MalShare

MD5 Hash	File type	Added	Source	Yara Hits
974643b34ac2b9f89f7b2330d9d28686	PE32	2017-11-23 13:47:43	http://cinku.gdn/prv.php	YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/IsBeyondImageSize [+] YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Sandboxie_Detection YRP/Check_Dlls YRP/win_registry YRP/win_files_operation YRP/MD5_Constants YRP/SHA1_Constants YRP/suspicious_packer_section
e62d6172e4115e3d9dbe3e8c5e0b4eac	PE32	2018-02-24 12:57:41	User Submission	CuckooSandbox/vmdetect YRP/Visual_Cpp_2005_DLL_Microsoft YRP/Visual_Cpp_2003_DLL_Microsoft YRP/IsPE32 [+] YRP/IsDLL YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/antivm_vmware YRP/win_mutex YRP/win_files_operation YRP/MD5_Constants YRP/SHA1_Constants
0c2f6aee0453d7b54ee713fae2b1befb	PE32	2018-02-26 01:16:05	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate
d25cfde95889512c362c64bbd9fd88fa	C	2018-03-07 04:50:43	http://103.68.190.250/Sources//Advance/BJWJ/s...	CuckooSandbox/vmdetect YRP/domain YRP/contentis_base64 YRP/VMWare_Detection [+] YRP/Sandboxie_Detection YRP/Check_Dlls YRP/vmdetect YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/vmdetect_misc
e6ff5021ab01651407d7e9d7b6586863	PE32	2018-03-07 05:18:33	http://103.68.190.250/Sources//Advance/Bootki...	YRP/possible_includes_base64_packed_functions YRP/VC8_Microsoft_Corporation YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp_8 [+] YRP/IsPE32 YRP/IsConsole YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/DebuggerCheck__GlobalFlags YRP/DebuggerCheck__QueryInfo YRP/DebuggerHiding__Thread YRP/DebuggerHiding__Active YRP/DebuggerException__ConsoleCtrl YRP/DebuggerException__SetConsoleCtrl YRP/ThreadControl__Context YRP/SEH__vba YRP/SEH__vectored YRP/Check_Dlls YRP/anti_dbg YRP/antisb_threatExpert YRP/disable_dep YRP/inject_thread YRP/create_service YRP/create_com_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_ftp YRP/network_tcp_socket YRP/network_dns YRP/network_dga YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/sniff_audio YRP/migrate_apc YRP/spreading_share YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/android_meterpreter YRP/Advapi_Hash_API YRP/Crypt32_CryptBinaryToString_API YRP/CRC32_poly_Constant YRP/MD5_API YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/suspicious_packer_section
7a649649dcbd67b1d0cf4a94cfeb776f	UTF-8	2018-03-18 04:07:00	User Submission	CuckooSandbox/embedded_win_api CuckooSandbox/vmdetect YRP/domain YRP/url [+] YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/RE_Tools YRP/Antivirus YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__PEB YRP/DebuggerCheck__GlobalFlags YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/DebuggerHiding__Active YRP/DebuggerException__ConsoleCtrl YRP/DebuggerException__SetConsoleCtrl YRP/ThreadControl__Context YRP/DebuggerCheck__DrWatson YRP/SEH__v3 YRP/SEH__v4 YRP/SEH__vba YRP/SEH__vectored YRP/Check_Dlls YRP/Check_Wine YRP/vmdetect YRP/WMI_VM_Detect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/antivm_vmware YRP/disable_antivirus YRP/disable_firewall YRP/disable_dep YRP/inject_thread YRP/create_service YRP/create_com_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_dyndns YRP/network_smtp_dotNet YRP/network_smtp_raw YRP/network_smtp_vb YRP/network_p2p_win YRP/network_irc YRP/network_http YRP/network_dropper YRP/network_ftp YRP/network_tcp_socket YRP/network_dns YRP/network_ssl YRP/network_dga YRP/bitcoin YRP/escalate_priv YRP/screenshot YRP/lookupip YRP/lookupgeo YRP/keylogger YRP/cred_local YRP/sniff_audio YRP/cred_ff YRP/cred_vnc YRP/cred_ie7 YRP/sniff_lan YRP/migrate_apc YRP/spreading_file YRP/spreading_share YRP/rat_vnc YRP/rat_rdp YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/vmdetect_misc YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
2b236baedf976710abcbe6b08837ab43	PE32	2018-03-28 14:47:58	http://servet.000webhostapp.com/saf%203000.ex...	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
749e8ee8ac76bfd678f9530189922cb1	ASCII	2018-04-02 06:36:26	User Submission	CuckooSandbox/vmdetect YRP/powershell YRP/domain YRP/IP [+] YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/RE_Tools YRP/Antivirus YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/Check_Dlls YRP/Check_Wine YRP/vmdetect YRP/anti_dbgtools YRP/cred_ff YRP/vmdetect_misc
18dfa0e6a5ddfafbe1d6504ce6600f56	PE32	2018-04-12 09:22:46	User Submission	CuckooSandbox/vmdetect YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsConsole YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/RE_Tools YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/WMI_strings YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/SEH__vectored YRP/Check_Dlls YRP/Check_Qemu_Description YRP/Check_Qemu_DeviceMap YRP/Check_VBox_Description YRP/Check_VBox_DeviceMap YRP/Check_VBox_Guest_Additions YRP/Check_VBox_VideoDrivers YRP/Check_VMWare_DeviceMap YRP/Check_VmTools YRP/Check_Wine YRP/vmdetect YRP/Check_Debugger YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/antivm_bios YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API
8b2457a9e2e924c107838eef31fa8723	PE32	2018-04-24 11:56:47	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_v40_v50 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/System_Tools YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/Qemu_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/Check_Dlls YRP/Check_Qemu_Description YRP/Check_VBox_Description YRP/Check_VBox_VideoDrivers YRP/vmdetect YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_bios YRP/disable_dep YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/CRC32_poly_Constant YRP/CRC32_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API
387a91b8838822545a839dda83b9c57d	PE32	2018-05-02 14:45:30	http://jpatela.pt/rr/Docs.exe	YRP/NETDLLMicrosoft YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_smtp_dotNet YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_hook YRP/Advapi_Hash_API
571c53ccb51b00efe3b975ebe8219da1	PE32	2018-06-06 14:52:24	http://uploadtops.is/1//f/lSllsBN	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETDLLMicrosoft YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_smtp_dotNet YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_hook YRP/Advapi_Hash_API
4f6969b237a911d9be440baf21a90e56	PE32	2018-06-11 15:20:29	http://92.63.197.60/c.exe	CuckooSandbox/vmdetect YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional [+] YRP/Microsoft_Visual_Cpp_50 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/Check_Dlls YRP/Check_Wine YRP/vmdetect YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/network_dropper YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/vmdetect_misc YRP/CRC32_poly_Constant YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API FlorianRoth/DragonFly_APT_Sep17_3
22cc2433e22b7a9f16d22bac4be46a20	PE32	2018-06-22 21:23:45	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/ThreadControl__Context YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/disable_dep YRP/inject_thread YRP/network_dropper YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/win_hook YRP/Delphi_Random YRP/Delphi_CompareCall YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Xtreme YRP/xtreme_rat YRP/xtremrat FlorianRoth/RAT_Xtreme FlorianRoth/Xtreme_Sep17_1 KevTheHermit/Xtreme BAMFDetect/Xtreme
b3b983a017eee5ea8dfe2fe52d7b11ac	PE32	2018-06-23 10:47:47	User Submission	CuckooSandbox/vmdetect YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsConsole YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/System_Tools YRP/RE_Tools YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/WMI_strings YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/SEH__vectored YRP/Check_Dlls YRP/Check_Qemu_Description YRP/Check_Qemu_DeviceMap YRP/Check_VBox_Description YRP/Check_VBox_DeviceMap YRP/Check_VBox_Guest_Additions YRP/Check_VBox_VideoDrivers YRP/Check_VMWare_DeviceMap YRP/Check_VmTools YRP/Check_Wine YRP/vmdetect YRP/Check_Debugger YRP/anti_dbg YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc
9d1e18bfae136305e8afcf56c74b096c	PE32	2018-06-23 11:09:39	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETDLLMicrosoft YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_smtp_dotNet YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_hook YRP/Advapi_Hash_API
2090d21018f8890b2ceb5e5752b3cf3c	PE32	2018-06-25 08:39:30	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
92ff0a0f0c60c0f6a3ef16f3c585b35e	PE32	2018-07-02 14:57:24	http://www.seoconsultants.co.uk/wp-admin/incl...	YRP/NETDLLMicrosoft YRP/IsPE32 YRP/IsWindowsGUI YRP/IsBeyondImageSize [+] YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_smtp_dotNet YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_hook YRP/Advapi_Hash_API
a933a1a402775cfa94b6bee0963f4b46	PE32	2018-07-06 14:50:04	User Submission	CuckooSandbox/vmdetect YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional [+] YRP/Borland_Delphi_30_ YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/borland_delphi_dll YRP/maldoc_indirect_function_call_3 YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/vmdetect_misc YRP/CRC32_poly_Constant YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/Delphi_Random YRP/GenerateTLSClientHelloPacket_Test
ad468a1db141f7b528dbe0f7bddc2725	PE32	2018-07-09 20:51:07	http://92.63.197.60/t.exe	CuckooSandbox/vmdetect YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional [+] YRP/Microsoft_Visual_Cpp_50 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData YRP/IsBeyondImageSize YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/Check_Dlls YRP/Check_Wine YRP/vmdetect YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/network_dropper YRP/win_mutex YRP/win_files_operation YRP/vmdetect_misc YRP/CRC32_poly_Constant YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API FlorianRoth/DragonFly_APT_Sep17_3
e2f077cf4188961ff3a51122ab555d6c	PE32	2018-07-11 08:23:10	http://92.63.197.60/t.exe	CuckooSandbox/vmdetect YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional [+] YRP/Microsoft_Visual_Cpp_50 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData YRP/IsBeyondImageSize YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/Check_Dlls YRP/Check_Wine YRP/vmdetect YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/network_dropper YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/vmdetect_misc YRP/CRC32_poly_Constant YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API FlorianRoth/DragonFly_APT_Sep17_3
8459ea3e175f82b1b939922fff1c3907	PE32	2018-07-11 14:55:52	http://hokoog.com/yo/t1.exe	YRP/NETDLLMicrosoft YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_smtp_dotNet YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_hook YRP/Advapi_Hash_API
bf27cba6a5f6cd48ef6a36b03d32da34	PE32	2018-07-12 14:49:03	http://hokoog.com/yo/osj.exe	YRP/NETDLLMicrosoft YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_smtp_dotNet YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_hook YRP/Advapi_Hash_API
50ce24e89b4db7e4d3e086df88ef1add	PE32	2018-07-12 14:49:07	http://hokoog.com/yo/tht.exe	YRP/NETDLLMicrosoft YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_smtp_dotNet YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_hook YRP/Advapi_Hash_API
30d574c8081972f8587f249132312cd1	PE32	2018-07-12 15:12:44	http://92.63.197.112/o.exe	CuckooSandbox/vmdetect YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional [+] YRP/Microsoft_Visual_Cpp_50 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData YRP/IsBeyondImageSize YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/Check_Dlls YRP/Check_Wine YRP/vmdetect YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/network_dropper YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/vmdetect_misc YRP/CRC32_poly_Constant YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API FlorianRoth/DragonFly_APT_Sep17_3
c84f33d02e8efaa49afe56db4575d3ed	PE32	2018-07-13 10:00:35	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_v40_v50 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/Check_Wine YRP/vmdetect YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/network_dropper YRP/win_registry YRP/win_token YRP/BASE64_table YRP/Str_Win32_Winsock2_Library FlorianRoth/DragonFly_APT_Sep17_3
51d8b605030bc337a023604e2a63d8b1	PE32	2018-07-13 10:34:57	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETDLLMicrosoft YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_smtp_dotNet YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_hook YRP/Advapi_Hash_API
c26647793e5e9bbaeff25637b2cfa2c0	PE32	2018-07-18 07:23:31	http://92.63.197.60/t.exe	CuckooSandbox/vmdetect YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional [+] YRP/Microsoft_Visual_Cpp_50 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData YRP/IsBeyondImageSize YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/Check_Dlls YRP/Check_Wine YRP/vmdetect YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/network_dropper YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/vmdetect_misc YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API FlorianRoth/DragonFly_APT_Sep17_3
86803e17a7a26c62803f1f6befd0a1cf	PE32	2018-07-20 13:59:19	http://92.63.197.60/t.exe	CuckooSandbox/vmdetect YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional [+] YRP/Microsoft_Visual_Cpp_50 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData YRP/IsBeyondImageSize YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/Check_Dlls YRP/Check_Wine YRP/vmdetect YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/network_dropper YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/vmdetect_misc YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API FlorianRoth/DragonFly_APT_Sep17_3
70d14dfe5911672eb643f0337dea18d5	PE32	2018-07-24 03:03:01	http://novomet.bg/templates/ok.exe	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETDLLMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_smtp_dotNet YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_hook YRP/Advapi_Hash_API
34646c3cb4ea11b9e6d8d4c6a2e0f831	PE32	2018-07-24 03:03:45	http://novomet.bg/templates/mi.exe	YRP/NETDLLMicrosoft YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE [+] YRP/IsWindowsGUI YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_smtp_dotNet YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_hook YRP/Advapi_Hash_API
074d428f06e2d45314f1806d0c19a64d	PE32	2018-07-24 03:03:50	http://novomet.bg/templates/kc.exe	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETDLLMicrosoft YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_smtp_dotNet YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_hook YRP/Advapi_Hash_API
13bc808374b8deb5a32e1834067f057a	PE32	2018-07-24 03:03:53	http://novomet.bg/templates/jo.exe	YRP/NETDLLMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI [+] YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_smtp_dotNet YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_hook YRP/Advapi_Hash_API
3fc00d6f00092f460e262cc8e60d7fc0	PE32	2018-07-24 03:03:55	http://novomet.bg/templates/ion.exe	YRP/NETDLLMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI [+] YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_smtp_dotNet YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_hook YRP/Advapi_Hash_API
08bfc1916ba48f2a876392547f719dbc	PE32	2018-07-24 03:04:00	http://novomet.bg/templates/france.exe	YRP/NETDLLMicrosoft YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE [+] YRP/IsWindowsGUI YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_smtp_dotNet YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_hook YRP/Advapi_Hash_API
0753a7f6349e2696a6fb7348c96da22d	PE32	2018-07-24 03:04:05	http://novomet.bg/templates/fig.exe	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_Studio_NET_additional YRP/NET_executable_ YRP/NET_executable [+] YRP/NETDLLMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_smtp_dotNet YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_hook YRP/Advapi_Hash_API
302cf161ba1ec1d05ad9e95382c94d24	PE32	2018-07-24 03:04:14	http://novomet.bg/templates/ell.exe	YRP/NETDLLMicrosoft YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE [+] YRP/IsWindowsGUI YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_smtp_dotNet YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_hook YRP/Advapi_Hash_API
c1176d7eded95afba2a8a63d009307cf	PE32	2018-07-24 03:04:17	http://novomet.bg/templates/decc.exe	YRP/NETDLLMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI [+] YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_smtp_dotNet YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_hook YRP/Advapi_Hash_API
e3eca7c15a3c499e1052cff8fe9969f4	PE32	2018-07-24 03:04:20	http://novomet.bg/templates/cov.exe	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETDLLMicrosoft YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/IsBeyondImageSize YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_smtp_dotNet YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_hook YRP/Advapi_Hash_API
d41fc98df558af06f2cd52c5a64b50aa	PE32	2018-07-24 03:04:24	http://novomet.bg/templates/chii.exe	YRP/NETDLLMicrosoft YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE [+] YRP/IsWindowsGUI YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_smtp_dotNet YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_hook YRP/Advapi_Hash_API
3ef2ca11a2c73d239147884c64deaa58	PE32	2018-07-24 03:04:29	http://novomet.bg/templates/cha.exe	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETDLLMicrosoft YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_smtp_dotNet YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_hook YRP/Advapi_Hash_API
9735dbe4419f18d7c2f09b0b2ec686f3	PE32	2018-07-24 03:04:38	http://novomet.bg/templates/bob.exe	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETDLLMicrosoft YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_smtp_dotNet YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_hook YRP/Advapi_Hash_API
5f6c30deb25d425d3575ec2c30f2c7fa	PE32	2018-07-24 03:04:41	http://novomet.bg/templates/ag.exe	YRP/NETDLLMicrosoft YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE [+] YRP/IsWindowsGUI YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_smtp_dotNet YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_hook YRP/Advapi_Hash_API
ec03670e1a0faf13a6001062cd238aed	PE32	2018-07-24 14:49:43	http://novomet.bg/templates/yg.exe	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETDLLMicrosoft YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_smtp_dotNet YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_hook YRP/Advapi_Hash_API
edfbb39d46324f87220a65d916bc01f4	PE32	2018-07-24 14:49:46	http://novomet.bg/templates/sod.exe	YRP/NETDLLMicrosoft YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE [+] YRP/IsWindowsGUI YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_smtp_dotNet YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_hook YRP/Advapi_Hash_API
dfd8aaa42b777a55139926bf81bf28fb	PE32	2018-07-24 14:49:54	http://novomet.bg/templates/pass.exe	YRP/NETDLLMicrosoft YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE [+] YRP/IsWindowsGUI YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_smtp_dotNet YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_hook YRP/Advapi_Hash_API
c431acd05702b82c39d47ee75f4ec429	PE32	2018-07-24 14:50:14	http://novomet.bg/templates/p2.exe	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETDLLMicrosoft YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/IsBeyondImageSize YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_smtp_dotNet YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_hook YRP/Advapi_Hash_API
af3de58dd02324bab651cab44f816820	PE32	2018-07-24 14:50:19	http://novomet.bg/templates/p1z.exe	YRP/NETDLLMicrosoft YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE [+] YRP/IsWindowsGUI YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_smtp_dotNet YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_hook YRP/Advapi_Hash_API
fa115cb3faa210c34cd18aed97a8b6ed	PE32	2018-07-24 14:50:28	http://novomet.bg/templates/ji.exe	YRP/NETDLLMicrosoft YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE [+] YRP/IsWindowsGUI YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_smtp_dotNet YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_hook YRP/Advapi_Hash_API
cc5c37a9e3e8ee63e4e61ca98ce099a2	GIF	2018-08-01 02:57:44	http://mydocuments1.is/1//T/nIx3w	CuckooSandbox/embedded_pe CuckooSandbox/embedded_win_api YRP/NETDLLMicrosoft YRP/Embedded_EXE_Cloaking [+] YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_smtp_dotNet YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_hook YRP/Big_Numbers1 YRP/Advapi_Hash_API
73d3bb34a506f0c806b38a5f60920da0	JPEG	2018-08-01 03:01:05	http://mydocuments1.is/1/T/48hzc	CuckooSandbox/embedded_pe CuckooSandbox/embedded_win_api YRP/NETDLLMicrosoft YRP/NETexecutableMicrosoft [+] YRP/Embedded_EXE_Cloaking YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_smtp_dotNet YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_hook YRP/Advapi_Hash_API
aa0c0b3db9a8383134c6104669093401	PNG	2018-08-02 14:47:45	http://mydocuments1.is/1/T/MCzNI	CuckooSandbox/embedded_pe CuckooSandbox/embedded_win_api YRP/NETDLLMicrosoft YRP/NETexecutableMicrosoft [+] YRP/Embedded_EXE_Cloaking YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_smtp_dotNet YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_hook YRP/Advapi_Hash_API
7dde70a0317794eacb9d98671e5b6150	GIF	2018-08-02 14:51:14	http://mydocuments1.is/1//T/n2wlA	CuckooSandbox/embedded_pe CuckooSandbox/embedded_win_api YRP/NETDLLMicrosoft YRP/Embedded_EXE_Cloaking [+] YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_smtp_dotNet YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_hook YRP/Big_Numbers1 YRP/Advapi_Hash_API
fd5602c313397248da504febe7f09109	PE32	2018-08-17 14:45:10	http://107.173.219.125/svc/alibaba.exe	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_Studio_NET_additional YRP/NET_executable_ YRP/NET_executable [+] YRP/NETDLLMicrosoft YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_smtp_dotNet YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_hook YRP/Advapi_Hash_API
45210a91f9f70797f798971114aa16c5	PE32	2018-08-17 14:45:27	http://107.173.219.125/svc/agent.exe	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_Studio_NET_additional YRP/NET_executable_ YRP/NET_executable [+] YRP/NETDLLMicrosoft YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_smtp_dotNet YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_hook YRP/Advapi_Hash_API
c2be017b2fb3ad6f0f1c05ef10573b90	PE32	2018-08-20 14:07:23	User Submission	CuckooSandbox/vmdetect YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/System_Tools YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/Misc_Suspicious_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/win_mutex YRP/win_token YRP/win_files_operation YRP/Str_Win32_Http_API
3bf240a2979ddb131be5c4331f956561	PE32	2018-08-22 06:58:04	http://92.63.197.60/t.exe	CuckooSandbox/vmdetect YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional [+] YRP/Microsoft_Visual_Cpp_50 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData YRP/IsBeyondImageSize YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/Check_Dlls YRP/Check_Wine YRP/vmdetect YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/disable_antivirus YRP/network_dropper YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/vmdetect_misc YRP/CRC32_poly_Constant YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API FlorianRoth/DragonFly_APT_Sep17_3
013ff1d4b6ad05ecc5775fb47a3a3e9f	PE32	2018-08-23 05:35:28	http://92.63.197.60/t.exe	CuckooSandbox/vmdetect YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional [+] YRP/Microsoft_Visual_Cpp_50 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/Check_Dlls YRP/Check_Wine YRP/vmdetect YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/disable_antivirus YRP/network_dropper YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/vmdetect_misc YRP/CRC32_poly_Constant YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API FlorianRoth/DragonFly_APT_Sep17_3
5a7e8f256e2aedb59c94eb76c9dc2e25	PE32	2018-08-24 19:50:59	http://92.63.197.60/t.exe	CuckooSandbox/vmdetect YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional [+] YRP/Microsoft_Visual_Cpp_50 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData YRP/IsBeyondImageSize YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/Check_Dlls YRP/Check_Wine YRP/vmdetect YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/disable_antivirus YRP/network_dropper YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/vmdetect_misc YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API FlorianRoth/DragonFly_APT_Sep17_3
323913faa20b51b5f9021f22e92c24ed	PE32	2018-08-25 22:53:21	http://92.63.197.60/t.exe	CuckooSandbox/vmdetect YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional [+] YRP/Microsoft_Visual_Cpp_50 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData YRP/IsBeyondImageSize YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/Check_Dlls YRP/Check_Wine YRP/vmdetect YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/disable_antivirus YRP/network_dropper YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/vmdetect_misc YRP/CRC32_poly_Constant YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API FlorianRoth/DragonFly_APT_Sep17_3
f6b6ffea609e375b7d36b2da4bbf8da8	PE32	2018-08-28 14:55:07	http://keyba01se.usa.cc/henrynonso.exe	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETDLLMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_smtp_dotNet YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_hook YRP/Advapi_Hash_API
29c1da1ef294e03ed08adffe948e0a0e	PE32	2018-08-28 14:55:17	http://keyba01se.usa.cc/shankerlito.exe	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETDLLMicrosoft YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_smtp_dotNet YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_hook YRP/Advapi_Hash_API
e932a1b95214ac9a8797aa2c7980de04	PE32	2018-08-28 14:55:27	http://keyba01se.usa.cc/emmymalay.exe	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETDLLMicrosoft YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_smtp_dotNet YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_hook YRP/Advapi_Hash_API
d1f47b50617d3a0eb394858b4949f418	PE32	2018-08-28 20:20:39	http://92.63.197.60/o.exe	CuckooSandbox/vmdetect YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional [+] YRP/Microsoft_Visual_Cpp_50 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData YRP/IsBeyondImageSize YRP/HasRichSignature YRP/powershell YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/Check_Dlls YRP/Check_Wine YRP/vmdetect YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/disable_antivirus YRP/network_dropper YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/vmdetect_misc YRP/CRC32_poly_Constant YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API FlorianRoth/DragonFly_APT_Sep17_3
dbd2a22363a5db801e5a649c4951f097	PE32	2018-08-29 14:53:17	http://hwy11-17-hwy582tocoughlin.com/wp-inclu...	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETDLLMicrosoft YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_smtp_dotNet YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_hook YRP/Advapi_Hash_API
16e9d519719d41efb4ca323c8a9fcb92	PE32	2018-08-29 14:53:21	http://hwy11-17-hwy582tocoughlin.com/wp-inclu...	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETDLLMicrosoft YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_smtp_dotNet YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_hook YRP/Advapi_Hash_API
aad4de42637734f6c9e130c05e8e0dd8	PE32	2018-08-29 14:53:32	http://hwy11-17-hwy582tocoughlin.com/wp-inclu...	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETDLLMicrosoft YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_smtp_dotNet YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_hook YRP/Advapi_Hash_API
47cd02471a4cad996f1dfe199bea5a2e	PE32	2018-08-29 14:53:37	http://hwy11-17-hwy582tocoughlin.com/wp-inclu...	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETDLLMicrosoft YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_smtp_dotNet YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_hook YRP/Advapi_Hash_API
25f413d7a6b9d277a211ee19019ef6d1	PE32	2018-08-29 14:53:41	http://hwy11-17-hwy582tocoughlin.com/wp-inclu...	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETDLLMicrosoft YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_smtp_dotNet YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_hook YRP/Advapi_Hash_API
2ab4630664efaa8ae54b3834dcc777c4	PE32	2018-08-29 14:53:45	http://hwy11-17-hwy582tocoughlin.com/wp-inclu...	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETDLLMicrosoft YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_smtp_dotNet YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_hook YRP/Advapi_Hash_API
62b0796bab9eef29552bbf138fc63500	PE32	2018-08-29 14:53:49	http://hwy11-17-hwy582tocoughlin.com/wp-inclu...	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETDLLMicrosoft YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_smtp_dotNet YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_hook YRP/Advapi_Hash_API YRP/suspicious_packer_section
a3aff964829b39f8c7eedb35f7919ede	PE32	2018-08-29 14:53:54	http://hwy11-17-hwy582tocoughlin.com/wp-inclu...	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETDLLMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_smtp_dotNet YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_hook YRP/Advapi_Hash_API
639d6f61c3719f52eb371c7cfd44df30	PE32	2018-08-29 14:53:58	http://hwy11-17-hwy582tocoughlin.com/wp-inclu...	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETDLLMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_smtp_dotNet YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_hook YRP/Advapi_Hash_API
8e979313711490922a6fb6e0384cd837	PE32	2018-08-29 14:54:07	http://hwy11-17-hwy582tocoughlin.com/wp-inclu...	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETDLLMicrosoft YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_smtp_dotNet YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_hook YRP/Advapi_Hash_API
ce068fa6f55ec2001660886a694f0c19	PE32	2018-08-31 03:59:28	http://92.63.197.60/t.exe	CuckooSandbox/vmdetect YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional [+] YRP/Microsoft_Visual_Cpp_50 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData YRP/IsBeyondImageSize YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/Check_Dlls YRP/Check_Wine YRP/vmdetect YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/disable_antivirus YRP/network_dropper YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/vmdetect_misc YRP/CRC32_poly_Constant YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API FlorianRoth/DragonFly_APT_Sep17_3
06939a6b6e02e8df4fd715ad0c08958c	PE32	2018-08-31 13:10:38	http://92.63.197.60/t.exe	CuckooSandbox/vmdetect YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional [+] YRP/Microsoft_Visual_Cpp_50 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData YRP/IsBeyondImageSize YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/Check_Dlls YRP/Check_Wine YRP/vmdetect YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/disable_antivirus YRP/network_dropper YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/vmdetect_misc YRP/CRC32_poly_Constant YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API FlorianRoth/DragonFly_APT_Sep17_3
978b46fbbfd26c1ce1b50643612b9eed	PE32	2018-09-01 02:41:54	http://92.63.197.60/t.exe	CuckooSandbox/vmdetect YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional [+] YRP/Microsoft_Visual_Cpp_50 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData YRP/IsBeyondImageSize YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/Check_Dlls YRP/Check_Wine YRP/vmdetect YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/disable_antivirus YRP/network_dropper YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/vmdetect_misc YRP/CRC32_poly_Constant YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API FlorianRoth/DragonFly_APT_Sep17_3
8fcbb5511dfecda088778efbec93d47f	PE32	2018-09-01 10:06:49	http://92.63.197.60/t.exe	CuckooSandbox/vmdetect YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional [+] YRP/Microsoft_Visual_Cpp_50 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData YRP/IsBeyondImageSize YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/Check_Dlls YRP/Check_Wine YRP/vmdetect YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/disable_antivirus YRP/network_dropper YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/vmdetect_misc YRP/CRC32_poly_Constant YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API FlorianRoth/DragonFly_APT_Sep17_3
f94cf644fb1ed9c9c002b9f69a6ddff1	PE32	2018-09-01 17:26:25	http://92.63.197.60/t.exe	CuckooSandbox/vmdetect YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional [+] YRP/Microsoft_Visual_Cpp_50 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData YRP/IsBeyondImageSize YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/Check_Dlls YRP/Check_Wine YRP/vmdetect YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/disable_antivirus YRP/network_dropper YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/vmdetect_misc YRP/CRC32_poly_Constant YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API FlorianRoth/DragonFly_APT_Sep17_3
20ef42401c83f6c734ad5cad0ae28fd2	PE32	2018-09-02 05:26:17	http://92.63.197.60/t.exe	CuckooSandbox/vmdetect YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional [+] YRP/Microsoft_Visual_Cpp_50 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData YRP/IsBeyondImageSize YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/Check_Dlls YRP/Check_Wine YRP/vmdetect YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/disable_antivirus YRP/network_dropper YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/vmdetect_misc YRP/CRC32_poly_Constant YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API FlorianRoth/DragonFly_APT_Sep17_3
f31b16292a8e9b81ed7edc10c29d0768	PE32	2018-09-02 05:48:58	http://92.63.197.60/t.exe	CuckooSandbox/vmdetect YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional [+] YRP/Microsoft_Visual_Cpp_50 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData YRP/IsBeyondImageSize YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/Check_Dlls YRP/Check_Wine YRP/vmdetect YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/disable_antivirus YRP/network_dropper YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/vmdetect_misc YRP/CRC32_poly_Constant YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API FlorianRoth/DragonFly_APT_Sep17_3
1d691e6b3faac64c9425c6365798458b	PE32	2018-09-02 21:46:03	http://92.63.197.60/t.exe	CuckooSandbox/vmdetect YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional [+] YRP/Microsoft_Visual_Cpp_50 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData YRP/IsBeyondImageSize YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/Check_Dlls YRP/Check_Wine YRP/vmdetect YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/disable_antivirus YRP/network_dropper YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/vmdetect_misc YRP/CRC32_poly_Constant YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API FlorianRoth/DragonFly_APT_Sep17_3
0e92d4f0b496d8d763b8f930c604b79b	GIF	2018-09-03 14:45:33	https://u.lewd.se/yobBS6_auSrdjHn.gif	CuckooSandbox/embedded_pe CuckooSandbox/embedded_win_api YRP/NETDLLMicrosoft YRP/NETexecutableMicrosoft [+] YRP/Embedded_EXE_Cloaking YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_smtp_dotNet YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_hook YRP/Advapi_Hash_API
d07b7ac34bed14877a7632ace62e7193	PE32	2018-09-04 04:36:30	http://92.63.197.60/t.exe	CuckooSandbox/vmdetect YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional [+] YRP/Microsoft_Visual_Cpp_50 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData YRP/IsBeyondImageSize YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/Check_Dlls YRP/Check_Wine YRP/vmdetect YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/disable_antivirus YRP/network_dropper YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/vmdetect_misc YRP/CRC32_poly_Constant YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API FlorianRoth/DragonFly_APT_Sep17_3
134e990e9fa8da6c158e3d5309f82eef	PE32	2018-09-04 05:38:34	http://92.63.197.60/t.exe	CuckooSandbox/vmdetect YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional [+] YRP/Microsoft_Visual_Cpp_50 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData YRP/IsBeyondImageSize YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/Check_Dlls YRP/Check_Wine YRP/vmdetect YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/disable_antivirus YRP/network_dropper YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/vmdetect_misc YRP/CRC32_poly_Constant YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API FlorianRoth/DragonFly_APT_Sep17_3
30dc92ea1196223ef16ff394ca88b98e	PE32	2018-09-05 11:16:12	User Submission	CuckooSandbox/vmdetect YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional [+] YRP/Borland_Delphi_30_ YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional YRP/Borland_Delphi_v60_v70 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/BobSoftMiniDelphiBoBBobSoft YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/contentis_base64 YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/UPX YRP/suspicious_packer_section
ceeeba8d36adc9c8e05df903b5c60339	PE32	2018-09-05 15:11:45	http://keyba01se.usa.cc/wayne.exe	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETDLLMicrosoft YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_smtp_dotNet YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_hook YRP/Advapi_Hash_API
717f0ef3b7bb89027b149da1780fde5c	PE32	2018-09-07 13:40:59	User Submission	CuckooSandbox/vmdetect YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsConsole YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/System_Tools YRP/RE_Tools YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/WMI_strings YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/SEH__vectored YRP/Check_Dlls YRP/Check_Qemu_Description YRP/Check_Qemu_DeviceMap YRP/Check_VBox_Description YRP/Check_VBox_DeviceMap YRP/Check_VBox_Guest_Additions YRP/Check_VBox_VideoDrivers YRP/Check_VMWare_DeviceMap YRP/Check_VmTools YRP/Check_Wine YRP/vmdetect YRP/Check_Debugger YRP/anti_dbg YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc
949529c21c301bf8df28f6a2f44b2a2f	PE32	2018-09-24 23:25:23	http://92.63.197.60/v/o.exe	CuckooSandbox/vmdetect YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional [+] YRP/Microsoft_Visual_Cpp_50 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/powershell YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/Check_Dlls YRP/Check_Wine YRP/vmdetect YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/disable_antivirus YRP/win_mutex YRP/win_registry YRP/vmdetect_misc YRP/DES_sbox YRP/Str_Win32_Winsock2_Library
47b0e49351042c74780516c68e65dab5	PE32	2018-10-09 20:50:21	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Dropper_Strings YRP/SEH__vectored YRP/Check_Dlls YRP/antisb_threatExpert YRP/inject_thread YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/network_dga YRP/bitcoin YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/cred_ff YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Advapi_Hash_API YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/DES_sbox YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/with_sqlite
f6fb6971df0c7e7a77445284049f9340	PE32	2018-10-10 01:40:35	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsDLL [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Dropper_Strings YRP/SEH__vectored YRP/Check_Dlls YRP/antisb_threatExpert YRP/inject_thread YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/network_dga YRP/bitcoin YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/cred_ff YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Advapi_Hash_API YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/DES_sbox YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/with_sqlite YRP/suspicious_packer_section
cf7e26743f006b3984d53b4ce9779c0e	PE32	2018-10-24 16:21:40	http://84.38.130.139/doc/office/vbs.exe	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional YRP/Borland_Delphi_v60_v70 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/NETDLLMicrosoft YRP/BobSoftMiniDelphiBoBBobSoft YRP/IsPE32 YRP/IsWindowsGUI YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_udp_sock YRP/network_tcp_listen YRP/network_smtp_dotNet YRP/network_tcp_socket YRP/network_dns YRP/network_ssl YRP/screenshot YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Delphi_DecodeDate YRP/Str_Win32_Winsock2_Library
e0374bcc3615f00cdd9c9e3845a1eb74	PE32	2018-11-08 17:18:56	http://23.249.167.158/file/word/vbs.exe	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional YRP/Borland_Delphi_v60_v70 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/NETDLLMicrosoft YRP/NETexecutableMicrosoft YRP/BobSoftMiniDelphiBoBBobSoft YRP/IsPE32 YRP/IsWindowsGUI YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_smtp_dotNet YRP/screenshot YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Delphi_DecodeDate
69ab55d418295637dac52efae9ae5698	PE32	2018-11-09 14:01:49	http://c.top4top.net/p_6534e8r81.jpg	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_60_70 YRP/Borland [+] YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/Delphi_CompareCall YRP/Delphi_Copy
356e3491786ba260977987d91967dfca	PE32	2018-11-13 04:28:01	http://92.63.197.60/upit.exe	CuckooSandbox/vmdetect YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional [+] YRP/Microsoft_Visual_Cpp_50 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData YRP/IsBeyondImageSize YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/Check_Dlls YRP/Check_Wine YRP/vmdetect YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/disable_antivirus YRP/network_dropper YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/vmdetect_misc YRP/CRC32_poly_Constant YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
c3594f6582c0695723b62ae1e315c999	PE32	2018-11-13 09:16:09	User Submission	YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsPacked YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/Qemu_Detection YRP/SEH__vba YRP/Check_Dlls YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/win_registry YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
d0adc1efc5ca670bc2d6d9f8cfff9f55	PE32	2018-11-13 10:29:01	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
ab2b0f3e9eec065a0f22c181cce48cd0	PE32	2018-11-13 15:49:34	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_60_70 YRP/Borland [+] YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/Delphi_CompareCall YRP/Delphi_Copy
7440e9e37778658e8fe431bbd77d9b19	PE32	2018-11-14 02:31:06	User Submission	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional YRP/Borland_Delphi_v60_v70 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/NETDLLMicrosoft YRP/NETexecutableMicrosoft YRP/BobSoftMiniDelphiBoBBobSoft YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/borland_delphi YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_udp_sock YRP/network_tcp_listen YRP/network_smtp_dotNet YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Delphi_DecodeDate YRP/Str_Win32_Winsock2_Library
6ace5e8b782fff0339f9bfbeff3706d8	PE32	2018-11-14 02:37:01	User Submission	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional YRP/Borland_Delphi_v60_v70 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/NETDLLMicrosoft YRP/NETexecutableMicrosoft YRP/BobSoftMiniDelphiBoBBobSoft YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/borland_delphi YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_udp_sock YRP/network_tcp_listen YRP/network_smtp_dotNet YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Delphi_DecodeDate YRP/Str_Win32_Winsock2_Library
87354ee1ee2583e52f7bfe7fb60dfcef	PE32	2018-11-14 04:13:33	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_60_70 YRP/Borland [+] YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/Delphi_CompareCall YRP/Delphi_Copy
30ff83628d9141c4e00d96ee2e930f5b	PE32	2018-11-14 04:26:23	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_60_70 YRP/Borland [+] YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/Delphi_CompareCall YRP/Delphi_Copy
e82321e267ddb431c51b60d99c59e3b9	PE32	2018-11-14 08:17:36	User Submission	CuckooSandbox/vmdetect YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional [+] YRP/Borland_Delphi_30_ YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional YRP/Borland_Delphi_v60_v70 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/NETDLLMicrosoft YRP/NETexecutableMicrosoft YRP/BobSoftMiniDelphiBoBBobSoft YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/borland_delphi YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/network_smtp_dotNet YRP/screenshot YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Delphi_DecodeDate
f6e891055764bf5b6e6389752a1167e6	PE32	2018-11-14 09:29:28	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__RemoteAPI YRP/Check_Dlls YRP/Check_Qemu_Description YRP/Check_Qemu_DeviceMap YRP/Check_VBox_Description YRP/Check_VBox_DeviceMap YRP/Check_VBox_Guest_Additions YRP/Check_VBox_VideoDrivers YRP/Check_VMWare_DeviceMap YRP/Check_VmTools YRP/Check_Wine YRP/Check_Debugger YRP/anti_dbg YRP/network_http YRP/network_dropper YRP/escalate_priv YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/Big_Numbers1 YRP/Crypt32_CryptBinaryToString_API YRP/CRC32_poly_Constant YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
34031141fd880e622a291a878fb379ae	POSIX	2018-11-14 10:07:25	User Submission	CuckooSandbox/shellcode CuckooSandbox/embedded_pe CuckooSandbox/embedded_win_api YRP/Borland [+] YRP/NETDLLMicrosoft YRP/NETexecutableMicrosoft YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_udp_sock YRP/network_tcp_listen YRP/network_smtp_dotNet YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Delphi_DecodeDate YRP/Njrat YRP/Str_Win32_Winsock2_Library
5a38bf739a29ae38380612dfe958af35	PE32	2018-11-14 10:07:35	User Submission	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional YRP/Borland_Delphi_v60_v70 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/NETDLLMicrosoft YRP/NETexecutableMicrosoft YRP/BobSoftMiniDelphiBoBBobSoft YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_udp_sock YRP/network_tcp_listen YRP/network_smtp_dotNet YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Delphi_DecodeDate YRP/Njrat YRP/Str_Win32_Winsock2_Library
df1a09dd1cc2f303a8b3d5097e53400b	PE32	2018-11-14 11:01:18	User Submission	CuckooSandbox/vmdetect YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional [+] YRP/Microsoft_Visual_Cpp_50 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/powershell YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/Check_Dlls YRP/Check_Wine YRP/vmdetect YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/disable_antivirus YRP/network_dropper YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/vmdetect_misc YRP/CRC32_poly_Constant YRP/DES_sbox YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
efed4ecd0f83b369703afc115ab7016d	PE32	2018-11-14 17:16:09	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/MinGW_1 YRP/domain [+] YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Sandboxie_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/Check_Dlls YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/disable_firewall YRP/hijack_network YRP/network_udp_sock YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/AthenaIRC
b8d57a733902915c0065b25b7cf0b226	Composite	2018-11-20 07:01:31	User Submission	CuckooSandbox/shellcode CuckooSandbox/embedded_pe CuckooSandbox/embedded_win_api CuckooSandbox/vmdetect [+] YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/maldoc_OLE_file_magic_number YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
606499daf78310f3346dd83ad6e6877e	PE32	2018-12-20 03:22:08	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsDLL [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Dropper_Strings YRP/SEH__vectored YRP/Check_Dlls YRP/antisb_threatExpert YRP/inject_thread YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/network_dga YRP/bitcoin YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/cred_ff YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Advapi_Hash_API YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/DES_sbox YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/with_sqlite YRP/suspicious_packer_section
071509e506b7686daee0462122b1ab9d	PE32	2019-01-07 11:52:36	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsDLL [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Dropper_Strings YRP/SEH__vectored YRP/Check_Dlls YRP/antisb_threatExpert YRP/inject_thread YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/network_dga YRP/bitcoin YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/cred_ff YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Advapi_Hash_API YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/DES_sbox YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/with_sqlite YRP/suspicious_packer_section
505b2ea58cd5aee725f06429053d881c	JPEG	2019-01-20 13:50:21	https://pomf.pyonpyon.moe/ggesuy.jpg	CuckooSandbox/embedded_pe CuckooSandbox/embedded_win_api YRP/NETDLLMicrosoft YRP/NETexecutableMicrosoft [+] YRP/Embedded_EXE_Cloaking YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_smtp_dotNet YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_hook YRP/Big_Numbers1 YRP/Advapi_Hash_API
415ddd41fa9e9271511a2dd58bf28e81	JPEG	2019-01-24 01:56:54	https://share.dmca.gripe/IujfcYbdpBWFFLKi.jpg	CuckooSandbox/embedded_pe CuckooSandbox/embedded_win_api YRP/NETDLLMicrosoft YRP/NETexecutableMicrosoft [+] YRP/Embedded_EXE_Cloaking YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/network_smtp_dotNet YRP/keylogger YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_hook YRP/Big_Numbers1 YRP/Advapi_Hash_API
dad7188990ff9d152ba4a251f1f647e2	PE32	2019-02-06 02:15:35	http://easyresa.ddns.net:999/servers/gate.exe	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/keylogger YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
28498f577e3f93a9ff883e684fbd2c50	PE32	2019-02-25 14:26:08	http://documente2015.hi2.ro/SCRIPTURI%20WEBSI...	CuckooSandbox/vmdetect YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional [+] YRP/Borland_Delphi_30_ YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/UPXv20MarkusLaszloReiser YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/UPX20030XMarkusOberhumerLaszloMolnarJohnReiser YRP/D1S1Gv11betaD1N YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/borland_delphi YRP/borland_delphi_dll YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Browsers YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/ThreadControl__Context YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/disable_antivirus YRP/inject_thread YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_ftp YRP/network_tcp_socket YRP/network_dns YRP/network_dga YRP/escalate_priv YRP/screenshot YRP/dyndns YRP/keylogger YRP/cred_local YRP/sniff_audio YRP/cred_ff YRP/cred_ie7 YRP/spreading_file YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/android_meterpreter YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/FGint_FGIntDestroy YRP/Delphi_Random YRP/Delphi_RandomRange YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Delphi_DecodeDate YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/UPX YRP/suspicious_packer_section
62b39a28ddb0fd81f8bc5e0a221533dc	Non-ISO	2019-02-25 19:33:36	http://config01.homepc.it/uploads//DV2-07_F48...	YRP/domain YRP/contentis_base64 YRP/System_Tools YRP/Antivirus [+] YRP/Misc_Suspicious_Strings YRP/Check_Dlls YRP/antisb_threatExpert
fbc13f03105aadc13cd0ef58d5b3887e	Non-ISO	2019-02-25 19:34:19	http://config01.homepc.it/uploads//PC-CATJA_A...	YRP/powershell YRP/domain YRP/contentis_base64 YRP/System_Tools [+] YRP/Antivirus YRP/Misc_Suspicious_Strings YRP/Check_Dlls YRP/antisb_threatExpert YRP/Str_Win32_Wininet_Library
ff62105e788f41812057f44955783e1e	PE32	2019-03-14 18:38:08	User Submission	CuckooSandbox/vmdetect YRP/IsPE32 YRP/IsWindowsGUI YRP/IsBeyondImageSize [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/Check_Dlls YRP/Check_VBox_Description YRP/Check_Wine YRP/vmdetect YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/network_ssl YRP/escalate_priv YRP/vmdetect_misc YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library
0d0e51bb679cc4cb533a35846c1bcf43	UTF-8	2019-03-25 21:44:25	User Submission	CuckooSandbox/embedded_win_api CuckooSandbox/vmdetect YRP/domain YRP/url [+] YRP/contentis_base64 YRP/System_Tools YRP/RE_Tools YRP/Antivirus YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__PEB YRP/DebuggerCheck__GlobalFlags YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/DebuggerHiding__Active YRP/DebuggerException__ConsoleCtrl YRP/DebuggerException__SetConsoleCtrl YRP/ThreadControl__Context YRP/DebuggerCheck__DrWatson YRP/SEH__v3 YRP/SEH__v4 YRP/SEH__vba YRP/SEH__vectored YRP/Check_Dlls YRP/Check_Wine YRP/vmdetect YRP/WMI_VM_Detect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/antivm_vmware YRP/disable_antivirus YRP/disable_firewall YRP/disable_dep YRP/vmdetect_misc YRP/Big_Numbers1
3ba2b8bf7d24c9daf5da46298caf22f3	PE32	2019-05-06 02:46:18	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
e7ddf427cd5aac00d3b80e8e10cffcf6	PE32	2019-05-21 03:11:21	http://www.terryhill.top/proforma/Joko.bat.ex...	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/IsPacked YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/vmdetect_misc
1004596e635c155c0b073d3d76349985	PE32	2019-05-25 01:01:07	User Submission	CuckooSandbox/vmdetect YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsBeyondImageSize YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/VM_Generic_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__RemoteAPI YRP/Check_Dlls YRP/Check_Qemu_Description YRP/Check_VBox_Description YRP/Check_VBox_Guest_Additions YRP/vmdetect YRP/Check_Debugger YRP/anti_dbg YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antivm_bios YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/MD5_Constants YRP/SHA512_Constants YRP/BASE64_table
6ff9434c92dfa0ab6aff21b407af883a	Composite	2019-05-29 08:25:02	User Submission	CuckooSandbox/embedded_pe YRP/NETexecutableMicrosoft YRP/domain YRP/IP [+] YRP/contentis_base64 YRP/maldoc_OLE_file_magic_number YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/vmdetect_misc YRP/Big_Numbers1
7fb0ebb6cf62704fb03191ed74359bbc	exported	2019-06-02 19:28:01	User Submission	CuckooSandbox/embedded_win_api CuckooSandbox/vmdetect YRP/domain YRP/IP [+] YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/DebuggerHiding__Active YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/antisb_threatExpert YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/create_service YRP/network_http YRP/network_dropper YRP/network_ftp YRP/network_tcp_socket YRP/screenshot YRP/cred_local YRP/win_files_operation YRP/win_hook YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
1b76f45f00f2931a55ddef1f5dc09226	exported	2019-06-02 19:28:02	User Submission	CuckooSandbox/embedded_win_api CuckooSandbox/vmdetect YRP/domain YRP/url [+] YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/DebuggerHiding__Active YRP/DebuggerException__ConsoleCtrl YRP/DebuggerException__SetConsoleCtrl YRP/ThreadControl__Context YRP/SEH__vectored YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/disable_dep YRP/inject_thread YRP/create_service YRP/create_com_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_ftp YRP/network_tcp_socket YRP/network_dns YRP/network_ssl YRP/network_dga YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/sniff_lan YRP/migrate_apc YRP/spreading_share YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/vmdetect_misc YRP/android_meterpreter YRP/Advapi_Hash_API YRP/MD5_API YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
ae499268f3b5d23c9fccb46aa9b32255	PE32	2019-06-11 14:11:06	http://tlarbi1.free.fr/mot.exe	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/HasOverlay YRP/IsBeyondImageSize YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/Sandboxie_Detection YRP/ThreadControl__Context YRP/Check_Dlls YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/win_mutex
dc91572204b5b5c90a9298c75b9b6525	PE32	2019-09-04 14:08:21	http://milnetbrasil.duckdns.org:8088/back1.ex...	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
3808da149f697638f2d1991c05ce32cb	PE32	2019-09-06 02:43:46	http://milnetbrasil.duckdns.org:8088/back2.ex...	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
9fa7ddf5382bcdadcb8a9e15ae852bb4	exported	2019-09-18 23:05:24	User Submission	CuckooSandbox/embedded_win_api CuckooSandbox/vmdetect YRP/domain YRP/url [+] YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/DebuggerHiding__Active YRP/DebuggerException__ConsoleCtrl YRP/DebuggerException__SetConsoleCtrl YRP/ThreadControl__Context YRP/SEH__vectored YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/disable_dep YRP/inject_thread YRP/create_service YRP/create_com_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_ftp YRP/network_tcp_socket YRP/network_dns YRP/network_ssl YRP/network_dga YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/sniff_lan YRP/migrate_apc YRP/spreading_share YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/vmdetect_misc YRP/android_meterpreter YRP/Advapi_Hash_API YRP/MD5_API YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
f288dfe080d22d010afa9c342cf7a520	exported	2019-09-26 03:21:23	User Submission	CuckooSandbox/embedded_win_api CuckooSandbox/vmdetect YRP/domain YRP/IP [+] YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/DebuggerHiding__Active YRP/DebuggerException__ConsoleCtrl YRP/DebuggerException__SetConsoleCtrl YRP/ThreadControl__Context YRP/SEH__vectored YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/disable_dep YRP/inject_thread YRP/create_service YRP/network_http YRP/network_dropper YRP/network_ftp YRP/network_tcp_socket YRP/network_dns YRP/network_dga YRP/escalate_priv YRP/screenshot YRP/cred_local YRP/cred_ie7 YRP/sniff_lan YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
b6578cab97209c2e8dabdf8a8a972663	exported	2019-09-26 03:21:24	User Submission	CuckooSandbox/embedded_win_api CuckooSandbox/vmdetect YRP/domain YRP/url [+] YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/DebuggerHiding__Active YRP/DebuggerException__ConsoleCtrl YRP/DebuggerException__SetConsoleCtrl YRP/ThreadControl__Context YRP/SEH__vectored YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/disable_dep YRP/inject_thread YRP/create_service YRP/create_com_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_ftp YRP/network_tcp_socket YRP/network_dns YRP/network_ssl YRP/network_dga YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/sniff_lan YRP/migrate_apc YRP/spreading_share YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/vmdetect_misc YRP/android_meterpreter YRP/Advapi_Hash_API YRP/MD5_API YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/suspicious_packer_section
3e8e1c6d25a0e39fe68afe0e5b21afa3	PE32	2019-09-30 20:59:49	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Basic_v50v60 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 [+] YRP/Microsoft_Visual_Basic_v50_additional YRP/Microsoft_Visual_Basic_v50v60_additional YRP/ProtectSharewareV11eCompservCMS YRP/IsPE32 YRP/IsWindowsGUI YRP/IsBeyondImageSize YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/SEH__vba YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/network_dga YRP/escalate_priv YRP/screenshot YRP/dyndns YRP/keylogger YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/DES_Long YRP/DES_sbox YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/with_sqlite YRP/CyberGate YRP/pony FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate BAMFDetect/pony
4eb886b45473d0e7bab1cb7a31d860a8	PE32	2019-10-07 23:00:13	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsDLL [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Dropper_Strings YRP/SEH__vectored YRP/Check_Dlls YRP/antisb_threatExpert YRP/inject_thread YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/network_dga YRP/bitcoin YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/cred_ff YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Advapi_Hash_API YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/DES_sbox YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/with_sqlite YRP/suspicious_packer_section
211dc5557f85954a5ee51d90adc0e0fc	PE32	2019-10-08 03:20:13	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Dropper_Strings YRP/SEH__vectored YRP/Check_Dlls YRP/antisb_threatExpert YRP/inject_thread YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/network_dga YRP/bitcoin YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/cred_ff YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Advapi_Hash_API YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/DES_sbox YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/with_sqlite
a113b77957df88601fba254e51a078e7	PE32	2019-10-08 03:29:52	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsDLL [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Dropper_Strings YRP/SEH__vectored YRP/Check_Dlls YRP/antisb_threatExpert YRP/inject_thread YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/network_dga YRP/bitcoin YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/cred_ff YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Advapi_Hash_API YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/DES_sbox YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/with_sqlite YRP/suspicious_packer_section
5ad7bfddb869cf94df5cf6e8e49bfb46	PE32	2019-10-10 06:59:53	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Dropper_Strings YRP/SEH__vectored YRP/Check_Dlls YRP/antisb_threatExpert YRP/inject_thread YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/network_dga YRP/bitcoin YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/cred_ff YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Advapi_Hash_API YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/DES_sbox YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/with_sqlite
faf230217701fee65822181008e86383	PE32	2019-10-10 06:59:55	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Dropper_Strings YRP/SEH__vectored YRP/Check_Dlls YRP/antisb_threatExpert YRP/inject_thread YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/network_dga YRP/bitcoin YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/cred_ff YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Advapi_Hash_API YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/DES_sbox YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/with_sqlite
14c938380e97eafa36b56412d08a4a45	PE32	2019-10-10 10:40:12	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsDLL [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Dropper_Strings YRP/SEH__vectored YRP/Check_Dlls YRP/antisb_threatExpert YRP/inject_thread YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/network_dga YRP/bitcoin YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/cred_ff YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Advapi_Hash_API YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/DES_sbox YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/with_sqlite YRP/suspicious_packer_section
9fb987b3f3c05b245fe4d9b867296f3f	PE32	2019-10-12 14:05:38	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/ThreadControl__Context YRP/SEH__vectored YRP/Check_Dlls YRP/Check_Wine YRP/anti_dbg YRP/inject_thread YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/Big_Numbers4 YRP/MD5_Constants YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
c86050690e0575e952a75840d815c0bf	data	2019-10-25 22:21:42	User Submission	CuckooSandbox/embedded_pe CuckooSandbox/embedded_win_api CuckooSandbox/vmdetect YRP/webshell_iMHaPFtp_2 [+] YRP/webshell_caidao_shell_guo YRP/webshell_PHP_redcod YRP/webshell_php_sh_server YRP/webshell_cihshell_fix YRP/webshell_php_up YRP/webshell_asp_EFSO_2 YRP/webshell_jsp_up YRP/webshell_Server_Variables YRP/webshell_caidao_shell_ice_2 YRP/webshell_phpspy2010 YRP/webshell_asp_ice YRP/webshell_asp_404 YRP/webshell_webshell_cnseay02_1 YRP/webshell_php_fbi YRP/webshell_B374kPHP_B374k YRP/webshell_php_list YRP/webshell_caidao_shell_404 YRP/webshell_ASP_aspydrv YRP/webshell_Dx_Dx YRP/webshell_MySQL_Web_Interface_Version_0_8 YRP/webshell_phpkit_1_0_odd YRP/webshell_wsb_idc YRP/webshell_php_404 YRP/webshell_webshell_cnseay_x YRP/webshell_asp_up YRP/webshell_phpkit_0_1a_odd YRP/webshell_jsp_k81 YRP/webshell_jsp_cmdjsp YRP/webshell_Java_Shell YRP/webshell_PHP_r57142 YRP/webshell_simple_backdoor YRP/webshell_php_cmd YRP/webshell_PHP_co YRP/webshell_PHP_150 YRP/webshell_PHP_c37 YRP/webshell_PHP_b37 YRP/webshell_PHP_bug_1_ YRP/webshell_ghost_source_icesword_silic YRP/webshell_browser_201_3_400_in_JFolder_jfolder01_jsp_leo_ma_warn_webshell_nc_download YRP/webshell_Dive_Shell_1_0_Emperor_Hacking_Team_xxx YRP/webshell_jsp_reverse_jsp_reverse_jspbd YRP/webshell_gfs_sh_r57shell_r57shell127_SnIpEr_SA_xxx YRP/webshell_itsec_PHPJackal_itsecteam_shell_jHn YRP/webshell_NIX_REMOTE_WEB_SHELL_NIX_REMOTE_WEB_xxx1 YRP/webshell_2008_2009mssql_phpspy_2005_full_phpspy_2006_arabicspy_hkrkoz YRP/webshell_000_403_c5_config_myxx_queryDong_spyjsp2010_zend YRP/webshell_r57shell127_r57_iFX_r57_kartal_r57_antichat YRP/webshell_000_403_807_a_c5_config_css_dm_he1p_xxx YRP/webshell_phpspy_2005_full_phpspy_2005_lite_phpspy_2006_PHPSPY YRP/webshell_c99_locus7s_c99_w4cking_xxx YRP/webshell_r57shell127_r57_kartal_r57 YRP/webshell_webshells_new_con2 YRP/webshell_Expdoor_com_ASP YRP/webshell_webshells_new_php2 YRP/webshell_bypass_iisuser_p YRP/webshell_sig_404super YRP/webshell_webshells_new_JSP YRP/webshell_webshell_123 YRP/webshell_dev_core YRP/webshell_webshells_new_pHp YRP/webshell_webshells_new_pppp YRP/webshell_webshells_new_code YRP/webshell_webshells_new_xxxx YRP/webshell_webshells_new_PHP1 YRP/webshell_webshells_new_asp1 YRP/webshell_webshells_new_php6 YRP/webshell_GetPostpHp YRP/webshell_webshells_new_php5 YRP/webshell_webshells_new_PHP YRP/webshell_webshells_new_Asp YRP/perlbot_pl YRP/php_backdoor_php YRP/Liz0ziM_Private_Safe_Mode_Command_Execuriton_Bypass_Exploit_php YRP/shankar_php_php YRP/Casus15_php_php YRP/small_php_php YRP/shellbot_pl YRP/fuckphpshell_php YRP/ngh_php_php YRP/jsp_reverse_jsp YRP/Tool_asp YRP/NT_Addy_asp YRP/SimAttacker___Vrsion_1_0_0___priv8_4_My_friend_php YRP/phvayvv_php_php YRP/r57shell_php_php YRP/rst_sql_php_php YRP/wh_bindshell_py YRP/lurm_safemod_on_cgi YRP/c99madshell_v2_0_php_php YRP/w3d_php_php YRP/WinX_Shell_html YRP/Dx_php_php YRP/csh_php_php YRP/pHpINJ_php_php YRP/sig_2008_php_php YRP/ak74shell_php_php YRP/Rem_View_php_php YRP/Java_Shell_js YRP/STNC_php_php YRP/aZRaiLPhp_v1_0_php YRP/zacosmall_php YRP/CmdAsp_asp YRP/simple_backdoor_php YRP/mysql_shell_php YRP/Dive_Shell_1_0___Emperor_Hacking_Team_php YRP/Asmodeus_v0_1_pl YRP/Reader_asp YRP/phpshell17_php YRP/SimShell_1_0___Simorgh_Security_MGZ_php YRP/jspshall_jsp YRP/rootshell_php YRP/connectback2_pl YRP/shells_PHP_wso YRP/backdoor1_php YRP/elmaliseker_asp YRP/s72_Shell_v1_1_Coding_html YRP/hidshell_php_php YRP/kacak_asp YRP/PHP_Backdoor_Connect_pl_php YRP/Antichat_Socks5_Server_php_php YRP/Antichat_Shell_v1_3_php YRP/Safe_Mode_Bypass_PHP_4_4_2_and_PHP_5_1_2_php YRP/cyberlords_sql_php_php YRP/Ayyildiz_Tim___AYT__Shell_v_2_1_Biz_html YRP/EFSO_2_asp YRP/lamashell_php YRP/Ajax_PHP_Command_Shell_php YRP/JspWebshell_1_2_jsp YRP/Sincap_php_php YRP/Phyton_Shell_py YRP/sh_php_php YRP/phpjackal_php YRP/sql_php_php YRP/cgi_python_py YRP/ru24_post_sh_php_php YRP/telnetd_pl YRP/php_include_w_shell_php YRP/Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php YRP/shell_php_php YRP/telnet_cgi YRP/ironshell_php YRP/backdoorfr_php YRP/aspydrv_asp YRP/cmdjsp_jsp YRP/h4ntu_shell__powered_by_tsoi_ YRP/Ajan_asp YRP/PHANTASMA_php YRP/MySQL_Web_Interface_Version_0_8_php YRP/multiple_webshells_0002 YRP/multiple_webshells_0003 YRP/multiple_webshells_0005 YRP/multiple_webshells_0010 YRP/multiple_webshells_0013 YRP/multiple_webshells_0015 YRP/multiple_webshells_0016 YRP/multiple_webshells_0018 YRP/multiple_php_webshells YRP/multiple_webshells_0019 YRP/multiple_webshells_0022 YRP/multiple_webshells_0027 YRP/multiple_webshells_0030 YRP/multiple_webshells_0031 YRP/multiple_webshells_0032 YRP/PHP_Cloaked_Webshell_SuperFetchExec YRP/WebShell_dC3_Security_Crew_Shell_PRiV YRP/WebShell_simattacker YRP/WebShell_DTool_Pro YRP/WebShell_ironshell YRP/WebShell_b374k_mini_shell_php_php YRP/WebShell_Sincap_1_0 YRP/WebShell_b374k_php YRP/WebShell_SimAttacker___Vrsion_1_0_0___priv8_4_My_friend YRP/WebShell_h4ntu_shell__powered_by_tsoi_ YRP/WebShell_php_webshells_MyShell YRP/WebShell_php_webshells_pws YRP/WebShell_reader_asp_php YRP/WebShell_Liz0ziM_Private_Safe_Mode_Command_Execuriton_Bypass_Exploit YRP/WebShell_php_backdoor YRP/WebShell_php_webshells_pHpINJ YRP/WebShell_php_webshells_NGH YRP/WebShell_php_webshells_matamu YRP/WebShell_ru24_post_sh YRP/WebShell_hiddens_shell_v1 YRP/WebShell_c99_locus7s YRP/WebShell_safe0ver YRP/WebShell_php_webshells_kral YRP/WebShell_cgitelnet YRP/WebShell_NTDaddy_v1_9 YRP/WebShell_lamashell YRP/WebShell_Simple_PHP_backdoor_by_DK YRP/WebShell_CmdAsp_asp_php YRP/WebShell_NCC_Shell YRP/WebShell_php_webshells_README YRP/WebShell_backupsql YRP/WebShell_AK_74_Security_Team_Web_Shell_Beta_Version YRP/WebShell_php_webshells_cpanel YRP/WebShell_php_webshells_529 YRP/WebShell_qsd_php_backdoor YRP/WebShell_Ayyildiz_Tim___AYT__Shell_v_2_1_Biz YRP/WebShell_Gamma_Web_Shell YRP/WebShell_WinX_Shell YRP/WebShell_php_include_w_shell YRP/WebShell_PhpSpy_Ver_2006 YRP/WebShell_php_webshells_myshell YRP/WebShell_php_webshells_lolipop YRP/WebShell_simple_cmd YRP/WebShell_go_shell YRP/WebShell_aZRaiLPhp_v1_0 YRP/WebShell_webshells_zehir4 YRP/WebShell_zehir4_asp_php YRP/WebShell_php_webshells_lostDC YRP/WebShell_CasuS_1_5 YRP/WebShell__Ajax_PHP_Command_Shell_Ajax_PHP_Command_Shell_soldierofallah YRP/WebShell__Small_Web_Shell_by_ZaCo_small_zaco_zacosmall YRP/WebShell_Generic_PHP_1 YRP/WebShell__CrystalShell_v_1_erne_stres YRP/WebShell_Generic_PHP_5 YRP/WebShell__findsock_php_findsock_shell_php_reverse_shell YRP/WebShell_Generic_PHP_6 YRP/Unpack_Injectt YRP/FeliksPack3___PHP_Shells_ssh YRP/bin_Client YRP/ZXshell2_0_rar_Folder_ZXshell YRP/RkNTLoad YRP/binder2_binder2 YRP/thelast_orice2 YRP/sendmail YRP/FSO_s_zehir4 YRP/hkshell_hkshell YRP/DarkSpy105 YRP/EditServer_Webshell YRP/FSO_s_reader YRP/svchostdll YRP/HYTop_DevPack_server YRP/vanquish YRP/BIN_Client YRP/Simple_PHP_BackDooR YRP/hkshell_hkrmv YRP/FeliksPack3___PHP_Shells_phpft YRP/bdcli100 YRP/rdrbs084 YRP/HYTop_CaseSwitch_2005 YRP/FSO_s_casus15_2 YRP/installer YRP/elmaliseker YRP/shelltools_g0t_root_resolve YRP/shelltools_g0t_root_Fport YRP/HYTop_DevPack_upload YRP/PasswordReminder YRP/rknt_zip_Folder_RkNT YRP/dbgntboot YRP/PHP_shell YRP/rdrbs100 YRP/Mithril_Mithril YRP/hkdoordll YRP/Mithril_v1_45_dllTest YRP/dbgiis6cli YRP/Debug_cress YRP/FeliksPack3___PHP_Shells_usr YRP/FSO_s_phpinj YRP/xssshell_db YRP/EditServer_Webshell_2 YRP/by064cli YRP/Mithril_dllTest YRP/connector YRP/shelltools_g0t_root_HideRun YRP/regshell YRP/PHP_Shell_v1_7 YRP/xssshell_save YRP/screencap YRP/ZXshell2_0_rar_Folder_zxrecv YRP/_root_040_zip_Folder_deploy YRP/by063cli YRP/icyfox007v1_10_rar_Folder_asp YRP/byshell063_ntboot_2 YRP/shelltools_g0t_root_xwhois YRP/vanquish_2 YRP/ZXshell2_0_rar_Folder_nc YRP/BIN_Server YRP/HYTop2006_rar_Folder_2006 YRP/HDConfig YRP/Webshell_and_Exploit_CN_APT_HK YRP/Pastebin_Webshell YRP/Borland YRP/possible_exploit YRP/powershell YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/Dropper_Strings YRP/Base64d_PE YRP/Misc_Suspicious_Strings YRP/SEH__vba YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_sandboxie YRP/inject_thread YRP/network_tcp_listen YRP/network_dyndns YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/sniff_lan YRP/win_registry YRP/win_token YRP/win_files_operation YRP/android_meterpreter YRP/Mal_http_EXE YRP/Mal_PotPlayer_DLL YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/WoolenGoldfish_Sample_1 YRP/WoolenGoldfish_Generic_3 YRP/Cerberus YRP/eval_post YRP/md5_71a7c769e644d8cf3cf32419239212c7 YRP/ScanBox_Malware_Generic YRP/Base64_encoded_Executable YRP/Invoke_mimikittenz YRP/GEN_PowerShell YRP/Nanocore_RAT_Gen_1 YRP/Nanocore_RAT_Gen_2 YRP/apt_hellsing_implantstrings YRP/FavoriteStrings YRP/NaikonStrings YRP/Naikon YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/EQGRP_create_dns_injection YRP/EQGRP_screamingplow YRP/EQGRP_MixText YRP/EQGRP_tunnel_state_reader YRP/EQGRP_payload YRP/EQGRP_eligiblecandidate YRP/EQGRP_BUSURPER_2211_724 YRP/EQGRP_networkProfiler_orderScans YRP/EQGRP_epicbanana_2_1_0_1 YRP/EQGRP_sniffer_xml2pcap YRP/EQGRP_BananaAid YRP/EQGRP_config_jp1_UA YRP/EQGRP_userscript YRP/EQGRP_BUSURPER_3001_724 YRP/EQGRP_workit YRP/EQGRP_tinyhttp_setup YRP/EQGRP_EPBA YRP/EQGRP_jetplow_SH YRP/EQGRP_extrabacon YRP/EQGRP_sploit_py YRP/EQGRP_uninstallPBD YRP/EQGRP_BICECREAM YRP/EQGRP_BFLEA_2201 YRP/EQGRP_StoreFc YRP/EQGRP_BBALL YRP/EQGRP_BARPUNCH_BPICKER YRP/EQGRP_Implants_Gen5 YRP/EQGRP_pandarock YRP/EQGRP_BananaUsurper_writeJetPlow YRP/EQGRP_Implants_Gen4 YRP/EQGRP_Implants_Gen3 YRP/EQGRP_BLIAR_BLIQUER YRP/EQGRP_sploit YRP/EQGRP_Implants_Gen2 YRP/EQGRP_Implants_Gen1 YRP/EQGRP_ssh_telnet_29 YRP/EQGRP_callbacks YRP/EQGRP_Extrabacon_Output YRP/EQGRP_Unique_Strings YRP/JavaDropper YRP/QuarksPwDump_Gen YRP/ZhoupinExploitCrew YRP/BackDoorLogger YRP/Jasus YRP/ShellCreator2 YRP/SmartCopy2 YRP/TinyZBot YRP/antivirusdetector YRP/csext YRP/kagent YRP/mimikatzWrapper YRP/pvz_in YRP/zhLookUp YRP/zhmimikatz YRP/OPCLEAVER_BackDoorLogger YRP/OPCLEAVER_Jasus YRP/OPCLEAVER_ShellCreator2 YRP/OPCLEAVER_SmartCopy2 YRP/OPCLEAVER_SynFlooder YRP/OPCLEAVER_TinyZBot YRP/OPCLEAVER_ZhoupinExploitCrew YRP/OPCLEAVER_antivirusdetector YRP/OPCLEAVER_csext YRP/OPCLEAVER_kagent YRP/OPCLEAVER_mimikatzWrapper YRP/OPCLEAVER_pvz_in YRP/OPCLEAVER_zhLookUp YRP/OPCLEAVER_zhmimikatz YRP/OPCLEAVER_CCProxy_Config YRP/Payload_Exe2Hex YRP/Codoso_CustomTCP_4 YRP/Codoso_Gh0st_3 YRP/Codoso_Gh0st_1 YRP/Codoso_PGV_PVID_1 YRP/Havex_Trojan_PHP_Server YRP/Turla_APT_Malware_Gen1 YRP/Turla_APT_Malware_Gen2 YRP/Turla_APT_Malware_Gen3 YRP/shimrat YRP/shimratreporter YRP/FiveEyes_QUERTY_Malwaresig_20123_cmdDef YRP/FiveEyes_QUERTY_Malwareqwerty_20123 YRP/FiveEyes_QUERTY_Malwaresig_20120_cmdDef YRP/FiveEyes_QUERTY_Malwaresig_20121_cmdDef YRP/apt_equation_equationlaser_runtimeclasses YRP/EquationDrug_HDDSSD_Op YRP/Sofacy_Fybis_ELF_Backdoor_Gen1 YRP/WaterBug_wipbot_2013_dll YRP/Casper_Included_Strings YRP/Casper_SystemInformation_Output YRP/suspicious_packer_section YRP/APT_Malware_PutterPanda_Rel YRP/WindowsCredentialEditor YRP/Amplia_Security_Tool YRP/PwDump YRP/PScan_Portscan_1 YRP/HackTool_Samples YRP/Fierce2 YRP/Ncrack YRP/SQLMap YRP/PortScanner YRP/NetBIOS_Name_Scanner YRP/FeliksPack3___Scanners_ipscan YRP/IP_Stealing_Utilities YRP/PortRacer YRP/scanarator YRP/_Bitchin_Threads_ YRP/portscan YRP/ProPort_zip_Folder_ProPort YRP/StealthWasp_s_Basic_PortScanner_v1_2 YRP/BluesPortScan YRP/scanarator_iis YRP/Angry_IP_Scanner_v2_08_ipscan YRP/crack_Loader YRP/Beastdoor_Backdoor YRP/Powershell_Netcat YRP/CN_Hacktool_MilkT_Scanner YRP/WCE_Modified_1_1014 YRP/iKAT_command_lines_agent YRP/iKAT_startbar YRP/BypassUac2 YRP/BypassUac_9 YRP/APT_Proxy_Malware_Packed_dev YRP/Ncat_Hacktools_CN YRP/MS08_067_Exploit_Hacktools_CN YRP/Hacktools_CN_Burst_sql YRP/Hacktools_CN_Panda_445TOOL YRP/Hacktools_CN_WinEggDrop YRP/Hacktools_CN_Panda_Burst YRP/Hacktools_CN_GOGOGO_Bat YRP/Hacktools_CN_Burst_pass YRP/Hacktools_CN_JoHor_Posts_Killer YRP/Hacktools_CN_Burst_Start YRP/Hacktools_CN_Burst_Blast YRP/VUBrute_VUBrute YRP/VUBrute_config YRP/sig_238_listip YRP/ArtTrayHookDll YRP/EditServer_HackTool YRP/sig_238_letmein YRP/sig_238_token YRP/sig_238_webget YRP/ASPack_Chinese YRP/sig_238_filespy YRP/EditKeyLogReadMe YRP/PassSniffer_zip_Folder_readme YRP/EditKeyLog YRP/PassSniffer YRP/UnPack_rar_Folder_InjectT YRP/Jc_WinEggDrop_Shell YRP/UnPack_rar_Folder_TBack YRP/ByPassFireWall_zip_Folder_Inject YRP/sig_238_sqlcmd YRP/sig_238_2323 YRP/CleanIISLog YRP/sqlcheck YRP/sig_238_RunAsEx YRP/SplitJoin_V1_3_3_rar_Folder_3 YRP/InstGina YRP/sig_238_findoor YRP/WinEggDropShellFinal_zip_Folder_InjectT YRP/gina_zip_Folder_gina YRP/sig_238_xsniff YRP/sig_238_fscan YRP/_FsHttp_FsPop_FsSniffer YRP/Ammyy_Admin_AA_v3 YRP/LinuxHacktool_eyes_scanssh YRP/LinuxHacktool_eyes_pscan2 YRP/LinuxHacktool_eyes_a YRP/LinuxHacktool_eyes_mass YRP/CN_Toolset__XScanLib_XScanLib_XScanLib YRP/CN_Toolset_NTscan_PipeCmd YRP/CN_Toolset_sig_1433_135_sqlr YRP/Mimikatz_Memory_Rule_1 YRP/Mimikatz_Memory_Rule_2 YRP/Mimikatz_Logfile YRP/VSSown_VBS YRP/ccrewMiniasp YRP/MiniASP YRP/Anthem_DeepPanda_lot1 YRP/Anthem_DeepPanda_htran_exe YRP/KINS_dropper YRP/IronTiger_ASPXSpy YRP/IronTiger_wmiexec YRP/IronPanda_DNSTunClient YRP/IronPanda_Malware_Htran YRP/Trojan_Win32_Plaplex YRP/Trojan_Win32_Adupib YRP/IMPLANT_3_v1 YRP/PoseidonGroup_Malware YRP/liudoor YRP/BernhardPOS YRP/Unit78020_Malware_Gen1 YRP/Unit78020_Malware_Gen3 FlorianRoth/QuarksPwDump_Gen FlorianRoth/KINS_dropper FlorianRoth/Win_PrivEsc_gp3finder_v4_0 FlorianRoth/Win_PrivEsc_folderperm FlorianRoth/FiveEyes_QUERTY_Malwaresig_20123_cmdDef FlorianRoth/FiveEyes_QUERTY_Malwareqwerty_20123 FlorianRoth/FiveEyes_QUERTY_Malwaresig_20120_cmdDef FlorianRoth/FiveEyes_QUERTY_Malwaresig_20121_cmdDef FlorianRoth/Nidiran_Trojan_1 FlorianRoth/Nidiran_Trojan_3 FlorianRoth/Mal_http_EXE FlorianRoth/Mal_PotPlayer_DLL FlorianRoth/ScanBox_Malware_Generic FlorianRoth/EQGRP_create_dns_injection FlorianRoth/EQGRP_screamingplow FlorianRoth/EQGRP_MixText FlorianRoth/EQGRP_tunnel_state_reader FlorianRoth/EQGRP_payload FlorianRoth/EQGRP_eligiblecandidate FlorianRoth/EQGRP_BUSURPER_2211_724 FlorianRoth/EQGRP_networkProfiler_orderScans FlorianRoth/EQGRP_epicbanana_2_1_0_1 FlorianRoth/EQGRP_sniffer_xml2pcap FlorianRoth/EQGRP_BananaAid FlorianRoth/EQGRP_config_jp1_UA FlorianRoth/EQGRP_userscript FlorianRoth/EQGRP_BUSURPER_3001_724 FlorianRoth/EQGRP_workit FlorianRoth/EQGRP_tinyhttp_setup FlorianRoth/EQGRP_EPBA FlorianRoth/EQGRP_jetplow_SH FlorianRoth/EQGRP_extrabacon FlorianRoth/EQGRP_sploit_py FlorianRoth/EQGRP_uninstallPBD FlorianRoth/EQGRP_BICECREAM FlorianRoth/EQGRP_BFLEA_2201 FlorianRoth/EQGRP_StoreFc FlorianRoth/EQGRP_BBALL FlorianRoth/EQGRP_BARPUNCH_BPICKER FlorianRoth/EQGRP_Implants_Gen5 FlorianRoth/EQGRP_pandarock FlorianRoth/EQGRP_BananaUsurper_writeJetPlow FlorianRoth/EQGRP_Implants_Gen4 FlorianRoth/EQGRP_Implants_Gen3 FlorianRoth/EQGRP_BLIAR_BLIQUER FlorianRoth/EQGRP_sploit FlorianRoth/EQGRP_Implants_Gen2 FlorianRoth/EQGRP_Implants_Gen1 FlorianRoth/EQGRP_ssh_telnet_29 FlorianRoth/EQGRP_callbacks FlorianRoth/EQGRP_Extrabacon_Output FlorianRoth/EQGRP_Unique_Strings FlorianRoth/OPCLEAVER_BackDoorLogger FlorianRoth/OPCLEAVER_Jasus FlorianRoth/OPCLEAVER_ShellCreator2 FlorianRoth/OPCLEAVER_SmartCopy2 FlorianRoth/OPCLEAVER_SynFlooder FlorianRoth/OPCLEAVER_TinyZBot FlorianRoth/OPCLEAVER_ZhoupinExploitCrew FlorianRoth/OPCLEAVER_antivirusdetector FlorianRoth/OPCLEAVER_csext FlorianRoth/OPCLEAVER_kagent FlorianRoth/OPCLEAVER_mimikatzWrapper FlorianRoth/OPCLEAVER_pvz_in FlorianRoth/OPCLEAVER_zhLookUp FlorianRoth/OPCLEAVER_zhmimikatz FlorianRoth/OPCLEAVER_CCProxy_Config FlorianRoth/ONHAT_Proxy_Hacktool FlorianRoth/RAT_JavaDropper FlorianRoth/malware_sakula_memory FlorianRoth/Casper_Included_Strings FlorianRoth/Casper_SystemInformation_Output FlorianRoth/GhostDragon_Gh0stRAT FlorianRoth/GhostDragon_Gh0stRAT_Sample2 FlorianRoth/kerberoast_PY FlorianRoth/WiltedTulip_ReflectiveLoader FlorianRoth/WindowsShell_s3 FlorianRoth/WindosShell_s1 FlorianRoth/WindowsShell_Gen FlorianRoth/WindowsShell_Gen2 FlorianRoth/ps1_toolkit_Invoke_Shellcode FlorianRoth/ps1_toolkit_Invoke_Mimikatz FlorianRoth/ps1_toolkit_Invoke_RelfectivePEInjection FlorianRoth/ps1_toolkit_Persistence FlorianRoth/ps1_toolkit_Invoke_Mimikatz_RelfectivePEInjection FlorianRoth/ps1_toolkit_Inveigh_BruteForce_2 FlorianRoth/ps1_toolkit_Persistence_2 FlorianRoth/ps1_toolkit_Inveigh_BruteForce_3 FlorianRoth/Pirpi_1609_A FlorianRoth/Pirpi_1609_B FlorianRoth/Regin_Related_Malware FlorianRoth/Unit78020_Malware_Gen1 FlorianRoth/Unit78020_Malware_Gen3 FlorianRoth/APT_Liudoor FlorianRoth/CoreImpact_sysdll_exe FlorianRoth/IronPanda_DNSTunClient FlorianRoth/IronPanda_Malware_Htran FlorianRoth/DeepPanda_lot1 FlorianRoth/DeepPanda_htran_exe FlorianRoth/Empire_Invoke_Mimikatz FlorianRoth/APT_Malware_CommentCrew_MiniASP FlorianRoth/Metasploit_Loader_RSMudge FlorianRoth/Sofacy_Fybis_ELF_Backdoor_Gen1 FlorianRoth/FourElementSword_Config_File FlorianRoth/FourElementSword_ElevateDLL_2 FlorianRoth/PoseidonGroup_Malware FlorianRoth/apt_equation_equationlaser_runtimeclasses FlorianRoth/EquationDrug_HDDSSD_Op FlorianRoth/PoisonIvy_Sample_6 FlorianRoth/Payload_Exe2Hex FlorianRoth/Fidelis_Advisory_cedt370 FlorianRoth/WaterBug_wipbot_2013_dll FlorianRoth/apt_hellsing_implantstrings FlorianRoth/IMPLANT_3_v1 FlorianRoth/BernhardPOS FlorianRoth/Turla_APT_Malware_Gen1 FlorianRoth/Turla_APT_Malware_Gen2 FlorianRoth/Turla_APT_Malware_Gen3 FlorianRoth/APT_Project_Sauron_Scripts FlorianRoth/APT_Project_Sauron_arping_module FlorianRoth/APT_Project_Sauron_kblogi_module FlorianRoth/APT_Project_Sauron_basex_module FlorianRoth/APT_Project_Sauron_dext_module FlorianRoth/Invoke_mimikittenz FlorianRoth/APT_Malware_PutterPanda_Rel FlorianRoth/APT6_Malware_Sample_Gen FlorianRoth/Codoso_CustomTCP_4 FlorianRoth/Codoso_Gh0st_3 FlorianRoth/Codoso_Gh0st_1 FlorianRoth/Codoso_PGV_PVID_1 FlorianRoth/PlugX_J16_Gen2 FlorianRoth/NTLM_Dump_Output FlorianRoth/shimrat FlorianRoth/shimratreporter FlorianRoth/WoolenGoldfish_Sample_1 FlorianRoth/WoolenGoldfish_Generic_3 FlorianRoth/Hacktool_Strings_p0wnedShell FlorianRoth/Keylogger_CN_APT FlorianRoth/Nanocore_RAT_Gen_1 FlorianRoth/Nanocore_RAT_Gen_2 FlorianRoth/Trojan_Win32_Plaplex FlorianRoth/Trojan_Win32_Adupib KevTheHermit/JavaDropper
17f54e838b931abe402de9355a791e89	ASCII	2019-10-25 22:21:55	User Submission	CuckooSandbox/embedded_win_api CuckooSandbox/vmdetect YRP/domain YRP/url [+] YRP/contentis_base64 YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/Qemu_Detection YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__RemoteAPI YRP/Check_Dlls YRP/Check_Wine YRP/vmdetect YRP/anti_dbg YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/vmdetect_misc YRP/Big_Numbers1 YRP/BernhardPOS FlorianRoth/BernhardPOS
c8d9ce62c73d6cb4f78251d5d2c98865	ASCII	2019-10-25 22:22:50	User Submission	CuckooSandbox/embedded_win_api CuckooSandbox/vmdetect YRP/domain YRP/IP [+] YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/Misc_Suspicious_Strings YRP/Check_Dlls YRP/Check_Wine YRP/vmdetect YRP/anti_dbgtools YRP/antisb_sandboxie YRP/disable_antivirus YRP/disable_firewall YRP/network_tcp_listen YRP/spreading_file YRP/vmdetect_misc YRP/Big_Numbers1 YRP/BASE64_table YRP/DarkComet_1 YRP/liudoor FlorianRoth/APT_Liudoor
ff4183aef842a4b106733e1d81a1bc23	ASCII	2019-10-25 22:23:27	User Submission	CuckooSandbox/embedded_win_api CuckooSandbox/vmdetect YRP/domain YRP/IP [+] YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/RE_Tools YRP/Antivirus YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Active YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/antivm_vmware YRP/disable_antivirus YRP/disable_firewall YRP/disable_dep YRP/inject_thread YRP/create_service YRP/create_com_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_dyndns YRP/network_smtp_dotNet YRP/network_smtp_raw YRP/network_smtp_vb YRP/network_p2p_win YRP/network_irc YRP/network_http YRP/network_dropper YRP/network_ftp YRP/network_tcp_socket YRP/network_dns YRP/network_ssl YRP/network_dga YRP/bitcoin YRP/escalate_priv YRP/screenshot YRP/lookupip YRP/lookupgeo YRP/keylogger YRP/cred_local YRP/sniff_audio YRP/cred_ff YRP/cred_vnc YRP/cred_ie7 YRP/sniff_lan YRP/migrate_apc YRP/spreading_file YRP/spreading_share YRP/rat_vnc YRP/rat_rdp YRP/rat_webcam YRP/win_mutex YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/Advapi_Hash_API YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
0c43fe0726c08a3f6b10613c91aff716	PE32	2019-11-02 13:40:34	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsDLL [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Dropper_Strings YRP/SEH__vectored YRP/Check_Dlls YRP/antisb_threatExpert YRP/inject_thread YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/network_dga YRP/bitcoin YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/cred_ff YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Advapi_Hash_API YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/DES_sbox YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/with_sqlite YRP/suspicious_packer_section
ac016f059127d313203fef4df786f512	PE32	2019-11-03 13:04:14	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/D1S1Gv11betaD1N [+] YRP/IsPE32 YRP/IsWindowsGUI YRP/IsBeyondImageSize YRP/borland_delphi YRP/borland_delphi_dll YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/VM_Generic_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbgtools YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/disable_antivirus YRP/inject_thread YRP/create_service YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/sniff_audio YRP/cred_ff YRP/spreading_share YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/DarkComet_1 YRP/DarkComet_3 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet
468f76b72c5195c24e29391cc630ed9f	PE32	2019-11-07 13:01:22	http://m9f.oss-cn-beijing.aliyuncs.com/360se....	CuckooSandbox/vmdetect YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional [+] YRP/Microsoft_Visual_Cpp_50 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/Browsers YRP/RE_Tools YRP/Antivirus YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/Check_Dlls YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_sandboxie YRP/network_tcp_listen YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/UPX YRP/suspicious_packer_section
a6a4f7fdc3b2518b155011bcea0b7ee0	PE32	2019-11-24 11:43:17	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET [+] YRP/Microsoft_Visual_Studio_NET_additional YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/ThreadControl__Context YRP/Check_Dlls YRP/vmdetect YRP/anti_dbgtools YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/cred_local YRP/cred_ff YRP/win_registry YRP/win_files_operation
002d1d3bb488b5680f22c66f61fbcd57	MS-DOS	2019-11-24 13:28:20	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsBeyondImageSize YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Check_Dlls YRP/vmdetect YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/Delphi_CompareCall YRP/Delphi_Copy
a3fb0ecf4e32f8ecf788ff6e2aa24584	PE32	2019-11-24 14:00:15	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
05d84dac0c10fb6c00299f5d41fcaade	PE32	2019-11-24 14:05:17	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
040004140cc1484a0e94b7472082f255	PE32	2019-11-24 14:05:49	User Submission	YRP/Microsoft_Visual_Basic_v50v60 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 YRP/Microsoft_Visual_Basic_v50_additional [+] YRP/Microsoft_Visual_Basic_v50v60_additional YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64 YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/SEH__vba YRP/Check_Dlls
051dd22d698e8fe21602ebfa580d4f97	PE32	2019-11-24 14:21:29	User Submission	YRP/Microsoft_Visual_Basic_v50v60 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 YRP/Microsoft_Visual_Basic_v50_additional [+] YRP/Microsoft_Visual_Basic_v50v60_additional YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/SEH__vba YRP/Check_Dlls
062cc9c0f7b46502915a6a732d10a276	PE32	2019-11-24 14:22:41	User Submission	YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/SEH__vba YRP/Check_Dlls
a1da1c2f7eca67a9a031d059fb5afdb6	PE32	2019-11-25 00:11:48	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsDLL [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Dropper_Strings YRP/SEH__vectored YRP/Check_Dlls YRP/antisb_threatExpert YRP/inject_thread YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/network_dga YRP/bitcoin YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/cred_ff YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Advapi_Hash_API YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/DES_sbox YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/with_sqlite YRP/suspicious_packer_section
135438fe6a2caafecc3514638a8021e5	PE32	2019-11-28 20:01:44	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsDLL [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Dropper_Strings YRP/SEH__vectored YRP/Check_Dlls YRP/antisb_threatExpert YRP/inject_thread YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/network_dga YRP/bitcoin YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/cred_ff YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Advapi_Hash_API YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/DES_sbox YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/with_sqlite YRP/suspicious_packer_section
7a0f7dc9e6f358e6cb0750d49487759f	PE32	2019-11-28 23:51:24	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsDLL [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Dropper_Strings YRP/SEH__vectored YRP/Check_Dlls YRP/antisb_threatExpert YRP/inject_thread YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/network_dga YRP/bitcoin YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/cred_ff YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Advapi_Hash_API YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/DES_sbox YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/with_sqlite YRP/suspicious_packer_section
bbac65da3599ab3533ee46cf44810bd4	PE32	2019-12-02 20:24:59	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/keylogger YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
3a7e1608b95af005a386ad742878f40e	PE32	2019-12-02 20:25:01	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/D1S1Gv11betaD1N [+] YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/borland_delphi YRP/borland_delphi_dll YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/escalate_priv YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Delphi_Random YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Cerberus
30ae8004a14f188d40c024124022d63d	PE32	2019-12-26 03:17:36	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/Sandboxie_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/Check_Dlls YRP/inject_thread YRP/network_smtp_dotNet YRP/network_dns YRP/screenshot YRP/keylogger YRP/cred_local YRP/cred_ff YRP/rat_webcam YRP/win_registry YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/android_meterpreter YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/DES_Long YRP/DES_sbox YRP/Str_Win32_Wininet_Library YRP/with_sqlite YRP/CAP_HookExKeylogger
6358e617f0a77cb4e8644325172d38fe	PE32	2020-01-08 09:32:30	User Submission	CuckooSandbox/vmdetect YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional [+] YRP/Borland_Delphi_30_ YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional YRP/Borland_Delphi_v60_v70 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/UPXv20MarkusLaszloReiser YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/UPX20030XMarkusOberhumerLaszloMolnarJohnReiser YRP/BobSoftMiniDelphiBoBBobSoft YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/Qemu_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/Check_Dlls YRP/Check_Qemu_Description YRP/Check_VBox_Description YRP/vmdetect YRP/antisb_sandboxie YRP/antivm_bios YRP/disable_antivirus YRP/network_smtp_raw YRP/network_http YRP/network_dropper YRP/network_ftp YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/lookupip YRP/keylogger YRP/cred_local YRP/cred_ff YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/BLOWFISH_Constants YRP/MD5_Constants YRP/DES_Long YRP/BASE64_table YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/UPX YRP/suspicious_packer_section
04181c979031d96590c8cd4f93549e5b	PE32	2020-01-13 14:15:32	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Sandboxie_Detection YRP/ThreadControl__Context YRP/Check_Dlls YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/win_mutex FlorianRoth/DragonFly_APT_Sep17_3
0b9518217ba3f0cbf863af0fb53b7789	PE32	2020-01-13 16:01:10	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
12c27c87bdfe47910effd55a443b7cbd	PE32	2020-01-13 16:30:38	User Submission	YRP/Microsoft_Visual_Basic_v50v60 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 YRP/Microsoft_Visual_Basic_v50_additional [+] YRP/Microsoft_Visual_Basic_v50v60_additional YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/SEH__vba YRP/Check_Dlls YRP/screenshot YRP/keylogger YRP/win_hook YRP/Big_Numbers1 YRP/Str_Win32_Wininet_Library
d1c135b5f2cb09075fb22efda608eb67	PE32	2020-01-13 18:01:49	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/network_dyndns YRP/escalate_priv YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/Delphi_CompareCall YRP/Delphi_Copy
0fb4f5fceb96ae824e83bb25869538d2	PE32	2020-01-13 19:02:10	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Basic_v50v60 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 [+] YRP/Microsoft_Visual_Basic_v50_additional YRP/Microsoft_Visual_Basic_v50v60_additional YRP/IsPE32 YRP/IsWindowsGUI YRP/IsBeyondImageSize YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/SEH__vba YRP/Check_Dlls YRP/vmdetect YRP/anti_dbgtools YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antivm_vmware YRP/disable_firewall YRP/hijack_network YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/rat_rdp YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/Big_Numbers1 YRP/CRC32_poly_Constant YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
0d94bccef29ad0f33ffc6faf23a3814e	PE32	2020-01-13 20:33:07	User Submission	YRP/Microsoft_Visual_Basic_v50v60 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 YRP/Microsoft_Visual_Basic_v50_additional [+] YRP/Microsoft_Visual_Basic_v50v60_additional YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/System_Tools YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/Qemu_Detection YRP/SEH__vba YRP/Check_Dlls YRP/win_registry
07c5e94cc061a82be910fba01cf33c84	PE32	2020-01-13 21:21:21	User Submission	YRP/Microsoft_Visual_Basic_v50v60 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 YRP/Microsoft_Visual_Basic_v50_additional [+] YRP/Microsoft_Visual_Basic_v50v60_additional YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/SEH__vba YRP/Check_Dlls
08658bacb51e7f627853a8e3393d7ba2	PE32	2020-01-13 21:23:13	User Submission	YRP/Microsoft_Visual_Basic_v50v60 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 YRP/Microsoft_Visual_Basic_v50_additional [+] YRP/Microsoft_Visual_Basic_v50v60_additional YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Sandboxie_Detection YRP/SEH__vba YRP/Check_Dlls FlorianRoth/DragonFly_APT_Sep17_3
0a63b07d83a804c2402fc900b1a60089	PE32	2020-01-15 09:19:38	User Submission	YRP/Microsoft_Visual_Basic_v50v60 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 YRP/Microsoft_Visual_Basic_v50_additional [+] YRP/Microsoft_Visual_Basic_v50v60_additional YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/Misc_Suspicious_Strings YRP/SEH__vba YRP/Check_Dlls YRP/Big_Numbers1
19324bd544545c7b2c37b3ed5884580b	PE32	2020-01-15 09:20:59	User Submission	YRP/Microsoft_Visual_Basic_v50v60 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 YRP/Microsoft_Visual_Basic_v50_additional [+] YRP/Microsoft_Visual_Basic_v50v60_additional YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/Misc_Suspicious_Strings YRP/SEH__vba YRP/Check_Dlls YRP/cred_local YRP/win_registry YRP/win_private_profile YRP/win_files_operation YRP/Advapi_Hash_API YRP/BLOWFISH_Constants YRP/TEAN YRP/Str_Win32_Wininet_Library
102f0f95452fb0f1cbbcb27c1e33c557	PE32	2020-01-15 10:32:08	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/Browsers YRP/VM_Generic_Detection YRP/Sandboxie_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/antisb_sandboxie YRP/disable_antivirus YRP/inject_thread YRP/create_service YRP/network_udp_sock YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/sniff_audio YRP/cred_ff YRP/spreading_share YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/DarkComet_1 YRP/DarkComet_3 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet
13321a7e707352fb1df772b48c855c79	PE32	2020-01-15 11:15:05	User Submission	YRP/Microsoft_Visual_Basic_v50v60 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 YRP/Microsoft_Visual_Basic_v50_additional [+] YRP/Microsoft_Visual_Basic_v50v60_additional YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/System_Tools YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/SEH__vba YRP/Check_Dlls
1b2f3f017ffbc5a19d5fa3af2c29d4a4	PE32	2020-01-15 14:57:45	User Submission	YRP/Microsoft_Visual_Basic_v50v60 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 YRP/Microsoft_Visual_Basic_v50_additional [+] YRP/Microsoft_Visual_Basic_v50v60_additional YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/RE_Tools YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/SEH__vba YRP/Check_Dlls YRP/WMI_VM_Detect
184b7c1128d8a5970b9261b1641fef24	PE32	2020-01-15 16:12:56	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/keylogger YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
17b015b2061fce16d1147f5b1e2996c6	PE32	2020-01-15 16:13:03	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/D1S1Gv11betaD1N [+] YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/borland_delphi_dll YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/VM_Generic_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/Check_VBox_Description YRP/vmdetect YRP/anti_dbgtools YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/antivm_bios YRP/disable_antivirus YRP/inject_thread YRP/create_service YRP/network_udp_sock YRP/network_dyndns YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/sniff_audio YRP/cred_ff YRP/spreading_share YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/DarkComet_1 YRP/DarkComet_3 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet
16304dd8bfa9d31d07101b25d27fbf88	PE32	2020-01-15 16:13:15	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/keylogger YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
623cd1328922dcf39293298931e65677	PE32	2020-01-15 16:13:18	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsPacked YRP/IsBeyondImageSize YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
9b8cff9db1fdc8d5ca111f3ee008a0d8	data	2020-02-28 19:53:27	User Submission	CuckooSandbox/embedded_win_api YRP/possible_includes_base64_packed_functions YRP/powershell YRP/domain [+] YRP/IP YRP/url YRP/contentis_base64 YRP/Antivirus YRP/Sandboxie_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/Check_Dlls YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/disable_antivirus YRP/inject_thread YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/Advapi_Hash_API YRP/BASE64_table YRP/MALW_trickbot_bankBot YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API FlorianRoth/Msfpayloads_msf_ref
608dd984fb65b9c1ce23755fb2bb8ab7	PE32	2020-03-10 11:59:03	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/maldoc_find_kernel32_base_method_1 [+] YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/Qemu_Detection YRP/DebuggerHiding__Thread YRP/SEH__vba YRP/Check_Dlls YRP/disable_dep
14880e8ebbc1b28ff5b2a6191a3d2d34	PE32	2020-03-11 10:32:46	User Submission	YRP/Microsoft_Visual_Basic_v50v60 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 YRP/Microsoft_Visual_Basic_v50_additional [+] YRP/Microsoft_Visual_Basic_v50v60_additional YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/Qemu_Detection YRP/DebuggerHiding__Thread YRP/SEH__vba YRP/Check_Dlls YRP/disable_dep
d5456db146eac77aa68887e3ae2e1bae	PE32	2020-04-07 15:37:05	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/maldoc_find_kernel32_base_method_1 [+] YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/Qemu_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerHiding__Thread YRP/SEH__vba YRP/Check_Dlls YRP/disable_dep
534e692453d23cee960f25babbd8e7e5	PE32	2020-04-07 15:37:34	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/maldoc_find_kernel32_base_method_1 [+] YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/Qemu_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerHiding__Thread YRP/SEH__vba YRP/Check_Dlls YRP/disable_dep
7d12f34f1cb9e36a5f5adb40c711c8f0	PE32	2020-04-08 13:05:32	User Submission	YRP/Microsoft_Visual_Basic_v50v60 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 YRP/Microsoft_Visual_Basic_v50_additional [+] YRP/Microsoft_Visual_Basic_v50v60_additional YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/Qemu_Detection YRP/DebuggerHiding__Thread YRP/SEH__vba YRP/Check_Dlls YRP/disable_dep
baf9972d451512ad7493185b927febc5	PE32	2020-04-22 03:12:04	Zemana Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasDebugData YRP/IsBeyondImageSize YRP/HasRichSignature YRP/QtFrameWork YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Sandboxie_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_sandboxie YRP/disable_dep YRP/create_service YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/cred_local YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers1 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/Str_Win32_Winsock2_Library YRP/GenerateTLSClientHelloPacket_Test
e8b09ad1049be752f15ce4fbc0a9bdc8	PE32	2020-04-25 07:41:37	User Submission	YRP/Microsoft_Visual_Basic_v50v60 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 YRP/Microsoft_Visual_Basic_v50_additional [+] YRP/Microsoft_Visual_Basic_v50v60_additional YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/Sandboxie_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerHiding__Thread YRP/SEH__vba YRP/Check_Dlls YRP/disable_dep
fd06c463359925a5954f14f32ab11a53	PE32	2020-04-25 07:44:35	User Submission	YRP/Microsoft_Visual_Basic_v50v60 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 YRP/Microsoft_Visual_Basic_v50_additional [+] YRP/Microsoft_Visual_Basic_v50v60_additional YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/Sandboxie_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerHiding__Thread YRP/SEH__vba YRP/Check_Dlls YRP/disable_dep
e0d6c13ebb253ee55002a36a9734d35b	PE32+	2020-05-07 03:05:50	Zemana Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/IsBeyondImageSize YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/VM_Generic_Detection YRP/Sandboxie_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/Check_Dlls YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/antisb_threatExpert YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/android_meterpreter YRP/CRC32_poly_Constant YRP/BLOWFISH_Constants YRP/MD5_Constants YRP/BASE64_table YRP/Str_Win32_Http_API
446a93f50a7b8da206ece46830ed1b2a	PE32+	2020-05-11 03:09:57	Zemana Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/IsBeyondImageSize YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/VM_Generic_Detection YRP/Sandboxie_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/Check_Dlls YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/antisb_threatExpert YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/android_meterpreter YRP/CRC32_poly_Constant YRP/BLOWFISH_Constants YRP/MD5_Constants YRP/BASE64_table YRP/Str_Win32_Http_API
8636da46200432e0a74e241f3392aaa5	PE32	2020-05-18 07:50:57	User Submission	YRP/Microsoft_Visual_Basic_v50v60 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 YRP/Microsoft_Visual_Basic_v50_additional [+] YRP/Microsoft_Visual_Basic_v50v60_additional YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/Qemu_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerHiding__Thread YRP/SEH__vba YRP/Check_Dlls YRP/disable_dep
3adfc89a0774e9ed832fb785cce72cb2	PE32	2020-05-19 15:02:16	User Submission	CuckooSandbox/vmdetect YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional [+] YRP/Borland_Delphi_30_ YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional YRP/Borland_Delphi_v60_v70 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/BobSoftMiniDelphiBoBBobSoft YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/contentis_base64 YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/UPX YRP/suspicious_packer_section
3ed5ddfec768397df9f5d870f71a4fc9	PE32+	2020-06-06 04:00:35	Zemana Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/IsBeyondImageSize YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/VM_Generic_Detection YRP/Sandboxie_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/Check_Dlls YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/antisb_threatExpert YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/android_meterpreter YRP/CRC32_poly_Constant YRP/BLOWFISH_Constants YRP/MD5_Constants YRP/BASE64_table YRP/Str_Win32_Http_API
6b7fc4cbdbf57a31f99c34edb6de7937	PE32+	2020-06-12 03:16:38	Zemana Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/IsBeyondImageSize YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/Dropper_Strings YRP/DebuggerCheck__QueryInfo YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/antisb_sandboxie YRP/disable_dep YRP/inject_thread YRP/escalate_priv YRP/screenshot YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Advapi_Hash_API
e0a661eac3446ead101d8f111cf92cef	PE32	2020-06-17 09:38:30	User Submission	YRP/Microsoft_Visual_Basic_v50v60 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 YRP/Microsoft_Visual_Basic_v50_additional [+] YRP/Microsoft_Visual_Basic_v50v60_additional YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/Sandboxie_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerHiding__Thread YRP/SEH__vba YRP/Check_Dlls YRP/disable_dep
0ac984f49c3f93fb22fba1f742e7c61d	PE32	2020-06-19 12:09:41	http://jamshed.pk/zxcv.EXE	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/maldoc_find_kernel32_base_method_1 [+] YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/Sandboxie_Detection YRP/DebuggerCheck__QueryInfo YRP/DebuggerHiding__Thread YRP/SEH__vba YRP/Check_Dlls YRP/disable_dep
c51e83362779420efdd9f549cfc15e87	PE32	2020-06-26 20:28:23	User Submission	YRP/Microsoft_Visual_Basic_v50v60 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 YRP/Microsoft_Visual_Basic_v50_additional [+] YRP/Microsoft_Visual_Basic_v50v60_additional YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasModified_DOS_Message YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/Misc_Suspicious_Strings YRP/SEH__vba YRP/Check_Dlls YRP/win_registry YRP/Advapi_Hash_API
331d857a03078f63ec64446abf367ebb	PE32	2020-06-26 20:55:38	User Submission	YRP/Microsoft_Visual_Basic_v50v60 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 YRP/Microsoft_Visual_Basic_v50_additional [+] YRP/Microsoft_Visual_Basic_v50v60_additional YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/SEH__vba YRP/Check_Dlls
419fb0e87d6ffa5b7e3c65cbd7e9708f	PE32	2020-06-26 21:02:06	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
12443d9a7e32f23e8b7df91279136abe	PE32	2020-06-26 21:19:35	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasDebugData YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Antivirus YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/Dropper_Strings YRP/ThreadControl__Context YRP/Check_Dlls YRP/WMI_VM_Detect
e7b4ddc56cc1af51f59fb33ba6471996	PE32	2020-06-26 22:47:00	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
af6ca358b511da45518e843348098c8b	PE32	2020-06-27 00:58:11	User Submission	CuckooSandbox/vmdetect YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/Check_FindWindowA_iat YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/disable_antivirus YRP/network_http YRP/dyndns YRP/keylogger YRP/cred_local YRP/cred_ff YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Advapi_Hash_API YRP/BASE64_table YRP/Delphi_Random YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
f5917cce4a6b8f2331791d4eac4590e0	PE32	2020-06-27 05:00:37	User Submission	YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/borland_delphi YRP/domain YRP/contentis_base64 YRP/Sandboxie_Detection YRP/Check_Dlls YRP/keylogger YRP/win_registry
4cb30ef92a6fbed5ae0cb5f35e0e16bf	PE32	2020-06-27 05:45:01	User Submission	YRP/Microsoft_Visual_Basic_v50v60 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 YRP/Microsoft_Visual_Basic_v50_additional [+] YRP/Microsoft_Visual_Basic_v50v60_additional YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/SEH__vba YRP/Check_Dlls YRP/screenshot YRP/keylogger YRP/win_hook YRP/Big_Numbers1 YRP/Str_Win32_Wininet_Library
56ed045efd2b894d703aee6f837ed89f	PE32	2020-06-27 06:23:54	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/escalate_priv YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Cerberus
22e9782541830226e079d7a40b5c3c19	PE32	2020-06-27 09:46:21	User Submission	YRP/Microsoft_Visual_Basic_v50v60 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 YRP/Microsoft_Visual_Basic_v50_additional [+] YRP/Microsoft_Visual_Basic_v50v60_additional YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/Dropper_Strings YRP/SEH__vba YRP/Check_Dlls YRP/network_http YRP/network_ftp YRP/screenshot YRP/keylogger YRP/cred_local YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Advapi_Hash_API YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
5480492cd38767347120ed1d79a00ecb	PE32	2020-06-27 11:36:28	User Submission	CuckooSandbox/vmdetect YRP/Borland YRP/UPXv20MarkusLaszloReiser YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser [+] YRP/UPX20030XMarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/escalate_priv YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/UPX YRP/suspicious_packer_section
101a876d94ee218ad8d8485e903f8942	PE32	2020-06-27 12:23:23	User Submission	YRP/Microsoft_Visual_Basic_v50 YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/HasOverlay YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/System_Tools YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/SEH__vba YRP/Check_Dlls YRP/escalate_priv YRP/screenshot YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Advapi_Hash_API
6859b4ccfda23708702432cf92f4828c	PE32	2020-06-27 12:23:48	User Submission	YRP/Microsoft_Visual_Basic_v50 YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature [+] YRP/domain YRP/contentis_base64 YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/Misc_Suspicious_Strings YRP/SEH__vba YRP/Check_Dlls YRP/win_registry YRP/Advapi_Hash_API
91d2db67f4600c06ff53a7b2fa708686	PE32	2020-06-27 15:42:02	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/borland_delphi YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/escalate_priv YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Cerberus
f6d8ca33e4167767b9d8e8acfa5ba2b7	PE32	2020-06-27 15:54:39	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay [+] YRP/IsBeyondImageSize YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Sandboxie_Detection YRP/ThreadControl__Context YRP/Check_Dlls YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/win_mutex
d328f3a5f09787f7e5ce436946afe8b0	PE32	2020-06-27 16:16:37	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_60_70 YRP/Borland [+] YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/Delphi_CompareCall YRP/Delphi_Copy
5783da99347efe9b1f8f83208702a6dc	PE32	2020-06-27 16:43:31	User Submission	YRP/Microsoft_Visual_Basic_v50 YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature [+] YRP/domain YRP/contentis_base64 YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/Misc_Suspicious_Strings YRP/SEH__vba YRP/Check_Dlls YRP/win_registry YRP/Advapi_Hash_API
8a2e9a0a38a121a5771246c4d351205f	PE32	2020-06-27 19:41:59	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/contentis_base64 YRP/Sandboxie_Detection YRP/Check_Dlls YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_vmware YRP/network_udp_sock YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/network_ssl YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/rat_webcam YRP/win_registry YRP/win_files_operation YRP/win_hook YRP/CRC32_poly_Constant YRP/CRC32_table YRP/BASE64_table YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Delphi_DecodeDate YRP/Str_Win32_Winsock2_Library YRP/CookieTools
46c16e6e2b33ddff5f1fcb234049e769	PE32	2020-06-27 19:58:25	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser [+] YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/borland_delphi YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/escalate_priv YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/UPX YRP/suspicious_packer_section
2f9006f43468f39432d57853aa4d3169	PE32	2020-06-27 21:24:55	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
1716341e30067920f9a4c5fd9704113d	PE32	2020-06-27 22:49:22	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_60_70 YRP/Borland [+] YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/Delphi_CompareCall YRP/Delphi_Copy
5e941a7e7d0b71eac6dfbfa6c287ee07	PE32	2020-06-27 23:44:46	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/VM_Generic_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/disable_antivirus YRP/inject_thread YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/cred_ff YRP/spreading_share YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/DarkComet_1
9329985551d50c0a858d50668f714774	PE32	2020-06-28 01:47:34	User Submission	CuckooSandbox/embedded_macho CuckooSandbox/vmdetect YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasModified_DOS_Message YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/Dropper_Strings YRP/DebuggerCheck__QueryInfo YRP/Check_Dlls YRP/vmdetect YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antivm_vmware YRP/disable_firewall YRP/network_udp_sock YRP/network_tcp_listen YRP/network_irc YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/lookupip YRP/spreading_share YRP/rat_rdp YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/CRC32_poly_Constant YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
b33ed617a5d298cfdf53363433c24283	PE32	2020-06-28 14:46:25	User Submission	CuckooSandbox/vmdetect YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional [+] YRP/Microsoft_Visual_Cpp_50 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/domain YRP/contentis_base64 YRP/VM_Generic_Detection YRP/Sandboxie_Detection YRP/Check_Dlls YRP/vmdetect YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antivm_vmware YRP/win_mutex FlorianRoth/DragonFly_APT_Sep17_3
2b7a12eb8aa2c17069a3e40ef08d037b	PE32	2020-06-28 16:39:45	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET [+] YRP/Microsoft_Visual_Studio_NET_additional YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/Borland YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsConsole YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/disable_antivirus YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/dyndns YRP/keylogger YRP/cred_local YRP/cred_ff YRP/spreading_file YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Advapi_Hash_API YRP/BASE64_table YRP/Delphi_Random YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
2bf5b1a5524f378105c7de3828ecccd8	PE32	2020-06-28 21:50:01	User Submission	CuckooSandbox/vmdetect YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsPacked YRP/HasOverlay YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/ThreadControl__Context YRP/Check_Dlls YRP/vmdetect YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/keylogger YRP/win_registry YRP/win_files_operation YRP/Delphi_CompareCall YRP/Delphi_Copy
b4d1989a6ef095453e0445ef34977af5	PE32	2020-06-29 08:09:17	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/escalate_priv YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/Delphi_CompareCall YRP/Delphi_Copy
7be6e8db354599294985618d44c08247	PE32	2020-06-29 08:24:08	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsPacked YRP/HasOverlay YRP/borland_delphi YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/ThreadControl__Context YRP/Check_Dlls YRP/vmdetect YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/disable_antivirus YRP/inject_thread YRP/create_service YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/dyndns YRP/keylogger YRP/cred_local YRP/cred_ff YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/android_meterpreter YRP/CRC32_poly_Constant YRP/CRC32_table YRP/BASE64_table YRP/Delphi_Random YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Str_Win32_Winsock2_Library
150fcad025d6e2ef38a0ad3a5810ba6c	PE32	2020-06-29 16:01:54	User Submission	YRP/Microsoft_Visual_Basic_v50v60 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 YRP/Microsoft_Visual_Basic_v50_additional [+] YRP/Microsoft_Visual_Basic_v50v60_additional YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/SEH__vba YRP/Check_Dlls YRP/screenshot YRP/keylogger YRP/win_hook YRP/Big_Numbers1 YRP/Str_Win32_Wininet_Library
9db4288d524ea5c9f77a7f1b09541491	PE32	2020-06-29 18:52:04	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Antivirus YRP/Sandboxie_Detection YRP/Check_Dlls YRP/anti_dbgtools YRP/antisb_sandboxie YRP/screenshot
63c91478110c6c00b50cf68b8c5a0f55	PE32	2020-06-29 22:45:56	User Submission	YRP/Microsoft_Visual_Basic_v50v60 YRP/Microsoft_Visual_Basic_v50