MalShare

MD5 Hash	File type	Added	Source	Yara Hits
db349b97c37d22f5ea1d1841e3c89eb4	PE32	2017-10-16 10:03:46	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasRichSignature YRP/maldoc_indirect_function_call_3 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/win_registry YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/MS17_010_WanaCry_worm YRP/WannaDecryptor YRP/NHS_Strain_Wanna YRP/Wanna_Cry_Ransomware_Generic YRP/WannaCry_Ransomware YRP/WannaCry_Ransomware_Gen YRP/WannaCry_Ransomware_Dropper YRP/WannaCry_SMB_Exploit YRP/suspicious_packer_section FlorianRoth/WannaCry_Ransomware FlorianRoth/WannaCry_Ransomware_Gen
84c82835a5d21bbcf75a61706d8ab549	PE32	2017-12-21 18:43:19	http://94.130.104.170/ed01ebfbc9eb5bbea545af4...	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/win_registry YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/Str_Win32_Winsock2_Library YRP/WannaDecryptor YRP/Wanna_Sample_84c82835a5d21bbcf75a61706d8ab549 YRP/ransom_telefonica YRP/Wanna_Cry_Ransomware_Generic YRP/WannaCry_Ransomware YRP/WannaCry_Ransomware_Dropper YRP/suspicious_packer_section FlorianRoth/WannaCry_Ransomware
aedbf8422abf22c37859637ed94a352a	ASCII	2018-06-08 17:10:16	User Submission	YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+] YRP/Misc_Suspicious_Strings YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/MS17_010_WanaCry_worm YRP/WannaDecryptor YRP/Wanna_Cry_Ransomware_Generic
509c41ec97bb81b0567b059aa2f50fe8	PE32	2018-06-21 17:40:59	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/win_registry YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/Str_Win32_Winsock2_Library YRP/WannaDecryptor YRP/Wanna_Sample_84c82835a5d21bbcf75a61706d8ab549 YRP/ransom_telefonica YRP/Wanna_Cry_Ransomware_Generic YRP/WannaCry_Ransomware YRP/WannaCry_Ransomware_Dropper YRP/suspicious_packer_section FlorianRoth/WannaCry_Ransomware
f42d29367786af1b8919a9d0cbedfd3f	PE32	2018-10-23 18:05:17	http://99.248.235.4/Library//Ransomeware/Wann...	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/win_registry YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/Str_Win32_Winsock2_Library YRP/WannaDecryptor YRP/ransom_telefonica YRP/Wanna_Cry_Ransomware_Generic YRP/WannaCry_Ransomware YRP/WannaCry_Ransomware_Dropper YRP/suspicious_packer_section FlorianRoth/WannaCry_Ransomware
a9203b13bd91650b3ab7057e9ea3222c	MS-DOS	2018-11-13 15:12:26	User Submission	CuckooSandbox/vmdetect YRP/possible_includes_base64_packed_functions YRP/powershell YRP/maldoc_find_kernel32_base_method_1 [+] YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/vmdetect YRP/antisb_cwsandbox YRP/android_meterpreter YRP/Big_Numbers1 YRP/CRC32_poly_Constant YRP/spyeye YRP/Codoso_CustomTCP_4 YRP/WannaDecryptor YRP/Wanna_Cry_Ransomware_Generic YRP/PlugXStrings FlorianRoth/Certutil_Decode_OR_Download FlorianRoth/Codoso_CustomTCP_4
7f7ccaa16fb15eb1c7399d422f8363e8	PE32	2018-11-14 21:02:21	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/win_registry YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/Str_Win32_Winsock2_Library YRP/WannaDecryptor YRP/ransom_telefonica YRP/Wanna_Cry_Ransomware_Generic YRP/WannaCry_Ransomware YRP/WannaCry_Ransomware_Dropper YRP/suspicious_packer_section FlorianRoth/WannaCry_Ransomware
d6114ba5f10ad67a4131ab72531f02da	PE32	2018-11-14 21:02:31	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/win_registry YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/Str_Win32_Winsock2_Library YRP/WannaDecryptor YRP/ransom_telefonica YRP/Wanna_Cry_Ransomware_Generic YRP/WannaCry_Ransomware YRP/WannaCry_Ransomware_Dropper FlorianRoth/WannaCry_Ransomware
86721e64ffbd69aa6944b9672bcabb6d	PE32	2018-11-14 21:38:15	http://52.53.215.54/Wannacry/Sample/5.doc	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/win_registry YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/Str_Win32_Winsock2_Library YRP/WannaDecryptor YRP/Wanna_Sample_84c82835a5d21bbcf75a61706d8ab549 YRP/ransom_telefonica YRP/Wanna_Cry_Ransomware_Generic YRP/WannaCry_Ransomware YRP/WannaCry_Ransomware_Dropper YRP/suspicious_packer_section FlorianRoth/WannaCry_Ransomware
80366a7f3cd64657211577253eddd022	PE32	2019-07-28 16:14:39	User Submission	CuckooSandbox/embedded_macho YRP/generic_javascript_obfuscation YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasRichSignature YRP/possible_exploit YRP/powershell YRP/maldoc_indirect_function_call_3 YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/maldoc_OLE_file_magic_number YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/disable_dep YRP/hijack_network YRP/network_tcp_socket YRP/keylogger YRP/spreading_file YRP/win_registry YRP/win_files_operation YRP/win_hook YRP/android_meterpreter YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/MS17_010_WanaCry_worm YRP/WannaDecryptor YRP/NHS_Strain_Wanna YRP/Wanna_Cry_Ransomware_Generic YRP/WannaCry_Ransomware YRP/WannaCry_Ransomware_Gen YRP/WannaCry_Ransomware_Dropper YRP/WannaCry_SMB_Exploit YRP/suspicious_packer_section YRP/IMPLANT_10_v2 FlorianRoth/IMPLANT_10_v2 FlorianRoth/WannaCry_Ransomware FlorianRoth/WannaCry_Ransomware_Gen
e35518d623314e8302f5afe522bc2ea3	data	2019-09-03 22:19:04	User Submission	YRP/powershell YRP/domain YRP/IP YRP/url [+] YRP/contentis_base64 YRP/Antivirus YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/disable_firewall YRP/disable_dep YRP/network_tcp_listen YRP/network_ssl YRP/spreading_file YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/WannaDecryptor
ad552ceef1d708189de4e457830590b7	ASCII	2019-10-25 22:24:05	User Submission	YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+] YRP/Misc_Suspicious_Strings YRP/network_tcp_socket YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/Str_Win32_Winsock2_Library YRP/MS17_010_WanaCry_worm YRP/WannaDecryptor YRP/Wanna_Cry_Ransomware_Generic
d0df14eec106fcca6bac238557026c5d	XML	2020-03-06 20:24:10	User Submission	CuckooSandbox/embedded_win_api CuckooSandbox/vmdetect YRP/possible_includes_base64_packed_functions YRP/with_images [+] YRP/without_attachments YRP/with_urls YRP/powershell YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Antivirus YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/vmdetect YRP/anti_dbg YRP/disable_dep YRP/inject_thread YRP/network_tcp_listen YRP/network_http YRP/network_tcp_socket YRP/spreading_file YRP/win_registry YRP/win_token YRP/win_files_operation YRP/android_meterpreter YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/Advapi_Hash_API YRP/GEN_PowerShell YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/WannaDecryptor YRP/Greenbug_Malware_3 YRP/Greenbug_Malware_5 FlorianRoth/Greenbug_Malware_3 FlorianRoth/Greenbug_Malware_5 FlorianRoth/Suspicious_PowerShell_WebDownload_1 FlorianRoth/Hacktool_Strings_p0wnedShell
44e3209343a84898920a365e5e5d9a54	PE32	2020-06-27 18:01:32	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/win_registry YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/Str_Win32_Winsock2_Library YRP/WannaDecryptor YRP/ransom_telefonica YRP/Wanna_Cry_Ransomware_Generic YRP/WannaCry_Ransomware YRP/WannaCry_Ransomware_Dropper FlorianRoth/WannaCry_Ransomware
b9f632cde2ff3adbb657bd39b65692eb	PE32	2020-06-29 16:42:02	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/win_registry YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/Str_Win32_Winsock2_Library YRP/WannaDecryptor YRP/ransom_telefonica YRP/Wanna_Cry_Ransomware_Generic YRP/WannaCry_Ransomware YRP/WannaCry_Ransomware_Dropper YRP/suspicious_packer_section FlorianRoth/WannaCry_Ransomware
289fb0815a35d88e4e716881561d8d83	PE32	2020-07-07 17:54:27	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/win_registry YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/Str_Win32_Winsock2_Library YRP/WannaDecryptor YRP/ransom_telefonica YRP/Wanna_Cry_Ransomware_Generic YRP/WannaCry_Ransomware YRP/WannaCry_Ransomware_Dropper YRP/suspicious_packer_section FlorianRoth/WannaCry_Ransomware
27cb59db5793febd7d20748fd2f589b2	PE32	2020-07-07 19:30:00	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasRichSignature YRP/maldoc_indirect_function_call_3 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/win_registry YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/MS17_010_WanaCry_worm YRP/WannaDecryptor YRP/NHS_Strain_Wanna YRP/Wanna_Cry_Ransomware_Generic YRP/WannaCry_Ransomware YRP/WannaCry_Ransomware_Gen YRP/WannaCry_Ransomware_Dropper YRP/WannaCry_SMB_Exploit YRP/suspicious_packer_section FlorianRoth/WannaCry_Ransomware FlorianRoth/WannaCry_Ransomware_Gen
233c0a099555c6793f1ed0730b8471a6	Zip	2020-07-08 21:28:33	User Submission	YRP/domain YRP/contentis_base64 YRP/Big_Numbers3 YRP/WannaDecryptor [+] YRP/suspicious_packer_section

Recent Searches
yrp/wannadecryptor
yrp/wwpack32_v100_v111_v112_v120_additional
yrp/surtr
yrp/openssl_bn_mod_exp_recp
florianroth/equationgroup_elgingamble
yrp/the_best_cryptor_fsk_signbyfly
yrp/nakedpacker_10_by_bigboote
yrp/eqgrp_tunnel_state_reader
yrp/ascryptv01storm4
yrp/ms17_010_wanacry_worm

Search

Recent Searches