MalShare

SHA256 Hash	File type	Added	Source	Yara Hits
2619862c382d3e375f13f3859c6ab44db1a4bce905b4a617df2390fbf36902e7	PE32+	2022-03-20 21:40:34	User Submission	CuckooSandbox/embedded_macho YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsConsole [+] YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/System_Tools YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/Big_Numbers3 YRP/Prime_Constants_long YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/DES_sbox YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG
03dbd7e7306a8bf50b6423d1df0bf259177f32380e48a147ec0e842487c0bfb6	PE32	2022-03-20 21:00:15	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/ThreadControl__Context YRP/inject_thread YRP/network_http YRP/win_token YRP/win_files_operation YRP/Advapi_Hash_API YRP/BASE64_table YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API FlorianRoth/DragonFly_APT_Sep17_3
fa7ad019008c5bd1b69b90de051e62e91d5e81350ba6200be27d5851a8fa391e	PE32	2022-03-20 16:32:27	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasDebugData YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Dropper_Strings YRP/anti_dbg YRP/disable_dep YRP/network_http YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
f4cbb077c89f62bb6542489c882b324e8e2880dc3970e2540e61d1d25fff157a	PE32	2022-03-20 16:20:32	User Submission	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional YRP/Borland_Delphi_v60_v70 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/BobSoftMiniDelphiBoBBobSoft YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/borland_delphi YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_files_operation YRP/win_hook YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt
ecb89e9f66cd7f37efefec4cb211770200ccb17c810ad741cb3ec141e41c361c	PE32	2022-03-20 16:03:49	User Submission	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/BobSoftMiniDelphiBoBBobSoft YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/borland_delphi YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/disable_antivirus YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/CRC32_poly_Constant YRP/Delphi_CompareCall YRP/Delphi_Copy
e77e27630277a31276539c379671f54095d6b735f0568a3c457ac6a189c4c5b4	PE32+	2022-03-20 15:52:30	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsConsole YRP/IsPacked [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/System_Tools YRP/anti_dbg YRP/win_files_operation YRP/Str_Win32_Winsock2_Library
e65f3e7d58650711f81d06e50e53ced4b636f08df0eed8019d7927e17fec9580	PE32	2022-03-20 15:50:23	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/IsPacked YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Big_Numbers1
dc68a0a13aa0a1bf5394dd04e59ef2916f0b31a964730a17b0ff4afeac5888dc	PE32	2022-03-20 15:28:25	User Submission	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/BobSoftMiniDelphiBoBBobSoft YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/borland_delphi YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/disable_antivirus YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/CRC32_poly_Constant YRP/Delphi_CompareCall YRP/Delphi_Copy
cd2fb19598084681b5fe849bf1cdbabb07325de447d8150463d189440e10932d	PE32	2022-03-20 14:56:51	User Submission	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/BobSoftMiniDelphiBoBBobSoft YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/borland_delphi YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/disable_antivirus YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/android_meterpreter YRP/CRC32_poly_Constant YRP/Delphi_CompareCall YRP/Delphi_Copy
c3d58c0ed008779593ce11b57e7a37f6fcb854086a13c69a53b39218fa112593	PE32	2022-03-20 14:37:50	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/System_Tools YRP/escalate_priv YRP/screenshot YRP/win_token YRP/win_files_operation
bf8018364a68ff709955d1fc301c49e609344d1085048ce1158322bf99a4198a	PE32	2022-03-20 14:28:49	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/System_Tools YRP/escalate_priv YRP/screenshot YRP/win_token YRP/win_files_operation
aed997d0d5ca8a42f96640935e0ddb11b908bd21dd854ac7b24e2c3da7e2b685	PE32	2022-03-20 13:50:57	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/System_Tools YRP/escalate_priv YRP/screenshot YRP/win_token YRP/win_files_operation
a8efe50429254f7aabe0e0165eab3244b2eca0bead2bfde3e00368bce57e5a9a	PE32	2022-03-20 13:37:34	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/System_Tools YRP/escalate_priv YRP/screenshot YRP/win_token YRP/win_files_operation
a68d17bd5d8d8424bc83b5686307407df569acdd125aaa5f20952cfe40876c20	PE32	2022-03-20 13:31:34	User Submission	YRP/Visual_Cpp_2005_Release_Microsoft YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Dropper_Strings YRP/DebuggerCheck__QueryInfo YRP/anti_dbg YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/BLOWFISH_Constants YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/WHIRLPOOL_Constants YRP/DES_Long YRP/RijnDael_AES YRP/BASE64_table YRP/QuarianCode YRP/Quarian YRP/GenerateTLSClientHelloPacket_Test
9f1ff348aba2f9aba9a89491e97871f25484a9600dcce41dabbea0be38c48cb5	PE32	2022-03-20 13:14:29	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/System_Tools YRP/escalate_priv YRP/screenshot YRP/win_token YRP/win_files_operation
8598147a91005830b94021bf5bf401e1b10d55ff940244394e8fb3bb8f494539	PE32	2022-03-20 12:20:31	User Submission	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/BobSoftMiniDelphiBoBBobSoft YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/borland_delphi YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/disable_antivirus YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/CRC32_poly_Constant YRP/Delphi_CompareCall YRP/Delphi_Copy
7e95814fbfbc69a0dd1978474863def8b8d968be89c1388448320b6739f65c9e	PE32	2022-03-20 12:06:17	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/System_Tools YRP/escalate_priv YRP/screenshot YRP/win_token YRP/win_files_operation
7a4972d52dc90802c975c5ecb8f451450772170efe6b7c447cb396d5b0027059	ASCII	2022-03-20 11:57:52	User Submission	YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools [+] YRP/Antivirus YRP/Sandboxie_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/anti_dbgtools YRP/android_meterpreter
79e21ff9142821b2e3d6e3dc8d812e86da231dbbd1217415b4add748a4c1ce3c	PE32	2022-03-20 11:56:54	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Dropper_Strings YRP/anti_dbg YRP/disable_antivirus YRP/escalate_priv YRP/spreading_file YRP/win_registry YRP/win_token YRP/win_files_operation
cbe3e1a699b949e13a530d4ccbb04fb7dec5e49115faef469b9d0450df40c3f1	XML	2022-03-20 11:42:25	User Submission	YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools
70ccb52e4c78d8b68d562fb7088d143577ad35a4b0bd01581a383c41580f1b2d	PE32	2022-03-20 11:35:57	User Submission	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/BobSoftMiniDelphiBoBBobSoft YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/borland_delphi YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/disable_antivirus YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/CRC32_poly_Constant YRP/Delphi_CompareCall YRP/Delphi_Copy
6afac1117b8398317f5eb5f8c66ce52c0fcf2e438a0d40743a584eedd17ac260	PE32	2022-03-20 11:23:17	User Submission	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional YRP/Borland_Delphi_v60_v70 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/BobSoftMiniDelphiBoBBobSoft YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/borland_delphi YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_files_operation YRP/win_hook YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt
12138a12e35563461860d8c39d80e7cbf80aced9a3f197bf7e6a452a70e07048	PE32	2022-03-20 07:01:33	User Submission	YRP/IsPE32 YRP/IsConsole YRP/maldoc_getEIP_method_1 YRP/domain [+] YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/SEH__vectored YRP/antisb_threatExpert YRP/network_udp_sock YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers3 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/BASE64_table YRP/Str_Win32_Winsock2_Library
5ef79469533653cf78a5dbff0a9d408d13541b2245874598f0177cc139e5e841	PE32+	2022-03-20 07:00:45	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Dropper_Strings YRP/escalate_priv YRP/screenshot YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation
db7a30e9b00ca0f55460c2b617afef03bfa42f53d60d32fe29014f9daf1574e7	PE32	2022-03-20 03:22:54	User Submission	YRP/Safeguard_103_Simonzh YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/DebuggerException__SetConsoleCtrl YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/win_registry YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants
ca33fe8b4199da190bef8a576c3e114cb87b1b66c611f850310032dd36be4fb0	PE32+	2022-03-20 03:18:39	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDebugData YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/DebuggerCheck__QueryInfo YRP/DebuggerHiding__Thread YRP/DebuggerException__SetConsoleCtrl YRP/Check_OutputDebugStringA_iat YRP/DebuggerCheck__MemoryWorkingSet YRP/anti_dbg YRP/antisb_threatExpert YRP/disable_dep YRP/inject_thread YRP/network_tcp_listen YRP/network_tcp_socket YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API
44bbf648ecae541ed82fc45b923bac8c06a5a029f110def3fb16bc200e095c69	PE32+	2022-03-20 03:11:27	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDebugData YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/DebuggerCheck__QueryInfo YRP/DebuggerHiding__Thread YRP/DebuggerException__SetConsoleCtrl YRP/Check_OutputDebugStringA_iat YRP/DebuggerCheck__MemoryWorkingSet YRP/anti_dbg YRP/antisb_threatExpert YRP/disable_dep YRP/inject_thread YRP/network_tcp_listen YRP/network_tcp_socket YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/Str_Win32_Winsock2_Library
20fdbda8970787765bc27e06a9b76aa421e6d7e74e65799d82a153349e3be59a	PE32	2022-03-20 03:04:45	User Submission	YRP/Safeguard_103_Simonzh YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/anti_dbg YRP/antisb_threatExpert YRP/network_http YRP/network_dga YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers3 YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
42338f4dc1df7f2bdc4cb467b5ef8c4c629e98fd164b5c22920ebe9d73567fb3	PE32	2022-03-20 01:13:45	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/System_Tools YRP/escalate_priv YRP/screenshot YRP/win_token YRP/win_files_operation
2d2d3d7c27bfec647b6a9db28df14308827a652a184886c166a1d128a5f890d8	PE32	2022-03-20 00:26:18	User Submission	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/BobSoftMiniDelphiBoBBobSoft YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/borland_delphi YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/disable_antivirus YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/android_meterpreter YRP/CRC32_poly_Constant YRP/Delphi_CompareCall YRP/Delphi_Copy
1940c82d728454e9a43d2efc7dd0033fcbf58880b32d227830e54a43b885ca3c	PE32	2022-03-19 23:40:38	User Submission	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional YRP/Borland_Delphi_v60_v70 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/BobSoftMiniDelphiBoBBobSoft YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/borland_delphi YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_files_operation YRP/win_hook YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt
04f2e6a9a445d97b0d41c6e1f67aa634f4bc6aa071cf07437b732fbb55bed676	PE32	2022-03-19 22:57:02	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/System_Tools YRP/escalate_priv YRP/screenshot YRP/win_token YRP/win_files_operation
eb11729804c030f17ae3daf219cb9526fd22d02e6d4b59b88cdd8cb748b5635b	PE32	2022-03-19 18:02:46	User Submission	CuckooSandbox/embedded_macho YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/network_http YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/with_sqlite
9b2665faf9d472278bcf0808691c2fa4246d9efcecda527d222f48b1c32de829	PE32	2022-03-19 03:27:58	User Submission	YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasModified_DOS_Message YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Misc_Suspicious_Strings YRP/Big_Numbers2 YRP/suspicious_packer_section
f8e88a263da241df954a21afdffcb2de24f714ec54e73e8a6055330f757481d1	PE32+	2022-03-19 03:27:35	User Submission	YRP/IsPE64 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Antivirus YRP/Dropper_Strings YRP/anti_dbg YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers3 YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/suspicious_packer_section
ff8162c9ffca5f38e50e653e7f17e1cb822ba30bddc4255fd631b8109c9a548e	PE32+	2022-03-19 03:24:33	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDebugData YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/DebuggerException__SetConsoleCtrl YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/win_registry YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants
08b4215f1682fe599d8246a5b2dd0b2cdb4545892c47dd6481ade3d2563815bb	PE32	2022-03-19 03:24:15	User Submission	YRP/Safeguard_103_Simonzh YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/DebuggerException__SetConsoleCtrl YRP/Check_OutputDebugStringA_iat YRP/DebuggerCheck__MemoryWorkingSet YRP/anti_dbg YRP/antisb_threatExpert YRP/inject_thread YRP/network_tcp_listen YRP/network_tcp_socket YRP/escalate_priv YRP/migrate_apc YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API YRP/suspicious_packer_section
e9a9c905ed82a1d8775d8c1c746032d7968dedf5e4bcf0e9601d419ec8bd89d7	PE32+	2022-03-19 03:11:41	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Dropper_Strings YRP/WMI_strings YRP/DebuggerCheck__GlobalFlags YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/SEH__vectored YRP/Check_Debugger YRP/DebuggerCheck__MemoryWorkingSet YRP/anti_dbg YRP/create_service YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/android_meterpreter YRP/Big_Numbers1 YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/Str_Win32_Http_API
4ed5ff8c71987dde9810b21e709acd2b80c99f4636dc9b05632271a535cc40b8	PE32	2022-03-19 03:10:18	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature [+] YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/anti_dbg YRP/escalate_priv YRP/screenshot YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Big_Numbers0 YRP/CRC32_poly_Constant
9b30071b10d83a0402df72f702bbdf621f699a9819ed617265741775d5f918a0	PE32+	2022-03-19 03:08:26	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDebugData YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/DebuggerCheck__QueryInfo YRP/DebuggerHiding__Thread YRP/DebuggerException__SetConsoleCtrl YRP/Check_OutputDebugStringA_iat YRP/DebuggerCheck__MemoryWorkingSet YRP/anti_dbg YRP/antisb_threatExpert YRP/disable_dep YRP/inject_thread YRP/network_tcp_listen YRP/network_tcp_socket YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API
f832c9561ca88b8e9ddb0720c70dc4284c89a103a956d15b95939db1375624d4	PE32	2022-03-19 03:06:24	User Submission	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/DebuggerException__SetConsoleCtrl YRP/anti_dbg YRP/disable_dep YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Str_Win32_Http_API
3e9f8a23ab29dc16006d57204e1bf006257de4378cf4e10943bea540cdf2b468	PE32	2022-03-19 03:04:33	User Submission	CuckooSandbox/embedded_macho YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/network_http YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/with_sqlite
700fb4ddefeb44933ad0dc572a2d3f920024b9f69d597bde075666e24ad93351	PE32	2022-03-19 03:02:07	User Submission	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/DebuggerException__SetConsoleCtrl YRP/anti_dbg YRP/disable_dep YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Str_Win32_Http_API
0af133094bdf4888e84ef60e10453a0e3fc412efce7a942ea450b15e3ecba66e	XML	2022-03-18 21:00:17	User Submission	YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools
30d482ff6c8f5cfa97699fc4de44b8e627ac9d3dbbab408b58cef023a95b4dca	XML	2022-03-18 18:00:50	User Submission	YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools
b87a9363db44da3f9677ad32fd2e644b1ea1d0149c3bf8b74af3cb39d77e7e78	PE32	2022-03-18 17:02:49	User Submission	CuckooSandbox/embedded_macho YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/network_http YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/with_sqlite
bce4d79d6c97f2c6bb1d929cf9cd9760b511794dab58eefe735ecfa03110c5a9	XML	2022-03-18 15:03:47	User Submission	YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools
8905c6a9311e45c528b1b9e56367a2fc55f2fd4af124e02d407acfa9ae23f93f	PE32+	2022-03-18 15:00:28	User Submission	YRP/IsPE64 YRP/IsDLL YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/System_Tools YRP/anti_dbg YRP/win_files_operation
df8bf68c7dc0b9951b644a2c9565e8f3b7c1672855d290890214a5c342916444	XML	2022-03-18 15:00:16	User Submission	YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools
37056d95d8a40efef2409cc81894bb294a063a51ab152401f4dab83817b11013	PE32	2022-03-18 13:01:47	User Submission	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/BobSoftMiniDelphiBoBBobSoft YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/borland_delphi YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/CRC32_poly_Constant YRP/CRC32_table YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API
b2475b93aef75693935ad78b577f712766e8314c7758fc1f6841538647c120f0	ASCII	2022-03-18 12:07:17	User Submission	YRP/possible_includes_base64_packed_functions YRP/domain YRP/contentis_base64 YRP/System_Tools [+] YRP/spreading_file YRP/BASE64_table
ec807892bdc307cdb578ed1b51b1b60b64692fa4634bb12648349a9d5b5efc95	XML	2022-03-18 12:00:34	User Submission	YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools
a1400765e9663e5d9371ec55bb1080e32213380239b695f101d9910d072268fa	Composite	2022-03-18 11:00:47	User Submission	YRP/office_document_vba YRP/Office_AutoOpen_Macro YRP/Contains_VBA_macro_code YRP/domain [+] YRP/url YRP/contentis_base64 YRP/maldoc_OLE_file_magic_number YRP/System_Tools YRP/Big_Numbers0 FlorianRoth/Office_AutoOpen_Macro
5ace36ce31db7a6c248891433b823d36420207e67e9bdc8f61caf2bad01fc34e	PE32	2022-03-18 10:05:26	User Submission	CuckooSandbox/embedded_macho YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/network_http YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/with_sqlite
61688f5ab07ed576497888ebf8d13c416fe69bbb9b7f070521639d802deb3b85	PE32+	2022-03-18 03:34:36	User Submission	YRP/IsPE64 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDebugData YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/DebuggerException__SetConsoleCtrl YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/antisb_threatExpert YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants
23843cfffc81859e602292adb19de7f442b2f9cb9341ed52ea3c1524b4e41b78	PE32	2022-03-18 03:33:42	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Antivirus YRP/anti_dbg YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/network_dga YRP/screenshot YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/Advapi_Hash_API YRP/Crypt32_CryptBinaryToString_API YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
94612b5a2ab6862344a634d862ef539f52d36a49ad2efa382e50d6f1b654b90a	PE32	2022-03-18 03:33:22	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/HasDebugData YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Dropper_Strings YRP/Big_Numbers1
f6ae7232bae7df2bcef0146c867f4288e52c2ff8a365d0d665a20c5d35112676	PE32	2022-03-18 03:24:09	User Submission	YRP/Safeguard_103_Simonzh YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/DebuggerException__SetConsoleCtrl YRP/Check_OutputDebugStringA_iat YRP/DebuggerCheck__MemoryWorkingSet YRP/anti_dbg YRP/antisb_threatExpert YRP/inject_thread YRP/network_tcp_listen YRP/network_tcp_socket YRP/escalate_priv YRP/migrate_apc YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/android_meterpreter YRP/Big_Numbers1 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API YRP/suspicious_packer_section
c33a7c85b6f0df94a2cfce0be2df2ffc211515210d02d6892a808b768f9f32f9	PE32	2022-03-18 03:22:21	User Submission	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/DebuggerException__SetConsoleCtrl YRP/disable_dep YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/CRC32_poly_Constant YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/Delphi_FormShow YRP/Delphi_CompareCall
3e022380a4b739fa20d9a66ddf0e7f814b6b46ebe603b19f85bd6261408bd2ca	PE32	2022-03-18 03:21:03	User Submission	YRP/Safeguard_103_Simonzh YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/DebuggerException__SetConsoleCtrl YRP/Check_OutputDebugStringA_iat YRP/DebuggerCheck__MemoryWorkingSet YRP/anti_dbg YRP/antisb_threatExpert YRP/inject_thread YRP/network_tcp_listen YRP/network_tcp_socket YRP/escalate_priv YRP/migrate_apc YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API YRP/suspicious_packer_section
ca49097335b3d47f5686d7c609f866cdf7ee949eda7059df8a962cf0702d9c67	PE32+	2022-03-18 03:09:13	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDebugData YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/DebuggerCheck__QueryInfo YRP/DebuggerHiding__Thread YRP/DebuggerException__SetConsoleCtrl YRP/Check_OutputDebugStringA_iat YRP/DebuggerCheck__MemoryWorkingSet YRP/anti_dbg YRP/antisb_threatExpert YRP/disable_dep YRP/inject_thread YRP/network_tcp_listen YRP/network_tcp_socket YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/Str_Win32_Winsock2_Library
4a342bfe78384a69f32343586ac44337a4cfe56f9ad0da53554f1f710e204f26	PE32	2022-03-18 03:07:20	User Submission	YRP/Safeguard_103_Simonzh YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/DebuggerCheck__QueryInfo YRP/DebuggerHiding__Thread YRP/DebuggerException__SetConsoleCtrl YRP/Check_OutputDebugStringA_iat YRP/DebuggerCheck__MemoryWorkingSet YRP/anti_dbg YRP/antisb_threatExpert YRP/disable_dep YRP/inject_thread YRP/network_tcp_listen YRP/network_tcp_socket YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API
3283ed0936dec0dabc46ed01b8dae77efffd70e28d15ed62b73320966f197729	PE32	2022-03-18 03:04:42	User Submission	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/DebuggerException__SetConsoleCtrl YRP/anti_dbg YRP/disable_dep YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Str_Win32_Http_API
d08dd2a47f0201bcc488dc7c5bef4ee61bbbc02b26941567ae33b5016fd643d7	PE32+	2022-03-18 03:03:57	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDebugData YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/DebuggerException__SetConsoleCtrl YRP/Check_OutputDebugStringA_iat YRP/DebuggerCheck__MemoryWorkingSet YRP/anti_dbg YRP/antisb_threatExpert YRP/inject_thread YRP/network_tcp_listen YRP/network_tcp_socket YRP/escalate_priv YRP/migrate_apc YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API YRP/suspicious_packer_section
be2fb16602aa80439a01791791ecc35a0a08811893d358ba97a50bc2bf87a3fd	PE32	2022-03-18 03:03:21	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/anti_dbg YRP/screenshot YRP/win_registry YRP/win_files_operation YRP/CRC32_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants
543df65661d5868715d33476df677bfdc8b15d3cd7e013d442cd88fc8e7e18e9	PE32	2022-03-18 03:02:36	User Submission	YRP/Safeguard_103_Simonzh YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/DebuggerCheck__QueryInfo YRP/DebuggerHiding__Thread YRP/DebuggerException__SetConsoleCtrl YRP/Check_OutputDebugStringA_iat YRP/DebuggerCheck__MemoryWorkingSet YRP/anti_dbg YRP/antisb_threatExpert YRP/disable_dep YRP/inject_thread YRP/network_tcp_listen YRP/network_tcp_socket YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API
019f56fc6c2d5185101273fd4d4d046c7a81f6656da4048a7188cb339c73d393	PE32	2022-03-18 03:02:02	User Submission	YRP/Safeguard_103_Simonzh YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/DebuggerCheck__QueryInfo YRP/DebuggerHiding__Thread YRP/DebuggerException__SetConsoleCtrl YRP/Check_OutputDebugStringA_iat YRP/DebuggerCheck__MemoryWorkingSet YRP/anti_dbg YRP/antisb_threatExpert YRP/disable_dep YRP/inject_thread YRP/network_tcp_listen YRP/network_tcp_socket YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API
8abc0bfb7512996e6525448701d4a186e852565c91d562b95a7cd3d69c89c52b	PE32+	2022-03-18 03:01:36	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDebugData YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/DebuggerCheck__QueryInfo YRP/DebuggerHiding__Thread YRP/DebuggerException__SetConsoleCtrl YRP/Check_OutputDebugStringA_iat YRP/DebuggerCheck__MemoryWorkingSet YRP/anti_dbg YRP/antisb_threatExpert YRP/disable_dep YRP/inject_thread YRP/network_tcp_listen YRP/network_tcp_socket YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API
1d71aa424590d941211f477d6cb9ec8d6d655d3ef3212931dc644dedbbf1e180	HTML	2022-03-18 00:05:31	https://www.cisa.gov/uscert/ncas/alerts/aa22-...	YRP/powershell YRP/domain YRP/IP YRP/url [+] YRP/contentis_base64 YRP/System_Tools YRP/Misc_Suspicious_Strings YRP/hijack_network YRP/Big_Numbers3
c50bca08a8e80850ec18d258ff937b7b72a500d9027c730c86b05aa73c938b5d	PE32	2022-03-17 23:03:22	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/maldoc_getEIP_method_1 YRP/domain [+] YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/SEH__vectored YRP/antisb_threatExpert YRP/network_udp_sock YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/spreading_file YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers3 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/BASE64_table YRP/Str_Win32_Winsock2_Library
3a96c3075b8494fe6a76c6325946ab3f200e75ce26ad886446ea1394b5ac6ba1	PE32	2022-03-17 23:03:12	User Submission	YRP/IsPE32 YRP/IsConsole YRP/maldoc_getEIP_method_1 YRP/domain [+] YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/SEH__vectored YRP/antisb_threatExpert YRP/network_udp_sock YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers3 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/BASE64_table YRP/Str_Win32_Winsock2_Library
fcf120f1d8bea1a6bb77cdf0d18c2b36b9dd1f721a43657e515ca9e125653d81	PE32+	2022-03-17 22:05:46	User Submission	YRP/IsPE64 YRP/IsDLL YRP/IsWindowsGUI YRP/HasRichSignature [+] YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/ThreadControl__Context YRP/fin7_functions FlorianRoth/DragonFly_APT_Sep17_3
000b0cf537e46c5a93de8ec4672450772d247ea5417692a35ef314679f1d4f4d	PE32	2022-03-17 20:01:17	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/System_Tools
03e35b1085e2cc694a00fb4d348fcd388376e188ba5632a590ee47a85868c33d	HTML	2022-03-17 12:05:01	https://www.cisa.gov/uscert/ncas/alerts/aa22-...	YRP/powershell YRP/domain YRP/IP YRP/url [+] YRP/contentis_base64 YRP/System_Tools YRP/Misc_Suspicious_Strings YRP/hijack_network YRP/Big_Numbers3
2feec256a92e51a00f8ed6546bac741beb33beec29225bf74eba71cb6e8562a0	PE32	2022-03-17 12:01:02	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/anti_dbg YRP/anti_dbgtools YRP/keylogger YRP/win_mutex YRP/win_files_operation YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API
23b612363d5348ed8b723459e9c3610144ae2d859c0bbcda171fc949d6fb5a89	PE32+	2022-03-17 03:13:20	User Submission	YRP/possible_includes_base64_packed_functions YRP/IsPE64 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasRichSignature YRP/powershell YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Antivirus YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/anti_dbg YRP/inject_thread YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/android_meterpreter YRP/Advapi_Hash_API YRP/BASE64_table YRP/suspicious_packer_section
c9f27f8b26ce81db709fb465fb73689b0c9c44787f886044eef9711d3bc34d77	PE32	2022-03-17 03:10:48	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/anti_dbg YRP/win_files_operation
1032b9e9ad15b0df10a6bf572f8224a64c86893b7e80863446a6fc607e88ae1c	PE32+	2022-03-17 03:09:37	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDebugData YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/DebuggerException__SetConsoleCtrl YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/win_registry YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants
02da26837a1d99bdbfb6eb4866b4b9e9f07feb82fbc7113b40aa83183882ee69	PE32+	2022-03-17 03:09:12	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDebugData YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/DebuggerException__SetConsoleCtrl YRP/Check_OutputDebugStringA_iat YRP/DebuggerCheck__MemoryWorkingSet YRP/anti_dbg YRP/antisb_threatExpert YRP/inject_thread YRP/network_tcp_listen YRP/network_tcp_socket YRP/escalate_priv YRP/migrate_apc YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API YRP/suspicious_packer_section
da16a0d5020d0e4a5a8a751b949b2adac00ac83d8ccbe0ef80f574703b98b281	PE32+	2022-03-17 03:08:55	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDebugData YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/DebuggerCheck__QueryInfo YRP/DebuggerHiding__Thread YRP/DebuggerException__SetConsoleCtrl YRP/Check_OutputDebugStringA_iat YRP/DebuggerCheck__MemoryWorkingSet YRP/anti_dbg YRP/antisb_threatExpert YRP/disable_dep YRP/inject_thread YRP/network_tcp_listen YRP/network_tcp_socket YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API
2f5b27460512a54a86f6ac1f29553e34b41867dd0af1546888759beaafed2d65	PE32	2022-03-17 03:07:02	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature [+] YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/BITS_CLSID YRP/anti_dbg YRP/network_http YRP/escalate_priv YRP/screenshot YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
3c7b3bb087160a8be92964dcd87f77c1c8b77f4f3cec9896e8bcf56411085fef	PE32+	2022-03-17 03:03:18	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Misc_Suspicious_Strings YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/antisb_threatExpert YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/network_dga YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers1 YRP/Big_Numbers2 YRP/Big_Numbers3 YRP/Advapi_Hash_API YRP/Crypt32_CryptBinaryToString_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/BLOWFISH_Constants YRP/RijnDael_AES YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/with_sqlite
675e77d54a3d0b879137745f038c41bd0874cdccffc7f7b09a4dd49e0b235ed7	PE32	2022-03-17 01:01:23	User Submission	YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/IsPacked [+] YRP/HasOverlay YRP/HasModified_DOS_Message YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Qemu_Detection YRP/Misc_Suspicious_Strings YRP/suspicious_packer_section
7a96c5a32badb9650faa842922ad545b7336a676f033e724c1bed574a7c9a960	PE32	2022-03-17 01:01:07	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/SEH__vectored YRP/vmdetect YRP/Check_FindWindowA_iat YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_threatExpert YRP/antivm_bios YRP/inject_thread YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32_table YRP/DES_sbox YRP/BASE64_table YRP/spyeye YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
8c23ec3b0a74caa501379c862a71aa1daf8e4cb2199f5d3fd0472159ad4c66bf	HTML	2022-03-17 00:07:44	https://tria.ge/220315-yla8qadfhj/behavioral1	CuckooSandbox/embedded_win_api YRP/domain YRP/IP YRP/url [+] YRP/contentis_base64 YRP/System_Tools YRP/VM_Generic_Detection YRP/Misc_Suspicious_Strings YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/Big_Numbers4
6dd995d896a9a593b2c48d09da60bd83866d8577273f36d38788d83ad8173e68	PE32	2022-03-16 22:04:38	User Submission	YRP/IsPE32 YRP/IsConsole YRP/maldoc_getEIP_method_1 YRP/domain [+] YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/SEH__vectored YRP/antisb_threatExpert YRP/network_udp_sock YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers3 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/BASE64_table YRP/Str_Win32_Winsock2_Library
5c49f98d3516edf56c996c2da5f095a0b97df772a558bb2e9d5a5d4355adab05	PE32	2022-03-16 22:03:11	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/SEH__vectored YRP/vmdetect YRP/Check_FindWindowA_iat YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_threatExpert YRP/antivm_bios YRP/inject_thread YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32_table YRP/DES_sbox YRP/BASE64_table YRP/spyeye YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
dfc1aa0acee671f96551980d2e846b287e1f19edde0847cc3e851ac5e9ce6ad5	PE32	2022-03-16 18:03:50	User Submission	YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasModified_DOS_Message YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Misc_Suspicious_Strings YRP/win_registry YRP/Big_Numbers2 YRP/suspicious_packer_section
ebfdee6e5fe2aa5699280248a5e7b714ca18e5bfd284cac0ba4fb88ccbcec5b6	PE32+	2022-03-16 15:18:43	User Submission	CuckooSandbox/embedded_macho YRP/IsPE64 YRP/IsConsole YRP/HasRichSignature [+] YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/Prime_Constants_long YRP/BLOWFISH_Constants YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/DES_sbox YRP/BASE64_table YRP/suspicious_packer_section
2c940a35025dd3847f7c954a282f65e9c2312d2ada28686f9d1dc73d1c500224	PE32+	2022-03-16 15:14:13	User Submission	CuckooSandbox/embedded_macho YRP/IsPE64 YRP/IsConsole YRP/HasRichSignature [+] YRP/domain YRP/contentis_base64 YRP/System_Tools YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/Big_Numbers3 YRP/Prime_Constants_long YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/DES_sbox YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG
0eea7cc76d07908dd3e05947ea68f26e42eb884a0d7ea5119375b95b7b8cfea3	HTML	2022-03-16 12:17:08	https://tria.ge/220315-yla8qadfhj/behavioral1	CuckooSandbox/embedded_win_api YRP/domain YRP/IP YRP/url [+] YRP/contentis_base64 YRP/System_Tools YRP/VM_Generic_Detection YRP/Misc_Suspicious_Strings YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/Big_Numbers4
5c3bb1317d0a9aca2cec95366263daa96fb17a946ee6945804665466c3a40a16	XML	2022-03-16 12:04:09	User Submission	YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools
46bf68ad7558aafd461be77ca612da9311c433ce1ab8112622432cfe6667a89a	XML	2022-03-16 11:09:19	User Submission	YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools
2c1d93279256d3c33427e90e869aa2e3323e5ce46e3bfd0177b4596a0d390c7b	XML	2022-03-16 10:02:08	User Submission	YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools
67eff1dc0836f810382eff5ae6c3b92751dc1b11fc42481a0c66644efb470156	PE32	2022-03-16 10:00:20	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/SEH__vectored YRP/vmdetect YRP/Check_FindWindowA_iat YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_threatExpert YRP/antivm_bios YRP/inject_thread YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32_table YRP/DES_sbox YRP/BASE64_table YRP/spyeye YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
b43e53fe45b1593d96167d9ed15c46893d887158501cb74d7c58d0d66af604a0	XML	2022-03-16 06:00:54	User Submission	YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools
ec686249c86557952f9f3e4f45799db875b5a65c6fb1f10e6e081db560f7a5bd	XML	2022-03-16 05:01:31	User Submission	YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools
10730323baa57f8025db1960e22bba0829614a97d5ae0b0bd3869f06a22fe32f	PE32	2022-03-16 03:42:20	User Submission	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/borland_delphi YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/DebuggerException__SetConsoleCtrl YRP/disable_dep YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/CRC32_poly_Constant YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/Delphi_FormShow YRP/Delphi_CompareCall
089f4881e15fcb22d080428ce0335ce61b6faf910d02bbb5286157c9489671d9	PE32	2022-03-16 03:16:55	User Submission	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/DebuggerException__SetConsoleCtrl YRP/anti_dbg YRP/disable_dep YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Str_Win32_Http_API
68bc4e25bd757bc706716ba18bbcc01ed57158eead6bb1fd5c58cdbf164dc789	PE32	2022-03-16 03:15:59	User Submission	YRP/VC8_Microsoft_Corporation YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/ThreadControl__Context YRP/anti_dbg YRP/network_http YRP/network_dropper YRP/network_dga YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers1 YRP/MD5_Constants YRP/SHA512_Constants YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API

Recent Searches
yrp/system_tools
yrp/miniasp
yrp/webshell_winx_shell
yrp/cryptolocker_rule2
yrp/hyings_pe_armor_076_hying_ccg_additional
yrp/fsg_v133_additional
yrp/apt1_tarsip_eclipse
yrp/visual_cpp_2005_dll_microsoft
yrp/fsg_v133_eng_dulekxt_additional
yrp/webshell_imhapftp_2

Search

Recent Searches