MalShare

SHA256 Hash	File type	Added	Source	Yara Hits
48865fc5dece59f4ca08fac15ac6196f781df572dbad9316bf3fdfadda94f975	XML	2022-03-20 23:13:23	User Submission	YRP/domain YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings
b464a01bff82a6d404f4d92f59172311646439f49d87697236da9c51d34f99dd	XML	2022-03-20 23:13:22	User Submission	YRP/domain YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings
149352b086c1cf64a72550d78a6d1a383a1e5d9089a1b65574e63e4478d930ef	XML	2022-03-20 23:13:21	User Submission	YRP/domain YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings
997e54284e4dea3e9aa61600b89d5c0fea006d6a50bc2fdc3a2c1be8c84f24e2	XML	2022-03-20 23:13:21	User Submission	YRP/domain YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings
c138f28e8ec3603f84074d2906159071d8d3c17d03bc58f7b2d2a224b35a8f27	XML	2022-03-20 23:13:20	User Submission	YRP/domain YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings
a85b6f561a0fd94a230ba4b45758fafb1e77d515723d00c64b4a179cd63ae447	XML	2022-03-20 23:13:19	User Submission	YRP/domain YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings
bc5ed7402a0d7960acd6b873453ff4d3cdaa4b19dae1e11524665ab5acd8d7a6	XML	2022-03-20 23:13:18	User Submission	YRP/domain YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings
8426fd32ca58e7c77d51f9ee9f13dd84e7ef07ee1fe028b55fde07de922e905b	PE32	2022-03-20 23:00:12	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/anti_dbg YRP/disable_dep YRP/inject_thread YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/keylogger YRP/sniff_audio YRP/cred_ff YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Big_Numbers2 YRP/Big_Numbers3 YRP/Prime_Constants_long YRP/RijnDael_AES YRP/Str_Win32_Winsock2_Library YRP/GenerateTLSClientHelloPacket_Test
7c321e4c1f7dee37aab2fd65d50987b9502a3700348ef2ab08d79a952ff27ab7	PE32	2022-03-20 22:00:49	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/domain YRP/IP YRP/contentis_base64 YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/disable_dep YRP/keylogger YRP/Njrat
2619862c382d3e375f13f3859c6ab44db1a4bce905b4a617df2390fbf36902e7	PE32+	2022-03-20 21:40:34	User Submission	CuckooSandbox/embedded_macho YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsConsole [+] YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/System_Tools YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/Big_Numbers3 YRP/Prime_Constants_long YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/DES_sbox YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG
5f3ae6e0d2e118ed31e7c38b652f4e59f5d5745398596c8b31248eda059778af	PE32+	2022-03-20 20:00:14	User Submission	YRP/Microsoft_Visual_Cpp_V80_Debug YRP/Microsoft_Visual_Cpp_80_Debug_ YRP/Microsoft_Visual_Cpp_80_Debug YRP/IsPE64 [+] YRP/IsWindowsGUI YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/DebuggerException__SetConsoleCtrl YRP/anti_dbg YRP/win_registry YRP/win_files_operation YRP/Str_Win32_Winsock2_Library
435be1c6e904836ad65f97f3eac4cbe19ee7ba0da48178fc7f00206270469165	PE32	2022-03-20 19:00:33	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/win_files_operation YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API FlorianRoth/DragonFly_APT_Sep17_3
fe3d61acbcbd89998d1f92ff6417aa3254dd7ed493007e1c530efd5482ca1ec9	PE32+	2022-03-20 16:41:21	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/win_files_operation YRP/Str_Win32_Winsock2_Library
f934c685506a5fc30ba4c63a14f81c2c51863a264c498186234b2edf7d05e51d	PE32	2022-03-20 16:29:45	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/IsPE32 YRP/IsNET_EXE YRP/IsConsole YRP/HasDebugData YRP/domain YRP/IP YRP/contentis_base64 YRP/Misc_Suspicious_Strings FlorianRoth/DragonFly_APT_Sep17_3
f70c4044cff54d7bb32634d189f5ac234091f53a5acce9f17dcfefca4c22b397	PE32	2022-03-20 16:24:49	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsConsole YRP/domain YRP/IP YRP/contentis_base64 YRP/Misc_Suspicious_Strings FlorianRoth/DragonFly_APT_Sep17_3
f2006f4aa7b7872b0c909ff348a9962488f75de4fb5e9be991cf0f005d0eb6da	PE32	2022-03-20 16:15:17	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasModified_DOS_Message YRP/domain YRP/url YRP/contentis_base64 YRP/Antivirus YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/win_mutex
e840cc03f3a65cd2507fabcc876b5a4fb42d66bfe0ddb7f28280183bd4f75040	MS-DOS	2022-03-20 15:54:14	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/HasModified_DOS_Message YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/Shifu YRP/suspicious_packer_section
dfe380e5cd3c076dca473f0a8cfafb7519c5280bcfddcba5f34324dc8b727c14	PE32	2022-03-20 15:36:23	User Submission	YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsConsole [+] YRP/domain YRP/IP YRP/contentis_base64 YRP/Misc_Suspicious_Strings FlorianRoth/DragonFly_APT_Sep17_3
dc76bb29ef40c3244d41f11a96d4a263dd2d6260cfd0da16d380e3f1a400c5bf	PE32	2022-03-20 15:28:31	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/HasDebugData YRP/domain YRP/IP YRP/contentis_base64 YRP/Misc_Suspicious_Strings FlorianRoth/DragonFly_APT_Sep17_3
d58d49cfaf43b4ce0de5da27b3d6d43bfdb939daa861ec43d920380a3c6450df	PE32	2022-03-20 15:13:57	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/IsPacked YRP/HasDebugData YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings
d46c959ad4533ab052f2886a2f87b804968b82403df06b2cd86d8eb19c8054fd	PE32	2022-03-20 15:11:46	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/screenshot YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/SHA512_Constants YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table YRP/Str_Win32_Winsock2_Library
d013be1440f64e234c7631f2a3bb1b4d7c12bcb97d3804dc0e66753cde13ebc8	PE32	2022-03-20 15:02:15	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasRichSignature YRP/maldoc_indirect_function_call_3 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/win_registry YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/MS17_010_WanaCry_worm YRP/WannaDecryptor YRP/NHS_Strain_Wanna YRP/Wanna_Cry_Ransomware_Generic YRP/WannaCry_Ransomware YRP/WannaCry_Ransomware_Gen YRP/WannaCry_Ransomware_Dropper YRP/WannaCry_SMB_Exploit YRP/suspicious_packer_section FlorianRoth/WannaCry_Ransomware FlorianRoth/WannaCry_Ransomware_Gen
ccdf6799e7fceaa24cdaaf41ba79fdafaf04a2a8e64dd9bf40cf3ddce9345adf	PE32	2022-03-20 14:56:13	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETDLLMicrosoft YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/IsPacked YRP/domain YRP/IP YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/suspicious_packer_section
bf68363c329fc5329ad2824795d0788834e35f05c6e5589061515cdc8cb81038	PE32	2022-03-20 14:28:33	User Submission	YRP/Microsoft_Visual_C_Basic_NET YRP/NETDLLMicrosoft YRP/IsPE32 YRP/IsNET_DLL [+] YRP/IsDLL YRP/IsConsole YRP/HasDebugData YRP/domain YRP/IP YRP/contentis_base64 YRP/Misc_Suspicious_Strings FlorianRoth/DragonFly_APT_Sep17_3
bc2dea607c192b1745f12161ad1d50bd42031c01188cf9008cd3743504c56308	PE32	2022-03-20 14:21:43	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/IsPE32 YRP/IsNET_EXE YRP/IsConsole YRP/HasDebugData YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__RemoteAPI YRP/anti_dbg FlorianRoth/DragonFly_APT_Sep17_3
bb44a88339e83bc2ecbd06edef1acf6c54e66c4c4922005a67c27f970f717075	PE32	2022-03-20 14:19:29	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/network_smtp_dotNet YRP/win_hook YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/CRC32b_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/CAP_HookExKeylogger
b6c99a5ba52fe2ef5b838d580f41a5e4f4c81389dd07bc716593483af33816b9	PE32	2022-03-20 14:10:00	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_v40_v50 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/Antivirus YRP/VMWare_Detection YRP/VirtualPC_Detection YRP/Misc_Suspicious_Strings YRP/vmdetect YRP/anti_dbg YRP/antivm_vmware YRP/win_mutex YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/DES_sbox
73ef023bc4cecb9c238cf3cd6e57417dc8ae8f690f3ee50f0e82f250bf32bf19	Composite	2022-03-20 14:06:59	User Submission	YRP/domain YRP/contentis_base64 YRP/maldoc_OLE_file_magic_number YRP/Misc_Suspicious_Strings
b48c6ee90905955194c2864cd4ff8618c7df2a301df6740ce9f9065f5cb04fa9	PE32	2022-03-20 14:04:42	User Submission	YRP/Microsoft_Visual_Basic_v50v60 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 YRP/Microsoft_Visual_Basic_v50_additional [+] YRP/Microsoft_Visual_Basic_v50v60_additional YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/SEH__vba YRP/win_registry
b32bc6d8b506b75ee68f7184a0a84eb6afc24b4514d9073b55c67d7b95354553	PE32	2022-03-20 14:01:01	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/network_smtp_dotNet YRP/win_hook YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/CRC32b_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/CAP_HookExKeylogger
b2bf5cc24050b609b045aaa7645d9e336147eee99360ec3865cafba0ed671737	PE32	2022-03-20 13:59:57	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsConsole YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings FlorianRoth/DragonFly_APT_Sep17_3
afaf1bc1ded2ed173f409c8d691769feb25d61fded0a727449c6db05525aee60	Composite	2022-03-20 13:53:09	User Submission	YRP/domain YRP/contentis_base64 YRP/maldoc_OLE_file_magic_number YRP/Misc_Suspicious_Strings
ab47f2c37d0612239214050393cff3f26715448550ead7c3180fe2c842df19e4	PE32	2022-03-20 13:43:07	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/disable_antivirus YRP/network_dropper YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/Advapi_Hash_API YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API FlorianRoth/DragonFly_APT_Sep17_3
a6196179c44372989a82cd3bc60a87262a4bb6a583f6aa38789b4ecafbe5c7b8	PE32	2022-03-20 13:30:34	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/BITS_CLSID YRP/DebuggerCheck__QueryInfo YRP/anti_dbg YRP/create_service YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/MD5_API YRP/VC8_Random YRP/Str_Win32_Winsock2_Library
a1c644a64801c61e1649517c3debc28b194b4f9d43e1a99bc28724f652c3ca5e	PE32	2022-03-20 13:20:19	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_dep YRP/inject_thread YRP/network_dropper YRP/escalate_priv YRP/keylogger YRP/sniff_audio YRP/cred_ff YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API
98bf522cda546fe43ae451c9c52140fa173473684ea5287cf2717e26eb66e83b	PE32	2022-03-20 12:58:11	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/HasOverlay YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/network_dns FlorianRoth/DragonFly_APT_Sep17_3
8348b0756633b675ff22ed3b840497f2393e8d9587f8933ac2469d689c16368a	PE32	2022-03-20 12:55:55	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Armadillo_v4x YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData YRP/HasRichSignature YRP/powershell YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Browsers YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/inject_thread YRP/network_dropper YRP/network_dns YRP/escalate_priv YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/Str_Win32_Winsock2_Library YRP/Codoso_Gh0st_2 YRP/Codoso_Gh0st_1 YRP/fin7_functions FlorianRoth/Codoso_Gh0st_2 FlorianRoth/Codoso_Gh0st_1
96964a0b7f34b32246b30de756b6f2d659cfafde7c939a6dbf56dbb038aefa48	PE32	2022-03-20 12:54:00	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsConsole YRP/domain YRP/IP YRP/contentis_base64 YRP/Misc_Suspicious_Strings FlorianRoth/DragonFly_APT_Sep17_3
960dbf956a036abf2a4d0fbc6f0f75eb9eb6394d4f249c7d5dd58199f3d8a2c0	PE32	2022-03-20 12:52:47	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/IsPE32 YRP/IsNET_EXE YRP/IsConsole YRP/HasDebugData YRP/domain YRP/IP YRP/contentis_base64 YRP/Misc_Suspicious_Strings FlorianRoth/DragonFly_APT_Sep17_3
92ff4894e56b666235c1433b0cc2e7256b8331317a4cecf3e27bf58e081d0cdd	MS	2022-03-20 12:45:26	User Submission	YRP/domain YRP/url YRP/Misc_Suspicious_Strings
9280479d6e030e96b14aa0c2aa5e856f475e657d11d2d1596c082ff157d916c9	Composite	2022-03-20 12:44:33	User Submission	YRP/domain YRP/contentis_base64 YRP/maldoc_OLE_file_magic_number YRP/Misc_Suspicious_Strings
8e929337cda31bcbacba82cc34389646bde95f5738842c90a46d6c06fab26dfb	PE32	2022-03-20 12:37:02	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsConsole YRP/domain YRP/IP YRP/contentis_base64 YRP/Misc_Suspicious_Strings FlorianRoth/DragonFly_APT_Sep17_3
83a21a86c71e9d4f27c6f5877bc7390dc286212164d22adc2f5432729b5e2535	PE32	2022-03-20 12:16:42	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsConsole YRP/HasDebugData YRP/domain YRP/IP YRP/contentis_base64 YRP/Misc_Suspicious_Strings FlorianRoth/DragonFly_APT_Sep17_3
8109e1b1ea98b06d4e7eb7753b6a17ed3670c959859e543fbeace72f96bbc1fd	PE32	2022-03-20 12:12:04	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/HasDebugData YRP/domain YRP/IP YRP/contentis_base64 YRP/Misc_Suspicious_Strings FlorianRoth/DragonFly_APT_Sep17_3
7dd7eec0cd54380999e726084d59c93a21119539d5c56046e347bbce63c88c5e	PE32+	2022-03-20 12:05:01	User Submission	YRP/IsPE64 YRP/IsConsole YRP/ImportTableIsBad YRP/domain [+] YRP/IP YRP/contentis_base64 YRP/Misc_Suspicious_Strings FlorianRoth/DragonFly_APT_Sep17_3
ae1872aa7302e6c9ee934581245b5ac741c789a49623294b017e204826f8a3ce	HTML	2022-03-20 12:03:23	http://blog.torproject.org/how-use-meek-plugg...	YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+] YRP/Misc_Suspicious_Strings
844a97d8a57a581923fc520bbe83c27519f81dbe1a3a32ed6a90e7519852509a	HTML	2022-03-20 12:03:17	https://tria.ge/220319-cltt6sadfq	CuckooSandbox/embedded_win_api YRP/domain YRP/IP YRP/url [+] YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/Big_Numbers4
93f0d08b71ee7e46d00f76300de83a057b22103be7b981eb80e6631eea85b709	PE32	2022-03-20 12:00:19	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/domain YRP/contentis_base64 YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/disable_dep YRP/keylogger YRP/Big_Numbers1 YRP/Njrat YRP/njrat1 FlorianRoth/DragonFly_APT_Sep17_3 BAMFDetect/njrat
8618dd97cc92d62cd540ee486e5b65a3590e8c4875d332b0c6497059cc72609c	HTML	2022-03-20 12:00:10	https://tria.ge/220319-aarvbsghgp	CuckooSandbox/embedded_win_api YRP/domain YRP/IP YRP/url [+] YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/Big_Numbers4
7a4972d52dc90802c975c5ecb8f451450772170efe6b7c447cb396d5b0027059	ASCII	2022-03-20 11:57:52	User Submission	YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools [+] YRP/Antivirus YRP/Sandboxie_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/anti_dbgtools YRP/android_meterpreter
7a1f126caa7226f2afffb5063b395d288a794823b61f8611003a49e45036d000	PE32	2022-03-20 11:57:23	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsConsole YRP/HasDebugData YRP/domain YRP/IP YRP/contentis_base64 YRP/Antivirus YRP/Misc_Suspicious_Strings FlorianRoth/DragonFly_APT_Sep17_3
79e7a69b5d57d4ae5312dae8ffb6615d41fec9d38fa7cbf0bb37082881cc4fb2	PE32	2022-03-20 11:56:59	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/HasDebugData YRP/domain YRP/IP YRP/contentis_base64 YRP/Misc_Suspicious_Strings FlorianRoth/DragonFly_APT_Sep17_3
7775e63aeb7f42c2112118d39e3c87d0d9618b2e83173719e9d5c2049899269e	PE32	2022-03-20 11:51:01	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsConsole YRP/domain YRP/IP YRP/contentis_base64 YRP/Misc_Suspicious_Strings FlorianRoth/DragonFly_APT_Sep17_3
7140f5ec21a6611e5ac6e45c6357d036e4676bd8f50b19f68c3396297db48126	PE32+	2022-03-20 11:36:52	User Submission	YRP/IsPE64 YRP/IsConsole YRP/ImportTableIsBad YRP/domain [+] YRP/IP YRP/contentis_base64 YRP/Misc_Suspicious_Strings FlorianRoth/DragonFly_APT_Sep17_3
70072a6239488b071403cf29308652486727816236c455de356bbe13df67d3a8	PE32	2022-03-20 11:34:03	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/network_smtp_dotNet YRP/keylogger YRP/win_hook YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/CRC32_poly_Constant YRP/CAP_HookExKeylogger
6c66a530ffba5d13f757de65d3fe08968aad8df9b1f03f6876f631d0dd28f10e	PE32	2022-03-20 11:26:24	User Submission	YRP/Borland_Cpp_DLL YRP/Borland_Cpp_for_Win32_1999 YRP/Borland YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasModified_DOS_Message YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/Big_Numbers1 YRP/Big_Numbers2 YRP/Big_Numbers3 YRP/Big_Numbers4 YRP/MD5_Constants YRP/SHA512_Constants YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/Delphi_CompareCall
69896bcd1041c6cc5a3caf6e1e4fd2be566bff0e0f3d3154a0e45ab00cb217f9	PE32	2022-03-20 11:19:39	User Submission	YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsConsole [+] YRP/domain YRP/IP YRP/contentis_base64 YRP/Misc_Suspicious_Strings FlorianRoth/DragonFly_APT_Sep17_3
67ffda191198a019f940d2d2876197731d42c10988e2fafe54af19863c725eb7	Composite	2022-03-20 11:15:45	User Submission	YRP/domain YRP/contentis_base64 YRP/maldoc_OLE_file_magic_number YRP/Misc_Suspicious_Strings
66e66bf9b217bc603627b0ed7178b6a8156b3fd1a5bd43865799460cd8698d4a	PE32	2022-03-20 11:13:37	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32c_poly_Constant YRP/CRC32_poly_Constant YRP/CRC32_table YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/GenerateTLSClientHelloPacket_Test
62e348a281df1a3ef489cb719c3c1a9f3dfddcb774b2f94e2c288e0ae8600eda	PE32+	2022-03-20 11:05:27	User Submission	YRP/IsPE64 YRP/IsConsole YRP/ImportTableIsBad YRP/domain [+] YRP/IP YRP/contentis_base64 YRP/Misc_Suspicious_Strings FlorianRoth/DragonFly_APT_Sep17_3
12138a12e35563461860d8c39d80e7cbf80aced9a3f197bf7e6a452a70e07048	PE32	2022-03-20 07:01:33	User Submission	YRP/IsPE32 YRP/IsConsole YRP/maldoc_getEIP_method_1 YRP/domain [+] YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/SEH__vectored YRP/antisb_threatExpert YRP/network_udp_sock YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers3 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/BASE64_table YRP/Str_Win32_Winsock2_Library
4232deb24f63c698c32346ffe9bdcffc7514ab3e26cd135e182ef88a4c6d2a0e	PE32	2022-03-20 04:00:25	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/domain YRP/IP YRP/contentis_base64 YRP/Browsers YRP/Antivirus YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/WMI_VM_Detect YRP/screenshot YRP/CRC32_poly_Constant
f63925e2643f083d1d459de23130c8fa39c8e1e53ca0e89fb3c705e9dffd2e41	PE32	2022-03-20 03:39:38	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDigitalSignature YRP/HasDebugData YRP/ImportTableIsBad YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/Big_Numbers1
fb51d08883e066f638f7561fe1ba14b76c76bf65fa1988eba836820d81480eec	PE32+	2022-03-20 03:27:16	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_tcp_socket YRP/network_dns YRP/win_registry YRP/win_files_operation YRP/android_meterpreter YRP/Big_Numbers1 YRP/Big_Numbers2 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/BLOWFISH_Constants YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/WHIRLPOOL_Constants YRP/DES_Long YRP/RijnDael_AES YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/suspicious_packer_section
85d0fdba23d199c85916fdcba52cc4e5754d38c3107a2e6480820f17806fb851	PE32	2022-03-20 03:24:48	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/anti_dbg YRP/network_http YRP/escalate_priv YRP/screenshot YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers2 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
a1066bcee1e8eee07c4d4d8787c0848535644529b3fdb43af01dc2cfcf921212	HTML	2022-03-20 03:15:36	https://steamcommunityk.com/tradeoffers/news/...	YRP/domain YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings
a53af96d0a2bddd88e420cde7ed8ea0f5ddebce17bb64ddadcf83af8ddc69f82	PE32	2022-03-20 03:07:19	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Browsers YRP/VM_Generic_Detection YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/anti_dbg YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/win_registry YRP/win_token YRP/Big_Numbers1 YRP/Str_Win32_Winsock2_Library
7e9bc0e2cc8c5151cc3c755cad9fe8cf5f1f8b4413538854a742d4577e312b20	PE32	2022-03-20 03:05:05	User Submission	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/Borland_Delphi_v60_v70 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/borland_delphi YRP/powershell YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Browsers YRP/Antivirus YRP/Qemu_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/disable_antivirus YRP/network_udp_sock YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers2 YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/BASE64_table YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Delphi_DecodeDate YRP/Str_Win32_Winsock2_Library
deeb203da669b35540889cfe23590691251838951e28ed8c5ffe819eef50fe94	PE32+	2022-03-20 03:03:58	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Browsers YRP/Antivirus YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/vmdetect YRP/anti_dbg YRP/escalate_priv YRP/screenshot YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers2
b4a8795b3c8185c90f2293a4cd29f90dad0384e74aed851104e0a2d28b74dfa9	PE32+	2022-03-20 03:01:52	User Submission	YRP/possible_includes_base64_packed_functions YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/SEH__vectored YRP/anti_dbg YRP/network_http YRP/network_dga YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/WHIRLPOOL_Constants YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
41c1fd113e1ce21fb983a56e052608693c0ae0cd90b7948d11bb90ac72991ecb	PE32	2022-03-20 01:12:46	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_dep YRP/inject_thread YRP/network_dropper YRP/network_dns YRP/escalate_priv YRP/keylogger YRP/sniff_audio YRP/cred_ff YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API FlorianRoth/Malware_Floxif_mpsvc_dll
0a7770369c43175b15e0ab327336c46580dd61264a4c4a44649633d661c79703	HTML	2022-03-20 00:02:47	https://tria.ge/220318-3hy8lagfbr	CuckooSandbox/embedded_win_api YRP/domain YRP/IP YRP/url [+] YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/Big_Numbers4
215c9aa5abcfa30bc522226eb30b14e5cc4779ce0b5ef9000c7fccd9f6da8109	HTML	2022-03-20 00:02:40	https://tria.ge/220318-3gnepsgfak	CuckooSandbox/embedded_win_api YRP/domain YRP/IP YRP/url [+] YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/Big_Numbers4
eb11729804c030f17ae3daf219cb9526fd22d02e6d4b59b88cdd8cb748b5635b	PE32	2022-03-19 18:02:46	User Submission	CuckooSandbox/embedded_macho YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/network_http YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/with_sqlite
40c516a67062e113e4d9211890b926bc04a76624ab12379485014d4f5e987538	PE32+	2022-03-19 18:01:02	User Submission	YRP/IsPE64 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_files_operation YRP/win_hook YRP/suspicious_packer_section
30069cf93ac8746e4561966a8aba9edf6198929e5e955931904ce6750baeafba	HTML	2022-03-19 12:02:53	https://tria.ge/220318-3hy8lagfbr	CuckooSandbox/embedded_win_api YRP/domain YRP/IP YRP/url [+] YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/Big_Numbers4
845f38e70800ee4489466f05f987dce4660b314b29ffb2957502bd1891b76e5f	HTML	2022-03-19 12:02:45	https://tria.ge/220318-3gnepsgfak	CuckooSandbox/embedded_win_api YRP/domain YRP/IP YRP/url [+] YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/Big_Numbers4
ceaaa11843349aefcdcff93b5879d0a5c51238fe5ea5d45858628fd2d995fa1f	PE32	2022-03-19 07:06:23	User Submission	YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasModified_DOS_Message YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/network_ssl YRP/suspicious_packer_section
1e6127b62364af41d8aeefdca1575c6753459cb9716ae0f5370dcb6814f4ca01	HTML	2022-03-19 06:17:56	https://tria.ge/220317-zcc7dsfah7	CuckooSandbox/embedded_win_api YRP/domain YRP/IP YRP/url [+] YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/Big_Numbers4
f812801e773a5e541161d0b13e5d2be570e0e6458eeac83242451c336f888cd1	HTML	2022-03-19 06:17:25	https://tria.ge/220317-zd9xrafba6	CuckooSandbox/embedded_win_api YRP/domain YRP/IP YRP/url [+] YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/Big_Numbers4
8e15064912aa31c1101062fd9e99500ae884b6bce0c4fa47dbc78e29f0abd8d1	PE32	2022-03-19 03:29:00	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/inject_thread
9b2665faf9d472278bcf0808691c2fa4246d9efcecda527d222f48b1c32de829	PE32	2022-03-19 03:27:58	User Submission	YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasModified_DOS_Message YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Misc_Suspicious_Strings YRP/Big_Numbers2 YRP/suspicious_packer_section
08b4215f1682fe599d8246a5b2dd0b2cdb4545892c47dd6481ade3d2563815bb	PE32	2022-03-19 03:24:15	User Submission	YRP/Safeguard_103_Simonzh YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/DebuggerException__SetConsoleCtrl YRP/Check_OutputDebugStringA_iat YRP/DebuggerCheck__MemoryWorkingSet YRP/anti_dbg YRP/antisb_threatExpert YRP/inject_thread YRP/network_tcp_listen YRP/network_tcp_socket YRP/escalate_priv YRP/migrate_apc YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API YRP/suspicious_packer_section
84225599366a0a2f8b2b4aa01466bcb087c4a6915010aea3d9c898955950c74b	PE32+	2022-03-19 03:10:11	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsConsole YRP/HasOverlay [+] YRP/HasDigitalSignature YRP/HasDebugData YRP/HasModified_DOS_Message YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/antisb_threatExpert YRP/win_mutex YRP/win_registry YRP/win_files_operation
f832c9561ca88b8e9ddb0720c70dc4284c89a103a956d15b95939db1375624d4	PE32	2022-03-19 03:06:24	User Submission	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/DebuggerException__SetConsoleCtrl YRP/anti_dbg YRP/disable_dep YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Str_Win32_Http_API
5f5c7a8767eb085cdbbdf6aa6d35643da374bfc42fe689b4dfeb7dcdb0637034	PE32+	2022-03-19 03:05:29	User Submission	YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VM_Generic_Detection YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/DebuggerException__SetConsoleCtrl YRP/anti_dbg YRP/screenshot YRP/win_registry YRP/Big_Numbers1 YRP/Advapi_Hash_API
d625f6975454a31671c87d7a0e66597299d43479dbfa1d5c85ac4870fbf523df	PE32+	2022-03-19 03:05:22	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers1
3e9f8a23ab29dc16006d57204e1bf006257de4378cf4e10943bea540cdf2b468	PE32	2022-03-19 03:04:33	User Submission	CuckooSandbox/embedded_macho YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/network_http YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/with_sqlite
520d4d005ec12e85e6f434ab92959839aa76c4d01480d46294fe9677d8f209d2	PE32	2022-03-19 03:02:56	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Browsers YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/network_http YRP/network_dga YRP/screenshot YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Advapi_Hash_API YRP/VC8_Random YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
700fb4ddefeb44933ad0dc572a2d3f920024b9f69d597bde075666e24ad93351	PE32	2022-03-19 03:02:07	User Submission	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/DebuggerException__SetConsoleCtrl YRP/anti_dbg YRP/disable_dep YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Str_Win32_Http_API
9b4ce82e634e182077743c44807c8a7642539bcccfe9ae03dd4e85bcabed53fe	PE32+	2022-03-19 03:00:55	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/screenshot YRP/win_mutex YRP/win_registry
49a8c4b4cf805f7639b419945bd1e6402c089ef66b06fb8207d97c71b84f05d3	PE32+	2022-03-19 03:00:49	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Browsers YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/screenshot YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/win_hook YRP/android_meterpreter YRP/Big_Numbers1 YRP/Str_Win32_Wininet_Library
76d1563be40294295ad6a337db7a25af9d270130edc214a40dfed45b9cd81634	PE32+	2022-03-19 03:00:37	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDebugData YRP/HasRichSignature YRP/QtFrameWork YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/win_registry
6804c60f60a54b78cc609796b6b64edf52713b5d7d4afd8549a65200131cae6b	PE32+	2022-03-19 03:00:32	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/win_registry YRP/win_files_operation
315a7dcd0ea5ec4acf08c13827668fa90cfb5a4fda8343a5afe759cad33033a2	HTML	2022-03-19 02:50:04	https://roblox.com.af/users/8725774160/profil...	YRP/domain YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings [+] YRP/android_meterpreter YRP/Big_Numbers1 YRP/Big_Numbers3
db20da28be4b0c3be4c357a24a2d11dca6e92243db4b6b5d3b5af3bd69a4fbda	HTML	2022-03-19 00:08:25	https://tria.ge/220317-3gpb1afdf3	CuckooSandbox/embedded_win_api YRP/domain YRP/IP YRP/url [+] YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/Big_Numbers4
8b565db56aaf67db16ea008837d7d462a0da16553b2332bee80bd861de71b9db	HTML	2022-03-19 00:08:15	https://tria.ge/220317-11m7yafeep	CuckooSandbox/embedded_win_api YRP/domain YRP/IP YRP/url [+] YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/Big_Numbers4
5f5f838eb49e680bea987a7cdcaf2f2b8ee4e437d6a4b5e8cd0d377ef0be3c4d	HTML	2022-03-19 00:02:24	https://tria.ge/220317-3ldfasfdf7	CuckooSandbox/embedded_win_api YRP/domain YRP/IP YRP/url [+] YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/Big_Numbers4
7de9979b0bf6435fa5affc4b43fa72a38a6b2716fadc81ed8f9fba0fd990971b	HTML	2022-03-19 00:00:11	https://eset.com/uk/home/online-scanner	YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+] YRP/Misc_Suspicious_Strings YRP/Big_Numbers0 YRP/Big_Numbers1
9df8211c0e6b11ddc1e86643f76d6e604d0ca5be4d72b8fc27749ec33ca6c9be	HTML	2022-03-18 17:24:54	https://tria.ge/220317-zcc7dsfah7	CuckooSandbox/embedded_win_api YRP/domain YRP/IP YRP/url [+] YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/Big_Numbers4

Recent Searches
yrp/misc_suspicious_strings
yrp/microsoft_visual_cpp_60_dll
yrp/upx
yrp/gen_powershell
yrp/smallnet
yrp/aspydrv_asp
yrp/pecompact_2xx_slim_loader_bitsum_technologies
yrp/webshell_c99_4
yrp/hmimyspacker10hmimys
yrp/webshell_webshells_new_code

Search

Recent Searches