MalShare

SHA256 Hash	File type	Added	Source	Yara Hits
837a474947d80d86f1d35a59dbef26a14d184d015648b1e1d79937942a9eda44	PE32	2022-03-06 19:01:38	User Submission	CuckooSandbox/vmdetect YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional [+] YRP/Borland_Delphi_30_ YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/win_hook YRP/Delphi_CompareCall YRP/Delphi_Copy
6256f83fab76ac6aa06ee1ac0cdb5080ba5879e943443ec55ccd748104651b4a	PE32+	2022-03-06 02:50:06	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/Dropper_Strings YRP/DebuggerCheck__QueryInfo YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/antisb_sandboxie YRP/disable_dep YRP/escalate_priv YRP/screenshot YRP/migrate_apc YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Advapi_Hash_API
7d3bfa09a1b7575419c3d404947d9f3e46c6af9f04158dbf1782ec8f83882ebb	PE32+	2022-02-22 17:31:54	User Submission	YRP/possible_includes_base64_packed_functions YRP/Borland YRP/UPXProtectorv10x2 YRP/IsPE64 [+] YRP/IsWindowsGUI YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/DebuggerHiding__Active YRP/Check_Dlls YRP/anti_dbg YRP/antisb_threatExpert YRP/disable_dep YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_p2p_win YRP/network_http YRP/network_dropper YRP/network_ftp YRP/network_tcp_socket YRP/network_dns YRP/network_dga YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/sniff_audio YRP/spreading_share YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/android_meterpreter YRP/Advapi_Hash_API YRP/Crypt32_CryptBinaryToString_API YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/UPX YRP/suspicious_packer_section
9ccfd6cb8f8f446323daacb256dabfb90a72a36500c1c24cef31c51a2b7da714	PE32	2022-02-22 13:13:50	User Submission	YRP/possible_includes_base64_packed_functions YRP/Microsoft_Visual_Basic_v50v60 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 [+] YRP/Microsoft_Visual_Basic_v50_additional YRP/Microsoft_Visual_Basic_v50v60_additional YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDigitalSignature YRP/HasRichSignature YRP/borland_delphi_dll YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Browsers YRP/Antivirus YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/DebuggerHiding__Active YRP/DebuggerException__SetConsoleCtrl YRP/ThreadControl__Context YRP/SEH__vba YRP/Check_Dlls YRP/anti_dbg YRP/antisb_threatExpert YRP/disable_antivirus YRP/disable_dep YRP/inject_thread YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_p2p_win YRP/network_http YRP/network_dropper YRP/network_ftp YRP/network_tcp_socket YRP/network_dns YRP/network_dga YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/sniff_audio YRP/spreading_file YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/android_meterpreter YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/Crypt32_CryptBinaryToString_API YRP/CRC32_poly_Constant YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/suspicious_packer_section
10782ebaa0c705daf20d0d20d61a97d20564863c54b887b30b045c3d7acb2232	PE32	2022-02-22 09:09:56	User Submission	YRP/possible_includes_base64_packed_functions YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional [+] YRP/Microsoft_Visual_Cpp_50 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDigitalSignature YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Antivirus YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/DebuggerHiding__Active YRP/DebuggerException__SetConsoleCtrl YRP/Check_Dlls YRP/anti_dbg YRP/antisb_threatExpert YRP/disable_dep YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_p2p_win YRP/network_http YRP/network_dropper YRP/network_ftp YRP/network_tcp_socket YRP/network_dns YRP/network_dga YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/sniff_audio YRP/spreading_share YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/android_meterpreter YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/Crypt32_CryptBinaryToString_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/suspicious_packer_section
2ac75af9aa99b84d7a369159d712d2d8f4336c2550dd6f7e71eef006fe1f3218	PE32	2022-02-22 09:01:10	User Submission	YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDebugData YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/Sandboxie_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/Check_Dlls YRP/inject_thread YRP/network_smtp_dotNet YRP/network_dns YRP/screenshot YRP/keylogger YRP/cred_local YRP/cred_ff YRP/rat_webcam YRP/win_registry YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/android_meterpreter YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/DES_Long YRP/DES_sbox YRP/Str_Win32_Wininet_Library YRP/with_sqlite YRP/CAP_HookExKeylogger
6acf0bfddde61ec5c3d50698138617d70f843352311a69d9d0c208352c5ffc0e	ASCII	2022-02-22 07:59:41	User Submission	YRP/possible_includes_base64_packed_functions YRP/powershell YRP/domain YRP/IP [+] YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/Misc_Suspicious_Strings YRP/Check_Dlls YRP/antisb_threatExpert YRP/network_tcp_socket YRP/spreading_file YRP/android_meterpreter YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/suspicious_packer_section
37b88a783a39c8217291509309c4154bd80cd1c7b581a41f2f4a0c6aca82f990	PE32	2022-02-19 05:39:34	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/VM_Generic_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbgtools YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/disable_antivirus YRP/inject_thread YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/cred_ff YRP/spreading_share YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/DarkComet_1 YRP/DarkComet_3 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet
feadfb592e58fdd9db1de2bb384ef5031fc79d8bede991f5308b49145334e947	PE32	2022-02-18 06:27:40	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/borland_delphi YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/escalate_priv YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/Delphi_CompareCall YRP/Delphi_Copy
141f9470d9d776207e0fd68ae50076204aab501286ce090f78bb5abe927f241f	PE32	2022-02-18 05:05:31	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/Browsers YRP/VM_Generic_Detection YRP/Sandboxie_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/antisb_sandboxie YRP/disable_antivirus YRP/inject_thread YRP/create_service YRP/network_udp_sock YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/sniff_audio YRP/cred_ff YRP/spreading_share YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/DarkComet_1 YRP/DarkComet_3 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet
0f6dbbd33f333545a147c4b54c2d735a50005b139f60d6d9b8ccd3b40aa362d8	PE32	2022-02-18 03:57:15	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/D1S1Gv11betaD1N [+] YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/borland_delphi_dll YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/VM_Generic_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/Check_VBox_Description YRP/vmdetect YRP/anti_dbgtools YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/antivm_bios YRP/disable_antivirus YRP/inject_thread YRP/create_service YRP/network_udp_sock YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/sniff_audio YRP/cred_ff YRP/spreading_share YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/DarkComet_1 YRP/DarkComet_3 FlorianRoth/Typical_Malware_String_Transforms FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet
27957fd928f704965dd45e5178e549ecbed08a791d3ecb28284f9ba43f2c7dd3	PE32	2022-02-18 03:28:32	User Submission	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Sandboxie_Detection YRP/Dropper_Strings YRP/ThreadControl__Context YRP/Check_Dlls YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/keylogger YRP/win_registry YRP/win_files_operation YRP/Delphi_CompareCall YRP/Delphi_Copy FlorianRoth/Typical_Malware_String_Transforms
43e54c165d545b0a6566fcc8e70fc03b2f2053f720589c2c6d42fa089e82acc8	PE32	2022-02-18 02:25:46	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay [+] YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Sandboxie_Detection YRP/ThreadControl__Context YRP/Check_Dlls YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/win_mutex
5116c025903794c57640f12b9d8adb5ad349d3d429b3f4af02d5e99d30ec2da5	PE32	2022-02-18 01:14:52	User Submission	CuckooSandbox/vmdetect YRP/Borland YRP/D1S1Gv11betaD1N YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/borland_delphi YRP/borland_delphi_dll YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/VM_Generic_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbgtools YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/disable_antivirus YRP/inject_thread YRP/create_service YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/sniff_audio YRP/cred_ff YRP/spreading_share YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/DarkComet_1 YRP/DarkComet_3 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet
f0f9dd95443212757cc1b531bfa1d8f28a0b3ef770df100213abfce0400cb81f	PE32	2022-02-18 00:39:43	User Submission	YRP/Microsoft_Visual_Basic_v50v60 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 YRP/Microsoft_Visual_Basic_v50_additional [+] YRP/Microsoft_Visual_Basic_v50v60_additional YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/SEH__vba YRP/Check_Dlls
c2e42f0040d1e218a562e695baf73b65fa94892241d9b7c1f60e074f0d1a7386	PE32	2022-02-18 00:39:21	User Submission	YRP/Microsoft_Visual_Basic_v50v60 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 YRP/Microsoft_Visual_Basic_v50_additional [+] YRP/Microsoft_Visual_Basic_v50v60_additional YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/SEH__vba YRP/Check_Dlls
f9597426c7d6a9816221257bd86870c6037c23e4bd2124394909ba58b5f18d1a	PE32	2022-02-17 23:39:10	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Sandboxie_Detection YRP/ThreadControl__Context YRP/Check_Dlls YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/win_mutex
b7afccb7573332634d0d59a0114e41451885d3388b26b0a7fff0a26505ec0a09	MS-DOS	2022-02-17 22:46:45	User Submission	YRP/Microsoft_Visual_Basic_v50 YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasModified_DOS_Message YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/Qemu_Detection YRP/SEH__vba YRP/Check_Dlls YRP/win_registry
b48661d1233c8a4ee73437eacb99db5a14d309bbefd1ba3c3c91b096c2a308dd	PE32	2022-02-17 22:21:13	User Submission	YRP/Microsoft_Visual_Basic_v50 YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/HasOverlay YRP/HasDebugData YRP/HasModified_DOS_Message YRP/domain YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/SEH__vba YRP/Check_Dlls YRP/win_registry YRP/TEAN YRP/Str_Win32_Internet_API
13ad8803557d136bb57e1b1f0008b13eec31f824c173243dcdee70c4e46dc9d5	PE32	2022-02-17 21:52:17	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay [+] YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Sandboxie_Detection YRP/ThreadControl__Context YRP/Check_Dlls YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/win_mutex FlorianRoth/DragonFly_APT_Sep17_3
3da2fae9dae72853bb5922f236d604460be7e9f35c6fd432858370f886e42d7e	PE32	2022-02-17 20:50:41	User Submission	CuckooSandbox/vmdetect YRP/Safeguard_103_Simonzh YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsPacked YRP/HasOverlay YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/ThreadControl__Context YRP/Check_Dlls YRP/vmdetect YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/win_mutex YRP/win_registry
1c289f9aeb483881a663bc4abdf127fcdd667d458de35990bcdca2008924fca2	PE32	2022-02-17 20:25:02	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsPacked YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
aceb80e192bf94afb5869ef2d933554518435bc953e032971a9b83eacc181cea	PE32	2022-02-17 19:52:07	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay [+] YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Sandboxie_Detection YRP/ThreadControl__Context YRP/Check_Dlls YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/win_mutex
379e30177f30382892612aec08a71e756e84928fbc5ca8193f58180cb8ca3f1a	PE32	2022-02-17 17:52:28	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Sandboxie_Detection YRP/ThreadControl__Context YRP/Check_Dlls YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/win_mutex
943180700d7a34c29084c60aa364f846da65ebd7e40ae70a2bfe9a5b8e15613c	PE32	2022-02-17 16:47:47	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_v40_v50 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/Obfuscated_Strings YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/Check_Dlls YRP/vmdetect YRP/Check_Debugger YRP/anti_dbg YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/win_files_operation YRP/vmdetect_misc FlorianRoth/DragonFly_APT_Sep17_3
edd6e7541c1ae87c2424ee06b80e6e99c7ca88009cc8a572baf9866f83406b8e	PE32	2022-02-17 16:46:57	User Submission	YRP/Microsoft_Visual_Basic_v50v60 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 YRP/Microsoft_Visual_Basic_v50_additional [+] YRP/Microsoft_Visual_Basic_v50v60_additional YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/System_Tools YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/Qemu_Detection YRP/SEH__vba YRP/Check_Dlls YRP/win_registry
cc5b1ceb2fcf984d96a43a4b71c617dad3922a96073af7396fe37cbebea2f44f	PE32	2022-02-17 16:29:08	User Submission	YRP/Microsoft_Visual_Basic_v50v60 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 YRP/Microsoft_Visual_Basic_v50_additional [+] YRP/Microsoft_Visual_Basic_v50v60_additional YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/Misc_Suspicious_Strings YRP/SEH__vba YRP/Check_Dlls YRP/cred_local YRP/win_registry YRP/win_private_profile YRP/win_files_operation YRP/Advapi_Hash_API YRP/BLOWFISH_Constants YRP/TEAN YRP/Str_Win32_Wininet_Library
37c9d956b99bd818c4e7fb4fc55398fcc61dc2998635b42a803ed9c4cb40052b	PE32	2022-02-17 16:23:11	User Submission	YRP/Microsoft_Visual_Basic_v50v60 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 YRP/Microsoft_Visual_Basic_v50_additional [+] YRP/Microsoft_Visual_Basic_v50v60_additional YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/Misc_Suspicious_Strings YRP/SEH__vba YRP/Check_Dlls YRP/Big_Numbers1
12de9aaa4d220faf2a6e103d365ee2745d4311b12419866b3f10c9289ea40cee	PE32	2022-02-17 15:51:14	User Submission	CuckooSandbox/vmdetect YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Installer_VISE_Custom_additional [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Installer_VISE_Custom YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/VM_Generic_Detection YRP/Sandboxie_Detection YRP/Check_Dlls YRP/vmdetect YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antivm_vmware YRP/win_mutex YRP/win_files_operation
e15c09d70c430fcb614b0ad066cb09fe624cdd180a1383d668d8627ed413e7b7	PE32	2022-02-17 15:45:30	User Submission	YRP/Microsoft_Visual_Basic_v50v60 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 YRP/Microsoft_Visual_Basic_v50_additional [+] YRP/Microsoft_Visual_Basic_v50v60_additional YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/SEH__vba YRP/Check_Dlls
33611f5cf9c87ab459052b0ab0de62c184140ba414da16e0c788b9529737f0a8	PE32	2022-02-17 13:47:54	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay [+] YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Sandboxie_Detection YRP/ThreadControl__Context YRP/Check_Dlls YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/win_mutex
66e58ae7bc60cce88a3aa7a455c883d2f4c492254801fb6a186a292ae935754a	PE32	2022-02-17 11:45:42	User Submission	CuckooSandbox/vmdetect YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional [+] YRP/Borland_Delphi_30_ YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/System_Tools YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/keylogger YRP/win_registry YRP/win_files_operation YRP/Delphi_CompareCall YRP/Delphi_Copy
f601e21f7820ea4225926f9a2a0bd4c7373a6e5a8bfa181ac7dcbfc10576ab40	PE32	2022-02-17 10:57:56	User Submission	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Sandboxie_Detection YRP/Dropper_Strings YRP/ThreadControl__Context YRP/Check_Dlls YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/keylogger YRP/win_registry YRP/win_files_operation YRP/Delphi_CompareCall YRP/Delphi_Copy
f0701ecae15c65f23eecdab3a790827e02403c02e1f03f7ad1cfac1b3e27a8bd	PE32	2022-02-17 09:13:51	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/D1S1Gv11betaD1N [+] YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/borland_delphi_dll YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/VM_Generic_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbgtools YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/disable_antivirus YRP/inject_thread YRP/create_service YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/sniff_audio YRP/cred_ff YRP/spreading_share YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/DarkComet_1 YRP/DarkComet_3 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet
751e90ff3721555f0f026295228c523e2f8c8bab4b80535d482b118a4e26f1f8	PE32	2022-02-17 08:29:30	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Sandboxie_Detection YRP/ThreadControl__Context YRP/Check_Dlls YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/win_mutex
22118efa8e625a56d1d7fe6fec959959a3ef2bae9cf9d0b8cbf3a4c304ad42af	PE32	2022-02-17 08:11:05	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 YRP/Microsoft_Visual_Cpp_v50v60_MFC [+] YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/IsBeyondImageSize YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Sandboxie_Detection YRP/ThreadControl__Context YRP/Check_Dlls YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/win_mutex
5f58e60d70595fa58a3a85e62d5d9eb21a7fcce81bee2bbc8c13953a9165d08b	PE32	2022-02-17 07:33:10	User Submission	CuckooSandbox/vmdetect YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional [+] YRP/Microsoft_Visual_Cpp_50 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/Check_Dlls YRP/vmdetect YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antivm_vmware YRP/disable_firewall YRP/network_udp_sock YRP/network_tcp_listen YRP/network_irc YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/spreading_file YRP/rat_rdp YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/CRC32_poly_Constant YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
5a1e1dd6239d774b3520fc956f8f5b8b01ba985836ae8db6d2dde6b8fdf04679	PE32	2022-02-17 05:58:16	User Submission	YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/Misc_Suspicious_Strings YRP/SEH__vba YRP/Check_Dlls YRP/Big_Numbers1 YRP/Big_Numbers2
fe311da1f0aabd8a5f8e667b04956d888ed976a14741b9743f4f7b88dc83942b	PE32	2022-02-17 05:15:31	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay [+] YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Sandboxie_Detection YRP/ThreadControl__Context YRP/Check_Dlls YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/win_mutex
05c7ffac0ebdfbdfb1a87b0f117197ab351be41ad79bfd6b8263f32bf5b630bf	PE32	2022-02-17 03:30:20	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Sandboxie_Detection YRP/ThreadControl__Context YRP/Check_Dlls YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/win_mutex
468e7bf4683f3683ead964271f0ff17902c0458040689431d8d8e9ba40b121c0	PE32	2022-02-17 01:17:58	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/VM_Generic_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbgtools YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/disable_antivirus YRP/inject_thread YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/cred_ff YRP/spreading_share YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/DarkComet_1 YRP/DarkComet_3 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet
74e015b40466991479494d380d2ebaaeb19e37700a0236ff054ffeb00d1ae5f5	PE32	2022-02-17 01:16:01	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsPacked YRP/borland_delphi YRP/domain YRP/contentis_base64 YRP/Sandboxie_Detection YRP/Check_Dlls YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antivm_vmware YRP/keylogger YRP/win_registry YRP/win_files_operation YRP/Delphi_Random YRP/Delphi_CompareCall YRP/Delphi_Copy
b501a88bc7ef59905977a817c10dea64640a2c7237c57882359e87795d88b720	PE32	2022-02-17 00:36:27	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Basic_v50v60 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 [+] YRP/Microsoft_Visual_Basic_v50_additional YRP/Microsoft_Visual_Basic_v50v60_additional YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/SEH__vba YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
181800ca366eaaa6a0c17c7eaa17f5fec2fe3c2227658f62740791f71ad4c1ff	PE32	2022-02-16 23:16:34	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Sandboxie_Detection YRP/ThreadControl__Context YRP/Check_Dlls YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/win_mutex YRP/suspicious_packer_section
bec53e06e0bc058045997c468b56e63f741bb1544be9748fcdf6e8cc9202890d	PE32	2022-02-16 23:11:09	User Submission	CuckooSandbox/vmdetect YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional [+] YRP/Microsoft_Visual_Cpp_50 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/Check_Dlls YRP/vmdetect YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antivm_vmware YRP/disable_firewall YRP/network_udp_sock YRP/network_tcp_listen YRP/network_irc YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/spreading_file YRP/rat_rdp YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/CRC32_poly_Constant YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
47f3284ae6d491342d1d384d7ed33ed889402af2c6e0f6ee850ae3b1b69c8bbb	PE32	2022-02-16 21:18:18	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Sandboxie_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/antisb_sandboxie YRP/disable_antivirus YRP/inject_thread YRP/create_service YRP/network_udp_sock YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/sniff_audio YRP/cred_ff YRP/spreading_share YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/DarkComet_1 YRP/DarkComet_3 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet
26576f35cc4d31cc498e668e9b7a8cc6b4113bd5712c6c5f2e7d9cd6356bc319	PE32	2022-02-16 20:27:45	User Submission	YRP/MingWin32_GCC_V3X YRP/MingWin32_GCC_3x YRP/MingWin32_v_h_additional YRP/MinGW_GCC_3x_additional [+] YRP/MinGW_GCC_3x YRP/MingWin32_GCC_3x_additional YRP/MingWin32_v_h YRP/MingWin32_v YRP/MinGWGCC3x YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/MinGW_1 YRP/domain YRP/contentis_base64 YRP/Sandboxie_Detection YRP/Check_Dlls YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/Big_Numbers0 YRP/Big_Numbers1
6fcfdae466a526d417a053205db10b19d858fe255f86283059f8f2fc970cb8ec	PE32	2022-02-16 19:28:32	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/VM_Generic_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/disable_antivirus YRP/inject_thread YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/cred_ff YRP/spreading_share YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/DarkComet_1
ec5c338dc21fde47c31e6a1ab1cf0c68a8715700bd2de9d7c36bc4bb4b75df58	PE32	2022-02-16 19:14:04	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay [+] YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Sandboxie_Detection YRP/ThreadControl__Context YRP/Check_Dlls YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/win_mutex
ebc84a5a8d6321b725c318f32e2bf1eb926ad917c82d0f31bafaa2c0e3e6c2a4	PE32	2022-02-16 18:51:20	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay [+] YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Sandboxie_Detection YRP/ThreadControl__Context YRP/Check_Dlls YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/win_mutex
ea573f1271b1394aebe9a6a9464cc13965730b95b591e67f76c686e546967fc9	PE32	2022-02-16 18:39:22	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 YRP/Microsoft_Visual_Cpp_v50v60_MFC [+] YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasModified_DOS_Message YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Sandboxie_Detection YRP/ThreadControl__Context YRP/Check_Dlls YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/win_mutex
7fa8841b47d8960ea461ce5aad0bcb81179a0f54fcd21b450c29ac4c6d559a62	PE32	2022-02-16 18:24:31	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Sandboxie_Detection YRP/ThreadControl__Context YRP/Check_Dlls YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/win_mutex FlorianRoth/DragonFly_APT_Sep17_3
3a441453924d5911b241f265f361729c3ab6d79cf19c8b76b17fc1f020b55274	PE32	2022-02-16 17:01:54	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay [+] YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Sandboxie_Detection YRP/ThreadControl__Context YRP/Check_Dlls YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/win_mutex FlorianRoth/DragonFly_APT_Sep17_3
203ccf0fdb35170dc1e064c71171025e3682a9194cd6f582df17e72ecb097abf	PE32	2022-02-16 16:36:17	User Submission	YRP/Microsoft_Visual_Basic_v50v60 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 YRP/Microsoft_Visual_Basic_v50_additional [+] YRP/Microsoft_Visual_Basic_v50v60_additional YRP/UPXv20MarkusLaszloReiser YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/Misc_Suspicious_Strings YRP/SEH__vba YRP/Check_Dlls YRP/cred_local YRP/win_registry YRP/win_private_profile YRP/win_files_operation YRP/Advapi_Hash_API YRP/BLOWFISH_Constants YRP/TEAN YRP/Str_Win32_Wininet_Library YRP/UPX YRP/suspicious_packer_section
f3923ddf08e10c42f07182a1d3eea76324ffb247800f63f2405c3bb7b38fef31	PE32	2022-02-16 13:07:27	User Submission	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Sandboxie_Detection YRP/Dropper_Strings YRP/ThreadControl__Context YRP/Check_Dlls YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/keylogger YRP/win_registry YRP/win_files_operation YRP/Delphi_CompareCall YRP/Delphi_Copy
be2cb75049def7afcbd979674225cd7eb62d88643bb08e5009167ac85fbab1ce	PE32	2022-02-16 11:27:17	User Submission	CuckooSandbox/vmdetect YRP/Petite_v22_Compresor_wwwun4seencompetite YRP/PEtite_v21 YRP/FSG_v110_Eng_dulekxt_Borland_Delphi_Borland_Cpp_additional [+] YRP/Petite_v21_2_additional YRP/Petite_v22_wwwun4seencompetite_additional YRP/PackerPetite_v22_Compresor_wwwun4seencompetite YRP/Petite_v22_wwwun4seencompetite YRP/PEtite_v21_additional YRP/Petite_v21_2_Hint_WIN_EP YRP/Petite_v21_2 YRP/PEtite_v21_Ian_Luck YRP/Borland YRP/Petite21 YRP/Petitev212 YRP/PEtitev21 YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/IsBeyondImageSize YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/Delphi_CompareCall YRP/Delphi_Copy
55a16ac13628f3ece87f75344624fd31ca9e3eb88c3b1028ac1175cdcf17f725	PE32	2022-02-16 09:44:09	User Submission	YRP/Microsoft_Visual_Basic_v50v60 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 YRP/Microsoft_Visual_Basic_v50_additional [+] YRP/Microsoft_Visual_Basic_v50v60_additional YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/SEH__vba YRP/Check_Dlls YRP/Big_Numbers1
bd587bf4266301c31c061841fb189d8a8c865ffb32fd3f8e2eec488b1a46545f	PE32	2022-02-16 08:48:34	User Submission	YRP/Microsoft_Visual_Basic_v50 YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature [+] YRP/domain YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/SEH__vba YRP/Check_Dlls YRP/win_registry YRP/TEAN YRP/Str_Win32_Internet_API
f884fcaf131838c0626959af371269961604b5691ad419aaf2ed9591db1c8103	PE32	2022-02-16 08:03:37	User Submission	YRP/Microsoft_Visual_Basic_v50v60 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 YRP/Microsoft_Visual_Basic_v50_additional [+] YRP/Microsoft_Visual_Basic_v50v60_additional YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/Qemu_Detection YRP/SEH__vba YRP/Check_Dlls YRP/cred_local YRP/win_registry YRP/win_private_profile YRP/Str_Win32_Wininet_Library
4191d42c0f1e5997463ced84e76f424d854ed70b7fdb194a6de69d6e774ec3c4	PE32	2022-02-16 04:55:31	User Submission	YRP/Microsoft_Visual_Basic_v50v60 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 YRP/Microsoft_Visual_Basic_v50_additional [+] YRP/Microsoft_Visual_Basic_v50v60_additional YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/System_Tools YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/Qemu_Detection YRP/SEH__vba YRP/Check_Dlls YRP/win_registry
b974158d12d3031253c90d8c81c413c546ccda49a097fe30c6241169fb45d662	PE32	2022-02-16 04:05:04	User Submission	CuckooSandbox/vmdetect YRP/possible_includes_base64_packed_functions YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland [+] YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/Check_Dlls YRP/vmdetect YRP/antisb_threatExpert YRP/antivm_vmware YRP/hijack_network YRP/network_udp_sock YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/network_ssl YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_lan YRP/spreading_file YRP/check_patchlevel YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/android_meterpreter YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/BLOWFISH_Constants YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/BASE64_table YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/spyeye_plugins YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/UPX YRP/suspicious_packer_section
2fb327f002d91d2b6539cdc2e5133564b296d196186f8121d3363b270afb38c8	PE32	2022-02-15 23:38:07	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/VM_Generic_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/disable_antivirus YRP/inject_thread YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/cred_ff YRP/spreading_share YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/DarkComet_1
dbdcd0c4a03f9b60d8e9f99479b72b6c40451866a04df04bbfddb5cf1df083b1	PE32	2022-02-15 22:38:57	User Submission	CuckooSandbox/vmdetect YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional [+] YRP/Microsoft_Visual_Cpp_50 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/Check_Dlls YRP/vmdetect YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antivm_vmware YRP/disable_firewall YRP/network_udp_sock YRP/network_tcp_listen YRP/network_irc YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/spreading_file YRP/rat_rdp YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/CRC32_poly_Constant YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
c95b9232a5679d42b176733d0dea9a40b2b762272f13e54830c2529ced8f53ab	PE32	2022-02-15 21:48:06	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay [+] YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Sandboxie_Detection YRP/ThreadControl__Context YRP/Check_Dlls YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/win_mutex
d7773555dc2cf3669429d7a32fd130d6f3d89968f65abb9f9b2675e7ca3fcebc	PE32	2022-02-15 21:35:18	User Submission	YRP/Microsoft_Visual_Basic_v50v60 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 YRP/Microsoft_Visual_Basic_v50_additional [+] YRP/Microsoft_Visual_Basic_v50v60_additional YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/SEH__vba YRP/Check_Dlls
1d4006c28cea3760cb53812a613ffc94d2d98546ebfc6e71292e608b336e142b	PE32	2022-02-15 20:28:36	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay [+] YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Sandboxie_Detection YRP/ThreadControl__Context YRP/Check_Dlls YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/win_mutex
49807093f0a10204b0da85e3eb3672797a3fed97378ccf7f5d38b92091194084	PE32	2022-02-15 20:19:48	User Submission	YRP/Microsoft_Visual_Basic_v50v60 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 YRP/Microsoft_Visual_Basic_v50_additional [+] YRP/Microsoft_Visual_Basic_v50v60_additional YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/SEH__vba YRP/Check_Dlls
c644511a00b6587202705223cec6e059f69aeeabfa25746191e89783e00d15bd	PE32	2022-02-15 20:02:20	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Sandboxie_Detection YRP/ThreadControl__Context YRP/Check_Dlls YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/win_mutex
15758e91ed9bbead48c23b487dc945343532b898a6bb0639160850df4e8c4817	PE32	2022-02-13 15:01:04	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
8e9c554fa5ffdbb5e47c96786ea3df24f8ffd2411216eedbe45acb7f5ff1ef27	PE32	2022-02-10 16:20:35	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/HasDebugData YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/Check_Dlls YRP/keylogger YRP/vmdetect_misc YRP/Big_Numbers1 FlorianRoth/Andromeda_MalBot_Jun_1A
8b30745e9e064845971da0b43e9a1a28c5b882a7b13e88e5b671e1639cf8b483	PE32+	2022-02-08 02:02:38	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/Dropper_Strings YRP/DebuggerCheck__QueryInfo YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/antisb_sandboxie YRP/disable_dep YRP/escalate_priv YRP/screenshot YRP/migrate_apc YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Advapi_Hash_API
d5d886bcc380704109bba8b6da5e942a6781b9d27ac5f31ceabb8b6aa377e4d0	PE32+	2022-02-04 02:37:18	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/Dropper_Strings YRP/DebuggerCheck__QueryInfo YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/antisb_sandboxie YRP/disable_dep YRP/escalate_priv YRP/screenshot YRP/migrate_apc YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Advapi_Hash_API
289bef598dc18a0b69f10f7df9c71ea3078c7edb71ad0855a6827423e84fc3f9	PE32	2022-01-05 12:00:43	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/contentis_base64 YRP/VM_Generic_Detection YRP/Sandboxie_Detection YRP/Misc_Suspicious_Strings YRP/Check_Dlls YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/screenshot YRP/win_mutex YRP/win_files_operation YRP/Big_Numbers1 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/BASE64_table YRP/with_sqlite
8068c55625473ea7b128410c3a2e332b596f69daebc4fcf61efcabceb32ce878	PE32	2021-12-07 21:01:10	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/contentis_base64 YRP/VM_Generic_Detection YRP/Sandboxie_Detection YRP/Misc_Suspicious_Strings YRP/Check_Dlls YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/screenshot YRP/win_mutex YRP/win_files_operation YRP/Big_Numbers1 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/BASE64_table YRP/with_sqlite
62fdd3da594759d2f294c1c4e0bfb1cbb7a37f62e894d94c5a4e91137a4f4462	PE32+	2021-11-21 02:28:57	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/Dropper_Strings YRP/DebuggerCheck__QueryInfo YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/antisb_sandboxie YRP/disable_dep YRP/escalate_priv YRP/screenshot YRP/migrate_apc YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Advapi_Hash_API
4c72d89e6551dd345af8a7934c3cf66ae790161dea87c6f291e78fa795dcc32d	PE32+	2021-11-05 21:00:31	User Submission	YRP/IsPE64 YRP/IsDLL YRP/IsConsole YRP/HasOverlay [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Antivirus YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Active YRP/DebuggerException__ConsoleCtrl YRP/DebuggerException__SetConsoleCtrl YRP/ThreadControl__Context YRP/SEH__vectored YRP/Check_Dlls YRP/anti_dbg YRP/inject_thread YRP/migrate_apc YRP/win_mutex YRP/win_registry YRP/win_private_profile YRP/win_files_operation
8427bb70d73e3dea1cd0dbbae2741ba84d8324499739dac6aee4342f1bba8e19	PE32+	2021-11-04 02:28:40	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/Dropper_Strings YRP/DebuggerCheck__QueryInfo YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/antisb_sandboxie YRP/disable_dep YRP/escalate_priv YRP/screenshot YRP/migrate_apc YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Advapi_Hash_API
dc9a5d132932959926dfd8e9d24decc134f5b57b69dacc963fc0c8cade885abc	PE32	2021-11-04 02:06:49	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/Dropper_Strings YRP/DebuggerCheck__QueryInfo YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/antisb_sandboxie YRP/disable_dep YRP/escalate_priv YRP/screenshot YRP/migrate_apc YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Advapi_Hash_API
98c9baa39aed94e739d0066375b675244c021d3fda0e1c0080725db7cc390367	PE32	2021-11-03 16:21:16	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature [+] YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Sandboxie_Detection YRP/Check_Dlls
388e833740f160ceb5946b7c5e89c5af08dde862a7dd38344149e72dea7ec00d	PE32	2021-11-03 16:02:15	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Sandboxie_Detection YRP/Check_Dlls
7e148999439b83e74d823e98f7a82e4bd75d5e259e4c6351aabbb446eb9dfcc8	PE32	2021-10-31 12:00:32	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Sandboxie_Detection YRP/DebuggerCheck__QueryInfo YRP/Check_Dlls YRP/Advapi_Hash_API
02967baa11379cc9051d7c876bfc8bfd035fe8de9ea955e01ac3e1d7671e62a9	PE32+	2021-10-29 01:18:15	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/Dropper_Strings YRP/DebuggerCheck__QueryInfo YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/antisb_sandboxie YRP/disable_dep YRP/escalate_priv YRP/screenshot YRP/migrate_apc YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Advapi_Hash_API
bf62ad9f6f7802a0845454acc07928cda7b2f8379dc474a2fb0624287f8ff9db	PE32+	2021-10-25 04:21:35	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/Dropper_Strings YRP/DebuggerCheck__QueryInfo YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/antisb_sandboxie YRP/disable_dep YRP/escalate_priv YRP/screenshot YRP/migrate_apc YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Advapi_Hash_API
e2f4c29590a7b70ff62a069022948a2cf851dcae40ac9f771a09d208a8267326	PE32+	2021-10-23 01:13:37	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/Dropper_Strings YRP/DebuggerCheck__QueryInfo YRP/DebuggerHiding__Thread YRP/Check_Dlls YRP/anti_dbg YRP/antisb_sandboxie YRP/disable_dep YRP/escalate_priv YRP/screenshot YRP/migrate_apc YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Advapi_Hash_API
aae36322e08a25eb9cb7b043ac379c9db77fb4150b978a291ddccfb49cda49e8	PE32	2021-09-30 13:07:56	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
0a15a9e38538dd84980f228542e79759c8027ddaacf320bdf755dcec73373e5e	PE32	2021-09-21 09:04:29	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasRichSignature [+] YRP/domain YRP/contentis_base64 YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/Qemu_Detection YRP/SEH__vba YRP/Check_Dlls YRP/win_registry
0bb97dce40fb704d418bf56eaac0d0d8a62457920f57f20474d1b05a6e8bcf36	PE32	2021-09-20 12:04:47	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsPacked YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/ThreadControl__Context YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/disable_dep YRP/inject_thread YRP/network_dropper YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/win_hook YRP/Delphi_Random YRP/Delphi_CompareCall YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Xtreme YRP/xtreme_rat YRP/xtremrat FlorianRoth/RAT_Xtreme FlorianRoth/Xtreme_Sep17_1 KevTheHermit/Xtreme BAMFDetect/Xtreme
5a9be6ab91b206446ee357cb8cad8c2ec9fb0727e895b679886fd35bddc4ae9b	PE32	2021-09-14 23:00:54	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsPacked YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/ThreadControl__Context YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/disable_dep YRP/inject_thread YRP/network_dropper YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/win_hook YRP/Delphi_Random YRP/Delphi_CompareCall YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Xtreme YRP/xtreme_rat YRP/xtremrat FlorianRoth/RAT_Xtreme FlorianRoth/Xtreme_Sep17_1 KevTheHermit/Xtreme BAMFDetect/Xtreme
70a02538e29f42dd5808bda9017a826d6cf2717347cc2c411a3b4e368b1344d6	PE32	2021-09-14 11:42:23	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_60_70 YRP/Borland [+] YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/Delphi_CompareCall YRP/Delphi_Copy
e5f3e0e8ffa3619dea8ef75d285ac7bb74603618b5f82af2a44165da4ab58390	PE32	2021-09-14 11:30:04	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/UPXv20MarkusLaszloReiser [+] YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/UPX20030XMarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/suspicious_packer_section YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
40492804d8bfeb59a629fab0667547da90c16feaaed7f84312ed0a7e627643e3	PE32	2021-09-14 11:29:42	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/UPXv20MarkusLaszloReiser [+] YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/UPX20030XMarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasModified_DOS_Message YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/suspicious_packer_section YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
26eb2ff8d4f84e27f105fe1f93e8964f001433c02c6f70bf4c4e82d9f70967b8	PE32	2021-09-14 11:28:29	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
ec382f2ae880294c7032c67e962ee76de8df7203b81a5c3d9c276f0bec5092bb	PE32	2021-09-07 07:11:07	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/UPXv20MarkusLaszloReiser [+] YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/UPX20030XMarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/suspicious_packer_section YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
9068d4510f0f1f7abc7d98ac79909ed8ce66863f1020338cfb5ad010e250e342	PE32	2021-09-02 10:01:24	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_60_70 YRP/Borland [+] YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/Delphi_CompareCall YRP/Delphi_Copy
e5778446d63e571a7b4829719fd88b5f3b7946cefd4797f92a9ff9a9c93f115f	PE32	2021-09-01 01:27:57	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
c57eca59361819324f22e8203e46bb7e5a92bdea1c8b2a1f03b3e9a4e2a309f8	PE32	2021-08-31 07:06:16	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/D1S1Gv11betaD1N [+] YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/borland_delphi_dll YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/VM_Generic_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbgtools YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/disable_antivirus YRP/inject_thread YRP/create_service YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/sniff_audio YRP/cred_ff YRP/spreading_share YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/DarkComet_1 YRP/DarkComet_3 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet
0ba324337b1d76a5afc26956d4dc9f57786483230112eaead5b5c92022c089c7	PE32	2021-08-28 08:00:12	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsConsole YRP/HasDebugData YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/DebuggerCheck__RemoteAPI YRP/Check_Dlls YRP/anti_dbg YRP/vmdetect_misc YRP/Big_Numbers1
497fcfe8d44cf501dc57628ac10bee0b11062abd358690a441773dec8b1a72eb	PE32	2021-07-27 00:00:26	User Submission	CuckooSandbox/vmdetect YRP/possible_includes_base64_packed_functions YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 [+] YRP/IsPE32 YRP/IsConsole YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/System_Tools YRP/RE_Tools YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__GlobalFlags YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/DebuggerHiding__Active YRP/DebuggerException__ConsoleCtrl YRP/DebuggerException__SetConsoleCtrl YRP/ThreadControl__Context YRP/SEH__vectored YRP/Check_Dlls YRP/Check_Qemu_Description YRP/Check_Qemu_DeviceMap YRP/Check_VBox_Description YRP/Check_VBox_DeviceMap YRP/Check_VBox_Guest_Additions YRP/Check_VBox_VideoDrivers YRP/Check_VMWare_DeviceMap YRP/Check_VmTools YRP/Check_Wine YRP/vmdetect YRP/Check_Debugger YRP/anti_dbg YRP/disable_dep YRP/inject_thread YRP/screenshot YRP/keylogger YRP/migrate_apc YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/vmdetect_misc YRP/MD5_API YRP/suspicious_packer_section
7e419d52574b8f1f87220a001e901932a96ff7d9f30c5ca86e1f56e05e77ea88	PE32+	2021-07-26 22:00:44	User Submission	YRP/generic_javascript_obfuscation YRP/possible_includes_base64_packed_functions YRP/IsPE64 YRP/IsWindowsGUI [+] YRP/HasDebugData YRP/ImportTableIsBad YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Antivirus YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/Check_Dlls YRP/Check_Qemu_Description YRP/Check_Qemu_DeviceMap YRP/Check_VBox_Description YRP/Check_VBox_DeviceMap YRP/Check_VBox_Guest_Additions YRP/Check_VBox_VideoDrivers YRP/Check_VMWare_DeviceMap YRP/Check_VmTools YRP/vmdetect_misc YRP/android_meterpreter YRP/Big_Numbers3
e568dbee82ecd2d3089f927aed0e8971dd60bb8b3260d01a3acc5726f7233321	PE32	2021-07-13 19:01:34	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate

Recent Searches
yrp/check_dlls
yrp/casper_systeminformation_output
yrp/equationgroup_dul
yrp/webshell_safe0ver
yrp/webshell_webshells_new_code
yrp/jspshall_jsp
yrp/grozlex
yrp/flatedecode_wrong_version
yrp/wineggdropshellfinal_zip_folder_injectt
yrp/shellcreator2

Search

Recent Searches