP/Microsoft_Visual_Cpp_60_DLL_additional YRP/Microsoft_Visual_Cpp_v70_DLL YRP/Microsoft_Visual_Cpp_v50v60_MFC [+]
93b6a3cb4c90949bbf4f53d9b3893709 BSD 2018-03-06 23:55:05http://103.68.190.250/Sources//Advance/BJWJ/B... CuckooSandbox/embedded_win_api YRP/domain YRP/url YRP/contentis_base64 [+]
b14c536f0b3bc2af50f77ab2057e2a9a 80386 2018-03-06 23:55:09http://103.68.190.250/Sources//Advance/BJWJ/B... CuckooSandbox/shellcode CuckooSandbox/embedded_win_api YRP/maldoc_getEIP_method_1 YRP/domain [+]
9b03980fc64e940252b39aa9eb6f3af4 80386 2018-03-07 00:05:27http://103.68.190.250/Sources//Advance/BJWJ/B... CuckooSandbox/shellcode CuckooSandbox/embedded_win_api YRP/maldoc_getEIP_method_1 YRP/domain [+]
f30d5778449fa7853b0ad9b9e1b284f4 PE32 2018-03-07 00:10:23http://103.68.190.250/Sources//Advance/BJWJ/B... YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+]
eb63fc2437e52fc8549443ccee281b1a PE32 2018-03-07 00:11:56http://103.68.190.250/Sources//Advance/BJWJ/B... YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/IsPacked [+]
0310b631b5efa251ecddfbabed868f2a PE32 2018-03-07 00:12:00http://103.68.190.250/Sources//Advance/BJWJ/B... YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+]
94f910e94d159e33ee6ccd6836bf554a PE32 2018-03-07 00:12:17http://103.68.190.250/Sources//Advance/BJWJ/B... YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+]
300d034d0f83a38a923d2ef96437f00e PE32 2018-03-07 00:12:40http://103.68.190.250/Sources//Advance/BJWJ/B... YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+]
cf30a66565bb772c5b2f4ea5ee53c595 PE32 2018-03-07 00:13:50http://103.68.190.250/Sources//Advance/BJWJ/B... YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/IsPacked [+]
708964efd1a1a79107e4f79cfb1120e7 PE32 2018-03-07 00:14:51http://103.68.190.250/Sources//Advance/BJWJ/B... YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+]
964ae9ca1020cd89d5655e35191d1632 80386 2018-03-07 00:19:01http://103.68.190.250/Sources//Advance/BJWJ/B... CuckooSandbox/shellcode CuckooSandbox/embedded_win_api YRP/maldoc_getEIP_method_1 YRP/domain [+]
adfa03e158bab496b11ae6804560284a 80386 2018-03-07 00:20:52http://103.68.190.250/Sources//Advance/BJWJ/B... CuckooSandbox/shellcode CuckooSandbox/embedded_win_api YRP/maldoc_getEIP_method_1 YRP/domain [+]
a3a6a08c6cf33e0cd42cbcf2c9654f0f BSD 2018-03-07 00:23:15http://103.68.190.250/Sources//Advance/BJWJ/B... CuckooSandbox/embedded_win_api YRP/domain YRP/url YRP/contentis_base64 [+]
3b56822a678b441fdcf030579f50fd75 80386 2018-03-07 00:23:18http://103.68.190.250/Sources//Advance/BJWJ/B... CuckooSandbox/shellcode CuckooSandbox/embedded_win_api YRP/maldoc_getEIP_method_1 YRP/domain [+]
4223c179d9e655f7c5fdc197eb56024c 80386 2018-03-07 00:26:20http://103.68.190.250/Sources//Advance/BJWJ/B... CuckooSandbox/shellcode CuckooSandbox/embedded_win_api YRP/maldoc_getEIP_method_1 YRP/domain [+]
65ac3250a922a9c2ab4271c24df95390 80386 2018-03-07 00:29:01http://103.68.190.250/Sources//Advance/BJWJ/B... CuckooSandbox/shellcode CuckooSandbox/embedded_win_api YRP/maldoc_getEIP_method_1 YRP/domain [+]
4263f65ae3d89f5a0ba78464406d04da 80386 2018-03-07 00:30:22http://103.68.190.250/Sources//Advance/BJWJ/B... CuckooSandbox/shellcode CuckooSandbox/embedded_win_api YRP/maldoc_getEIP_method_1 YRP/domain [+]
44d4b66f8c58ea6e617c5af9f75b20ba 80386 2018-03-07 00:38:19http://103.68.190.250/Sources//Advance/BJWJ/B... CuckooSandbox/shellcode CuckooSandbox/embedded_win_api YRP/maldoc_getEIP_method_1 YRP/domain [+]
d915b8577182537d96fd70fe8bea5c1c 80386 2018-03-07 00:39:41http://103.68.190.250/Sources//Advance/BJWJ/B... CuckooSandbox/shellcode CuckooSandbox/embedded_win_api YRP/maldoc_getEIP_method_1 YRP/domain [+]
22b454b38e7d293e2afa5a31f5422623 80386 2018-03-07 00:42:25http://103.68.190.250/Sources//Advance/BJWJ/B... CuckooSandbox/shellcode CuckooSandbox/embedded_win_api YRP/maldoc_getEIP_method_1 YRP/domain [+]
7977510ac3c4107bd7940affa085e452 80386 2018-03-07 00:45:45http://103.68.190.250/Sources//Advance/BJWJ/B... CuckooSandbox/shellcode CuckooSandbox/embedded_win_api YRP/maldoc_getEIP_method_1 YRP/domain [+]
cb25fb3817f7c0274a34c5b437dac7e0 80386 2018-03-07 00:52:11http://103.68.190.250/Sources//Advance/BJWJ/B... CuckooSandbox/shellcode CuckooSandbox/embedded_win_api YRP/maldoc_getEIP_method_1 YRP/domain [+]
d08c3a3b0fc0cd331fb60ea644ca2391 80386 2018-03-07 01:05:14http://103.68.190.250/Sources//Advance/BJWJ/B... CuckooSandbox/shellcode CuckooSandbox/embedded_win_api YRP/maldoc_getEIP_method_1 YRP/domain [+]
2bbb9314a21caf66e9d537c912089bb5 data 2018-03-07 01:12:15http://103.68.190.250/Sources//Advance/BJWJ/B... CuckooSandbox/embedded_win_api YRP/domain YRP/url YRP/contentis_base64 [+]
8aabe6cc5a94d5e32e68644776a1f6b7 data 2018-03-07 01:13:48http://103.68.190.250/Sources//Advance/BJWJ/B... CuckooSandbox/embedded_win_api YRP/domain YRP/url YRP/contentis_base64 [+]
16a007e8ba0797d554a08ebc09d97fb7 80386 2018-03-07 01:20:15http://103.68.190.250/Sources//Advance/BJWJ/B... CuckooSandbox/shellcode CuckooSandbox/embedded_win_api YRP/maldoc_getEIP_method_1 YRP/domain [+]
3b36fc0a984e664a8ae09957ba6ee757 BSD 2018-03-07 01:26:06http://103.68.190.250/Sources//Advance/BJWJ/B... CuckooSandbox/embedded_win_api YRP/domain YRP/url YRP/contentis_base64 [+]
c3d8d20d34df09e7723bed32db706a8c 80386 2018-03-07 01:26:09http://103.68.190.250/Sources//Advance/BJWJ/B... CuckooSandbox/shellcode CuckooSandbox/embedded_win_api YRP/maldoc_getEIP_method_1 YRP/domain [+]
7f5d18fe31edf53846d4c8f1def3ce71 80386 2018-03-07 01:34:31http://103.68.190.250/Sources//Advance/BJWJ/B... CuckooSandbox/shellcode CuckooSandbox/embedded_win_api YRP/maldoc_getEIP_method_1 YRP/domain [+]
31eeb0bc0f5fe3e1ee6fb1f17b738428 BSD 2018-03-07 01:41:35http://103.68.190.250/Sources//Advance/BJWJ/B... CuckooSandbox/embedded_win_api YRP/domain YRP/url YRP/contentis_base64 [+]
7a60d72b2f12674d7678f274761121dc 80386 2018-03-07 01:41:38http://103.68.190.250/Sources//Advance/BJWJ/B... CuckooSandbox/shellcode CuckooSandbox/embedded_win_api YRP/maldoc_getEIP_method_1 YRP/domain [+]
251916a4008dbeaaf5b4adfdd41cd79f 80386 2018-03-07 01:52:59http://103.68.190.250/Sources//Advance/BJWJ/B... CuckooSandbox/shellcode CuckooSandbox/embedded_win_api YRP/maldoc_getEIP_method_1 YRP/domain [+]
eaa170d56abca3a00991deaebe3bc7a7 80386 2018-03-07 01:56:55http://103.68.190.250/Sources//Advance/BJWJ/B... CuckooSandbox/shellcode CuckooSandbox/embedded_win_api YRP/maldoc_getEIP_method_1 YRP/domain [+]
c042511df4ce1f0305fb0cb1b84780a9 PE32 2018-03-07 02:52:46http://94.130.104.170/unpacked_dropper.ex_ YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay [+]
0d4962b96d55b74d6732ffbc8acb3a65 PE32 2018-03-07 02:54:55 YRP/Visual_Cpp_2003_DLL_Microsoft YRP/IsPE32 YRP/HasOverlay YRP/HasDigitalSignature [+]
5129d8fd53d6a4aba81657ab2aa5d243 PE32+ 2018-03-07 02:54:56 YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/HasOverlay YRP/HasDigitalSignature [+]
140d24af0c2b3a18529df12dfbc5f6de PE32 2018-03-07 02:55:22http://94.130.104.170/win33.exe YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI YRP/IsBeyondImageSize [+]
af17a2c4c38621b78d2714dc18dae5e2 ASCII 2018-03-07 03:07:59http://172.104.107.30/PowerSploit/CodeExecuti... CuckooSandbox/embedded_win_api YRP/powershell YRP/domain YRP/IP [+]
28e5f4f9eaad865788a038487667e181 ASCII 2018-03-07 03:08:04http://172.104.107.30/PowerSploit/CodeExecuti... YRP/powershell YRP/domain YRP/IP YRP/contentis_base64 [+]
1c64eece7f6e6a033d66d1bb329ac2fe ASCII 2018-03-07 03:12:42http://172.104.107.30/PowerSploit/Persistence... YRP/powershell YRP/domain YRP/url YRP/contentis_base64 [+]
45a418848bfd7cd5d330dc63dd71a59e ASCII 2018-03-07 03:12:47http://172.104.107.30/PowerSploit/Privesc/Get... CuckooSandbox/embedded_win_api YRP/powershell YRP/domain YRP/url [+]
0e4893c4ef15dace53d5f8671368fab9 UTF-8 2018-03-07 03:14:15http://167.114.128.52/Get-Creds.ps1 YRP/powershell YRP/domain YRP/url YRP/contentis_base64 [+]
7949c832d81594242546528e5ff58333 ASCII 2018-03-07 03:14:17http://167.114.128.52/Invoke-PowerDump.ps1 YRP/powershell YRP/domain YRP/url YRP/contentis_base64 [+]
79c5aba18c7400bd5ce4f7da870a98de HTML 2018-03-07 03:15:44http://172.104.107.30/nishang/Antak-WebShell/... CuckooSandbox/embedded_win_api YRP/powershell YRP/domain YRP/url [+]
586d53492c677c95ad8c1cfacb890af9 ASCII 2018-03-07 03:15:49http://172.104.107.30/nishang/Backdoors/Add-S... YRP/powershell YRP/domain YRP/IP YRP/url [+]
13b68fc813057a6792aafbe2f76b11d1 ASCII 2018-03-07 03:15:58http://172.104.107.30/nishang/Backdoors/Invok... YRP/powershell YRP/domain YRP/IP YRP/url [+]
eae6174e76f54055998b7269c4475772 UTF-8 2018-03-07 03:16:01http://172.104.107.30/nishang/Bypass/Invoke-A... YRP/powershell YRP/domain YRP/url YRP/contentis_base64 [+]
9f1b14e2010f06bd46c544e375a23ff5 UTF-8 2018-03-07 03:16:03http://172.104.107.30/nishang/Client/Out-CHM.... YRP/powershell YRP/domain YRP/IP YRP/url [+]
05b8bec2cc458b773262a23b86c66689 ASCII 2018-03-07 03:16:05http://172.104.107.30/nishang/Client/Out-Exce... YRP/powershell YRP/domain YRP/url YRP/contentis_base64 [+]
bfa9aad1689ecac5629b8fef02864878 ASCII 2018-03-07 03:16:07http://172.104.107.30/nishang/Client/Out-HTA.... YRP/powershell YRP/domain YRP/IP YRP/url [+]
6a957180c899c2c4bafea00b93085c39 ASCII 2018-03-07 03:16:10http://172.104.107.30/nishang/Client/Out-Java... YRP/powershell YRP/domain YRP/IP YRP/url [+]
475703077701240e459c8550b3599f36 ASCII 2018-03-07 03:16:19http://172.104.107.30/nishang/Client/Out-Word... YRP/powershell YRP/domain YRP/url YRP/contentis_base64 [+]
e17baf84926713d61a45fe3e631505b1 ASCII 2018-03-07 03:16:26http://172.104.107.30/nishang/Escalation/Invo... YRP/powershell YRP/domain YRP/url YRP/contentis_base64 [+]
e085a133fd9f13b4c69d96ca7f6b4284 ASCII 2018-03-07 03:16:34http://172.104.107.30/nishang/Execution/Execu... YRP/powershell YRP/domain YRP/IP YRP/url [+]
56028563098c0e2e4aa3884976e797e2 ASCII 2018-03-07 03:18:56http://172.104.107.30/nishang/Shells/Invoke-P... YRP/powershell YRP/domain YRP/IP YRP/url [+]
e28d537b0018e9e0f387d0dce11f19aa ASCII 2018-03-07 03:19:15http://172.104.107.30/nishang/Shells/Invoke-P... YRP/powershell YRP/domain YRP/url YRP/contentis_base64 [+]
735c6027f9cbc092618e10e6bd8629fd UTF-8 2018-03-07 03:19:54http://172.104.107.30/nishang/powerpreter/Pow... CuckooSandbox/vmdetect YRP/powershell YRP/domain YRP/IP [+]
af828ac7132b28edc658794951989e37 C 2018-03-07 03:41:49http://103.68.190.250/Sources//Advance/BJWJ/s... CuckooSandbox/embedded_win_api YRP/domain YRP/url YRP/contentis_base64 [+]
9f05fb8935b8584d3411a18a44b21655 C 2018-03-07 03:45:59http://103.68.190.250/Sources//Advance/BJWJ/s... CuckooSandbox/embedded_win_api YRP/domain YRP/contentis_base64 YRP/Antivirus [+]
ea028522a1a05f0bf72add3226f47a17 PE32 2018-03-07 03:52:42http://103.68.190.250/Sources//Advance/Bootki... YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData YRP/IsBeyondImageSize [+]
b5363975d11eb66f3079e486ca6f22ad PE32 2018-03-07 03:53:17http://103.68.190.250/Sources//Advance/Bootki... YRP/IsPE32 YRP/IsWindowsGUI YRP/IsBeyondImageSize YRP/HasRichSignature [+]
d31065d5b62f58753b73a909ad0ef5e9 data 2018-03-07 03:55:16http://103.68.190.250/Sources//Advance/Bootki... CuckooSandbox/embedded_win_api YRP/domain YRP/url YRP/contentis_base64 [+]
93525dfc28118e02d54ed7df861fc03b data 2018-03-07 03:56:38http://103.68.190.250/Sources//Advance/Bootki... CuckooSandbox/embedded_win_api YRP/domain YRP/url YRP/contentis_base64 [+]
d01f7f6e71ae3f7b2fc3ccbe8b80dde0 PE32 2018-03-07 03:58:49http://40.68.153.179/Bob.exe YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData YRP/IsBeyondImageSize [+]
7eaea604adedebf8c01baa5886b23ce9 PE32 2018-03-07 03:58:51http://40.68.153.179/WindowsUpdates.exe YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+]
0f6991d7d8671f8bb0f2fa19a867e7a1 80386 2018-03-07 03:59:54http://103.68.190.250/Sources//Advance/Bootki... CuckooSandbox/shellcode CuckooSandbox/embedded_win_api YRP/maldoc_getEIP_method_1 YRP/domain [+]
15829ca042f3ca72f11015a5196cd53e 80386 2018-03-07 04:01:38http://103.68.190.250/Sources//Advance/Bootki... CuckooSandbox/shellcode CuckooSandbox/embedded_win_api YRP/maldoc_getEIP_method_1 YRP/domain [+]
b63c791250ad47e5a3747d4f0b18440d C 2018-03-07 04:12:30http://103.68.190.250/Sources//Advance/Bootki... CuckooSandbox/embedded_win_api YRP/domain YRP/contentis_base64 YRP/Antivirus
4885b2799acd7465d3ecccd50d45c666 data 2018-03-07 04:31:22 YRP/domain YRP/contentis_base64 YRP/Antivirus
6f189eaaef926d3b38c7a8ac0142d701 data 2018-03-07 04:31:30 CuckooSandbox/shellcode YRP/domain YRP/contentis_base64 YRP/Antivirus
e3b2d6ef857330113ab764035b3b1a9a data 2018-03-07 04:31:48 YRP/domain YRP/contentis_base64 YRP/Antivirus
c93e6deed776978e76683823c4d2e2b8 PE32 2018-03-07 05:55:51 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
73b26dbcaffbef17163ed8b844c1921f PE32 2018-03-07 05:55:55 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
45137edb7f7a022ed9de5ea9807cac7c MS 2018-03-07 06:55:53 YRP/powershell YRP/domain YRP/url YRP/contentis_base64 [+]
a3e9986b597ad9fdc10703dc66110c74 data 2018-03-07 08:08:06 YRP/domain YRP/contentis_base64 YRP/Antivirus
1fda771362b7afe59bb442d85deb6cd3 data 2018-03-07 08:08:18 CuckooSandbox/shellcode YRP/domain YRP/contentis_base64 YRP/Antivirus
450d13ea0b779399d72b67728942eb8c data 2018-03-07 08:08:36 YRP/domain YRP/contentis_base64 YRP/Antivirus
cd190907dab5c7c4c32b63da76eb85ec compiled 2018-03-07 09:41:42 YRP/domain YRP/IP YRP/contentis_base64 YRP/Antivirus [+]
12e01b1f8e46233185459ee106146cae compiled 2018-03-07 09:42:22 YRP/domain YRP/IP YRP/contentis_base64 YRP/Antivirus [+]
f1c9eaf6564a1f20c566818bc196ecea compiled 2018-03-07 09:43:29 YRP/domain YRP/contentis_base64 YRP/Antivirus YRP/Big_Numbers0
08b3ff22f24fa3ccd9c0f0e3ceca01f7 MS 2018-03-07 10:36:05 YRP/powershell YRP/domain YRP/url YRP/contentis_base64 [+]
bd673eeac4f25c01b081c74dd0f25eed data 2018-03-07 12:48:27 YRP/domain YRP/contentis_base64 YRP/Antivirus
61488b194d360bca1a0152d8833272c7 data 2018-03-07 12:48:38 CuckooSandbox/shellcode YRP/domain YRP/contentis_base64 YRP/Antivirus
aae38ec7cc6329628ef5e394ae0b2f1f data 2018-03-07 12:48:53 YRP/domain YRP/contentis_base64 YRP/Antivirus
dc676ea2ea2eedbe5956b9197a1b6093 ELF 2018-03-07 13:38:38 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url [+]
91cc2dbf3315b26a61ea3ab1eb746994 PE32 2018-03-07 13:38:44 YRP/Borland_Cpp_additional YRP/Borland_Cpp_for_Win32_1995_additional YRP/Borland_Cpp_for_Win32_1995 YRP/Borland_Cpp [+]
ac646e6f709117125a352bf438441184 PE32 2018-03-07 13:46:10 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI YRP/HasModified_DOS_Message [+]
c9c79473d7aa97d2ad7e1deca2edb45e PE32 2018-03-07 13:46:13 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI YRP/HasModified_DOS_Message [+]
af6fd31befb14a0151ef5a7dff3bc64b ELF 2018-03-07 13:47:48 YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+]
0558281f6143072fa9f64edff6d3ac17 PE32 2018-03-07 13:47:54 YRP/Borland_Cpp_additional YRP/Borland_Cpp_for_Win32_1995_additional YRP/Borland_Cpp_for_Win32_1995 YRP/Borland_Cpp [+]
44c387b7a9f8bcfb4168c39f1e5631b9 PE32 2018-03-07 13:55:52 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI YRP/HasModified_DOS_Message [+]
17819e91de836f6037ce828755dbe3fa PE32 2018-03-07 13:55:56 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI YRP/HasModified_DOS_Message [+]
dc7f0542016ca8fa2024cd5433a32297 Composite 2018-03-07 17:46:08 CuckooSandbox/embedded_win_api YRP/powershell YRP/office_document_vba YRP/Contains_VBA_macro_code [+]
4aeb3f98fa22449cae2ddad7202ea828 PE32 2018-03-07 21:55:53 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
feee176d26d11ca21eb3d79fe661fb9a PE32 2018-03-07 22:04:23 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
a7483aa9a7f9ad3c7bf05f8134d429ac PE32 2018-03-07 22:05:54 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
21b3bb6c37d19d418f736f98d8421b44 PE32 2018-03-07 22:15:53 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
35b563cd39dc5cabde70a15798c1fa9f PE32 2018-03-07 22:15:56 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
c87a0debe39bd4a2cf5985fdb08984fa PE32 2018-03-07 22:26:09 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
eb17cbe0b06ed67c233a6c10d1738db7 PE32 2018-03-07 22:26:15 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]