MalShare

MD5 Hash	File type	Added	Source	Yara Hits
0c2f6aee0453d7b54ee713fae2b1befb	PE32	2018-02-26 01:16:05	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate
cd580d47925b430ba1550124e6258dda	UTF-8	2018-03-06 21:27:09	http://103.68.190.250/Sources//ActiveMalwares...	CuckooSandbox/embedded_win_api YRP/domain YRP/url YRP/contentis_base64 [+] YRP/Browsers YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_registry YRP/Advapi_Hash_API YRP/Str_Win32_Wininet_Library
c8151eca22992785a8ae43a13c3dccd6	UTF-8	2018-03-06 21:27:50	http://103.68.190.250/Sources//ActiveMalwares...	CuckooSandbox/embedded_win_api YRP/domain YRP/url YRP/contentis_base64 [+] YRP/Browsers YRP/dyndns YRP/cred_local YRP/cred_ff YRP/win_registry YRP/Advapi_Hash_API YRP/Str_Win32_Wininet_Library
daf2aa00e0d69550d989c8842f2c41cc	UTF-8	2018-03-06 21:28:27	http://103.68.190.250/Sources//ActiveMalwares...	CuckooSandbox/embedded_win_api YRP/domain YRP/url YRP/contentis_base64 [+] YRP/Browsers YRP/dyndns YRP/cred_local YRP/cred_ff YRP/win_registry YRP/Advapi_Hash_API YRP/Str_Win32_Wininet_Library
ff9626e7a2441952551825982ad71818	UTF-8	2018-03-06 21:52:54	http://103.68.190.250/Sources//ActiveMalwares...	CuckooSandbox/embedded_win_api YRP/domain YRP/url YRP/contentis_base64 [+] YRP/Browsers YRP/dyndns YRP/cred_local YRP/cred_ff YRP/win_registry YRP/Advapi_Hash_API YRP/Str_Win32_Wininet_Library
55f83ff048d715ba60ccae503778b774	UTF-8	2018-03-06 22:30:28	http://103.68.190.250/Sources//ActiveMalwares...	CuckooSandbox/embedded_win_api YRP/domain YRP/url YRP/contentis_base64 [+] YRP/Browsers YRP/dyndns YRP/cred_local YRP/cred_ff YRP/win_registry YRP/Advapi_Hash_API YRP/Str_Win32_Wininet_Library
2b236baedf976710abcbe6b08837ab43	PE32	2018-03-28 14:47:58	http://servet.000webhostapp.com/saf%203000.ex...	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
2090d21018f8890b2ceb5e5752b3cf3c	PE32	2018-06-25 08:39:30	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
d0adc1efc5ca670bc2d6d9f8cfff9f55	PE32	2018-11-13 10:29:01	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
b8d57a733902915c0065b25b7cf0b226	Composite	2018-11-20 07:01:31	User Submission	CuckooSandbox/shellcode CuckooSandbox/embedded_pe CuckooSandbox/embedded_win_api CuckooSandbox/vmdetect [+] YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/maldoc_OLE_file_magic_number YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
dad7188990ff9d152ba4a251f1f647e2	PE32	2019-02-06 02:15:35	http://easyresa.ddns.net:999/servers/gate.exe	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/keylogger YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
28498f577e3f93a9ff883e684fbd2c50	PE32	2019-02-25 14:26:08	http://documente2015.hi2.ro/SCRIPTURI%20WEBSI...	CuckooSandbox/vmdetect YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional [+] YRP/Borland_Delphi_30_ YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/UPXv20MarkusLaszloReiser YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/UPX20030XMarkusOberhumerLaszloMolnarJohnReiser YRP/D1S1Gv11betaD1N YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/borland_delphi YRP/borland_delphi_dll YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Browsers YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/ThreadControl__Context YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/disable_antivirus YRP/inject_thread YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_ftp YRP/network_tcp_socket YRP/network_dns YRP/network_dga YRP/escalate_priv YRP/screenshot YRP/dyndns YRP/keylogger YRP/cred_local YRP/sniff_audio YRP/cred_ff YRP/cred_ie7 YRP/spreading_file YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/android_meterpreter YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/FGint_FGIntDestroy YRP/Delphi_Random YRP/Delphi_RandomRange YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Delphi_DecodeDate YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/UPX YRP/suspicious_packer_section
3ba2b8bf7d24c9daf5da46298caf22f3	PE32	2019-05-06 02:46:18	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
dc91572204b5b5c90a9298c75b9b6525	PE32	2019-09-04 14:08:21	http://milnetbrasil.duckdns.org:8088/back1.ex...	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
3808da149f697638f2d1991c05ce32cb	PE32	2019-09-06 02:43:46	http://milnetbrasil.duckdns.org:8088/back2.ex...	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
3e8e1c6d25a0e39fe68afe0e5b21afa3	PE32	2019-09-30 20:59:49	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Basic_v50v60 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 [+] YRP/Microsoft_Visual_Basic_v50_additional YRP/Microsoft_Visual_Basic_v50v60_additional YRP/ProtectSharewareV11eCompservCMS YRP/IsPE32 YRP/IsWindowsGUI YRP/IsBeyondImageSize YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/SEH__vba YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/network_dga YRP/escalate_priv YRP/screenshot YRP/dyndns YRP/keylogger YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/DES_Long YRP/DES_sbox YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/with_sqlite YRP/CyberGate YRP/pony FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate BAMFDetect/pony
725800702717a592f1085b3694d06384	PE32	2019-11-24 11:24:27	User Submission	YRP/Microsoft_Visual_Basic_v50v60 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 YRP/Microsoft_Visual_Basic_v50_additional [+] YRP/Microsoft_Visual_Basic_v50v60_additional YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/VM_Generic_Detection YRP/SEH__vba YRP/network_udp_sock YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/dyndns YRP/keylogger YRP/cred_local YRP/rat_webcam YRP/win_registry YRP/win_files_operation YRP/Str_Win32_Winsock2_Library
a3fb0ecf4e32f8ecf788ff6e2aa24584	PE32	2019-11-24 14:00:15	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
05d84dac0c10fb6c00299f5d41fcaade	PE32	2019-11-24 14:05:17	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
56cf9cde11738ea8437929ab91292ce2	PE32	2019-12-02 20:09:45	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser [+] YRP/IsPE32 YRP/IsWindowsGUI YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VMWare_Detection YRP/Misc_Suspicious_Strings YRP/vmdetect YRP/anti_dbgtools YRP/antivm_vmware YRP/disable_taskmanager YRP/hijack_network YRP/network_udp_sock YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/network_ssl YRP/screenshot YRP/dyndns YRP/keylogger YRP/cred_local YRP/cred_ff YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/MD5_Constants YRP/BASE64_table YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/UPX YRP/suspicious_packer_section YRP/GenerateTLSClientHelloPacket_Test
bbac65da3599ab3533ee46cf44810bd4	PE32	2019-12-02 20:24:59	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/keylogger YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
0b9518217ba3f0cbf863af0fb53b7789	PE32	2020-01-13 16:01:10	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
0bf54f192976ff1957abfc2b2b4815d9	PE32	2020-01-13 17:31:58	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/dyndns YRP/cred_local YRP/cred_ff YRP/win_registry YRP/Advapi_Hash_API YRP/BASE64_table YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API
18fbedbfb30521a7c86ce2ea8ece9371	PE32	2020-01-15 14:50:48	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/borland_delphi_dll YRP/domain YRP/IP YRP/contentis_base64 YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/DebuggerCheck__QueryInfo YRP/ThreadControl__Context YRP/inject_thread YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/dyndns YRP/keylogger YRP/cred_local YRP/cred_ff YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/android_meterpreter YRP/Advapi_Hash_API YRP/MD5_Constants YRP/BASE64_table YRP/Delphi_Random YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Str_Win32_Winsock2_Library
1544c9d66bc6d4a200cc54910a7ad10a	PE32	2020-01-15 14:50:52	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/dyndns YRP/cred_local YRP/cred_ff YRP/win_registry YRP/Advapi_Hash_API YRP/BASE64_table YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API FlorianRoth/DragonFly_APT_Sep17_3
184b7c1128d8a5970b9261b1641fef24	PE32	2020-01-15 16:12:56	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/keylogger YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
16304dd8bfa9d31d07101b25d27fbf88	PE32	2020-01-15 16:13:15	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/keylogger YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
623cd1328922dcf39293298931e65677	PE32	2020-01-15 16:13:18	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsPacked YRP/IsBeyondImageSize YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
1b3be9cb070096ae32ead5b4f1a2a424	PE32	2020-01-15 16:52:46	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser [+] YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VMWare_Detection YRP/Misc_Suspicious_Strings YRP/vmdetect YRP/anti_dbgtools YRP/antivm_vmware YRP/disable_taskmanager YRP/hijack_network YRP/network_udp_sock YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/network_ssl YRP/screenshot YRP/dyndns YRP/keylogger YRP/cred_local YRP/cred_ff YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/MD5_Constants YRP/BASE64_table YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/UPX YRP/suspicious_packer_section YRP/GenerateTLSClientHelloPacket_Test

Recent Searches
yrp/dyndns
yrp/exeshield_protector_36_wwwexeshieldcom
florianroth/apt_equation_cryptotable
yrp/tofu_backdoor
202e7cbcf02ceb8bce1421696c0aee000a577a44
yrp/blackhole2_htm4
yrp/turla_apt_malware_gen2
yrp/equationgroup_auditcleaner
yrp/equationgroup_dul
florianroth/equationgroup_toolset_apr17_gen2

Search

Recent Searches