MalShare

SHA256 Hash	File type	Added	Source	Yara Hits
24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c	PE32	2017-10-16 10:03:46	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasRichSignature YRP/maldoc_indirect_function_call_3 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/win_registry YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/MS17_010_WanaCry_worm YRP/WannaDecryptor YRP/NHS_Strain_Wanna YRP/Wanna_Cry_Ransomware_Generic YRP/WannaCry_Ransomware YRP/WannaCry_Ransomware_Gen YRP/WannaCry_Ransomware_Dropper YRP/WannaCry_SMB_Exploit YRP/suspicious_packer_section FlorianRoth/WannaCry_Ransomware FlorianRoth/WannaCry_Ransomware_Gen
ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa	PE32	2017-12-21 18:43:19	http://94.130.104.170/ed01ebfbc9eb5bbea545af4...	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/win_registry YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/Str_Win32_Winsock2_Library YRP/WannaDecryptor YRP/Wanna_Sample_84c82835a5d21bbcf75a61706d8ab549 YRP/ransom_telefonica YRP/Wanna_Cry_Ransomware_Generic YRP/WannaCry_Ransomware YRP/WannaCry_Ransomware_Dropper YRP/suspicious_packer_section FlorianRoth/WannaCry_Ransomware
af98f947ff400fe76f0d2f919749fba5f278d7a6d19c0f34de6eeddd44e52f91	ASCII	2018-06-08 17:10:16	User Submission	YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+] YRP/Misc_Suspicious_Strings YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/MS17_010_WanaCry_worm YRP/WannaDecryptor YRP/Wanna_Cry_Ransomware_Generic
09a46b3e1be080745a6d8d88d6b5bd351b1c7586ae0dc94d0c238ee36421cafa	PE32	2018-06-21 17:40:59	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/win_registry YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/Str_Win32_Winsock2_Library YRP/WannaDecryptor YRP/Wanna_Sample_84c82835a5d21bbcf75a61706d8ab549 YRP/ransom_telefonica YRP/Wanna_Cry_Ransomware_Generic YRP/WannaCry_Ransomware YRP/WannaCry_Ransomware_Dropper YRP/suspicious_packer_section FlorianRoth/WannaCry_Ransomware
04f468bec220fa9dfd4897adf86f28f8ceb04a72806c473cd22e366f716389a3	PE32	2018-10-23 18:05:17	http://99.248.235.4/Library//Ransomeware/Wann...	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/win_registry YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/Str_Win32_Winsock2_Library YRP/WannaDecryptor YRP/ransom_telefonica YRP/Wanna_Cry_Ransomware_Generic YRP/WannaCry_Ransomware YRP/WannaCry_Ransomware_Dropper YRP/suspicious_packer_section FlorianRoth/WannaCry_Ransomware
0c1d06ce61addbb5b1a9c8a064363ca3d629ad81ee2f07a2a763473c4441cb5c	MS-DOS	2018-11-13 15:12:26	User Submission	CuckooSandbox/vmdetect YRP/possible_includes_base64_packed_functions YRP/powershell YRP/maldoc_find_kernel32_base_method_1 [+] YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/vmdetect YRP/antisb_cwsandbox YRP/android_meterpreter YRP/Big_Numbers1 YRP/CRC32_poly_Constant YRP/spyeye YRP/Codoso_CustomTCP_4 YRP/WannaDecryptor YRP/Wanna_Cry_Ransomware_Generic YRP/PlugXStrings FlorianRoth/Certutil_Decode_OR_Download FlorianRoth/Codoso_CustomTCP_4
2584e1521065e45ec3c17767c065429038fc6291c091097ea8b22c8a502c41dd	PE32	2018-11-14 21:02:21	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/win_registry YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/Str_Win32_Winsock2_Library YRP/WannaDecryptor YRP/ransom_telefonica YRP/Wanna_Cry_Ransomware_Generic YRP/WannaCry_Ransomware YRP/WannaCry_Ransomware_Dropper YRP/suspicious_packer_section FlorianRoth/WannaCry_Ransomware
7c465ea7bcccf4f94147add808f24629644be11c0ba4823f16e8c19e0090f0ff	PE32	2018-11-14 21:02:31	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/win_registry YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/Str_Win32_Winsock2_Library YRP/WannaDecryptor YRP/ransom_telefonica YRP/Wanna_Cry_Ransomware_Generic YRP/WannaCry_Ransomware YRP/WannaCry_Ransomware_Dropper FlorianRoth/WannaCry_Ransomware
c365ddaa345cfcaff3d629505572a484cff5221933d68e4a52130b8bb7badaf9	PE32	2018-11-14 21:38:15	http://52.53.215.54/Wannacry/Sample/5.doc	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/win_registry YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/Str_Win32_Winsock2_Library YRP/WannaDecryptor YRP/Wanna_Sample_84c82835a5d21bbcf75a61706d8ab549 YRP/ransom_telefonica YRP/Wanna_Cry_Ransomware_Generic YRP/WannaCry_Ransomware YRP/WannaCry_Ransomware_Dropper YRP/suspicious_packer_section FlorianRoth/WannaCry_Ransomware
ea837cc1504bd7bba727aede505e683220a10da04eb2ba304d0bf1b6bd3b8213	PE32	2019-07-28 16:14:39	User Submission	CuckooSandbox/embedded_macho YRP/generic_javascript_obfuscation YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasRichSignature YRP/possible_exploit YRP/powershell YRP/maldoc_indirect_function_call_3 YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/maldoc_OLE_file_magic_number YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/disable_dep YRP/hijack_network YRP/network_tcp_socket YRP/keylogger YRP/spreading_file YRP/win_registry YRP/win_files_operation YRP/win_hook YRP/android_meterpreter YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/MS17_010_WanaCry_worm YRP/WannaDecryptor YRP/NHS_Strain_Wanna YRP/Wanna_Cry_Ransomware_Generic YRP/WannaCry_Ransomware YRP/WannaCry_Ransomware_Gen YRP/WannaCry_Ransomware_Dropper YRP/WannaCry_SMB_Exploit YRP/suspicious_packer_section YRP/IMPLANT_10_v2 FlorianRoth/IMPLANT_10_v2 FlorianRoth/WannaCry_Ransomware FlorianRoth/WannaCry_Ransomware_Gen
87ab4f16676507c4e5e3c004479ae2060991241e02afc6cb1feb00cc3a8820e3	data	2019-09-03 22:19:04	User Submission	YRP/powershell YRP/domain YRP/IP YRP/url [+] YRP/contentis_base64 YRP/Antivirus YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/disable_firewall YRP/disable_dep YRP/network_tcp_listen YRP/network_ssl YRP/spreading_file YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/WannaDecryptor
99b5eb3c9d935af63894d1809553a29c2665bacf541ee5de281e53d6087ef264	ASCII	2019-10-25 22:24:05	User Submission	YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+] YRP/Misc_Suspicious_Strings YRP/network_tcp_socket YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/Str_Win32_Winsock2_Library YRP/MS17_010_WanaCry_worm YRP/WannaDecryptor YRP/Wanna_Cry_Ransomware_Generic
5c92cd6830eed81b9002ecaed3f84ecc57f816209820d4d8c870bc72e94afd21	XML	2020-03-06 20:24:10	User Submission	CuckooSandbox/embedded_win_api CuckooSandbox/vmdetect YRP/possible_includes_base64_packed_functions YRP/with_images [+] YRP/without_attachments YRP/with_urls YRP/powershell YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Antivirus YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/vmdetect YRP/anti_dbg YRP/disable_dep YRP/inject_thread YRP/network_tcp_listen YRP/network_http YRP/network_tcp_socket YRP/spreading_file YRP/win_registry YRP/win_token YRP/win_files_operation YRP/android_meterpreter YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/Advapi_Hash_API YRP/GEN_PowerShell YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/WannaDecryptor YRP/Greenbug_Malware_3 YRP/Greenbug_Malware_5 FlorianRoth/Greenbug_Malware_3 FlorianRoth/Greenbug_Malware_5 FlorianRoth/Suspicious_PowerShell_WebDownload_1 FlorianRoth/Hacktool_Strings_p0wnedShell
11d361d5a47c698ce92dd54e1b66dd7252b5caddb570c173314c86399ff1d18d	PE32	2020-06-27 18:01:32	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/win_registry YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/Str_Win32_Winsock2_Library YRP/WannaDecryptor YRP/ransom_telefonica YRP/Wanna_Cry_Ransomware_Generic YRP/WannaCry_Ransomware YRP/WannaCry_Ransomware_Dropper FlorianRoth/WannaCry_Ransomware
119cb15f0736e337790dda947776595e7c4250f42620897db2826182f443f84c	PE32	2020-06-29 16:42:02	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/win_registry YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/Str_Win32_Winsock2_Library YRP/WannaDecryptor YRP/ransom_telefonica YRP/Wanna_Cry_Ransomware_Generic YRP/WannaCry_Ransomware YRP/WannaCry_Ransomware_Dropper YRP/suspicious_packer_section FlorianRoth/WannaCry_Ransomware
3dc6191c1255cfbaf94461e9a44f5b698c5563bbf846c94c4edd343828943a1e	PE32	2020-07-07 17:54:27	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/win_registry YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/Str_Win32_Winsock2_Library YRP/WannaDecryptor YRP/ransom_telefonica YRP/Wanna_Cry_Ransomware_Generic YRP/WannaCry_Ransomware YRP/WannaCry_Ransomware_Dropper YRP/suspicious_packer_section FlorianRoth/WannaCry_Ransomware
470dfc18e05c01ebd66fb8b320ff7e6e76d8017feb530fb23b981982c737b490	PE32	2020-07-07 19:30:00	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasRichSignature YRP/maldoc_indirect_function_call_3 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/win_registry YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/MS17_010_WanaCry_worm YRP/WannaDecryptor YRP/NHS_Strain_Wanna YRP/Wanna_Cry_Ransomware_Generic YRP/WannaCry_Ransomware YRP/WannaCry_Ransomware_Gen YRP/WannaCry_Ransomware_Dropper YRP/WannaCry_SMB_Exploit YRP/suspicious_packer_section FlorianRoth/WannaCry_Ransomware FlorianRoth/WannaCry_Ransomware_Gen
922b7a6bf5a1201b54ee5a1f63fa1bcb21f67097f41145f70e6b4b087ad65f0a	Zip	2020-07-08 21:28:33	User Submission	YRP/domain YRP/contentis_base64 YRP/Big_Numbers3 YRP/WannaDecryptor [+] YRP/suspicious_packer_section
c0c234444ffcaedd23abb4a56062f08fe032289c5208f26c441c4a674fa118b4	PE32	2021-01-17 20:56:59	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/win_registry YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/Str_Win32_Winsock2_Library YRP/WannaDecryptor YRP/Wanna_Sample_84c82835a5d21bbcf75a61706d8ab549 YRP/ransom_telefonica YRP/Wanna_Cry_Ransomware_Generic YRP/WannaCry_Ransomware YRP/WannaCry_Ransomware_Dropper YRP/suspicious_packer_section FlorianRoth/WannaCry_Ransomware
f285cc074fe34b901caf02c39b43191ac3e2841645a995b31079d434a032e2c0	Zip	2021-06-11 17:04:40	User Submission	YRP/domain YRP/contentis_base64 YRP/WannaDecryptor YRP/suspicious_packer_section

Recent Searches
yrp/wannadecryptor
florianroth/apt_ru_moonlightmaze_xk_keylogger
florianroth/cn_honker_sig_3389_2_3389
yrp/migrate_apc
yrp/nullsoftinstallsystemv20b4
yrp/borland
yrp/ms17_010_wanacry_worm
yrp/maldoc_indirect_function_call_2
yrp/safenetcode
florianroth/eqgrp_implants_gen5

Search

Recent Searches