MalShare

MD5 Hash	File type	Added	Source	Yara Hits
acf4fbd427524bf873b53909ccbcdfab	PE32	2017-10-08 20:18:18	User Submission	YRP/maldoc_find_kernel32_base_method_1 YRP/contentis_base64 YRP/domain YRP/Microsoft_Visual_Cpp_v50v60_MFC [+] YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 YRP/Armadillo_v4x YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature
a76bc5b699a2cb2940992741766862f4	PE32	2017-10-08 20:23:07	User Submission	YRP/maldoc_find_kernel32_base_method_1 YRP/contentis_base64 YRP/domain YRP/Microsoft_Visual_Cpp_v50v60_MFC [+] YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 YRP/Armadillo_v4x YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature
ba7750728890a549f54fa4275ab0e7a1	PE32	2017-10-21 02:45:08	http://www.tongshinpacks.com/stub.exe	YRP/maldoc_getEIP_method_1 YRP/contentis_base64 YRP/domain YRP/Microsoft_Visual_Cpp_v50v60_MFC [+] YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/HasRichSignature YRP/CRC32b_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants
a38e39d052db845787b3aaf29e64caf4	PE32	2017-12-11 00:39:54	http://185.113.4.3/AnyDesk.exe	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay [+] YRP/HasDigitalSignature YRP/HasDebugData YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/android_meterpreter YRP/Big_Numbers1
527388bf300a1a4fdd2c4707c78e0663	PE32	2017-12-14 13:45:09	http://btcdrops.com/finaly.exe	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Armadillo_v4x YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
0eb61700c442ed3d604df5ef65bd5034	MS-DOS	2018-02-20 15:05:43	http://23.249.161.109/ace/MY_BIN/my_Bin.exe	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasModified_DOS_Message YRP/domain FlorianRoth/DragonFly_APT_Sep17_3
656d6b8e95e5f4f14fac8c5f0b625afb	PE32	2018-02-21 01:45:06	http://tp-group.info/Usig/	YRP/Microsoft_Visual_Cpp_v60_DLL_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasDebugData YRP/ImportTableIsBad YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64
2563a25b5be59c8937cb97be6048cf58	PE32	2018-02-21 01:47:34	http://personaltrainervancouverwashington.com...	YRP/Microsoft_Visual_Cpp_v60_DLL_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasDebugData YRP/ImportTableIsBad YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64
5750c7d05f17d31914fd1bb3c040317e	PE32	2018-02-21 01:52:51	http://libreriasur.com/N5MvYH6/	YRP/Microsoft_Visual_Cpp_v60_DLL_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasDebugData YRP/ImportTableIsBad YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64
19f207c7c91c638bcfcff8a3e46f240a	PE32	2018-02-23 15:00:53	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/Qemu_Detection FlorianRoth/DragonFly_APT_Sep17_3
0695f0f7008eb5f5b389ed0e57089bdf	PE32	2018-02-23 16:00:57	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/android_meterpreter
1528b3892c7d02cd5bc58db0736c069d	PE32	2018-02-23 16:00:59	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/android_meterpreter
2cab9989fb957efd98dbbbcb9b1946ab	PE32	2018-02-23 16:00:59	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64
f7237cee8d78b0770d0893d3e4b879b5	PE32	2018-02-25 10:29:22	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/IsPacked [+] YRP/HasDebugData YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/Big_Numbers1
1b02577f0addea32eb02a50d4a4cdd1e	PE32	2018-02-26 02:46:39	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/IsBeyondImageSize [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/contentis_base64 FlorianRoth/DragonFly_APT_Sep17_3
edb336a8798a4d24465e3eef57d15573	PE32	2018-02-26 10:44:34	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64
7d9257455dcf1a031d465d649303c89c	PE32	2018-02-26 10:44:40	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64
86841abe7918c074f0728ae690c08b5c	PE32	2018-02-26 10:44:42	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64
3dc67c4833188e524ba97275fe658d57	PE32	2018-02-26 10:44:42	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64
a84d03d1faa10bae01d36a8ec78e946f	PE32	2018-02-26 10:44:58	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64
85af8d19c827ab88af40d3fb687cc255	PE32	2018-02-26 10:45:00	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64
eb60c35d49bfe040bb1ed1b36ee03c8e	PE32	2018-02-26 10:45:00	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64
e2d404252ae54734e8f9754bd22054fb	PE32	2018-02-26 10:45:01	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64
2f91841cc287e1931170b7a2222c2820	PE32	2018-02-26 10:45:06	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64
1ad3a2abcea7b96c646d3197c5211410	PE32	2018-02-26 10:45:06	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/android_meterpreter
f227e390189c992a66dba68a6a363c76	PE32	2018-02-26 10:45:07	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/Misc_Suspicious_Strings
036802079fd51ef00262a48579b18a2e	PE32	2018-02-26 10:45:09	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64
2fd69ae8f097cc52896b4ecb5a6becd5	PE32	2018-02-26 10:45:16	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64
503a3f7c7540ef8cbfa582f3b541e072	PE32	2018-02-26 10:45:19	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64
4fc051a8f6ecd60861f3b7c1d7341520	PE32	2018-02-26 10:45:21	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64
b38240049b507c63bd821bbab1793e66	PE32	2018-02-26 10:45:24	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64
b03e31aa2cdec006b4416122e8ba5c24	PE32	2018-02-26 10:45:25	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/android_meterpreter
78b05eea36da2dad741183e4ea046fcb	PE32	2018-02-26 10:45:25	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64
9742e862d16930c2d6453563b524e419	PE32	2018-02-26 10:45:27	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64
50db491742d3849a8a2d0a0b214f3605	PE32	2018-02-26 10:45:46	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64
35cc9a0f13c5d6bd4dc44970844c1dbf	PE32	2018-02-26 10:45:51	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/android_meterpreter
1e44788a4a8fc710bc480deb119495b4	PE32	2018-02-26 10:45:58	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64
b753ce3f2ddd93f55bbbf56fd773e75f	PE32	2018-02-26 10:45:59	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64
1ad26af8f65617d57627121c8fb98963	PE32	2018-02-26 10:46:00	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64
fdd88a3131fa33b8b820734129097170	PE32	2018-02-26 10:46:17	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64
7206007b1cad1e5c2e69069aea7658f2	PE32	2018-02-27 01:45:26	http://5.8.88.175/SkypeP.exe	YRP/ASProtect_v132 YRP/FSG_v110_Eng_dulekxt_Microsoft_Visual_C_Basic_NET YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsPacked YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/FASM YRP/maldoc_getEIP_method_1 YRP/domain FlorianRoth/DragonFly_APT_Sep17_3
535ff515f8255a73d812da31ee13a001	PE32	2018-03-07 01:10:02	http://103.68.190.250/Sources//Advance/BJWJ/B...	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library
6e29f8b6d52aa0adb7de42063a1c96ab	PE32	2018-03-07 01:10:35	http://103.68.190.250/Sources//Advance/BJWJ/B...	YRP/Microsoft_Visual_Cpp_v60_DLL_additional YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/disable_firewall YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library FlorianRoth/DragonFly_APT_Sep17_3
95cb7e37cfe6daada4efd2d961d5bae0	PE32	2018-03-07 01:11:10	http://103.68.190.250/Sources//Advance/BJWJ/B...	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData YRP/IsBeyondImageSize [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/IMPLANT_4_v5 FlorianRoth/IMPLANT_4_v5
f9ca0aed21dfa7bc1c463ae706e85dc3	PE32	2018-03-07 01:12:13	http://103.68.190.250/Sources//Advance/BJWJ/B...	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData YRP/IsBeyondImageSize [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/network_tcp_socket YRP/screenshot YRP/win_registry YRP/win_files_operation YRP/android_meterpreter YRP/CRC32_poly_Constant YRP/MD5_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/IMPLANT_4_v5 FlorianRoth/IMPLANT_4_v5
e20146551b34409d71dde02a8e3d5c15	PE32	2018-03-07 01:12:36	http://103.68.190.250/Sources//Advance/BJWJ/B...	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/IsBeyondImageSize [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/contentis_base64 YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library FlorianRoth/DragonFly_APT_Sep17_3
d9010844d9cb96870255d7f84ef9caa9	PE32	2018-03-07 01:13:59	http://103.68.190.250/Sources//Advance/BJWJ/B...	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI YRP/IsBeyondImageSize [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/screenshot YRP/win_registry YRP/win_files_operation YRP/android_meterpreter YRP/CRC32_poly_Constant YRP/MD5_Constants YRP/BASE64_table YRP/spyeye YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library
53df742797cb0075517bff680bc963d5	PE32	2018-03-07 01:15:00	http://103.68.190.250/Sources//Advance/BJWJ/B...	YRP/Microsoft_Visual_Cpp_v60_DLL_additional YRP/Armadillo_v4x YRP/IsPE32 YRP/IsDLL [+] YRP/IsWindowsGUI YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/disable_firewall YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library FlorianRoth/DragonFly_APT_Sep17_3
619f84a6a33b1efd6a7e92b26ea02846	PE32	2018-03-07 01:15:08	http://103.68.190.250/Sources//Advance/BJWJ/B...	YRP/Microsoft_Visual_Cpp_v60_DLL_additional YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/anti_dbg YRP/disable_firewall YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library FlorianRoth/DragonFly_APT_Sep17_3
bc2f2c44f12ffd6df3dc2685980361e8	PE32	2018-03-07 01:17:45	http://103.68.190.250/Sources//Advance/BJWJ/B...	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData YRP/IsBeyondImageSize [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/inject_thread YRP/network_tcp_socket YRP/screenshot YRP/win_registry YRP/win_files_operation YRP/android_meterpreter YRP/CRC32_poly_Constant YRP/MD5_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/IMPLANT_4_v5 FlorianRoth/IMPLANT_4_v5
8f90057ab244bd8b612cd09f566eac0c	PE32	2018-03-07 01:24:34	http://94.130.104.170/Hupigon.ex_	YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI YRP/IsBeyondImageSize [+] YRP/ImportTableIsBad YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/Browsers YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/anti_dbg YRP/inject_thread YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Delphi_DecodeDate YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/CookieTools
04ba40662923be168ca4dc2da924a0d0	PE32	2018-03-07 03:02:39	http://94.130.104.170/Rustock.E//malware.exe	YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h YRP/IsPE32 YRP/IsDLL YRP/IsPacked [+] YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/FASM YRP/domain
4cc7b57b9d59f75ccc5d113caa45f493	PE32	2018-03-07 05:05:21	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain YRP/Misc_Suspicious_Strings
50e32f13d56147f9eb10be3560df7f4b	PE32	2018-03-07 05:05:21	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain YRP/Misc_Suspicious_Strings
511e1e492293b1ac4b7620e090b7c8d3	PE32	2018-03-07 05:05:22	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain YRP/Misc_Suspicious_Strings
9d124d796b4523c5ba17252a86136467	PE32	2018-03-07 05:05:22	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain YRP/Misc_Suspicious_Strings
1f891509bfc9ab681b162e8feb7f4b14	PE32	2018-03-07 05:05:22	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain YRP/Misc_Suspicious_Strings
0c03790e9060432e4bf0e04836f3d34d	PE32	2018-03-07 05:05:23	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain
93d4100fab326159bfbd8c91a2ea782f	PE32	2018-03-07 05:05:23	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain
0e8a50b33fce1fe852d728cfe75bf73c	PE32	2018-03-07 05:05:23	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain
d186cf48eae4e5cb849e44d95f78d9f7	PE32	2018-03-07 05:05:23	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain YRP/contentis_base64
1ac405341c2b4d6b45fac489f9921f8c	PE32	2018-03-07 05:05:23	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain
ede5dea9044f35c2ddfa33ee14ac8c3b	PE32	2018-03-07 05:05:23	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain
23352a7f6e840312fb4ec51c870c5156	PE32	2018-03-07 05:05:24	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain YRP/Misc_Suspicious_Strings
fe4b57532a3829dadec2421839ce9d6f	PE32	2018-03-07 05:05:24	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain
b4b5144532d9c43939ca6d1c388ba66e	PE32	2018-03-07 05:05:24	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain
0e55e6303911d4ca8e38fad885a69111	PE32	2018-03-07 05:05:24	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain
7c1214418f5372f0e182dc52fa12ed0c	PE32	2018-03-07 05:05:24	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain YRP/Misc_Suspicious_Strings
82e7f1574607b26273d250543bf8c947	PE32	2018-03-07 05:05:24	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain
b93ac68a9b4788bbbe968840f0b9e0e6	PE32	2018-03-07 05:05:25	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain YRP/Misc_Suspicious_Strings
c32918a9ec6a449cfd61e2fcdaf6ed31	PE32	2018-03-07 05:05:25	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain
241af7d671a58c207debfc7edfcdd4f1	PE32	2018-03-07 05:05:25	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain
15161dbbde3c361d5d9914342a917737	PE32	2018-03-07 05:05:25	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain YRP/Misc_Suspicious_Strings
397e16d91e4c1fec4b7a987ef45b15bb	PE32	2018-03-07 05:05:25	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain
844409f6927573e519940883d87bbcc8	PE32	2018-03-07 05:05:26	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain YRP/Misc_Suspicious_Strings
d54e7825823e40f6eb9f59c7fde7fdf1	PE32	2018-03-07 05:05:26	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain
9d56635448c5cc5529d8ea2c4762d0c3	PE32	2018-03-07 05:05:26	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain YRP/Misc_Suspicious_Strings
8cdc2e1d801a831078212992ee2b335d	PE32	2018-03-07 05:05:26	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain
1667552f29d8d1c9cd8ab46ceeb1f778	PE32	2018-03-07 05:05:26	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain YRP/Misc_Suspicious_Strings
920e7f60aa96b87855c50b67d3b6dfff	PE32	2018-03-07 05:05:26	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain YRP/Misc_Suspicious_Strings
41beb1420a9c908bb7e28614c817da2f	PE32	2018-03-07 05:05:26	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/IsBeyondImageSize [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/contentis_base64 FlorianRoth/DragonFly_APT_Sep17_3
7e5e7c52f4cf574c02789bb67e45f095	PE32	2018-03-07 05:05:26	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain YRP/Misc_Suspicious_Strings
0f92d23366c5611a0cfb3a6546a3e5a4	PE32	2018-03-07 05:05:27	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain YRP/Misc_Suspicious_Strings
af5c7bf7449fb8e1c5964b42b5fd2a87	PE32	2018-03-07 05:05:27	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain YRP/Misc_Suspicious_Strings
6b5134a851dca8389f1a546df0a3fe85	PE32	2018-03-07 05:05:27	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain YRP/Misc_Suspicious_Strings
b70d667f5da5fb462a82cdec17949055	PE32	2018-03-07 05:05:27	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain YRP/Misc_Suspicious_Strings
1aa207c87354594b6ea8780472c62e19	PE32	2018-03-07 23:20:07	http://212.52.161.220/JumperHelpDesk.exe	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay [+] YRP/HasDigitalSignature YRP/HasDebugData YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Big_Numbers1
b870b57ead9feff7076a4045f02ef5b0	PE32	2018-03-12 20:46:12	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/IsBeyondImageSize [+] YRP/ImportTableIsBad YRP/MinGW_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers1 YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API
2b75a6137dc9210cbccfd1b63195262a	PE32	2018-03-16 14:27:03	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain FlorianRoth/DragonFly_APT_Sep17_3
276f7893d9374856582f0d64cef4ee21	PE32	2018-03-23 13:52:39	http://mattgraumann.com/bluadmin/ui/tochi3.ex...	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsBeyondImageSize YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain FlorianRoth/DragonFly_APT_Sep17_3
52df88369823987223803401c381ba2b	PE32	2018-03-23 13:52:42	http://mattgraumann.com/bluadmin/ui/paris4.ex...	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsBeyondImageSize YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain FlorianRoth/DragonFly_APT_Sep17_3
4fe85a5952186556e3f4762649ee7c21	PE32	2018-03-23 13:52:45	http://mattgraumann.com/bluadmin/ui/pablo3.ex...	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsBeyondImageSize YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain FlorianRoth/DragonFly_APT_Sep17_3
b7e07e3bd59914b65bad56cd134fbcfc	PE32	2018-03-23 19:07:59	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Browsers YRP/screenshot YRP/cred_local YRP/cred_ff YRP/win_registry YRP/win_private_profile YRP/win_files_operation YRP/MD5_Constants YRP/DES_sbox
5eedf40d3546eb90b5423ae3ac1d3f32	PE32	2018-03-23 19:08:02	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Browsers YRP/screenshot YRP/keylogger YRP/cred_local YRP/win_registry YRP/win_files_operation YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/DES_Long YRP/DES_sbox YRP/Str_Win32_Wininet_Library YRP/with_sqlite
d8606b6cedb102c3e3605e80157bfcb2	PE32	2018-03-23 19:08:04	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/anti_dbg YRP/win_files_operation
ee906d4d2737ee625b83519f3e7476ec	PE32	2018-03-28 14:46:04	http://server.bludomain21.com/~bacap/parisguy...	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsBeyondImageSize YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain FlorianRoth/DragonFly_APT_Sep17_3
9bbe4e3a79cf17b43129144bfb04f4f6	PE32	2018-03-30 20:36:45	User Submission	YRP/Visual_Cpp_2003_DLL_Microsoft YRP/IsPE32 YRP/IsDLL YRP/IsConsole [+] YRP/HasDebugData YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/contentis_base64 FlorianRoth/DragonFly_APT_Sep17_3
3dd4843c5309ff72885aa207e097e883	PE32	2018-03-30 22:27:31	User Submission	YRP/UPXv20MarkusLaszloReiser YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/UPX20030XMarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Browsers YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/cred_local YRP/cred_ff YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/DES_sbox YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/with_sqlite YRP/pony BAMFDetect/pony
d590daeec2c7f22b1cb7a506d96bd437	MS-DOS	2018-04-01 06:36:38	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64 YRP/DebuggerException__SetConsoleCtrl YRP/anti_dbg YRP/inject_thread YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API
97f8878f70801bbb0c7c7307fbe5c91e	PE32	2018-05-18 02:17:34	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/maldoc_OLE_file_magic_number YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/disable_antivirus YRP/network_http YRP/win_registry YRP/win_files_operation YRP/android_meterpreter YRP/Big_Numbers0 YRP/Big_Numbers3 YRP/Big_Numbers4 YRP/MD5_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
cb2c2a201d3e3503672cfabf04cb0dd6	PE32	2018-05-18 15:47:32	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 FlorianRoth/DragonFly_APT_Sep17_3
c0f4d725892af6cf7337b0ecc4ebac6f	PE32	2018-05-18 19:37:20	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature [+] YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 FlorianRoth/DragonFly_APT_Sep17_3
42f0981abd25d1e3af2039f7f8c362b3	PE32	2018-05-18 23:27:19	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
faa803166f5b3c834a4f92398c2bfc67	PE32	2018-05-18 23:27:21	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature [+] YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 FlorianRoth/DragonFly_APT_Sep17_3
31e8b83c5de470dabb7d1e7c0e980ccc	PE32	2018-05-19 03:08:45	http://adaltmovies65.b0ne.com/file.exe	YRP/Safeguard_103_Simonzh YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/FASM YRP/domain YRP/contentis_base64
c46375c2e8f19ca7c02a898f2f69f828	PE32	2018-05-19 06:57:21	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/HasOverlay YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
5418752ece1d15d13c7315084c90fa44	PE32	2018-05-19 07:07:21	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
28d5254f1d302354880a1d616caf01e6	PE32	2018-05-19 09:57:22	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
a747385fa1c8c4f3014ed6b63c389ae6	PE32	2018-05-19 11:37:20	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
abe82777cee196d0278aef80b9741ad4	PE32	2018-05-19 13:57:20	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature [+] YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 FlorianRoth/DragonFly_APT_Sep17_3
0fe42ac6c43dc01b0e69386a078eaba4	PE32	2018-05-19 14:47:05	http://ukaytrades.tk/bin.exe	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/CRC32b_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants
2b83b72a52450bade79d5b7e0f1c83c2	PE32	2018-05-20 06:37:42	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
e8daf2572e9dddb9aa520c753372b265	PE32	2018-05-21 05:57:37	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
226f559156e9f553cad7661d2fda8401	PE32	2018-05-21 09:44:36	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/CRC32_poly_Constant YRP/BASE64_table
cad93076620d7786dc9a198c0e832827	PE32	2018-05-21 20:07:38	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
a4380ad25ad1372541c7e246eefcba35	PE32	2018-05-23 15:15:33	http://lokipanelhostingpanel.gq/work/worknew/...	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/CRC32b_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants
057bf66fa021e94cad1cdaed1f59c4f9	PE32	2018-05-25 12:17:56	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
efe07bf61735b517288c00f5756e4b28	PE32	2018-05-31 14:53:45	http://5.206.226.41/private//bin.exe	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/CRC32b_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants
6311ab0972204c44acc99948db3a6d02	PE32	2018-06-03 15:08:04	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
de1ce3514f777178d672ee79ac398a74	PE32	2018-06-05 02:48:15	http://185.146.156.166/table.png	YRP/Microsoft_Visual_Basic_v50 YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64
68c0954c28bd666000247e34a65dfa86	PE32	2018-06-07 20:58:09	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/CRC32_poly_Constant YRP/BASE64_table
40e820f2ef3026952a140a7dbda1e022	PE32	2018-06-12 19:28:32	User Submission	YRP/Armadillo_v4x YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
6f5528dec223c5ea192572db9162edba	PE32	2018-06-12 21:48:26	User Submission	YRP/Armadillo_v4x YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
58b48366230ba79584ec2e7ef7dfffa1	PE32	2018-06-18 13:48:16	User Submission	YRP/Armadillo_v4x YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
e2d2f90fa9cb5e8355fa7fda6bf7b0df	PE32	2018-06-18 18:28:18	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature [+] YRP/maldoc_find_kernel32_base_method_1 YRP/domain FlorianRoth/DragonFly_APT_Sep17_3
89ae5e21d6cf455f467cfaf62350848c	PE32	2018-06-20 07:45:55	User Submission	YRP/Microsoft_Visual_Basic_v50 YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/HasOverlay YRP/ImportTableIsBad YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64
b6acc52374b2b2e1900d171cdcfd6fa6	PE32	2018-06-22 12:58:39	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsConsole YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain YRP/contentis_base64
0c28dbd1f9c06f940ce2249d0ed4425a	PE32+	2018-06-22 17:34:08	User Submission	YRP/IsPE64 YRP/IsWindowsGUI YRP/HasDebugData YRP/ImportTableIsBad [+] YRP/domain YRP/IP YRP/url YRP/contentis_base64 FlorianRoth/DragonFly_APT_Sep17_3
7e2c4f1a7256202646a786febe5f209f	PE32+	2018-06-22 18:20:34	User Submission	YRP/IsPE64 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/domain YRP/IP YRP/contentis_base64 YRP/disable_dep YRP/MD5_Constants
5d524ff2cc90a4bac9ec7bfda9f2d389	PE32	2018-06-22 19:28:22	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDigitalSignature YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings FlorianRoth/DragonFly_APT_Sep17_3
8b46b7683c881c12caf69ecc02e2c73e	PE32	2018-06-22 19:28:22	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDigitalSignature YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings FlorianRoth/DragonFly_APT_Sep17_3
4ab32dc16fabdb9c9015be713d8a68d4	PE32	2018-06-22 19:28:22	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDigitalSignature YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings FlorianRoth/DragonFly_APT_Sep17_3
cb2686d69d08cf3eca162b664870b519	PE32	2018-06-22 19:55:18	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDigitalSignature YRP/HasDebugData YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings
8f68f8a818c9f16f928d58172bb76852	PE32	2018-06-22 20:06:51	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay [+] YRP/HasDigitalSignature YRP/HasDebugData YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Big_Numbers1
915c2bea8763eb50fba27241cbc1c448	PE32	2018-06-22 20:53:37	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64
416849353e3d62c96fe96c9372caaec9	PE32	2018-06-22 21:55:35	User Submission	YRP/Safeguard_103_Simonzh YRP/Armadillo_v4x YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsPacked YRP/ImportTableIsBad YRP/FASM YRP/domain YRP/contentis_base64 FlorianRoth/DragonFly_APT_Sep17_3
a1060d87e52cb0a701764c6b640d1bb5	PE32+	2018-06-22 22:36:04	User Submission	YRP/IsPE64 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDigitalSignature YRP/HasDebugData YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64
df6f21bd7a83f6af61f28c4163f8f1fd	PE32	2018-06-22 22:39:53	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/CRC32b_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants
44bf002b09f35c25117bbf3b22319ed0	PE32	2018-06-23 01:52:04	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain YRP/contentis_base64 FlorianRoth/DragonFly_APT_Sep17_3
903a37899ee1231164e629523a92ed5c	PE32	2018-06-23 02:45:12	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/contentis_base64 FlorianRoth/DragonFly_APT_Sep17_3
af0a28f540333147cd741a436892d115	PE32	2018-06-23 04:36:59	User Submission	YRP/Safeguard_103_Simonzh YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/ImportTableIsBad YRP/FASM YRP/domain YRP/contentis_base64 FlorianRoth/DragonFly_APT_Sep17_3
0b50157a99a1ffcc0ad8174d55e7ebfa	PE32+	2018-06-23 06:07:13	User Submission	YRP/IsPE64 YRP/IsWindowsGUI YRP/HasDebugData YRP/ImportTableIsBad [+] YRP/domain YRP/IP YRP/contentis_base64 FlorianRoth/DragonFly_APT_Sep17_3
7f5123f60f841fa3adedef1b95ae9f70	PE32	2018-06-23 06:07:49	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 FlorianRoth/DragonFly_APT_Sep17_3
525f223ee2dee31850dd2f38193d6acb	PE32	2018-06-23 06:25:32	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 FlorianRoth/DragonFly_APT_Sep17_3
4a8e11468649e045976574691cf53732	PE32	2018-06-23 08:11:28	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/FASM [+] YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain
b9603cf4417cdc08ecde2fe5ee80f14e	PE32	2018-06-23 08:20:09	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Browsers FlorianRoth/DragonFly_APT_Sep17_3
87d455e25b99ac19c061ebfa6069d9cb	PE32	2018-06-23 09:50:07	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay [+] YRP/HasDigitalSignature YRP/HasDebugData YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/android_meterpreter YRP/Big_Numbers1 YRP/suspicious_packer_section
39dfd79188be60f4958a395ed482d52f	PE32	2018-06-23 13:25:52	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/ImportTableIsBad [+] YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64
6dfb8da0c691bf0dc733d369b8c4a74e	PE32	2018-06-23 13:27:47	User Submission	YRP/WATCOM_CCpp_32_Run_Time_System_1988_1994 YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad [+] YRP/HasModified_DOS_Message YRP/domain YRP/IP YRP/contentis_base64
74276ee1b9d304b76afc8783de67934b	PE32	2018-06-25 09:16:57	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain
e8c1c7f898856c11c164efdca2ef904e	PE32	2018-06-25 21:28:25	User Submission	YRP/Armadillo_v4x YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
b7c16e0d9986e662d1becc2d295b6e01	PE32	2018-06-27 15:45:18	http://46.21.248.153/toler.png	YRP/Microsoft_Visual_Basic_v50 YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64
395d87c54abccf9c92a009cf42c573aa	PE32	2018-06-28 23:09:08	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI [+] YRP/IsPacked YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
24a5774e94ad4efa63aff8f9fc706445	PE32	2018-07-02 14:49:06	http://uploadtops.is/1/q/amajVFY	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/CRC32b_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants
586006baf99ecdb0d809cd30f1035c3d	PE32	2018-07-08 15:38:35	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI [+] YRP/IsPacked YRP/HasOverlay YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
41ace30cf4b06483abf0ea13054a7437	PE32	2018-07-08 15:38:38	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI [+] YRP/IsPacked YRP/HasOverlay YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
ee6c8cbedec373a868a1e17b80790897	PE32	2018-07-09 09:58:35	User Submission	YRP/Armadillo_v4x YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
0a9fba5f45a4c23e7804475a429506e2	PE32	2018-07-09 14:42:16	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature [+] YRP/maldoc_find_kernel32_base_method_1 YRP/domain
903def444273c8e27463e30269c48e55	PE32	2018-07-10 20:28:36	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
cdf17b6da79a5243f32e7002b2b14929	PE32	2018-07-11 17:36:57	http://220.76.91.6/DUA/DUAA/1.exe	YRP/Stelth_PE_101_BGCorp YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/contentis_base64
522f44d30d15f8d03ecbee8ffe512f29	PE32	2018-07-12 14:45:14	http://199.247.22.88/table.png	YRP/Microsoft_Visual_Basic_v50 YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64
2ad35fa357a1a13658d6107934be41cc	PE32	2018-07-12 14:45:19	http://199.247.22.88/toler.png	YRP/Microsoft_Visual_Basic_v50 YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64
38916c96f5e58337415125cefd12084e	PE32+	2018-07-13 09:21:55	User Submission	YRP/IsPE64 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/domain [+] YRP/IP YRP/url YRP/contentis_base64
e3348cb36355542e4f72922918ea2d46	PE32	2018-07-13 10:01:40	User Submission	YRP/Safeguard_103_Simonzh YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/ImportTableIsBad YRP/FASM YRP/domain YRP/contentis_base64 FlorianRoth/DragonFly_APT_Sep17_3
e54c1e7cdeb69e7eefe0f6926c0a0ae6	PE32	2018-07-13 10:08:52	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Armadillo_v4x YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
9116837792fe1dca21c1f9e0bb66f15d	PE32	2018-07-13 10:47:58	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasModified_DOS_Message [+] YRP/domain YRP/IP YRP/contentis_base64
bbb654210801743e4c739ceda9f2b243	PE32	2018-07-13 11:44:29	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasModified_DOS_Message [+] YRP/domain YRP/IP YRP/contentis_base64
fb7a792849608760862f5827a2e0e46c	PE32	2018-07-13 12:00:17	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/CRC32b_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants
b9bcde253aa1ad412a3b57de86e69ced	PE32	2018-07-16 08:08:27	User Submission	YRP/Armadillo_v4x YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
470eb64e9cbdfa9931ef7255a75fb45a	PE32	2018-07-16 08:08:29	User Submission	YRP/Armadillo_v4x YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
c2fe07145ae1d11107920749010adb42	PE32	2018-07-18 11:08:28	User Submission	YRP/Armadillo_v4x YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
348b8688bfb373245ea13c0c39233fe5	PE32	2018-07-18 11:48:36	User Submission	YRP/Armadillo_v4x YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
1c653990aeb4b11958ff615f325cbb1d	PE32	2018-07-18 11:48:37	User Submission	YRP/Armadillo_v4x YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
cd6bd9b0f14dfade031a2964557a0097	PE32	2018-07-19 10:48:36	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData YRP/ImportTableIsBad [+] YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64 YRP/CRC32_poly_Constant YRP/BASE64_table
2309a6426df4c8125d09383a1b6b7315	PE32	2018-07-23 16:48:39	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
33ee72464cef636f865a7b74e5db5cdc	PE32	2018-07-23 16:58:48	User Submission	YRP/Armadillo_v4x YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
5720964d275c7c0630e7db6d2becd74a	PE32	2018-07-24 11:52:07	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay [+] YRP/HasDigitalSignature YRP/HasDebugData YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/android_meterpreter YRP/Big_Numbers1
cd5fb0fdb479947c8bdb2c80a6dd1330	PE32	2018-07-24 12:06:23	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain YRP/contentis_base64
e83979bf81f8391b33c2f1146cf34660	PE32	2018-07-24 12:07:35	User Submission	YRP/Stelth_PE_101_BGCorp YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/contentis_base64
1c1c6b7976e3d5efb48ecd943af5af9d	PE32	2018-07-24 12:09:25	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain YRP/contentis_base64
e84072847db4b0b48e175b99572277b0	PE32	2018-07-24 12:09:49	User Submission	YRP/Stelth_PE_101_BGCorp YRP/Stelth_PE_101_BGCorp_additional YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsPacked YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/contentis_base64
906fb37d358ab9943aaea6d2c3df7f1a	PE32	2018-07-24 12:32:32	User Submission	YRP/Stelth_PE_101_BGCorp YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/contentis_base64
29671c98a348fb110b427cef0e0a3014	PE32	2018-07-24 12:46:10	User Submission	YRP/Stelth_PE_101_BGCorp YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/contentis_base64
17d9200dc532ae26acf3bbf395b5da01	PE32	2018-07-24 12:54:33	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain YRP/contentis_base64
eb3bd07ba03b7b4574a0246bcadfef00	PE32	2018-07-24 12:56:59	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain YRP/contentis_base64
ea51dfa81ff78f3e8306b03e7aba4fc0	PE32	2018-07-24 12:59:00	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain YRP/contentis_base64
a89eb953363e58f74fdde578003eb57c	PE32	2018-07-24 13:01:02	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain YRP/contentis_base64
731a73c200010152496be33ec176378f	PE32	2018-07-24 13:01:27	User Submission	YRP/Stelth_PE_101_BGCorp YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/contentis_base64
0416cedbe406cac203c1c67f810cd67b	PE32	2018-07-24 13:01:52	User Submission	YRP/Stelth_PE_101_BGCorp YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/contentis_base64
3114607ed620a22045be8069680e6a17	PE32	2018-07-24 13:06:42	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain YRP/contentis_base64
d373933dd36c9b9cd860819eb39321c0	PE32	2018-07-24 13:28:42	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain
0ff8f2ced5aa9e85f27fa5e2f9f3bf80	PE32	2018-07-24 13:29:55	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain
95d3e3c80a9293b6500a4b74add6dc70	PE32	2018-07-24 13:55:44	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/CRC32b_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants
edc0fd0edb8fcdb161aae9d4eef9976a	PE32	2018-07-24 13:59:50	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain YRP/contentis_base64
7fb97096401e92ef641097f08ab45d6d	MS-DOS	2018-07-24 14:15:40	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasModified_DOS_Message [+] YRP/domain YRP/IP YRP/contentis_base64 YRP/fin7_functions FlorianRoth/DragonFly_APT_Sep17_3
7ec737109c46b1604b09a93ff171f096	PE32	2018-07-24 15:07:03	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/CRC32b_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants
39506fc43c79c5fa1005cfd7555866cc	PE32	2018-07-31 02:57:54	http://imranjeetgya.com/unathi/sirjay.exe	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/CRC32b_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants
735b40e3db09734de31b1cef754ada47	PE32+	2018-08-05 03:09:23	User Submission	YRP/IsPE64 YRP/IsWindowsGUI YRP/HasDebugData YRP/ImportTableIsBad [+] YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/network_dns YRP/Big_Numbers1
efb72c1ec0608a79de8bd3ee79c0bad2	PE32	2018-08-09 02:47:32	https://tritongreentech.com/logs/tr.exe	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/CRC32b_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants
14f454b82848695d8b9b3cac294bf148	PE32	2018-08-11 02:51:30	http://imranjeetgya.com/mike/femi.exe	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/CRC32b_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants
f6c406f52215c0100708608fa1caf732	PE32	2018-08-16 14:50:14	http://imranjeetgya.com/suremoney/dami.exe	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/CRC32b_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants
92bbcba28354c9c65f6fce7f08ed8e8a	PE32	2018-08-16 14:54:05	http://imranjeetgya.com/jigga/Gasby.exe	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/CRC32b_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants
0206bca4ee7b38dc00035f9b485924d5	PE32	2018-08-18 14:48:09	http://activitycorporation.com/2/3/4/FB.exe	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/CRC32b_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants
7c17f13db30bd88b8ae439afa9a01450	PE32	2018-08-20 11:47:27	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain YRP/contentis_base64
ec16293477c0811c3566b3ff2cd5f9a0	PE32	2018-08-20 11:54:13	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain YRP/contentis_base64
b0aa4f124eadf0254d1d317704d5e7e0	PE32	2018-08-20 11:58:21	User Submission	YRP/FSG_v110_Eng_dulekxt_Borland_Delphi_40_50 YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/contentis_base64
df2fa73d2492d7635ccab3db0420fab0	PE32	2018-08-20 12:03:17	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain
247a26688f92e2b6483e016f5654b050	PE32	2018-08-20 12:17:14	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain YRP/contentis_base64
b773e907547e48c5921a034a706a82b0	PE32	2018-08-20 12:23:17	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain YRP/contentis_base64
5864ac86b7ec5c8dd7305154487d90a0	PE32	2018-08-20 12:29:16	User Submission	YRP/Stelth_PE_101_BGCorp YRP/Stelth_PE_101_BGCorp_additional YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsPacked YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain
3c64427cda916bebe4eb0db8b94af916	PE32+	2018-08-20 12:40:30	User Submission	YRP/IsPE64 YRP/IsWindowsGUI YRP/HasDebugData YRP/ImportTableIsBad [+] YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VM_Generic_Detection YRP/Misc_Suspicious_Strings
844f2de6525117cc739cf1e6e0661d27	PE32	2018-08-20 14:46:16	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasModified_DOS_Message YRP/domain YRP/IP YRP/contentis_base64
0ca02c917fc2647c309120bd00371cae	PE32+	2018-08-20 15:05:32	User Submission	YRP/NETexecutableMicrosoft YRP/IsPE64 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/HasDebugData YRP/ImportTableIsBad YRP/domain YRP/IP YRP/contentis_base64
8fda3a304d9a947850c0e9e11bbda086	PE32	2018-08-20 15:06:37	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/FASM [+] YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/win_registry FlorianRoth/DragonFly_APT_Sep17_3
c5b2406d266810ea2f75e13390287029	PE32	2018-08-20 15:22:12	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/contentis_base64
4e86bff71c62bdddeeda9d5ac9c58f45	PE32	2018-08-20 15:51:57	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/ImportTableIsBad YRP/HasModified_DOS_Message YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Misc_Suspicious_Strings YRP/VC8_Random
7b92d682585ec0cb2de1acf7a7971a95	PE32	2018-08-20 15:54:34	User Submission	YRP/Armadillo_v4x YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/ImportTableIsBad YRP/HasModified_DOS_Message YRP/maldoc_getEIP_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/SEH__vectored YRP/network_smtp_raw YRP/escalate_priv YRP/win_token YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32_table YRP/BLOWFISH_Constants YRP/MD5_Constants YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table YRP/VC8_Random YRP/suspicious_packer_section
8a467ea9c6387a5a6ff196cd7998a2b5	PE32+	2018-08-20 15:56:40	User Submission	YRP/NETexecutableMicrosoft YRP/IsPE64 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/HasDebugData YRP/ImportTableIsBad YRP/domain YRP/IP YRP/contentis_base64 YRP/suspicious_packer_section
0919eb74e1d0ac40fbaef896a8eaa125	PE32	2018-08-20 15:57:27	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasModified_DOS_Message YRP/domain YRP/IP YRP/contentis_base64
0abebb391df1b393b1dffd399a3c083e	PE32	2018-08-21 15:05:42	https://u.coka.la/QWreCh.jpg	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/CRC32b_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants
060741bd61e4624429144f7eb825c589	PE32+	2018-09-04 02:51:34	User Submission	YRP/IsPE64 YRP/IsDLL YRP/IsConsole YRP/HasOverlay [+] YRP/HasDigitalSignature YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 FlorianRoth/DragonFly_APT_Sep17_3
d672d5007cd875fa4be0bcf4c71b83fc	PE32	2018-09-04 02:51:37	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDigitalSignature YRP/HasDebugData YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 FlorianRoth/DragonFly_APT_Sep17_3
d91e7515c073c46322ca10c473824b5b	PE32	2018-09-04 02:51:37	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsConsole YRP/HasOverlay [+] YRP/HasDigitalSignature YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 FlorianRoth/DragonFly_APT_Sep17_3
53550722a13391398e6b6428aa7aa515	PE32	2018-09-04 02:51:38	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDigitalSignature YRP/HasDebugData YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 FlorianRoth/DragonFly_APT_Sep17_3
285f9f22ad9b165a95c9dd90d591ff73	PE32	2018-09-04 02:51:38	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDigitalSignature YRP/HasDebugData YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 FlorianRoth/DragonFly_APT_Sep17_3
8953ab125eb951c1e34044f4adaaf791	PE32	2018-09-04 02:51:38	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDigitalSignature YRP/HasDebugData YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 FlorianRoth/DragonFly_APT_Sep17_3
048d3dc420e8ada5ebc2e131cc9af6f5	PE32	2018-09-04 02:51:38	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDigitalSignature YRP/HasDebugData YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64
58f87ff11322ea0421a87c8b74362b45	PE32	2018-09-05 03:12:24	http://imranjeetgya.com/sureplentymoney/stanl...	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/CRC32b_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants
bf27c8f78c24e4388eb61a4625a03024	PE32	2018-09-05 10:22:38	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain YRP/contentis_base64
9f09bb66b37e786bdfe4a6a09c804719	PE32	2018-09-07 12:20:44	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/IsBeyondImageSize [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/Big_Numbers0 YRP/Big_Numbers1
bec5cd92123daac00a6fd55d8377387c	PE32	2018-09-07 12:20:46	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/IsPacked [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Big_Numbers0 YRP/Big_Numbers1
e883d5888fc9cda5d7477e5c70d85d50	PE32+	2018-09-07 13:03:28	User Submission	YRP/IsPE64 YRP/IsWindowsGUI YRP/HasDebugData YRP/ImportTableIsBad [+] YRP/domain YRP/IP YRP/contentis_base64 FlorianRoth/DragonFly_APT_Sep17_3
f81df3645a3024219eff97fda6667cbe	PE32+	2018-09-07 13:08:30	User Submission	YRP/IsPE64 YRP/IsWindowsGUI YRP/HasDebugData YRP/ImportTableIsBad [+] YRP/domain YRP/IP YRP/contentis_base64 FlorianRoth/DragonFly_APT_Sep17_3
be312fdb94f3a3c783332ea91ef00ebd	PE32	2018-09-07 15:35:55	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/FASM [+] YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/CRC32_poly_Constant FlorianRoth/DragonFly_APT_Sep17_3
cf0fc18000cad44356c5bc15dec0be9f	PE32	2018-09-07 16:34:12	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/contentis_base64
5dbe466a55f16d761abdf9eab5305589	PE32	2018-09-10 14:48:18	http://192.3.162.102/DOC/1856.exe	YRP/Safeguard_103_Simonzh YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/FASM YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 FlorianRoth/DragonFly_APT_Sep17_3
de4a3283ebf93c8a5072838d59071495	PE32	2018-09-10 14:48:21	http://192.3.162.102/DOC/1858.exe	YRP/Safeguard_103_Simonzh YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/FASM YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 FlorianRoth/DragonFly_APT_Sep17_3
55c2009b24e3fd10bd8844f047f839dd	PE32	2018-09-14 02:47:59	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/android_meterpreter YRP/Big_Numbers0 YRP/Big_Numbers1
35a21aa160b0d41eab5fae36ef721a48	PE32	2018-09-14 03:03:21	http://parsintelligent.com/bin/biggy.exe	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/CRC32b_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants
dc017dbe7a3ea1b749c183a2b279b6a8	PE32	2018-09-19 19:22:25	http://parsintelligent.com/bin/huang.exe	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/CRC32b_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants
90ec41ec1f9f17b6eb323014bffadffa	PE32	2018-09-23 02:45:27	http://u.coka.la/nb7zcf.jpg	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/CRC32b_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants
f04ee34e113f447892c13d8843d49584	PE32	2018-10-04 15:24:26	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsConsole YRP/IsBeyondImageSize [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/android_meterpreter YRP/Big_Numbers1
6b68766d0bee2306c3cfe4402225926f	PE32	2018-10-05 10:26:47	http://uploader.sx/uploads/2018/5b623b20.exe	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/CRC32b_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants
648b693ca559cffff91f3d42a3b13ec8	PE32	2018-10-09 10:00:42	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData YRP/ImportTableIsBad [+] YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64 YRP/CRC32_poly_Constant YRP/BASE64_table
caf3e0e3e18fa7b18b3592bd497afd85	PE32	2018-10-09 10:00:45	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData YRP/ImportTableIsBad [+] YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64 YRP/CRC32_poly_Constant YRP/BASE64_table
afce6041c4164d061334724009cdb663	PE32	2018-10-11 14:50:00	http://23.249.161.109/frankm/ebin.exe	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/CRC32b_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants
295cd05e2690b1427aa84e7c5853f8d1	PE32	2018-10-11 14:53:35	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/IsBeyondImageSize [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_indirect_function_call_3 YRP/domain YRP/url YRP/contentis_base64 YRP/Big_Numbers0
f07432b26c04d6eeeb78d457c201013a	PE32	2018-10-13 02:47:47	http://faivini.com/bin.exe	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/CRC32b_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants
57c88bc5decb0704871464e6444ab639	PE32	2018-10-15 14:50:58	http://23.249.173.202/curry/curry.exe	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/CRC32b_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants
2ced6205942be2349da93af07170bdfd	PE32	2018-10-23 18:08:21	http://99.248.235.4/Library//Turla/NeuronImpl...	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDebugData YRP/ImportTableIsBad YRP/HasRichSignature YRP/powershell YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Antivirus YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/network_tcp_listen YRP/network_dyndns YRP/Big_Numbers1 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/spyeye
23446f09e99037eb87e2b98567a43358	PE32	2018-10-25 14:49:54	http://192.3.162.102/out/coco.exe	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/CRC32b_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants
5a1b404f37e1959a24a8fc184be4c121	PE32	2018-10-25 14:50:00	http://192.3.162.102/out/new.exe	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/CRC32b_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants
4b85fe722fbb3910d3a7e719e3ebec64	PE32	2018-11-01 07:01:21	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI [+] YRP/IsPacked YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
925cdd57f35c8d46d0d07c556fcfd089	PE32	2018-11-01 07:01:46	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI [+] YRP/IsPacked YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
473521e8fae533b4f751fab766c58a0d	PE32	2018-11-01 07:01:56	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI [+] YRP/IsPacked YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
7369f9a771cdadff19bfa9abf885bdaa	PE32	2018-11-01 12:11:03	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI [+] YRP/IsPacked YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
8a82967d1646eef7678a4b8d2e38fee9	PE32	2018-11-06 01:59:31	https://e.coka.la/L8spFK.jpg	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/CRC32b_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants
a5f96f5156a80dd9582387bac7ef188b	PE32	2018-11-08 13:55:24	http://23.249.167.158/word/bin.exe	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/CRC32b_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants
302cb3eb26de5aab4a2f70030a807bc6	PE32	2018-11-09 13:01:10	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
48c887dffb14cf81a217003f7ac7d188	PE32	2018-11-09 13:01:12	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
a779e7986f6e903323cd25c79fd0970e	PE32	2018-11-09 13:01:13	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
f603c8c9ed20a0cf70bc6c55e5b42a61	PE32	2018-11-09 13:01:15	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
9777c68ff8d8f9ba310267b23f69b50b	PE32	2018-11-10 01:58:53	http://150.co.il/AnyDesk.exe	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasDebugData [+] YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Big_Numbers1
316d90aa07e5282ce765f212ab26c7f5	PE32	2018-11-11 13:48:49	http://canoninstant.com/Carlitoma/fairdoc.exe	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/CRC32b_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants
af3568d29cff1e0c059004978af0cad2	PE32	2018-11-11 13:48:55	http://canoninstant.com/mike/come.exe	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/CRC32b_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants
e63d9a93eaa8d210cd748cc67875e980	PE32	2018-11-13 09:32:22	User Submission	YRP/ASProtect_v132 YRP/FSG_v110_Eng_dulekxt_Microsoft_Visual_C_Basic_NET YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsPacked YRP/ImportTableIsBad YRP/FASM YRP/maldoc_getEIP_method_1 YRP/domain FlorianRoth/DragonFly_APT_Sep17_3
2db799976eeb73b567437e0094d30ea9	PE32	2018-11-13 09:40:32	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/ImportTableIsBad [+] YRP/domain YRP/contentis_base64
9dbea7025e6997e6e68d3a550a3481ac	PE32+	2018-11-13 10:11:19	User Submission	YRP/IsPE64 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/domain [+] YRP/IP YRP/contentis_base64
1e0a35dce6f302941c617413d540c8e0	MS-DOS	2018-11-13 10:41:54	User Submission	YRP/IsPE64 YRP/IsDLL YRP/IsConsole YRP/HasDebugData [+] YRP/ImportTableIsBad YRP/HasModified_DOS_Message YRP/domain YRP/IP YRP/contentis_base64 YRP/create_service YRP/Big_Numbers1
38dd52723084c99ba7ec1c7ee6c82e0b	PE32	2018-11-13 11:54:36	User Submission	YRP/Stelth_PE_101_BGCorp YRP/Stelth_PE_101_BGCorp_additional YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsPacked YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/contentis_base64
0a4cf54e52a019f7eb67ec7a455e9244	PE32	2018-11-13 12:16:32	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/CRC32b_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants
4ea8d5a9bafa6eb9f3ad328dd064d2aa	PE32+	2018-11-13 13:19:05	User Submission	YRP/IsPE64 YRP/IsWindowsGUI YRP/IsPacked YRP/HasDebugData [+] YRP/ImportTableIsBad YRP/domain YRP/IP YRP/url YRP/contentis_base64
94adeeaeb6eead9f66becc49383155b8	PE32	2018-11-13 15:21:09	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain YRP/contentis_base64
dcd0bd9af59d4c641def224b4d5b45b3	PE32	2018-11-13 16:01:29	User Submission	YRP/ASProtect_v132 YRP/FSG_v110_Eng_dulekxt_Microsoft_Visual_C_Basic_NET YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsPacked YRP/ImportTableIsBad YRP/FASM YRP/maldoc_getEIP_method_1 YRP/domain FlorianRoth/DragonFly_APT_Sep17_3
f8503fef7586b74dba72902f9fc37f99	PE32	2018-11-13 16:04:30	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/FASM [+] YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 FlorianRoth/DragonFly_APT_Sep17_3
e166e590bf1a2373db6914c3d99ecc1c	MS-DOS	2018-11-13 18:36:22	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay [+] YRP/ImportTableIsBad YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64 YRP/keylogger YRP/win_mutex
90cc4377838b02792a98542186e74298	PE32	2018-11-13 20:26:45	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize [+] YRP/ImportTableIsBad YRP/domain
f798cbf21debb82c7c06dc422dca25c0	PE32	2018-11-13 20:41:17	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
dbb11a47410c2bf4774cf007c7adb3ab	PE32	2018-11-13 20:58:48	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Armadillo_v4x YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
0f919b37174788b755160f10837dbb60	PE32	2018-11-13 21:01:13	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
e5ec7939d602edfb56213f9b3e82b341	PE32	2018-11-13 21:01:15	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
ede17d124934baa401295a7adc978092	PE32	2018-11-13 21:01:17	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
ea83772e90bb79bfeea049bf81828280	PE32	2018-11-14 02:42:36	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/contentis_base64
a4ae3f5ae87e23d660ed09fb513e4d84	PE32	2018-11-14 03:56:43	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsConsole YRP/HasDebugData [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/PoisonIvy_2 FlorianRoth/RAT_PoisonIvy FlorianRoth/DragonFly_APT_Sep17_3 KevTheHermit/PoisonIvy BAMFDetect/PoisonIvy
29872933e896d0b77fb6a3613f583544	PE32	2018-11-14 05:49:24	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/MD5_Constants
e51cc67b367afdde7c3c4782a4a42fe8	PE32	2018-11-14 07:19:18	User Submission	YRP/IsPE32 YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain [+] YRP/contentis_base64 FlorianRoth/DragonFly_APT_Sep17_3
480fbace323529f2222d60ef73910046	PE32	2018-11-14 10:32:28	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasModified_DOS_Message YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64
849d5e4645e61d26ecc9a77e58681f20	PE32+	2018-11-14 10:43:05	User Submission	YRP/possible_includes_base64_packed_functions YRP/IsPE64 YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/ImportTableIsBad YRP/domain YRP/IP YRP/contentis_base64 YRP/Browsers FlorianRoth/DragonFly_APT_Sep17_3
0a707ad77cfa0f6e8bb599eea509abad	PE32	2018-11-14 10:56:14	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/CRC32b_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants
402edc41e165346c563ef4e2b98e4335	PE32+	2018-11-14 12:43:04	User Submission	YRP/IsPE64 YRP/IsWindowsGUI YRP/HasDebugData YRP/ImportTableIsBad [+] YRP/domain YRP/IP YRP/contentis_base64 YRP/MD5_Constants
b00852d7746a8427da578f2913eb8a56	PE32	2018-11-14 14:04:26	http://saaseasy.com/som/bin.exe	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/CRC32b_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants
7c46570265803eaaebc485df2d1b7611	PE32+	2018-11-14 16:22:29	User Submission	YRP/possible_includes_base64_packed_functions YRP/IsPE64 YRP/IsDLL YRP/IsConsole [+] YRP/HasDebugData YRP/ImportTableIsBad YRP/HasModified_DOS_Message YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/android_meterpreter YRP/Big_Numbers1
1c1875f5de5e1c4943163ef91c88c77b	PE32	2018-11-14 17:15:40	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Misc_Suspicious_Strings
2e7ed53a5aedfe45425d2944ff8c68df	PE32	2018-11-14 17:59:12	User Submission	YRP/ASProtect_v132 YRP/FSG_v110_Eng_dulekxt_Microsoft_Visual_C_Basic_NET YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsPacked YRP/ImportTableIsBad YRP/FASM YRP/maldoc_getEIP_method_1 YRP/domain FlorianRoth/DragonFly_APT_Sep17_3
01ebdf978226f4c9fdea6bb87d809bb3	PE32	2018-11-14 18:00:43	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/IsPacked [+] YRP/HasOverlay YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
7be48e625885732e0a7b242602f9a27b	PE32	2018-11-14 18:56:43	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/CRC32_poly_Constant
ca343f58f2c0164c7574b0a5acb754a4	PE32+	2018-11-14 19:15:13	User Submission	YRP/IsPE64 YRP/IsWindowsGUI YRP/IsPacked YRP/ImportTableIsBad [+] YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/DebuggerCheck__QueryInfo YRP/anti_dbg YRP/win_hook
d16170f6a50c9de851b5458344b4d92e	PE32+	2018-11-14 20:19:29	User Submission	YRP/IsPE64 YRP/IsWindowsGUI YRP/IsPacked YRP/HasDebugData [+] YRP/ImportTableIsBad YRP/domain YRP/IP YRP/contentis_base64 YRP/suspicious_packer_section
8e968b1ed5b832767bf798dafa0d779c	PE32	2018-11-14 21:32:34	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/CRC32b_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants
6aca9a6caee030fb4f5f735e5bca82e4	PE32	2018-11-15 00:04:36	User Submission	YRP/Microsoft_Visual_Basic_v50 YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/ImportTableIsBad YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64
81a5d84c621622276f18774585d6ac12	PE32+	2018-11-15 00:43:53	User Submission	YRP/possible_includes_base64_packed_functions YRP/NETexecutableMicrosoft YRP/IsPE64 YRP/IsWindowsGUI [+] YRP/ImportTableIsBad YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/spreading_file YRP/Big_Numbers1 YRP/CRC32_poly_Constant YRP/CRC32_table
859676b20b16221e96496505f93d75b5	PE32	2018-11-15 01:20:23	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/suspicious_packer_section
3c46a3df7aa30384b5b880c294a0cc62	PE32	2018-11-15 01:39:09	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/IsBeyondImageSize [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64
e98f9eddc950a3f77eafa786ee7de00a	PE32	2018-11-15 03:17:18	User Submission	YRP/Safeguard_103_Simonzh YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/ImportTableIsBad YRP/FASM YRP/domain YRP/contentis_base64 FlorianRoth/DragonFly_APT_Sep17_3
12753af4bb0bfda42707ea8dde949f77	PE32	2018-11-15 17:41:15	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
05cb7b51e4c9cbff176897d014f8d63d	PE32	2018-11-15 18:02:24	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
d4ab182bc9fedbab3f0b256a672b1165	PE32	2018-11-16 08:51:16	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
258e977e7e028b466976accd3a56743c	PE32	2018-11-16 12:42:04	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI [+] YRP/IsPacked YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
5b05fc37af1b62932d173a53555e4b55	PE32	2018-11-16 21:51:21	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature [+] YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
a20f418c065d1d5d1ccb9f7a15a77cf6	PE32	2018-11-18 18:21:20	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI [+] YRP/IsPacked YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
db5895dd5461b2c9fc4dca9992c3dd60	PE32	2018-11-19 17:31:19	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
ba9676bcf840195dd1fa11da70c95924	PE32	2018-11-20 07:31:30	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
88fcf2d2cfcb4b0e316d655f1fd67437	PE32	2018-11-20 13:01:19	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
9c619fbb03e3349ba160144a400ca7a2	PE32	2018-11-20 13:01:21	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
d384131b74ced1c8a037e02cf1f17314	PE32	2018-11-20 13:01:23	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
2b336cdae4d828dcd14573239d5b454e	PE32	2018-11-20 13:01:24	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
362368fa448663293b1ac8a95d0e1986	PE32	2018-11-20 15:11:22	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
c7f9ee1ff25da367d36dff8be6395830	PE32	2018-11-20 15:11:23	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
eac39d6791154321655b64a0bbfa3830	PE32	2018-11-20 15:11:25	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
dc6cf8f6b401056f4997724c06e56cd3	PE32	2018-11-20 15:21:24	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
137e7028044e79faff4c82e2670f5949	PE32	2018-11-20 23:51:21	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
4b91a5b9264208e98e114b78387c8145	PE32	2018-11-20 23:51:23	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
151d33ae3ec53dd78aa0c5b3ac6cca0b	PE32	2018-11-20 23:51:25	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
fa20d22e24ebdc8553f22c0f92279356	PE32	2018-11-20 23:51:26	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
52e1983f498804526656f3bc91c293b2	PE32	2018-11-21 06:21:25	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
a1371d3e67a38f4eaaa0985e5b0e79cc	PE32	2018-11-21 15:01:41	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
30642f156cdb2195dcd84eb50a4dcd32	PE32	2018-11-22 04:21:21	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/CRC32_poly_Constant YRP/BASE64_table
ef39c20fdd9040352ce0a32f60bec0f4	PE32	2018-11-23 14:01:21	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
071aff4f0060166693daa3f1e0d83853	PE32	2018-11-23 14:01:24	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
db346ca55375d91c04c0dbd378223fc2	PE32	2018-11-23 14:01:26	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
515ad13e4e1002d5cc804124bcf9dba1	PE32	2018-11-23 14:01:28	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
67a6de7b3d7b3501635987fdc4ba7f15	PE32	2018-11-23 14:01:30	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
f8a526e213daa53d43361bddff1781ab	PE32	2018-11-23 14:01:32	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
27cbcedf9b65a04c4165fc22377e4e08	PE32	2018-11-23 14:01:34	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
a81a4a0b810888f11422d45e6e94a3fc	PE32	2018-11-23 14:01:36	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
f42ebcffc46e2dc0508c769d3e98866f	PE32	2018-11-30 21:51:30	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
b4e04b888e5fa8f578e9bf89158572f1	PE32	2018-11-30 21:51:32	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
84b089ce8e2abac06cdd0f4e7a6f41af	PE32	2018-11-30 21:51:34	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
837b6e27fbf4cd8377f528f866aa51cb	PE32	2018-11-30 21:51:36	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
b9e59dbd2a9cf8ce36a580dfe0fe1fbd	PE32	2018-11-30 22:01:31	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
e25d713b6224614c526fcf2150897670	PE32	2018-11-30 22:01:34	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
9f3ceb1d6f23d71ff984fd745b3d896d	PE32	2018-11-30 22:01:36	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
aa7225d4073219949f1737250db3688f	PE32	2018-11-30 22:11:31	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
62e17f86ad876425204d826f0a04bf4d	PE32	2018-12-02 05:21:38	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
33a84368b69d00c3ce21a80546bd7e3c	PE32	2018-12-02 05:21:39	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
a2a999b9b42b7a10af6b4b9ce7396fba	PE32	2018-12-02 05:21:42	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
1a6150131e606f125e7c49a55c9ad1d1	PE32	2018-12-02 05:21:44	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
54d18b5ccc8a5b92bf179b44cdd66b2f	PE32	2018-12-02 11:39:18	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Big_Numbers1
9cb799ff3875293d2bb14a89f88a2b85	PE32	2018-12-03 06:41:30	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
57a13d6dcdd7c3cd8196fe8203cdb571	PE32	2018-12-03 06:41:32	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
21dd384bf43a2f081fa7f9525062aef7	PE32	2018-12-03 06:41:34	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
e6965e2427448540002687b801e2ffff	PE32	2018-12-03 06:41:35	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
f93fb43dcce8d4c8b5b651abd62d4b62	PE32	2018-12-03 07:01:54	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
c02fc55cca033c7ccdb6c5064f519866	PE32	2018-12-03 15:21:39	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 FlorianRoth/DragonFly_APT_Sep17_3
727f1eb90cd8f092a51c06450110878d	PE32	2018-12-04 07:32:09	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI [+] YRP/IsPacked YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
28573e5103844f003924334c196231bc	PE32	2018-12-04 07:52:02	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI [+] YRP/IsPacked YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
0120a8f9e0fee8c068664bf13075ea15	PE32	2018-12-04 15:32:32	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI [+] YRP/IsPacked YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
098023d82c62e6d07586d7e8e5f11667	PE32	2018-12-04 18:02:06	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
62bf16b9ad4f763615d05e564069160b	PE32	2018-12-04 18:11:56	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
682b6e771f76d2a8b7ffa0bcf6221158	PE32	2018-12-04 18:11:58	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
e882bb719410cdeeeb2f30a5c1c73a3a	PE32	2018-12-04 18:32:12	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
d1137f25c31d881327389581eea5cac2	PE32	2018-12-04 18:45:11	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
2a82a14f5199b8989e12cc10bfb276b6	PE32	2018-12-04 18:45:13	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
66fb04817f385e56c68ed80b18c061c8	PE32	2018-12-04 18:45:14	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
a6db2e90610d67a49bb3af4abcd1d6f6	PE32	2018-12-04 21:21:54	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
6171f4fb1066d7b6d77403e4ee15d58c	PE32	2018-12-04 21:21:55	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
49da74cc816485ccd2442d4f34dd15f1	PE32	2018-12-04 21:21:57	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
bdac3f22feb3e60fb1ebb8e3ea6389e6	PE32	2018-12-04 21:21:58	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
4d03379b55486170630a04c8bd95290a	PE32	2018-12-04 23:41:53	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
6c2e008109baf653f90b978a5bc1abae	PE32	2018-12-04 23:41:55	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
9f2f13a298c0cb3612f40cfb28d2d317	PE32	2018-12-04 23:41:57	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
d5a0d3c64d7346dade08de72a258bede	PE32	2018-12-04 23:41:58	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
89c116fcfcf34fbc0ede382132bf078c	PE32	2018-12-04 23:42:00	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
889b5e42405f106c559965bb2a60c9e9	PE32	2018-12-04 23:42:02	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
1b8da6db41d78318a859579de4d8764b	PE32	2018-12-04 23:42:06	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
851fa8439878c2bf960e157bdd0282f0	PE32	2018-12-06 06:52:01	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
5001ef2b836d4de7f281997260c1d5bd	PE32+	2018-12-06 10:02:08	User Submission	YRP/IsPE64 YRP/IsDLL YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/contentis_base64 FlorianRoth/DragonFly_APT_Sep17_3
d944d35a955e6aa6a821479ca18e212d	PE32	2018-12-06 16:21:54	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
22c91a04a4fe1fcf51e83b80403c0976	PE32	2018-12-06 16:32:14	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
501510d52521aed8ebef83677afa2d55	PE32	2018-12-06 16:32:16	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
6c63158eacdfe80029e0fd00c14118b6	PE32	2018-12-06 16:32:21	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
a306d4dfd26d2cb9a87d89730e67bc42	PE32	2018-12-06 18:02:17	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers2 YRP/Big_Numbers3
0dae5b7f4b762c4329211274d8407562	PE32	2018-12-06 18:51:54	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
7bb41f60df5b9676f8febdaf6ddec035	PE32	2018-12-06 18:51:56	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
adfdef3f4edbdef58aefa826c6fd0e84	PE32	2018-12-06 18:51:58	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
81fb541ecbb48d54904022de76dcd4bd	PE32	2018-12-06 18:51:59	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
6b91e44539ac83675a6df748897661b9	PE32	2018-12-07 14:31:57	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
48ec70714cbf76b4450588093227a4e0	PE32	2018-12-08 08:52:19	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
8545572fd0d16eb308d9ea32dfbd4681	PE32	2018-12-09 20:32:11	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/CRC32_poly_Constant YRP/BASE64_table
36448c15ef5119fcbb289fa7d359a435	PE32	2018-12-09 21:22:13	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/CRC32_poly_Constant YRP/BASE64_table
f326c6ec35713d99ed58a6615ed201c4	PE32	2018-12-11 01:48:46	http://uninstall-tools.ru/tolleu.exe	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Dropper_Strings YRP/suspicious_packer_section
443eed18747a270d4584bc7896544580	PE32	2018-12-11 06:02:14	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
4393ef119adf047702c69ae888c1e868	PE32	2018-12-11 07:52:13	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
dfbc68a876605b87a126ce64d3754738	PE32	2018-12-11 23:22:09	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
749f0fc644e9da5db95558c6a0857ea8	PE32	2018-12-12 22:52:07	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
1e9cd6e27c39ef0050e333aab2f3235c	PE32	2018-12-12 22:52:09	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
b045c92e94d4b4ca329a344ea97b9308	PE32	2018-12-13 14:05:31	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDigitalSignature YRP/HasDebugData YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/Big_Numbers1
d5146f165722f7a94521a42f67cc839e	PE32	2018-12-13 18:22:07	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
c5f542f041fdee77b35d110f8d082a67	PE32	2018-12-13 18:22:24	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
f27be90aee04999fbb6faef4c0afc5a0	PE32	2018-12-13 18:22:26	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
416f61efba840461edb1762fa4bf893c	PE32	2018-12-13 18:22:28	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
52af28ce21da57c7dffeb830ffdce191	PE32	2018-12-13 19:12:00	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
722d5d6e4565efd250c2efb268d601b7	PE32	2018-12-13 19:22:24	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
b1438158dd7478afef7e793db5196a5c	PE32	2018-12-13 19:22:26	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
d1075493fc73917fb7f25b4de953fcd9	PE32	2018-12-13 19:22:28	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
814a5345117ec705138acb77b72f75e2	PE32	2018-12-14 17:22:37	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
5729cee8a38140bc09bc08e037154a78	PE32	2018-12-14 17:42:22	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
62c0e91d752fc1aaa8614965b5eb7206	PE32	2018-12-14 21:52:01	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
b703057aec09516247ce00dc1b490dbf	PE32	2018-12-14 22:22:02	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
2d93ff5d9ed0dfa79cf9d36f30910a51	PE32	2018-12-16 01:56:24	http://uninstalltoolz.ru/tolleu.exe	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Dropper_Strings
9cbaccaad88ddf5dbfa31e3eb6db0bb3	PE32	2018-12-17 02:09:46	http://uninstalltoolz.ru/tolleu.exe	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Dropper_Strings
94492d78a79f5496441928fc081936d7	PE32	2018-12-17 13:52:04	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
c4bcbf70c501ee803305d0a3899d5c69	PE32	2018-12-17 18:42:05	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
05f146aa7433b60cc0029b2d01e54552	PE32	2018-12-17 22:42:05	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
5e7e55af7dbbd13833b7f5a754e55aef	PE32	2018-12-17 22:42:06	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
349b39d7d2794f8e501d4d8d2ed1c5db	PE32	2018-12-17 22:42:08	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
bc7f652bb981f8e7afc15fe853f12cf7	PE32	2018-12-17 22:42:09	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
874cbf700ca0b2e68d0067e23cf76cb5	PE32	2018-12-17 22:42:11	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
87d07c7a73be872cc21343c25f35f057	PE32	2018-12-17 22:42:13	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
738888dc5167cf00fa86a6c0f6030544	PE32	2018-12-17 23:43:17	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
c685eee450313a984e2e1fd453091f72	PE32	2018-12-18 00:22:05	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI [+] YRP/IsPacked YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
82b381a9abd9385faf81678678e25b5d	PE32	2018-12-18 00:32:16	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI [+] YRP/IsPacked YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
49262cb3142cde800a73525f6b8329f1	PE32	2018-12-18 00:32:19	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI [+] YRP/IsPacked YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
f2071e4ce99b1562ae532fff16bee3db	PE32	2018-12-18 00:42:08	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI [+] YRP/IsPacked YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
df9249c6a79712359b2c6f43029ea870	PE32	2018-12-19 23:52:05	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
0cd132c6599333b690ff98b0c083132f	PE32	2018-12-19 23:52:07	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
85118ab7ee14ab12b26781568c1f2eda	PE32	2018-12-19 23:52:09	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
8ae49c5cbe04e858ef985ee24a8d61a1	PE32	2018-12-19 23:52:11	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
0609722ee7904a9e86d73bc9e0e1481d	PE32	2018-12-20 16:44:13	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
93f1f5721da6c0ef19a17d9ae4a18114	PE32	2018-12-20 18:42:06	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
544a62237c75b82e03b77b77975b8d53	PE32	2018-12-20 18:42:08	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
e25fbfff955087e2591bb930bcdecb58	PE32	2018-12-20 18:42:11	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
8063b5a2abf35a2db7e6407d02338061	PE32	2018-12-22 01:45:07	http://tollzwork.ru/tolleu.exe	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Dropper_Strings
a36acb42d4bd329aaf8bf2edc0d70d06	PE32	2018-12-24 11:42:23	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI [+] YRP/IsPacked YRP/HasOverlay YRP/ImportTableIsBad YRP/HasRichSignature YRP/without_images YRP/without_attachments YRP/with_urls YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/DebuggerException__SetConsoleCtrl YRP/anti_dbg YRP/network_udp_sock YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_tcp_socket YRP/network_dns YRP/win_mutex YRP/win_files_operation YRP/android_meterpreter YRP/Big_Numbers2 YRP/BLOWFISH_Constants YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/WHIRLPOOL_Constants YRP/DES_Long YRP/RijnDael_AES YRP/BASE64_table YRP/Str_Win32_Winsock2_Library
3ab2504a7114efbedf40ce6d9937bff4	PE32	2018-12-25 00:42:14	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI [+] YRP/IsPacked YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
40e647be1a518d447b4af1dab9d5f8a0	PE32	2018-12-25 02:42:11	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI [+] YRP/IsPacked YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
595e3b35d8b2e0ccb94f965fe77b3e9b	PE32	2018-12-26 02:32:23	http://statsrichwork.com/tolleu.exe	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Dropper_Strings
74e51a0555af5d3dabd5c1be444dd301	PE32	2018-12-30 07:32:42	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
3a39f209c214a3075634f7e01e74e55c	PE32	2019-01-03 15:12:31	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
0f7ddfd631f3188831e933c9364da83d	PE32	2019-01-03 15:12:33	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
a09514ddcca7694ab95cee2cd91ffcc4	PE32	2019-01-03 15:22:50	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
9effc9f80971528bbebf669b15c29d14	PE32	2019-01-03 15:23:24	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
bd0eca8c69f2a5bfb7723f635216646e	PE32	2019-01-07 14:02:34	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasModified_DOS_Message [+] YRP/IsGoLink YRP/powershell YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/ThreadControl__Context YRP/anti_dbg YRP/inject_thread YRP/create_service YRP/network_http YRP/network_dns YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Prime_Constants_long YRP/RijnDael_AES YRP/BASE64_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API FlorianRoth/PowerShell_Susp_Parameter_Combo FlorianRoth/WiltedTulip_ReflectiveLoader FlorianRoth/ReflectiveLoader FlorianRoth/Beacon_K5om
1aacb178dea0d3f4b54685c0928630b7	PE32	2019-01-07 18:12:33	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Antivirus YRP/Big_Numbers1
bfa5b6d23be9d79eeb7518e6c9e4326e	PE32	2019-01-07 18:12:34	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
cdd63fa98e0d37de7baa1c66ae07ff4e	PE32	2019-01-08 00:43:38	http://statsrichwork.com/tolleu.exe	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Dropper_Strings YRP/suspicious_packer_section
18db7442d59e1281888eec3aaba8c71f	PE32	2019-01-08 15:52:35	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/CRC32_poly_Constant YRP/BASE64_table
765da31f20fe265bfaad52a8b7783428	PE32	2019-01-12 02:01:40	http://supportwip.com/tilapia/sureboy.exe	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/CRC32b_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants
1b70a751a4dc4d451295c0e25355ed96	PE32	2019-01-12 02:01:46	http://supportwip.com/gasmoney/gasby.exe	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/CRC32b_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants
18277a6d0fda682f0d0f3bef3f48d555	PE32	2019-01-12 14:04:18	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
b931ee48aaaa01901a87dd1ae47f73b6	PE32	2019-01-12 14:52:43	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
aec64f94f2157c312bc30f761eb63b35	PE32	2019-01-12 14:53:06	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
42ae6a89a87515afe3a47ca282a8ef53	PE32	2019-01-14 13:02:56	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasModified_DOS_Message [+] YRP/IsGoLink YRP/powershell YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/ThreadControl__Context YRP/anti_dbg YRP/inject_thread YRP/create_service YRP/network_http YRP/network_dns YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Prime_Constants_long YRP/RijnDael_AES YRP/BASE64_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API FlorianRoth/PowerShell_Susp_Parameter_Combo FlorianRoth/WiltedTulip_ReflectiveLoader FlorianRoth/ReflectiveLoader FlorianRoth/Beacon_K5om
06335104a9dfd500183c42fc7c5c0ca5	PE32	2019-01-16 00:52:52	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
7d78075c228045b4c53048c88b30efa5	PE32	2019-01-16 00:52:59	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
53135c47434c84c9c33fa01f30beffbd	PE32	2019-01-16 00:53:06	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
92109f7148fd81662115c2d81ecea5ed	PE32	2019-01-16 00:53:13	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
2aa69245021ed02efe246a4ffdaa3da7	PE32	2019-01-16 14:06:02	http://supportwip.com/fajaymoney/fajey.exe	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/CRC32b_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants
c3faa8c30144d78c0ed3d106208fe324	PE32	2019-01-17 01:53:27	http://cheats4gaming.com/bin.exe	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/CRC32b_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants
886a3a727b7742474f2a82aebc643d8f	PE32	2019-01-18 18:12:46	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI [+] YRP/IsPacked YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
2463a85d160fa842ae5e1187e0e5c3ff	PE32	2019-01-18 18:12:57	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI [+] YRP/IsPacked YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
e41a7ad82082fe1b01ce9ee9d68c5e4d	PE32	2019-01-18 18:22:45	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI [+] YRP/IsPacked YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
5d4d868911c5caa1445c1285e1ea0537	PE32	2019-01-18 18:22:51	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI [+] YRP/IsPacked YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
a28fa1f0992defc5cb7ed74c8d1c3885	PE32	2019-01-25 11:12:49	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
89991e9b746835d2a44f3f5880c40805	PE32	2019-01-26 07:03:34	User Submission	CuckooSandbox/vmdetect YRP/possible_includes_base64_packed_functions YRP/IsPE32 YRP/HasOverlay [+] YRP/ImportTableIsBad YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/Browsers YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Misc_Suspicious_Strings YRP/DebuggerException__SetConsoleCtrl YRP/vmdetect YRP/anti_dbg YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/CRC32b_poly_Constant YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/DES_Long YRP/RijnDael_AES YRP/BASE64_table YRP/spyeye_plugins YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
687cceb254cd60de01ca543a8e1e20c0	PE32	2019-01-29 01:53:14	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/IsBeyondImageSize [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/android_meterpreter
716751f75493f3e3128a7cf88a9b4229	PE32	2019-01-30 22:13:02	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
c483c73f073f3762f53a93272274c617	PE32	2019-02-04 15:43:29	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
5a1f6b19b41f665ba02c372f726ee4fb	PE32	2019-02-04 15:43:46	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
5c12bdf30b171ff45ad67f501cd834d3	PE32	2019-02-05 17:23:00	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
e9ba3efd7aa86c00b3fb098f8e3c0095	PE32	2019-02-06 02:03:01	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI [+] YRP/IsPacked YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
5e9e1b4354594e0e787c7a03afa0e677	PE32	2019-02-06 02:13:02	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI [+] YRP/IsPacked YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
8c73a614782234bbf958fec86e09b1f5	PE32	2019-02-07 04:13:37	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
c50cef1a5874f690a4b1cca3915a1958	PE32	2019-02-09 14:03:47	http://chrnywalibari.com/Askia/bin.exe	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/CRC32b_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants
982b9b63fc27fd3f197c362e40bda298	PE32	2019-02-11 12:51:05	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/CRC32b_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants
373504db69b3cdf59e4919016dcefe17	PE32	2019-02-15 14:15:47	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
eb89d4f9254454c731895f8f09b25f0f	PE32	2019-02-17 07:23:40	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
4eb8eb9cd6d7daa4dae3d25a2d959c6d	PE32	2019-02-18 10:23:44	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
7801b1aea133d74b4587da1bbc049c65	PE32	2019-02-18 11:23:43	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/IMPLANT_4_v5 FlorianRoth/IMPLANT_4_v5
0ed63ae269111e8e5ca619f32e21687d	PE32	2019-02-19 12:03:47	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/CRC32_poly_Constant YRP/BASE64_table
42e1be7d8762dd3eb550604448914fc5	PE32	2019-02-21 00:03:50	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
3e53233417ffa840d56944ce7319e9b0	PE32	2019-02-26 04:23:57	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
774151f8ce4d35d3192716a1d0e8c646	PE32+	2019-02-27 17:36:04	User Submission	YRP/NETexecutableMicrosoft YRP/IsPE64 YRP/IsWindowsGUI YRP/ImportTableIsBad [+] YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Obfuscated_Strings
85cc3576b580dca9df6438b2e085c0d5	PE32	2019-02-27 17:42:45	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasModified_DOS_Message [+] YRP/IsGoLink YRP/powershell YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/ThreadControl__Context YRP/anti_dbg YRP/inject_thread YRP/create_service YRP/network_http YRP/network_dns YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Prime_Constants_long YRP/RijnDael_AES YRP/BASE64_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API FlorianRoth/PowerShell_Susp_Parameter_Combo FlorianRoth/WiltedTulip_ReflectiveLoader FlorianRoth/ReflectiveLoader FlorianRoth/Beacon_K5om
2f7d0fc30df32efb7f69b144a7717f9c	PE32	2019-02-27 17:43:54	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/powershell [+] YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/escalate_priv YRP/win_registry YRP/Prime_Constants_long YRP/RijnDael_AES YRP/BASE64_table YRP/VC8_Random FlorianRoth/PowerShell_Susp_Parameter_Combo FlorianRoth/WiltedTulip_ReflectiveLoader FlorianRoth/ReflectiveLoader FlorianRoth/Beacon_K5om
3556ac70f38f4f36d5db62bdac6ed73d	PE32	2019-03-06 22:34:11	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/CRC32b_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants
716fb93801ead32c03f18f19f268895e	PE32	2019-03-12 05:44:06	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI [+] YRP/IsPacked YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
e453e629c1a48b53c693e32b02fe4a46	PE32	2019-03-12 14:44:06	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain
3c0f7c4b313348564fa4735c00f46936	PE32	2019-03-12 15:54:13	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/ImportTableIsBad YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 FlorianRoth/DragonFly_APT_Sep17_3
ff62105e788f41812057f44955783e1e	PE32	2019-03-14 18:38:08	User Submission	CuckooSandbox/vmdetect YRP/IsPE32 YRP/IsWindowsGUI YRP/IsBeyondImageSize [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/Check_Dlls YRP/Check_VBox_Description YRP/Check_Wine YRP/vmdetect YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/network_ssl YRP/escalate_priv YRP/vmdetect_misc YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library
7914e31b1cb62156b7bbb62f969b05be	PE32	2019-03-17 15:44:09	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
261c5013db30f4ebc219baece695832e	PE32	2019-03-19 05:14:08	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
dfd8f1eb0d3ba77bda719fda7e6d3cfc	PE32	2019-03-19 06:14:08	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
eed9325c65211f4fc5094c69c68610a1	PE32	2019-03-19 06:14:10	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
d6049902b54b923a9544e673abc190b3	PE32	2019-03-19 06:14:11	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
71a3b5da84e04a60e20aadeb065c0e90	PE32	2019-03-19 06:14:13	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
3fcbcbbd681b985ee64e93cb05d4913a	PE32	2019-03-19 09:34:09	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
13a27543367922529b44fe33d5453824	PE32	2019-03-19 10:04:08	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
5d7500eacceaf7997e6e7d58af0471e4	PE32	2019-03-19 10:54:07	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
d623bd93618b6bca25ab259de21e8e12	PE32	2019-03-19 21:35:34	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
e5e46587e83091e3e09e5ac868c027a4	PE32	2019-03-19 21:35:39	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
107a4e94fc2502371ae9987e1d0fe70a	PE32	2019-03-20 01:04:08	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature [+] YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
47f774db5874c1db26915cc80b4cb002	PE32	2019-03-20 01:04:11	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/contentis_base64
8bda115a3d9d6e441e5948a116997dc1	PE32	2019-03-20 01:04:14	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/contentis_base64
f63bb2cd71a3c6bb171f9854b122cfb4	PE32	2019-03-20 01:04:16	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature [+] YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
887022f8feaa78a9692a91204abeef5d	PE32	2019-03-20 01:04:18	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature [+] YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
7f6d3f4834be7ed7fb112f66ebfbc423	PE32	2019-03-20 01:04:20	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature [+] YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
4a4004eefc1cbcdd242dcff816def43b	PE32	2019-03-26 03:54:11	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
0d7338940b343741c86546172de44071	PE32	2019-03-26 04:04:11	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
30818993a6a751d035420753505b2716	PE32	2019-03-26 04:04:12	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
533b959444d078ae6be637527fdc1ace	PE32	2019-03-26 04:24:12	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
6ba32f1138f720d3372246e0263daa53	PE32	2019-03-26 04:24:15	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
7bb978a8721683df6550ad732c1c2b53	PE32	2019-03-26 04:34:11	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
37b26e5ccd8c5ba5df14a172cc8ab68a	PE32	2019-03-26 04:34:13	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
323470105e6920d2321abc3c704a35f6	PE32	2019-03-26 04:34:14	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
8e8ef0d0882406afb317b5e7972f83f1	PE32	2019-03-26 04:34:16	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
3f9ea33d2d837e994d2762ccce060cc7	PE32	2019-03-26 04:34:18	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
88cb4c34ea1a8074fc7b406046bfc900	PE32	2019-03-26 04:34:20	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
b8174e958432d5829ec3dc66802803fc	PE32	2019-03-26 05:04:11	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
e3f76699b1257fb4da87045232a15de0	PE32	2019-03-26 05:24:11	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
3c9727266a6be435c7fbe6535e82d6dd	PE32	2019-03-26 05:24:12	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
9ab4110cb470fa8a3a7c9dbdf7016497	PE32	2019-03-26 06:04:12	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
318425044ff34e261773c0655abd7d0e	PE32	2019-03-26 06:14:12	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
59f979289e2f9bf4d80ffe2a15e3697b	PE32	2019-03-26 06:44:43	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
359323a06c008c967e7fbaa2294c481b	PE32	2019-03-26 09:54:11	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
85815ece693d7ea5a30e6b0ed82885da	PE32	2019-03-26 09:54:13	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
78da88ba811771ee83ec8d75838ab7ef	PE32	2019-03-26 10:04:12	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
7e1bd4c805cf297f4c8a814e99f7a3d8	PE32	2019-04-01 09:44:14	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
238776ac6e0f0b91c23b8673d9c6d035	PE32	2019-04-01 09:44:16	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
faec30e6ff713646edf9224cc534bcaa	PE32	2019-04-02 15:54:15	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/GlassesCode YRP/Glasses
571975ebdc3fcf7315a3fc5373f197c3	PE32	2019-04-10 08:24:37	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/GlassesCode YRP/Glasses
4665323df81de103a3dcf6b4dbfbaca8	PE32	2019-04-11 12:44:41	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64
c9b00f0b3b47022a5e55a48bebbbcf44	PE32	2019-04-11 13:45:10	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/GlassesCode YRP/Glasses
293d3db5456cce04eee6da162b97bd6b	PE32	2019-04-11 20:34:37	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/GlassesCode YRP/Glasses
09144bc4dfaab0228b5c0cbfc14e8d39	PE32	2019-04-11 22:54:48	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/GlassesCode YRP/Glasses
1be370f764114e961a626c1f50bc7e7b	PE32	2019-04-12 17:04:45	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/GlassesCode YRP/Glasses
a9967db0f93d2279c0e1ce85194a1e0c	PE32	2019-04-13 07:34:34	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/GlassesCode YRP/Glasses
3bc5ca927175297f6534c563da60b20c	PE32	2019-04-15 11:44:21	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/GlassesCode YRP/Glasses
97f79c6145b26f7ba1e46f830435062e	PE32	2019-04-18 20:45:03	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/GlassesCode YRP/Glasses
befbe207047c602f1bd0ceefeffad104	PE32	2019-04-24 09:34:45	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/GlassesCode YRP/Glasses
b72dfd4a0ce3d6c34e3dab9067fd18ac	PE32	2019-04-24 16:24:54	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/GlassesCode YRP/Glasses
879cb785bd87acd84d7a8507b2e0d28e	PE32	2019-04-26 02:22:32	http://exploit.rocks/virus.exe	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/IsBeyondImageSize YRP/ImportTableIsBad YRP/HasModified_DOS_Message YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/DebuggerHiding__Thread
3160240897595f63962beeb03a3190a8	PE32	2019-04-26 21:05:04	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/GlassesCode YRP/Glasses
8beb73adaa52565534908846ad09ef02	PE32	2019-04-27 09:31:47	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDigitalSignature YRP/HasDebugData YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/Big_Numbers1
6ae5cfd29d516c62106d12f7d5081a06	PE32	2019-04-28 15:04:28	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/GlassesCode YRP/Glasses
6e8ec27f2cc64921a6835940d7508d14	PE32	2019-04-28 19:54:30	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/GlassesCode YRP/Glasses
123ee1a8480bc5bd793723991e129de2	PE32	2019-04-28 20:54:30	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/GlassesCode YRP/Glasses
f3fe02c63a6926dc0b9db669100c6695	PE32	2019-05-02 14:50:31	http://155.138.134.133/day4.bin	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize [+] YRP/ImportTableIsBad YRP/HasModified_DOS_Message YRP/domain YRP/contentis_base64
e5d956ff4128f68dae03a270e7f77eb8	PE32	2019-05-02 23:34:56	User Submission	YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/maldoc_OLE_file_magic_number YRP/Dropper_Strings YRP/disable_antivirus YRP/network_http YRP/network_tcp_socket YRP/win_registry YRP/win_files_operation YRP/android_meterpreter YRP/Big_Numbers1 YRP/MD5_Constants YRP/BASE64_table YRP/SharedStrings YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
be59ae8641d7a61a23a3004f7956ea33	PE32	2019-05-03 10:34:30	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/GlassesCode YRP/Glasses
6286ab1800d198c2cf845f0b89ade0fb	PE32	2019-05-03 17:34:33	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/GlassesCode YRP/Glasses
81367209f684cc47e0c041f027f9c86e	PE32	2019-05-03 20:06:52	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDigitalSignature YRP/HasDebugData YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64
81f2b36f7f20c59ee4cb637501fd0590	PE32	2019-05-04 02:44:42	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/ImportTableIsBad YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/GlassesCode YRP/Glasses
4e3bf2b21acc562ef5ab96381ad5408d	PE32	2019-05-04 08:27:42	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsConsole YRP/HasOverlay [+] YRP/HasDigitalSignature YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings
099ddcb4080f4b554a4265e678d08299	PE32	2019-05-04 08:27:47	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDigitalSignature YRP/HasDebugData YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64
9afe7648b7a1a23d0946fae7b01e23b4	PE32	2019-05-04 08:28:59	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDigitalSignature YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings
a79f1e0863998bb125699ea3e2c879b5	PE32	2019-05-04 08:28:59	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDigitalSignature YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings
c93ea2b5d8b1d0253b6b273566a858c4	PE32	2019-05-04 08:29:07	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDigitalSignature YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64
fee4a1e65eeee55d62dc4662dc3cff3f	PE32	2019-05-04 08:29:07	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDigitalSignature YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64
55b9154653a46286f54be3a6bfab9d2e	PE32	2019-05-04 08:29:07	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDigitalSignature YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings
4f20126543e42cf7b2c793731c3382c7	PE32	2019-05-04 08:29:07	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDigitalSignature YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64
b9f7a95f61462c69b99c3d6f39a569bd	PE32	2019-05-04 08:29:08	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDigitalSignature YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64
f59bcf4f3fb71017676232a4a45f89de	PE32	2019-05-04 08:29:08	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDigitalSignature YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64