MalShare

SHA256 Hash	File type	Added	Source	Yara Hits
c14c75df132b0f087f8c2ebfcf2ef21cdda83c8fa13b2559de9e6830bc0bef87	PE32	2022-02-18 09:44:59	User Submission	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/Antivirus YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/inject_thread YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_ftp YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/dyndns YRP/keylogger YRP/cred_local YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Delphi_DecodeDate YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API
1c289f9aeb483881a663bc4abdf127fcdd667d458de35990bcdca2008924fca2	PE32	2022-02-17 20:25:02	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsPacked YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
b501a88bc7ef59905977a817c10dea64640a2c7237c57882359e87795d88b720	PE32	2022-02-17 00:36:27	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Basic_v50v60 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 [+] YRP/Microsoft_Visual_Basic_v50_additional YRP/Microsoft_Visual_Basic_v50v60_additional YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/SEH__vba YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
15758e91ed9bbead48c23b487dc945343532b898a6bb0639160850df4e8c4817	PE32	2022-02-13 15:01:04	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
aae36322e08a25eb9cb7b043ac379c9db77fb4150b978a291ddccfb49cda49e8	PE32	2021-09-30 13:07:56	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
e5f3e0e8ffa3619dea8ef75d285ac7bb74603618b5f82af2a44165da4ab58390	PE32	2021-09-14 11:30:04	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/UPXv20MarkusLaszloReiser [+] YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/UPX20030XMarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/suspicious_packer_section YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
40492804d8bfeb59a629fab0667547da90c16feaaed7f84312ed0a7e627643e3	PE32	2021-09-14 11:29:42	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/UPXv20MarkusLaszloReiser [+] YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/UPX20030XMarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasModified_DOS_Message YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/suspicious_packer_section YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
26eb2ff8d4f84e27f105fe1f93e8964f001433c02c6f70bf4c4e82d9f70967b8	PE32	2021-09-14 11:28:29	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
ec382f2ae880294c7032c67e962ee76de8df7203b81a5c3d9c276f0bec5092bb	PE32	2021-09-07 07:11:07	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/UPXv20MarkusLaszloReiser [+] YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/UPX20030XMarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/suspicious_packer_section YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
e5778446d63e571a7b4829719fd88b5f3b7946cefd4797f92a9ff9a9c93f115f	PE32	2021-09-01 01:27:57	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
e568dbee82ecd2d3089f927aed0e8971dd60bb8b3260d01a3acc5726f7233321	PE32	2021-07-13 19:01:34	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
3f2ba691bdc22a1debdbe20ff59d56d611f1491b08eba4bb7286a14ea3dc7ba1	PE32	2020-08-28 20:02:23	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
0ea92254716b961c39a0e1b570e2c3702167f620754619d67772b6e90a2588a0	PE32	2020-07-08 09:01:02	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/UPXv20MarkusLaszloReiser [+] YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/UPX20030XMarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/UPX YRP/suspicious_packer_section YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378	PE32	2020-07-07 15:36:10	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
118feb2716e975fd30158b568b3ca9f06ab19a4d00d713185c10c7f0db6894c0	PE32	2020-06-30 01:57:00	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/inject_thread YRP/dyndns YRP/keylogger YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
1182cb3dfbb2fb400c1422f49e15c142788d7f72c4891301c7ceeff90d4628ea	PE32	2020-06-29 22:19:15	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
5995ab969de6e696e8600557e93bdf51bc1d113ac051f9f7fbee655ddd71ba9b	PE32	2020-06-29 06:24:08	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsPacked YRP/HasOverlay YRP/borland_delphi YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/ThreadControl__Context YRP/Check_Dlls YRP/vmdetect YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/disable_antivirus YRP/inject_thread YRP/create_service YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/dyndns YRP/keylogger YRP/cred_local YRP/cred_ff YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/android_meterpreter YRP/CRC32_poly_Constant YRP/CRC32_table YRP/BASE64_table YRP/Delphi_Random YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Str_Win32_Winsock2_Library
11e3bf80fa770c3919ab67cb4ffcf9973439fade56db283430cff97bd6754457	PE32	2020-06-28 14:39:45	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET [+] YRP/Microsoft_Visual_Studio_NET_additional YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/Borland YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsConsole YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/disable_antivirus YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/dyndns YRP/keylogger YRP/cred_local YRP/cred_ff YRP/spreading_file YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Advapi_Hash_API YRP/BASE64_table YRP/Delphi_Random YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
222f0e9dfe45a1e36921aedef38709e9374e504c56c3c9dd78335dd32ce21d36	PE32	2020-06-27 19:24:55	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
112ba6525886bf7fb2749c0a8ace8cee0f1261e6de4b0269a242d6ccc9d38c03	PE32	2020-06-26 22:58:11	User Submission	CuckooSandbox/vmdetect YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/Check_FindWindowA_iat YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/disable_antivirus YRP/network_http YRP/dyndns YRP/keylogger YRP/cred_local YRP/cred_ff YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Advapi_Hash_API YRP/BASE64_table YRP/Delphi_Random YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
d9cd4d2cfdbe7ab14a166c2511c836df1f288c2aab3ad62135fff4c1d2349704	PE32	2020-06-26 20:47:00	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
11166cdf09eb53e70d1aa7e6b54d0e166638b43080057e19af3df5ebac778bdb	PE32	2020-06-26 19:02:06	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
f87b3af2c0fe72316b2fb3339c2d30b43158d9c0810aea697bc9374288dd48cd	PE32	2020-06-26 18:27:45	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/borland_delphi_dll YRP/domain YRP/IP YRP/contentis_base64 YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/DebuggerCheck__QueryInfo YRP/ThreadControl__Context YRP/inject_thread YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/dyndns YRP/keylogger YRP/cred_local YRP/cred_ff YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/android_meterpreter YRP/Advapi_Hash_API YRP/MD5_Constants YRP/BASE64_table YRP/Delphi_Random YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Str_Win32_Winsock2_Library
fd593d6f1f4ed13328c7624b0f4adc079fb2bc5701bfcf14f70d81087ab65132	PE32	2020-01-15 15:52:46	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser [+] YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VMWare_Detection YRP/Misc_Suspicious_Strings YRP/vmdetect YRP/anti_dbgtools YRP/antivm_vmware YRP/disable_taskmanager YRP/hijack_network YRP/network_udp_sock YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/network_ssl YRP/screenshot YRP/dyndns YRP/keylogger YRP/cred_local YRP/cred_ff YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/MD5_Constants YRP/BASE64_table YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/UPX YRP/suspicious_packer_section YRP/GenerateTLSClientHelloPacket_Test
cbb3610cb0e64a3c787e08c4fede83f814e1ec0610faca238994b0021f5cc594	PE32	2020-01-15 15:13:18	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsPacked YRP/IsBeyondImageSize YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
ce35741422f714f2990ccee068851531ebb035ad35172fcb32cbdce9bf9760b0	PE32	2020-01-15 15:13:15	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/keylogger YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
f7bb25f3f06eccf2de1f2a5b0d1ef1bf5fc530ee915295b880223b5f7ee92533	PE32	2020-01-15 15:12:56	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/keylogger YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
8343f006ef60f5b298106b14cf8f919a3b9a79be8bd0b6b9551791675fe52569	PE32	2020-01-15 13:50:52	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/dyndns YRP/cred_local YRP/cred_ff YRP/win_registry YRP/Advapi_Hash_API YRP/BASE64_table YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API FlorianRoth/DragonFly_APT_Sep17_3
6758772d4d59afbd1171b383915dfa9a9c3bfc74d83f76ec8fe8952c2bd68775	PE32	2020-01-15 13:50:48	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/borland_delphi_dll YRP/domain YRP/IP YRP/contentis_base64 YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/DebuggerCheck__QueryInfo YRP/ThreadControl__Context YRP/inject_thread YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/dyndns YRP/keylogger YRP/cred_local YRP/cred_ff YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/android_meterpreter YRP/Advapi_Hash_API YRP/MD5_Constants YRP/BASE64_table YRP/Delphi_Random YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Str_Win32_Winsock2_Library
e25c478a2abab8aa15775166f6dc811915c99a76a858ee536ba9d06c331a96e2	PE32	2020-01-13 16:31:58	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/dyndns YRP/cred_local YRP/cred_ff YRP/win_registry YRP/Advapi_Hash_API YRP/BASE64_table YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API
e55ba4cc3ba77e84135a8879c872d1e859f540b1a9afa5886308e4d95a334f87	PE32	2020-01-13 15:01:10	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
321b4fa2be9f7aae18d5bee0673bfcdb34d8b7e726f89871661a79838c9762c9	PE32	2019-12-02 19:24:59	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/keylogger YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
6eb0134e3bd6aa40e49246a6b544049ee5169303285736770096ce7be847ce70	PE32	2019-12-02 19:09:45	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser [+] YRP/IsPE32 YRP/IsWindowsGUI YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VMWare_Detection YRP/Misc_Suspicious_Strings YRP/vmdetect YRP/anti_dbgtools YRP/antivm_vmware YRP/disable_taskmanager YRP/hijack_network YRP/network_udp_sock YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/network_ssl YRP/screenshot YRP/dyndns YRP/keylogger YRP/cred_local YRP/cred_ff YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/MD5_Constants YRP/BASE64_table YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/UPX YRP/suspicious_packer_section YRP/GenerateTLSClientHelloPacket_Test
87a30cdbb7094006facf6cb076e2dfbfb45102bf40aaeb22a59b853f48b2443e	PE32	2019-11-24 13:05:17	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
bc3ef48f7ab5b1d9bff6e8743d2676f2b14f58531b1368e2e9839d2845a6ec5a	PE32	2019-11-24 13:00:15	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
9546efe7f1c2ac3adb00f366276bcbe99e6a44d865a024e0a65f3ad10e35225e	PE32	2019-11-24 10:24:27	User Submission	YRP/Microsoft_Visual_Basic_v50v60 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 YRP/Microsoft_Visual_Basic_v50_additional [+] YRP/Microsoft_Visual_Basic_v50v60_additional YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/VM_Generic_Detection YRP/SEH__vba YRP/network_udp_sock YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/dyndns YRP/keylogger YRP/cred_local YRP/rat_webcam YRP/win_registry YRP/win_files_operation YRP/Str_Win32_Winsock2_Library
db4d88220ec6c0925f6bb68345546c42b2021041c79a9345012caf4abe949183	PE32	2019-09-30 18:59:49	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Basic_v50v60 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 [+] YRP/Microsoft_Visual_Basic_v50_additional YRP/Microsoft_Visual_Basic_v50v60_additional YRP/ProtectSharewareV11eCompservCMS YRP/IsPE32 YRP/IsWindowsGUI YRP/IsBeyondImageSize YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/SEH__vba YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/network_dga YRP/escalate_priv YRP/screenshot YRP/dyndns YRP/keylogger YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/DES_Long YRP/DES_sbox YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/with_sqlite YRP/CyberGate YRP/pony FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate BAMFDetect/pony
d6b53af0ba548088f9ccad4f25d39d351ce9ea2e51e49905cdd75e18b857d84f	PE32	2019-09-06 00:43:46	http://milnetbrasil.duckdns.org:8088/back2.ex...	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
98f2d41d6da4384dcc9bc85a5730157942038e32068bdb7441fc28e4bb4161e2	PE32	2019-09-04 12:08:21	http://milnetbrasil.duckdns.org:8088/back1.ex...	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
2c1eec3977638db0e629d25bdb77563370bf30e54deb404bbb32205a5f9ed992	PE32	2019-05-06 00:46:18	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
fa1b28fdd72a2a52d141dc357ee9111c43a83a719905ed93e386b45e3f51f436	PE32	2019-02-25 13:26:08	http://documente2015.hi2.ro/SCRIPTURI%20WEBSI...	CuckooSandbox/vmdetect YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional [+] YRP/Borland_Delphi_30_ YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/UPXv20MarkusLaszloReiser YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/UPX20030XMarkusOberhumerLaszloMolnarJohnReiser YRP/D1S1Gv11betaD1N YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/borland_delphi YRP/borland_delphi_dll YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Browsers YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/ThreadControl__Context YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/disable_antivirus YRP/inject_thread YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_ftp YRP/network_tcp_socket YRP/network_dns YRP/network_dga YRP/escalate_priv YRP/screenshot YRP/dyndns YRP/keylogger YRP/cred_local YRP/sniff_audio YRP/cred_ff YRP/cred_ie7 YRP/spreading_file YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/android_meterpreter YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/FGint_FGIntDestroy YRP/Delphi_Random YRP/Delphi_RandomRange YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Delphi_DecodeDate YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/UPX YRP/suspicious_packer_section
0a0ff10cbc1c4f1bf3f6c209a9127a25d7623d6b0634c1e50683ad85cd1edb70	PE32	2019-02-06 01:15:35	http://easyresa.ddns.net:999/servers/gate.exe	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/keylogger YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
683a8c14849a65978475f3affba66c3cede770ffd1203609d1bbb285ca9eaf36	Composite	2018-11-20 06:01:31	User Submission	CuckooSandbox/shellcode CuckooSandbox/embedded_pe CuckooSandbox/embedded_win_api CuckooSandbox/vmdetect [+] YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/maldoc_OLE_file_magic_number YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
932a6aa159d0df8702d2db78cf9c1e9ece11ff61c3f39c8c8f18fdf9085a0e48	PE32	2018-11-13 09:29:01	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
0bb2307569328f0f44a38c6715f9dc25794ab6dc714ed948222324d60e028d66	PE32	2018-06-25 06:39:30	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
270dbb66c7fdc41aecb79c515e18a89692ecb32adfd7fe3bc1a5e546f45d672f	PE32	2018-03-28 12:47:58	http://servet.000webhostapp.com/saf%203000.ex...	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
7424bfc41dfccd94083d7100099f1dff7fcc9f16b0088246096ed96d9d443091	UTF-8	2018-03-06 21:30:28	http://103.68.190.250/Sources//ActiveMalwares...	CuckooSandbox/embedded_win_api YRP/domain YRP/url YRP/contentis_base64 [+] YRP/Browsers YRP/dyndns YRP/cred_local YRP/cred_ff YRP/win_registry YRP/Advapi_Hash_API YRP/Str_Win32_Wininet_Library
147c2399f01fe15523eba3c47f6b0a3408dc53709f941ca94354b05239323cf3	UTF-8	2018-03-06 20:52:54	http://103.68.190.250/Sources//ActiveMalwares...	CuckooSandbox/embedded_win_api YRP/domain YRP/url YRP/contentis_base64 [+] YRP/Browsers YRP/dyndns YRP/cred_local YRP/cred_ff YRP/win_registry YRP/Advapi_Hash_API YRP/Str_Win32_Wininet_Library
5f0ca1257d8a0cbab2234a1251604244e3b713b5532204ef4f9e32e84124f7f2	UTF-8	2018-03-06 20:28:27	http://103.68.190.250/Sources//ActiveMalwares...	CuckooSandbox/embedded_win_api YRP/domain YRP/url YRP/contentis_base64 [+] YRP/Browsers YRP/dyndns YRP/cred_local YRP/cred_ff YRP/win_registry YRP/Advapi_Hash_API YRP/Str_Win32_Wininet_Library
3a595b3d1d05c93ea4d4b1f8b71d5b81a39d4c09a508fc499165566410b8870f	UTF-8	2018-03-06 20:27:50	http://103.68.190.250/Sources//ActiveMalwares...	CuckooSandbox/embedded_win_api YRP/domain YRP/url YRP/contentis_base64 [+] YRP/Browsers YRP/dyndns YRP/cred_local YRP/cred_ff YRP/win_registry YRP/Advapi_Hash_API YRP/Str_Win32_Wininet_Library
93cf40da5c11b7e66058233becb49c572f2ff3919006feb70fb006f80c9b33ea	UTF-8	2018-03-06 20:27:09	http://103.68.190.250/Sources//ActiveMalwares...	CuckooSandbox/embedded_win_api YRP/domain YRP/url YRP/contentis_base64 [+] YRP/Browsers YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_registry YRP/Advapi_Hash_API YRP/Str_Win32_Wininet_Library
d6aea3f69e8505592cf82f72f18b13baab0043ffc224395d05cf54ae9b370f1c	PE32	2018-02-26 00:16:05	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate

Recent Searches
yrp/dyndns
yrp/olyxstrings
yrp/net_executable_
yrp/screenshot
yrp/upx_3
yrp/vmprotect_1704_phpbb3
yrp/url
yrp/win_registry
yrp/dcp_rijndael_encryptecb
yrp/trojan_win32_dipsind_b

Search

Recent Searches