MalShare

SHA256 Hash	File type	Added	Source	Yara Hits
db7a30e9b00ca0f55460c2b617afef03bfa42f53d60d32fe29014f9daf1574e7	PE32	2022-03-20 02:22:54	User Submission	YRP/Safeguard_103_Simonzh YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/DebuggerException__SetConsoleCtrl YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/win_registry YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants
20fdbda8970787765bc27e06a9b76aa421e6d7e74e65799d82a153349e3be59a	PE32	2022-03-20 02:04:45	User Submission	YRP/Safeguard_103_Simonzh YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/anti_dbg YRP/antisb_threatExpert YRP/network_http YRP/network_dga YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers3 YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
08b4215f1682fe599d8246a5b2dd0b2cdb4545892c47dd6481ade3d2563815bb	PE32	2022-03-19 02:24:15	User Submission	YRP/Safeguard_103_Simonzh YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/DebuggerException__SetConsoleCtrl YRP/Check_OutputDebugStringA_iat YRP/DebuggerCheck__MemoryWorkingSet YRP/anti_dbg YRP/antisb_threatExpert YRP/inject_thread YRP/network_tcp_listen YRP/network_tcp_socket YRP/escalate_priv YRP/migrate_apc YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API YRP/suspicious_packer_section
f6ae7232bae7df2bcef0146c867f4288e52c2ff8a365d0d665a20c5d35112676	PE32	2022-03-18 02:24:09	User Submission	YRP/Safeguard_103_Simonzh YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/DebuggerException__SetConsoleCtrl YRP/Check_OutputDebugStringA_iat YRP/DebuggerCheck__MemoryWorkingSet YRP/anti_dbg YRP/antisb_threatExpert YRP/inject_thread YRP/network_tcp_listen YRP/network_tcp_socket YRP/escalate_priv YRP/migrate_apc YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/android_meterpreter YRP/Big_Numbers1 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API YRP/suspicious_packer_section
7c6d83ab98a0b82641bb45a2457d29eb34102c76e57412a260b27543c9103046	PE32	2022-03-18 02:23:51	User Submission	YRP/Safeguard_103_Simonzh YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/win_registry YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/BASE64_table
3e022380a4b739fa20d9a66ddf0e7f814b6b46ebe603b19f85bd6261408bd2ca	PE32	2022-03-18 02:21:03	User Submission	YRP/Safeguard_103_Simonzh YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/DebuggerException__SetConsoleCtrl YRP/Check_OutputDebugStringA_iat YRP/DebuggerCheck__MemoryWorkingSet YRP/anti_dbg YRP/antisb_threatExpert YRP/inject_thread YRP/network_tcp_listen YRP/network_tcp_socket YRP/escalate_priv YRP/migrate_apc YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API YRP/suspicious_packer_section
1514a68e32606b7718db8ad1f76d92c71daa1ce1956115db73d3d726dd43bcfa	PE32	2022-03-18 02:14:11	User Submission	YRP/Safeguard_103_Simonzh YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDigitalSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/BASE64_table YRP/Str_Win32_Http_API
4a342bfe78384a69f32343586ac44337a4cfe56f9ad0da53554f1f710e204f26	PE32	2022-03-18 02:07:20	User Submission	YRP/Safeguard_103_Simonzh YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/DebuggerCheck__QueryInfo YRP/DebuggerHiding__Thread YRP/DebuggerException__SetConsoleCtrl YRP/Check_OutputDebugStringA_iat YRP/DebuggerCheck__MemoryWorkingSet YRP/anti_dbg YRP/antisb_threatExpert YRP/disable_dep YRP/inject_thread YRP/network_tcp_listen YRP/network_tcp_socket YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API
543df65661d5868715d33476df677bfdc8b15d3cd7e013d442cd88fc8e7e18e9	PE32	2022-03-18 02:02:36	User Submission	YRP/Safeguard_103_Simonzh YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/DebuggerCheck__QueryInfo YRP/DebuggerHiding__Thread YRP/DebuggerException__SetConsoleCtrl YRP/Check_OutputDebugStringA_iat YRP/DebuggerCheck__MemoryWorkingSet YRP/anti_dbg YRP/antisb_threatExpert YRP/disable_dep YRP/inject_thread YRP/network_tcp_listen YRP/network_tcp_socket YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API
019f56fc6c2d5185101273fd4d4d046c7a81f6656da4048a7188cb339c73d393	PE32	2022-03-18 02:02:02	User Submission	YRP/Safeguard_103_Simonzh YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/DebuggerCheck__QueryInfo YRP/DebuggerHiding__Thread YRP/DebuggerException__SetConsoleCtrl YRP/Check_OutputDebugStringA_iat YRP/DebuggerCheck__MemoryWorkingSet YRP/anti_dbg YRP/antisb_threatExpert YRP/disable_dep YRP/inject_thread YRP/network_tcp_listen YRP/network_tcp_socket YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API
2f3997329c41663f3cb476b2df1b5c09bec4277f2a18a4d437c4f259e13b0665	PE32	2022-03-17 07:03:17	User Submission	YRP/Safeguard_103_Simonzh YRP/FSG_v110_Eng_dulekxt_Microsoft_Visual_C_Basic_NET YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsPacked YRP/ImportTableIsBad YRP/FASM YRP/domain FlorianRoth/DragonFly_APT_Sep17_3
0c556a31769567549fceccb08ea370b86a2804ea2ee2c2fdb04127a02f3f0db1	PE32	2022-03-17 02:04:35	User Submission	YRP/Safeguard_103_Simonzh YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/ImportTableIsBad YRP/FASM YRP/domain FlorianRoth/DragonFly_APT_Sep17_3
9970d532491777e48219ecc8724196c8f470df8f8fc501edc45215176d3a8de7	PE32	2022-03-17 02:03:41	User Submission	YRP/Safeguard_103_Simonzh YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/HasDebugData YRP/HasModified_DOS_Message YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/anti_dbg YRP/screenshot YRP/win_files_operation YRP/TEAN
197b9692a3419cea85319a5e531dd718d67f82ebba9842d1fe74c0a5fa318494	PE32	2022-03-15 06:01:36	User Submission	YRP/Safeguard_103_Simonzh YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsNET_EXE YRP/IsWindowsGUI YRP/IsPacked YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/contentis_base64 YRP/win_registry YRP/suspicious_packer_section
cbe8469bb122667dafb7bb5b16588d1b65d179a8658680c6dfbdb542a4c6d6ea	PE32	2022-03-14 12:02:51	User Submission	YRP/Safeguard_103_Simonzh YRP/Microsoft_CAB_SFX YRP/VC8_Microsoft_Corporation YRP/Microsoft_CAB_SFX_additional [+] YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/System_Tools YRP/Dropper_Strings YRP/escalate_priv YRP/screenshot YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation
878d29591a547393645bd523d45cdccaca0b11e4ce956550c905e392d8519c8e	PE32	2022-03-13 02:23:21	User Submission	YRP/Safeguard_103_Simonzh YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/DebuggerException__SetConsoleCtrl YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/antisb_threatExpert YRP/win_registry YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants
e69119392e8dc2aa8ee19a8b2cf7c222c031766e2cf3d90a2346cea37ec807ba	PE32	2022-03-13 02:21:16	User Submission	YRP/Safeguard_103_Simonzh YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/DebuggerException__SetConsoleCtrl YRP/Check_OutputDebugStringA_iat YRP/DebuggerCheck__MemoryWorkingSet YRP/anti_dbg YRP/antisb_threatExpert YRP/inject_thread YRP/network_tcp_listen YRP/network_tcp_socket YRP/escalate_priv YRP/migrate_apc YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API YRP/suspicious_packer_section
705b4daf544f82a635abdc6826573cad7b3a922fdf7d1ff35f404a6a9c0d02ed	PE32	2022-03-12 02:46:22	User Submission	YRP/Safeguard_103_Simonzh YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Antivirus YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/DebuggerCheck__QueryInfo YRP/DebuggerHiding__Thread YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/disable_dep YRP/inject_thread YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dga YRP/screenshot YRP/keylogger YRP/spreading_file YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
7d4afeab429db4912d24c3c20fb23440cd4b5e0a112745bfd05c801bcd9ea014	PE32	2022-03-12 02:42:14	User Submission	YRP/Safeguard_103_Simonzh YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/disable_dep YRP/win_registry YRP/win_token YRP/win_files_operation
c3fca5429e05260147b7233465a16e49a18094dc5006ec93b859c8eba8a448e0	PE32	2022-03-12 02:40:39	User Submission	CuckooSandbox/vmdetect YRP/Safeguard_103_Simonzh YRP/Safengine_Shielden_v2160 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/contentis_base64 YRP/VirtualPC_Detection YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/DebuggerException__SetConsoleCtrl YRP/ThreadControl__Context YRP/vmdetect YRP/anti_dbg YRP/network_dga YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/win_hook YRP/RijnDael_AES YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
f1d0e952b7675178280f17441629016779796a2a628f79f0112453d97e865282	PE32	2022-03-12 02:06:02	User Submission	YRP/Safeguard_103_Simonzh YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/DebuggerCheck__QueryInfo YRP/DebuggerHiding__Thread YRP/DebuggerException__SetConsoleCtrl YRP/Check_OutputDebugStringA_iat YRP/DebuggerCheck__MemoryWorkingSet YRP/anti_dbg YRP/antisb_threatExpert YRP/disable_dep YRP/inject_thread YRP/network_tcp_listen YRP/network_tcp_socket YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API
cd4c42f7047194f6f2a3061cc4c48e1fb2512d4b6bd3e19c740b8cd16874ea1f	PE32	2022-03-11 02:33:00	User Submission	YRP/Safeguard_103_Simonzh YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/anti_dbg YRP/antisb_threatExpert YRP/network_http YRP/network_dga YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers3 YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
745727840932b0f6ead020dc5a687ce4b291bdf11b5200fcb391e71a8ced061c	PE32	2022-03-10 02:25:04	User Submission	YRP/Safeguard_103_Simonzh YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/DebuggerCheck__QueryInfo YRP/DebuggerHiding__Thread YRP/DebuggerException__SetConsoleCtrl YRP/Check_OutputDebugStringA_iat YRP/DebuggerCheck__MemoryWorkingSet YRP/anti_dbg YRP/antisb_threatExpert YRP/disable_dep YRP/inject_thread YRP/network_tcp_listen YRP/network_tcp_socket YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API
723894dd9c2f37d7cad7b1504df30ea3c21a660fbd173f6cabc60c890fcac967	PE32	2022-03-10 02:24:48	User Submission	YRP/Safeguard_103_Simonzh YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/DebuggerException__SetConsoleCtrl YRP/Check_OutputDebugStringA_iat YRP/DebuggerCheck__MemoryWorkingSet YRP/anti_dbg YRP/antisb_threatExpert YRP/inject_thread YRP/network_tcp_listen YRP/network_tcp_socket YRP/escalate_priv YRP/migrate_apc YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API YRP/suspicious_packer_section
021afaa40731389b9dbcb0983f08deb24db0879eeaa41fbb83d399fcfc548f74	PE32	2022-03-10 02:11:47	User Submission	YRP/Safeguard_103_Simonzh YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/HasDebugData YRP/HasModified_DOS_Message YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/anti_dbg YRP/screenshot YRP/win_files_operation YRP/TEAN
b4401786ef72c3baf0f60c69e620839a1967cb79d398aae5ec9f5eb84fa46705	PE32	2022-03-09 19:02:52	User Submission	YRP/Safeguard_103_Simonzh YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsNET_EXE YRP/IsWindowsGUI YRP/IsPacked YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/contentis_base64 YRP/win_registry
806a2e29a459fbc282f4fa0ddd44344e166aca2cb63f840d4d597df5d9c57fb9	PE32	2022-03-09 02:08:58	User Submission	CuckooSandbox/vmdetect YRP/Safeguard_103_Simonzh YRP/Safengine_Shielden_v2160 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/contentis_base64 YRP/VirtualPC_Detection YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/DebuggerException__SetConsoleCtrl YRP/ThreadControl__Context YRP/vmdetect YRP/anti_dbg YRP/network_dga YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/win_hook YRP/RijnDael_AES YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/suspicious_packer_section
59ce7f2e7a1ade00d4a6412139e155074cdc4fc5bce69bae7d78c2ce35a4089d	PE32	2022-03-09 02:02:01	User Submission	YRP/Safeguard_103_Simonzh YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/DebuggerCheck__QueryInfo YRP/DebuggerHiding__Thread YRP/DebuggerException__SetConsoleCtrl YRP/Check_OutputDebugStringA_iat YRP/DebuggerCheck__MemoryWorkingSet YRP/anti_dbg YRP/antisb_threatExpert YRP/disable_dep YRP/inject_thread YRP/network_tcp_listen YRP/network_tcp_socket YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API
22f7b4c3de9a36a9750cd8cd56b88b0dabf225d9450d0e48cc0523623fc1bf72	PE32	2022-03-08 02:09:22	User Submission	YRP/Safeguard_103_Simonzh YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/ImportTableIsBad YRP/FASM YRP/domain FlorianRoth/DragonFly_APT_Sep17_3
6fa3cd2a3368cc0bec110545d4b93141528b32d349029d7f1d6a85fa1a765f6a	PE32	2022-03-08 02:03:16	User Submission	CuckooSandbox/vmdetect YRP/Safeguard_103_Simonzh YRP/Safengine_Shielden_v2160 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/contentis_base64 YRP/VirtualPC_Detection YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/DebuggerException__SetConsoleCtrl YRP/ThreadControl__Context YRP/vmdetect YRP/anti_dbg YRP/network_dga YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/RijnDael_AES YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
d61f135d2da176c567552241c77e4ebf274a18a2e475d2b6e8d1d3048ce1f623	PE32	2022-03-07 02:00:29	User Submission	CuckooSandbox/vmdetect YRP/Safeguard_103_Simonzh YRP/Safengine_Shielden_v2160 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/contentis_base64 YRP/VirtualPC_Detection YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/ThreadControl__Context YRP/vmdetect YRP/anti_dbg YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/RijnDael_AES YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
2f713bc7be1c9ee64f300e38c2632f1c91ebc8e98c863d664feb1275975f4b3c	PE32	2022-03-06 02:39:46	User Submission	YRP/Safeguard_103_Simonzh YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/anti_dbg YRP/antisb_threatExpert YRP/network_http YRP/network_dga YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers3 YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
723d2a3d98ea5a47ac3765a6619959728e0f12139a98934297f61e99261595eb	PE32	2022-03-05 02:28:22	User Submission	YRP/Safeguard_103_Simonzh YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/DebuggerException__SetConsoleCtrl YRP/Check_OutputDebugStringA_iat YRP/DebuggerCheck__MemoryWorkingSet YRP/anti_dbg YRP/antisb_threatExpert YRP/inject_thread YRP/network_tcp_listen YRP/network_tcp_socket YRP/escalate_priv YRP/migrate_apc YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API YRP/suspicious_packer_section
02fffc1c8a607aab015d4c5fa291e543fe65946a98055665a3a576b4d13fb114	PE32+	2022-03-05 02:18:23	User Submission	YRP/Safeguard_103_Simonzh YRP/IsPE64 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDigitalSignature YRP/HasDebugData YRP/HasModified_DOS_Message YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/win_mutex YRP/win_registry YRP/Big_Numbers1 YRP/TEAN
0281a3df4c3626c144d04210e776a0f6078244e64eb0713c468bca08d09b7e5d	PE32	2022-03-05 02:12:54	User Submission	CuckooSandbox/vmdetect YRP/Safeguard_103_Simonzh YRP/Safengine_Shielden_v2160 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/contentis_base64 YRP/VirtualPC_Detection YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/DebuggerException__SetConsoleCtrl YRP/ThreadControl__Context YRP/vmdetect YRP/anti_dbg YRP/network_dga YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/RijnDael_AES YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
7fb280918b464f3ee1345a7038db8fa3cfc7e198b649030d3e1c57b212e3cb03	PE32	2022-03-04 02:32:46	User Submission	YRP/Safeguard_103_Simonzh YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/antisb_threatExpert YRP/win_registry YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/BASE64_table
4b16e6f4c22d2d3c51b86a2f9e592a45d22c29d8c91df9e2a1770f03b4f424af	PE32	2022-03-04 02:04:28	User Submission	YRP/Safeguard_103_Simonzh YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/DebuggerCheck__QueryInfo YRP/DebuggerHiding__Thread YRP/DebuggerException__SetConsoleCtrl YRP/Check_OutputDebugStringA_iat YRP/DebuggerCheck__MemoryWorkingSet YRP/anti_dbg YRP/antisb_threatExpert YRP/disable_dep YRP/inject_thread YRP/network_tcp_listen YRP/network_tcp_socket YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API
8d969f9014e5f4c7d2385b96c8a00870e634d271106cb6e684183e012e56aa8e	PE32	2022-03-03 09:03:50	User Submission	YRP/Safeguard_103_Simonzh YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsNET_EXE YRP/IsWindowsGUI YRP/IsPacked YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/contentis_base64 YRP/win_registry YRP/suspicious_packer_section
27edb0b8b086efb6982c2aa886da4b0637c6759883b22e2d1dac90e5d56bf84f	PE32	2022-03-03 02:12:52	User Submission	YRP/Safeguard_103_Simonzh YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/anti_dbg YRP/antisb_threatExpert YRP/network_http YRP/network_dga YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers3 YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
96f59264bceb10377f78ce5e0a000e070df21c0ce3f79ad3fbfb0b29665c30a9	PE32	2022-03-03 02:06:48	User Submission	YRP/Safeguard_103_Simonzh YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/HasDebugData YRP/HasModified_DOS_Message YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/anti_dbg YRP/screenshot YRP/win_files_operation YRP/TEAN
822febbfd5a46f1ac8db9ecbd880807a4940b7015ed67403bb00ddc196014190	PE32	2022-03-02 02:22:55	User Submission	YRP/Safeguard_103_Simonzh YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/ImportTableIsBad YRP/FASM YRP/domain FlorianRoth/DragonFly_APT_Sep17_3
045056337dbfc5fce7085076aa7f6973b4a17186d9eb47b01556b08f5ef15b02	PE32	2022-03-02 02:01:32	User Submission	YRP/Safeguard_103_Simonzh YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/HasOverlay YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/win_registry YRP/suspicious_packer_section
915657a1cdec26809fd313c591bdb5841424080bd33c07197e251bf8a40e19a9	PE32	2022-03-01 22:02:26	User Submission	CuckooSandbox/vmdetect YRP/Safeguard_103_Simonzh YRP/Safengine_Shielden_v2160 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/contentis_base64 YRP/VirtualPC_Detection YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/DebuggerException__SetConsoleCtrl YRP/ThreadControl__Context YRP/vmdetect YRP/anti_dbg YRP/network_dga YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/win_hook YRP/Big_Numbers0 YRP/RijnDael_AES YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/suspicious_packer_section
a94a270991241875a66c3106a3d76007db59b3109cd9d8a23b4e68d46aa4565f	PE32	2022-02-28 20:00:29	User Submission	CuckooSandbox/vmdetect YRP/Safeguard_103_Simonzh YRP/Safengine_Shielden_v2160 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/with_images YRP/without_attachments YRP/with_urls YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/VirtualPC_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/ThreadControl__Context YRP/vmdetect YRP/anti_dbg YRP/disable_antivirus YRP/create_service YRP/network_http YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/rat_rdp YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/DES_sbox YRP/RijnDael_AES YRP/BASE64_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/GenerateTLSClientHelloPacket_Test
90c51466f7d5dc9a9ef6ab7aea573ebfd8381a5f4ad6e4ba8ea91f7df58c7e4a	PE32	2022-02-28 02:02:06	User Submission	CuckooSandbox/vmdetect YRP/Safeguard_103_Simonzh YRP/Safengine_Shielden_v2160 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/contentis_base64 YRP/VirtualPC_Detection YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/DebuggerException__SetConsoleCtrl YRP/ThreadControl__Context YRP/vmdetect YRP/anti_dbg YRP/network_dga YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/win_hook YRP/Big_Numbers0 YRP/RijnDael_AES YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/suspicious_packer_section
c4b6150db39e932308e4c1ddfee987a087e9963606096e5186893a0c6b0589ad	PE32	2022-02-26 21:00:19	User Submission	CuckooSandbox/vmdetect YRP/Safeguard_103_Simonzh YRP/Safengine_Shielden_v2160 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/contentis_base64 YRP/VirtualPC_Detection YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/ThreadControl__Context YRP/vmdetect YRP/anti_dbg YRP/win_registry YRP/win_files_operation YRP/RijnDael_AES
bf0ff9dbcf0c2d41db69d623f8a7ef2a3e409ba586e63f58670c1a2df8768d14	PE32	2022-02-26 02:03:12	User Submission	YRP/Safeguard_103_Simonzh YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/ImportTableIsBad YRP/FASM YRP/domain FlorianRoth/DragonFly_APT_Sep17_3
6a0ecf381ee5fde8ff08239f1466da9d159f8fe5e929e5eeb220519f8e72ca7f	PE32	2022-02-25 02:24:40	User Submission	YRP/Safeguard_103_Simonzh YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/ImportTableIsBad YRP/FASM YRP/domain FlorianRoth/DragonFly_APT_Sep17_3
40c43374884c10691051207a1b7b7fe12d0d6b8031752ba146d442255b88b151	PE32	2022-02-25 01:16:49	User Submission	YRP/Safeguard_103_Simonzh YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/win_files_operation FlorianRoth/CN_Honker_Acunetix_Web_Vulnerability_Scanner_8_x_Enterprise_Edition_KeyGen
c5ec5b4bf9175ae7997952df25b2eb2fa6149704b9363dd8eaefd0237b28b983	PE32	2022-02-24 19:59:03	User Submission	YRP/Safeguard_103_Simonzh YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/Big_Numbers1 YRP/Big_Numbers3 FlorianRoth/DragonFly_APT_Sep17_3
b52240cac32a79cc964dc274e1812a9a4760a7604e7f3b92fdae9c3c093041fb	PE32	2022-02-24 19:46:43	User Submission	YRP/Safeguard_103_Simonzh YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/antisb_threatExpert YRP/network_dropper YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/Str_Win32_Wininet_Library
78b8d4d2defbf8bec04909d2b789897c90da231306604d16eb5577b94be2dfc4	PE32	2022-02-24 19:04:28	User Submission	YRP/Safeguard_103_Simonzh YRP/ZProtect_v144_lifeengines YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasModified_DOS_Message YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Big_Numbers1 YRP/Big_Numbers3 FlorianRoth/DragonFly_APT_Sep17_3
e2dad9de7b39602d32d42685ba4017fdbac89d054e5934abd04ebbb02296ad0d	PE32	2022-02-24 18:56:06	User Submission	YRP/Safeguard_103_Simonzh YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/FASM YRP/domain YRP/IP YRP/contentis_base64 YRP/Big_Numbers3 FlorianRoth/DragonFly_APT_Sep17_3
7ce741ddbb6433292bd66de5a2054dad18cd6a80a39d696642ab1107aa5ff387	PE32	2022-02-24 18:02:18	User Submission	YRP/Safeguard_103_Simonzh YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/screenshot YRP/Big_Numbers1 YRP/Big_Numbers3
decbb2f765eacd8284ed6a5d4d35b2bc78faf2975424ebcdf29baa39c5d5c276	PE32	2022-02-24 16:44:11	User Submission	YRP/Safeguard_103_Simonzh YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/screenshot YRP/Big_Numbers1 YRP/Big_Numbers3 FlorianRoth/DragonFly_APT_Sep17_3
8096e919bcafc75f25844245c0436f15fcfa49e547f385bd0da48ddfb05e34fa	PE32	2022-02-24 12:49:59	User Submission	YRP/Safeguard_103_Simonzh YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64
f0bd55fad059086e22e7fdff4ebc693f1a8c82ccf3c9ce97de5c0970b19e69ea	PE32	2022-02-24 12:41:54	User Submission	YRP/Safeguard_103_Simonzh YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/screenshot YRP/Big_Numbers1 YRP/Big_Numbers3 FlorianRoth/DragonFly_APT_Sep17_3
25feb67950acb996302cd798ff895b202cf53f346d3c1f05cbe3ad9f34639a81	PE32	2022-02-24 11:07:24	User Submission	YRP/Safeguard_103_Simonzh YRP/ZProtect_v144_lifeengines YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasModified_DOS_Message YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Big_Numbers1 YRP/Big_Numbers3
a86010b40a94f42ac58ded22f65168857e45b76e330ecb0351a11b4e67ba5995	PE32	2022-02-24 09:21:38	User Submission	YRP/Safeguard_103_Simonzh YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/screenshot YRP/Big_Numbers1 YRP/Big_Numbers3 FlorianRoth/DragonFly_APT_Sep17_3
c4dd64ebdb4a410cee4e3f90a152d66db7290315c74193dc12ef86390aca0ff2	PE32	2022-02-24 08:57:54	User Submission	YRP/Safeguard_103_Simonzh YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/screenshot YRP/Big_Numbers1 YRP/Big_Numbers3 FlorianRoth/DragonFly_APT_Sep17_3
d761ded7e2585f4452ab48119bc013a796537c933ffb34e207b98095c8f0f123	PE32	2022-02-24 08:45:52	User Submission	YRP/Safeguard_103_Simonzh YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/Big_Numbers1 YRP/Big_Numbers3 FlorianRoth/DragonFly_APT_Sep17_3
27c92f6f57406a9a60285c8e3277a4b7fe061d5cc83860ae3ea32c66aa99de34	PE32	2022-02-24 08:29:36	User Submission	YRP/Safeguard_103_Simonzh YRP/ZProtect_v144_lifeengines YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasModified_DOS_Message YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Big_Numbers1 YRP/Big_Numbers3 FlorianRoth/DragonFly_APT_Sep17_3
0e77ec58c67050aa4044702cf3762cd62ced83ce67882609ce9f5a3c67bc42b9	PE32	2022-02-24 06:02:20	User Submission	YRP/Safeguard_103_Simonzh YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/HasOverlay YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/CRC32b_poly_Constant
c6262b991d037704aa75d0f94cbd2841794cab85fd07b78125625879e9ed6d49	PE32	2022-02-24 04:45:27	User Submission	YRP/Safeguard_103_Simonzh YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/screenshot YRP/Big_Numbers1 YRP/Big_Numbers3 FlorianRoth/DragonFly_APT_Sep17_3
2c7836fc2c997a43a14476f1edff04f5dd173b352c8b3816c1fd6deaecf36ad7	PE32	2022-02-24 04:16:22	User Submission	CuckooSandbox/vmdetect YRP/Safeguard_103_Simonzh YRP/Safengine_Shielden_v2160 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/with_images YRP/without_attachments YRP/with_urls YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/VirtualPC_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/ThreadControl__Context YRP/vmdetect YRP/anti_dbg YRP/disable_antivirus YRP/create_service YRP/network_http YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/rat_rdp YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/DES_sbox YRP/RijnDael_AES YRP/BASE64_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/GenerateTLSClientHelloPacket_Test
4e0cadec85e1e4b8666d0c114cdccd8c50ed59a7a6e8dd54cc5ed1abaabe889d	MS-DOS	2022-02-24 04:09:07	User Submission	YRP/Safeguard_103_Simonzh YRP/UPXv20MarkusLaszloReiser YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/UPX20030XMarkusOberhumerLaszloMolnarJohnReiser [+] YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/contentis_base64 YRP/DebuggerException__SetConsoleCtrl YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/win_registry YRP/win_files_operation YRP/UPX YRP/suspicious_packer_section
0ee4f15cd8bade83443e83f1bf06822b9677abc9144a9c15fcd6df1974ae328a	PE32	2022-02-24 03:54:05	User Submission	YRP/Safeguard_103_Simonzh YRP/ZProtect_v144_lifeengines YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasModified_DOS_Message YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Big_Numbers1 YRP/Big_Numbers3 FlorianRoth/DragonFly_APT_Sep17_3
bd436614ace08b2ea482487a0db01b702f6ed95d02673e7331c77805db20f60f	PE32	2022-02-24 03:12:23	User Submission	YRP/Safeguard_103_Simonzh YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/DebuggerCheck__QueryInfo YRP/DebuggerHiding__Thread YRP/DebuggerException__SetConsoleCtrl YRP/Check_OutputDebugStringA_iat YRP/DebuggerCheck__MemoryWorkingSet YRP/anti_dbg YRP/antisb_threatExpert YRP/disable_dep YRP/inject_thread YRP/network_tcp_listen YRP/network_tcp_socket YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API
ee2a29d94dfc3ddc59725daa384102bfa59ab81c115f9e918fd702ae2888c549	PE32	2022-02-24 01:42:37	User Submission	YRP/Safeguard_103_Simonzh YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Browsers YRP/DebuggerCheck__QueryInfo YRP/DebuggerHiding__Thread YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/disable_dep YRP/inject_thread YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation
f35733a3fe6915e8a9325bd821801481cedb3c5eeafe6e0139bef34ee5bbea39	PE32	2022-02-24 00:24:01	User Submission	YRP/Safeguard_103_Simonzh YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64
c67f2a866d5abc1f5c70260ad058dfd813cbb548404ed06e1cbe61bfeda495e0	PE32	2022-02-23 22:53:29	User Submission	YRP/Safeguard_103_Simonzh YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/screenshot YRP/Big_Numbers1 YRP/Big_Numbers3 FlorianRoth/DragonFly_APT_Sep17_3
e629f458b60446b5a77c6e8fd3922b96f6b74fccc04e999cecc87e04a26035c8	PE32	2022-02-23 22:38:29	User Submission	YRP/Safeguard_103_Simonzh YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/FASM YRP/domain YRP/IP YRP/contentis_base64 YRP/Big_Numbers3 FlorianRoth/DragonFly_APT_Sep17_3
c15c06f2e92d38727a7786e3a3b5e716ebed735cdefd0cbbd4eaabdc4fc9e471	PE32	2022-02-23 21:07:02	User Submission	YRP/Safeguard_103_Simonzh YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/win_files_operation FlorianRoth/CN_Honker_Acunetix_Web_Vulnerability_Scanner_8_x_Enterprise_Edition_KeyGen
f45b4d45a7aead6d5a5dbe10a6efdf49e563d9ada206a4fad92648bd43bc8414	PE32	2022-02-23 17:09:56	User Submission	YRP/Safeguard_103_Simonzh YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/Big_Numbers1 YRP/Big_Numbers3 FlorianRoth/DragonFly_APT_Sep17_3
c047b70342941687efbc5c90e378b61e83240e37e9e7cf0ad06a57626958172d	PE32	2022-02-23 15:27:26	User Submission	YRP/Safeguard_103_Simonzh YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/antisb_threatExpert YRP/network_tcp_listen YRP/network_http YRP/network_tcp_socket YRP/spreading_share YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
d44809123fcadc00fd0ecfd452744d190a2befe57e150cce22afa97f3249064c	PE32	2022-02-23 12:22:28	User Submission	YRP/Safeguard_103_Simonzh YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasDebugData YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/anti_dbg YRP/create_service YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers1 YRP/Advapi_Hash_API
ed23d8047ae67bf0534d262a04e02a538a693256f4225f39dd9c630f723dd9c4	PE32	2022-02-23 10:49:00	User Submission	YRP/Safeguard_103_Simonzh YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64
b2800f59479c248f70961fe8163db0abb195503254523caebdae19a1213bd492	PE32	2022-02-23 10:35:44	User Submission	YRP/Safeguard_103_Simonzh YRP/ZProtect_v144_lifeengines YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasModified_DOS_Message YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Big_Numbers3 FlorianRoth/DragonFly_APT_Sep17_3
8b71156d35a9496a5e6c1febec1b8f8f5013be061cfb44e8e0dc5b5277276eb8	PE32	2022-02-23 09:37:52	User Submission	YRP/Safeguard_103_Simonzh YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasDebugData YRP/IsBeyondImageSize YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/SHA512_Constants
acd14cc32289d5c430efc09da748b63f1f6706db9d3abb89bb4493c47f45927f	PE32	2022-02-23 08:34:10	User Submission	YRP/Safeguard_103_Simonzh YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsConsole YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/anti_dbg YRP/network_http YRP/screenshot YRP/spreading_file YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Advapi_Hash_API YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
e3a3d0a090ea13afda381669223edebc4f0d367ec061d2de9e7b39e49752bbc0	PE32	2022-02-23 08:17:33	User Submission	YRP/Safeguard_103_Simonzh YRP/ZProtect_v144_lifeengines YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsPacked YRP/HasOverlay YRP/HasModified_DOS_Message YRP/maldoc_getEIP_method_1 YRP/domain FlorianRoth/Sality_Malware_Oct16
b29ff8190db3dda066e7fb7a011170173c3012730fdbea6c512dfb978524a5b2	PE32	2022-02-23 07:48:14	User Submission	YRP/Safeguard_103_Simonzh YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature [+] YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/win_registry YRP/Big_Numbers1 YRP/Str_Win32_Http_API
3027132f8ff64bbd22fd10a43722ea9920fc967d0635ff1a41612185b6e869b3	PE32	2022-02-23 05:52:13	User Submission	YRP/Safeguard_103_Simonzh YRP/ZProtect_v144_lifeengines YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasModified_DOS_Message YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Big_Numbers1 YRP/Big_Numbers3 FlorianRoth/DragonFly_APT_Sep17_3
a7d92738407d3ced50c867caf58f32946735e16400a05420b157dfe3fcd9adcb	PE32	2022-02-23 04:28:31	User Submission	YRP/Safeguard_103_Simonzh YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/antisb_threatExpert YRP/network_tcp_listen YRP/network_http YRP/network_tcp_socket YRP/spreading_share YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
a8d7643d773fa5b51e65206cb8e360c16eead474a52e27037f565277dd9edaad	PE32	2022-02-23 03:39:58	User Submission	YRP/Safeguard_103_Simonzh YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Browsers YRP/DebuggerCheck__QueryInfo YRP/DebuggerHiding__Thread YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/disable_dep YRP/inject_thread YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation
8b7d5d8d1750c7b358d352c1f438a1084525cc6922bb0b7a2fce5a8861d09c35	PE32	2022-02-23 02:49:47	User Submission	CuckooSandbox/vmdetect YRP/Safeguard_103_Simonzh YRP/Safengine_Shielden_v2160 YRP/FSG_v110_Eng_dulekxt_Microsoft_Visual_C_Basic_NET [+] YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/contentis_base64 YRP/VirtualPC_Detection YRP/DebuggerCheck__RemoteAPI YRP/DebuggerHiding__Thread YRP/DebuggerException__SetConsoleCtrl YRP/ThreadControl__Context YRP/vmdetect YRP/anti_dbg YRP/network_dga YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/win_hook YRP/android_meterpreter YRP/RijnDael_AES YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
287d197350f9f5349155ec4fae3890e362df4dd4b3ec389278e23d453589f253	PE32	2022-02-23 02:35:34	User Submission	YRP/Safeguard_103_Simonzh YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/DebuggerCheck__QueryInfo YRP/DebuggerHiding__Thread YRP/DebuggerException__SetConsoleCtrl YRP/Check_OutputDebugStringA_iat YRP/DebuggerCheck__MemoryWorkingSet YRP/anti_dbg YRP/antisb_threatExpert YRP/disable_dep YRP/inject_thread YRP/network_tcp_listen YRP/network_tcp_socket YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/Str_Win32_Winsock2_Library
d70ef0a55f97694f89628a5c895914d2458ffbf824ba0e14d6b8d6885b7622c7	PE32	2022-02-22 23:53:53	User Submission	YRP/Safeguard_103_Simonzh YRP/ZProtect_v144_lifeengines YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasModified_DOS_Message YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/Big_Numbers1 YRP/Big_Numbers3 FlorianRoth/DragonFly_APT_Sep17_3
715349097cc63b220f7d70e117058576fc144f207db2e3de0e2df5453645491a	PE32	2022-02-22 23:52:55	User Submission	YRP/Safeguard_103_Simonzh YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/maldoc_OLE_file_magic_number YRP/WMI_strings YRP/DebuggerCheck__QueryInfo YRP/DebuggerHiding__Thread YRP/anti_dbg YRP/disable_dep YRP/inject_thread YRP/screenshot YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation
3dd1ce1b883705eeb3f1d58e9695ccbc584e3ed11c9d92ab94e7e249ca72c197	PE32	2022-02-22 23:23:30	User Submission	YRP/Safeguard_103_Simonzh YRP/ZProtect_v144_lifeengines YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasModified_DOS_Message YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Big_Numbers1 YRP/Big_Numbers3
a883e6410a0b3066e1c3a6314a573a1812ce81435e3231a8ea7c01e7e698e02a	PE32	2022-02-22 21:56:52	User Submission	YRP/Safeguard_103_Simonzh YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/screenshot YRP/Big_Numbers1 YRP/Big_Numbers3 FlorianRoth/DragonFly_APT_Sep17_3
ee4bc9f99a160089d4e8c00d610bbfabc4983c6955b614d614c560ebf3bf7a11	PE32	2022-02-22 21:29:39	User Submission	YRP/Safeguard_103_Simonzh YRP/ZProtect_v144_lifeengines YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasModified_DOS_Message YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Big_Numbers1 YRP/Big_Numbers3 FlorianRoth/DragonFly_APT_Sep17_3
1e3e196d530bf124c9290d2c7a9ed3c5b6efe841663f9087e225991a4518cf84	PE32	2022-02-22 19:51:21	User Submission	YRP/Safeguard_103_Simonzh YRP/ZProtect_v144_lifeengines YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasModified_DOS_Message YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Big_Numbers1 YRP/Big_Numbers3
668833ec93e479a5f262a3a01596964dbd00edea269b4bc666d9a4195ab3aa99	PE32	2022-02-22 19:45:20	User Submission	YRP/Safeguard_103_Simonzh YRP/ZProtect_v144_lifeengines YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsPacked YRP/HasOverlay YRP/HasModified_DOS_Message YRP/maldoc_getEIP_method_1 YRP/domain FlorianRoth/Sality_Malware_Oct16
b4daca4dfc79f1b55ac646a376c5597cc1a35a17c5244b039cb65b64d2a61c77	PE32	2022-02-22 18:59:12	User Submission	YRP/Safeguard_103_Simonzh YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/contentis_base64 YRP/Antivirus YRP/Dropper_Strings YRP/DebuggerException__SetConsoleCtrl YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Str_Win32_Winsock2_Library YRP/UPX YRP/suspicious_packer_section
492826e1aacd984a00dd67a438386e4de883cc923cb1f25e265525a4cf70ed7b	PE32	2022-02-22 17:34:44	User Submission	YRP/Safeguard_103_Simonzh YRP/Microsoft_CAB_SFX YRP/VC8_Microsoft_Corporation YRP/Microsoft_CAB_SFX_additional [+] YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Dropper_Strings YRP/escalate_priv YRP/screenshot YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation
db2a7efb0b8686d14e09478a005aea4e8148be63103ab623aec0452072bb81a4	PE32	2022-02-22 14:58:12	User Submission	YRP/Safeguard_103_Simonzh YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/FASM YRP/domain YRP/IP YRP/contentis_base64 YRP/Big_Numbers3 FlorianRoth/DragonFly_APT_Sep17_3
e27ef573be637f589eab90b4e1d9f4881a470c5b8ebd99ded06755e6f530599c	PE32	2022-02-22 14:28:37	User Submission	YRP/Safeguard_103_Simonzh YRP/ZProtect_v144_lifeengines YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasModified_DOS_Message YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Big_Numbers1 YRP/Big_Numbers3 FlorianRoth/DragonFly_APT_Sep17_3
1e5dc47c4fbee0de854df88c80b15a4e0d3ac84e7cf479e18f9cf195c411a7c7	PE32	2022-02-22 14:17:38	User Submission	YRP/Safeguard_103_Simonzh YRP/ZProtect_v144_lifeengines YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasModified_DOS_Message YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Big_Numbers1 YRP/Big_Numbers3 FlorianRoth/DragonFly_APT_Sep17_3
e213616ca28761b973048c476e71da2a7ede114915e5c4e400e39b173a425667	PE32	2022-02-22 13:16:19	User Submission	YRP/Safeguard_103_Simonzh YRP/ZProtect_v144_lifeengines YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasModified_DOS_Message YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Big_Numbers1 YRP/Big_Numbers3 FlorianRoth/DragonFly_APT_Sep17_3

Recent Searches
yrp/safeguard_103_simonzh
yrp/exact_audio_copy_unknowncompiler
yrp/surtrcode
yrp/microsoft_visual_cpp_30_old_crap
yrp/asprotectv123rc1
yrp/asprotectv123rc1
yrp/pebundle_v20b5_v23_additional
yrp/asprotectv12xnewstrain
yrp/asprotectv12xnewstrain
yrp/nspack_v2x_liuxingping

Search

Recent Searches