MalShare

SHA256 Hash	File type	Added	Source	Yara Hits
1d71aa424590d941211f477d6cb9ec8d6d655d3ef3212931dc644dedbbf1e180	HTML	2022-03-18 00:05:31	https://www.cisa.gov/uscert/ncas/alerts/aa22-...	YRP/powershell YRP/domain YRP/IP YRP/url [+] YRP/contentis_base64 YRP/System_Tools YRP/Misc_Suspicious_Strings YRP/hijack_network YRP/Big_Numbers3
03e35b1085e2cc694a00fb4d348fcd388376e188ba5632a590ee47a85868c33d	HTML	2022-03-17 12:05:01	https://www.cisa.gov/uscert/ncas/alerts/aa22-...	YRP/powershell YRP/domain YRP/IP YRP/url [+] YRP/contentis_base64 YRP/System_Tools YRP/Misc_Suspicious_Strings YRP/hijack_network YRP/Big_Numbers3
7e5c8e4cce5d1ea8ce319040d190b64f6383b01ff23e7937d3fa2e36fb1a658e	PE32	2022-03-15 03:02:17	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsConsole [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/DebuggerException__SetConsoleCtrl YRP/anti_dbg YRP/hijack_network YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/Big_Numbers1 YRP/MD5_Constants YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library
7ea197ee6551db4806277648c73e1a542f629731497386a074004c13b8cdbaaa	PE32	2022-02-25 17:25:54	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi [+] YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/contentis_base64 YRP/hijack_network YRP/screenshot YRP/win_registry YRP/win_files_operation YRP/Big_Numbers0 YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/Delphi_CompareCall YRP/Delphi_Copy
fc7df55041924cb8e4bf24c8e8b07632b84043b551f38fb5dba70569ade27907	PE32	2022-02-25 13:21:03	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/with_images YRP/without_attachments YRP/with_urls YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/SEH__vba YRP/inject_thread YRP/hijack_network YRP/network_smtp_raw YRP/network_http YRP/network_tcp_socket YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/MD5_API YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/DES_sbox YRP/BASE64_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/Chinese_Hacktool_1014
38509391722f5acc1effb02527b533fc35c31b9fb968eaa8519fac03c4f7a8c0	PE32	2022-02-24 21:12:12	User Submission	CuckooSandbox/vmdetect YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional [+] YRP/Microsoft_Visual_Cpp_50 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/UPXv20MarkusLaszloReiser YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/with_images YRP/without_attachments YRP/with_urls YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VirtualPC_Detection YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/DebuggerHiding__Thread YRP/vmdetect YRP/antivm_vmware YRP/disable_dep YRP/inject_thread YRP/hijack_network YRP/network_http YRP/network_tcp_socket YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/DES_sbox YRP/BASE64_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/UPX YRP/suspicious_packer_section
2f34779fd15a12443c6d679d4d1fc40acd06432749e0f91133c485d05958c378	PE32	2022-02-24 10:40:43	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/UPXv20MarkusLaszloReiser YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/with_images YRP/without_attachments YRP/with_urls YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/SEH__vba YRP/inject_thread YRP/hijack_network YRP/network_smtp_raw YRP/network_http YRP/network_tcp_socket YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/MD5_API YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/DES_sbox YRP/BASE64_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/suspicious_packer_section YRP/Chinese_Hacktool_1014
3caa0dce48ccef47c90f27ea62201f4df11f3d207a14371071db4da44cd90355	PE32	2022-02-24 06:10:16	User Submission	YRP/ASPack_v212_additional YRP/ASPack_v21_additional YRP/ASProtect_V2X_DLL_Alexey_Solodovnikov YRP/ASPack_v212 [+] YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h YRP/ASPack_v211d YRP/ASProtect_V2X_DLL_Alexey_Solodovnikov_additional YRP/ASPack_212withouth_Poly_Solodovnikov_Alexey YRP/ASPack_v212_Alexey_Solodovnikov YRP/ASPackv212AlexeySolodovnikov YRP/ASProtectV2XDLLAlexeySolodovnikov YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/SEH__vba YRP/inject_thread YRP/hijack_network YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/MD5_API YRP/DES_sbox YRP/BASE64_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library
9a3358abef44eb0e30b25685d75e15c68b548e9550b53d2e515357857fdcc809	PE32	2022-02-23 19:11:20	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/disable_antivirus YRP/disable_dep YRP/hijack_network YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/spreading_file YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/android_meterpreter YRP/Big_Numbers1 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/suspicious_packer_section
ee050e348a67d098b2718365ca4d3f606343b2f133fc98311ebbae1b02a2c33b	PE32	2022-02-23 14:26:28	User Submission	YRP/possible_includes_base64_packed_functions YRP/UPXv20MarkusLaszloReiser YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/Antivirus YRP/Misc_Suspicious_Strings YRP/DebuggerHiding__Active YRP/anti_dbg YRP/hijack_network YRP/network_http YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_private_profile YRP/win_files_operation YRP/android_meterpreter YRP/Big_Numbers1 YRP/Big_Numbers5 YRP/Advapi_Hash_API YRP/BASE64_table YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/suspicious_packer_section
d33dcc9d2816be18ec7e8a55f692aa9ecef75863c346c5f02549cf109d24a06e	PE32	2022-02-23 13:44:33	User Submission	YRP/possible_includes_base64_packed_functions YRP/UPXv20MarkusLaszloReiser YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/DebuggerHiding__Active YRP/anti_dbg YRP/hijack_network YRP/network_http YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_private_profile YRP/win_files_operation YRP/android_meterpreter YRP/Big_Numbers1 YRP/Big_Numbers5 YRP/Advapi_Hash_API YRP/BASE64_table YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/suspicious_packer_section
79f53348cb4c489c3d1fd0d95ab899bc9f62f2adb9dbe2b746102eb2e39a87b0	PE32	2022-02-23 09:22:14	User Submission	YRP/possible_includes_base64_packed_functions YRP/UPXv20MarkusLaszloReiser YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/DebuggerHiding__Active YRP/anti_dbg YRP/hijack_network YRP/network_http YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_private_profile YRP/win_files_operation YRP/android_meterpreter YRP/Big_Numbers1 YRP/Big_Numbers5 YRP/Advapi_Hash_API YRP/BASE64_table YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/suspicious_packer_section
2ef86a0e6dd6e0fcce2f1c357f15bbf481a81d98170cbee361355d7b994d851b	PE32	2022-02-23 07:25:50	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/with_images YRP/without_attachments YRP/with_urls YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/SEH__vba YRP/inject_thread YRP/hijack_network YRP/network_smtp_raw YRP/network_http YRP/network_tcp_socket YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/MD5_API YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/DES_sbox YRP/BASE64_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/Chinese_Hacktool_1014
033ce78d1e3a1f0a6b7254da38b6499246ddf6befbd21a304facbd4643e48e66	PE32	2022-02-23 05:42:16	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/UPXv20MarkusLaszloReiser YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDigitalSignature YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Antivirus YRP/Dropper_Strings YRP/DebuggerException__SetConsoleCtrl YRP/anti_dbg YRP/antisb_threatExpert YRP/inject_thread YRP/hijack_network YRP/network_tcp_listen YRP/network_tcp_socket YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/spreading_file YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/android_meterpreter YRP/CRC32_poly_Constant YRP/CRC32_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/suspicious_packer_section
2b96242fc5c6eaa335f66cbdc90ff52f37763df0b528251807805541b7ff7ec0	PE32	2022-02-23 01:36:36	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/UPXv20MarkusLaszloReiser YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Antivirus YRP/Dropper_Strings YRP/hijack_network YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/spreading_file YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/suspicious_packer_section
c44897d23cdbb4731f48151952ef3ed9e0fe966d963b96473614d153131bf058	PE32	2022-02-22 23:32:31	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/UPXv20MarkusLaszloReiser YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/with_images YRP/without_attachments YRP/with_urls YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/SEH__vba YRP/inject_thread YRP/hijack_network YRP/network_smtp_raw YRP/network_http YRP/network_tcp_socket YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/MD5_API YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/DES_sbox YRP/BASE64_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/suspicious_packer_section YRP/Chinese_Hacktool_1014
fad4dea08ed4d063b6f1fa856d381e39ac799d8a2678fb3b81a48c58108890dc	PE32	2022-02-22 20:55:07	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/hijack_network YRP/screenshot YRP/win_registry YRP/win_files_operation YRP/CRC32_poly_Constant YRP/BLOWFISH_Constants YRP/VC6_Random YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API
3474dfe7bae270982d624d2dd3b3d2778e4f8ef2fdc83892def001d36e628b8f	MS-DOS	2022-02-22 20:50:17	User Submission	CuckooSandbox/vmdetect YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasModified_DOS_Message YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/vmdetect YRP/anti_dbg YRP/hijack_network YRP/win_registry YRP/win_files_operation YRP/vmdetect_misc YRP/Advapi_Hash_API YRP/CRC32b_poly_Constant YRP/SHA512_Constants YRP/BASE64_table
642e41f8760a9e01b8938b966b849b892b5447f673d7c8adbabaac58e29ee4ff	PE32	2022-02-22 20:30:52	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/with_images YRP/without_attachments YRP/with_urls YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/SEH__vba YRP/inject_thread YRP/hijack_network YRP/network_smtp_raw YRP/network_http YRP/network_tcp_socket YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/MD5_API YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/DES_sbox YRP/BASE64_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/Chinese_Hacktool_1014
58753644dc6859db9e6edf93e3568abcc7567ce7f86b3bc77f836f718520e167	PE32	2022-02-22 18:21:57	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/UPXv20MarkusLaszloReiser YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/with_images YRP/without_attachments YRP/with_urls YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/SEH__vba YRP/inject_thread YRP/hijack_network YRP/network_smtp_raw YRP/network_http YRP/network_tcp_socket YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/MD5_API YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/DES_sbox YRP/BASE64_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/suspicious_packer_section YRP/Chinese_Hacktool_1014
1435a1bdaf8e0e7655c286c9bc764dabb5eab0659e42c8758dcd95c500666211	PE32	2022-02-22 13:39:50	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/UPXv20MarkusLaszloReiser YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Antivirus YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/hijack_network YRP/network_tcp_listen YRP/network_tcp_socket YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/spreading_file YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/android_meterpreter YRP/Big_Numbers1 YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/suspicious_packer_section
fd76fd597e26215cb31b0319352f92d87908034506c4e0b631df49d3795813d3	PE32	2022-02-22 12:03:47	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/hijack_network YRP/screenshot YRP/win_registry YRP/win_files_operation YRP/CRC32_poly_Constant YRP/BLOWFISH_Constants YRP/VC6_Random YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API
39f1e256592fb247383d51d1941fdd3fa55b5262b7cbcb88a38b91e405ca20ca	PE32	2022-02-22 07:03:46	User Submission	YRP/telnet_cgi YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Install_Shield_2000 YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/InstallShield_2000_additional YRP/Borland_Delphi_v50_KOLMCK_additional YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/without_images YRP/with_urls YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Antivirus YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/hijack_network YRP/network_smtp_raw YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/CRC32_poly_Constant YRP/Str_Win32_Winsock2_Library YRP/UPX YRP/suspicious_packer_section
dcd77cbafb9f454fd8f2455d65a7d095c64f1af7efc38e91b20bf50aa145ef0e	PE32	2022-02-19 17:31:00	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/RE_Tools YRP/Antivirus YRP/Dropper_Strings YRP/anti_dbg YRP/anti_dbgtools YRP/inject_thread YRP/hijack_network YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Str_Win32_Winsock2_Library YRP/UPX YRP/suspicious_packer_section
28128ce995be93f87220dcd70b844e3c3731b845efba3b5b14502a37227637c1	PE32	2022-02-19 16:16:44	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/with_images YRP/without_attachments YRP/with_urls YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/inject_thread YRP/hijack_network YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/MD5_Constants YRP/BASE64_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API
735f531ca5dcbcbef8ab48f4ff696722139d8dff39d2cddb2f83f24f7cb84a55	PE32	2022-02-19 15:59:40	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/with_images YRP/without_attachments YRP/with_urls YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/DebuggerHiding__Active YRP/ThreadControl__Context YRP/anti_dbg YRP/hijack_network YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/MD5_Constants YRP/DES_sbox YRP/BASE64_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/UPX YRP/suspicious_packer_section
a4af602293c6e5d89b6fc3693f028db271fcd86db962130ac5f2bf5a903b3ab2	PE32	2022-02-19 15:22:59	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasRichSignature YRP/with_images YRP/without_attachments YRP/with_urls YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/hijack_network YRP/network_http YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/MD5_Constants YRP/DES_sbox YRP/BASE64_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/UPX YRP/suspicious_packer_section
741a43b8e8c14185092ff8e19ea065da6460d17565fb58344210149cdffcf847	PE32	2022-02-19 12:53:00	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain [+] YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/hijack_network YRP/network_dropper YRP/network_tcp_socket YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_ff YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Str_Win32_Winsock2_Library YRP/BlackShades_4 YRP/with_sqlite
d5b2daa5b3ee213311168ad4a4f7219548b8e94744a2f56711e2d833d19dcf05	PE32	2022-02-19 12:47:18	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/hijack_network YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/UPX YRP/suspicious_packer_section FlorianRoth/DragonFly_APT_Sep17_3
2bb21e998fc79ca26cc36dd4cb0a8f7c706cc944fe7df42b56a20946fe62fe6b	PE32	2022-02-19 12:39:39	User Submission	YRP/Armadillo_v2xx_CopyMem_II_additional YRP/Microsoft_Visual_Cpp_70_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/hijack_network YRP/network_tcp_listen YRP/network_http YRP/network_tcp_socket YRP/check_patchlevel YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
1b8e25998dfb3e98aa1b55a97a648470b36546c131c11ffb3c7bfaf4d4fb799b	PE32	2022-02-19 11:06:20	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/sniff_audio YRP/cred_ff YRP/spreading_share YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/DarkComet_1 YRP/DarkComet_3 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet
d3819443100733fbbafdb09b145f39147b969689be35ba882f23c53ae557b4ec	PE32	2022-02-19 10:49:02	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/RE_Tools YRP/Antivirus YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/anti_dbgtools YRP/inject_thread YRP/hijack_network YRP/network_tcp_listen YRP/network_irc YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers1 YRP/MD5_Constants YRP/spyeye YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library
4276c0440ebbc54f6f8b6d24cf3936af05eaae86956fb88a433cbc6f212c0afa	PE32	2022-02-19 09:18:49	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/with_images YRP/without_attachments YRP/with_urls YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/RE_Tools YRP/Misc_Suspicious_Strings YRP/DebuggerHiding__Active YRP/Check_FindWindowA_iat YRP/anti_dbg YRP/anti_dbgtools YRP/hijack_network YRP/network_http YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/MD5_Constants YRP/DES_sbox YRP/BASE64_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
0cf6cbd60161b7bf59f6d6f0cb451cc98d09043a4d784f1ead7d355a651b3838	PE32	2022-02-19 09:06:51	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
be2160af1e45ed5f611a39ae96a8daaafc654892235a85d58eae7c0c94929b39	PE32	2022-02-19 08:31:03	User Submission	YRP/Armadillo_v2xx_CopyMem_II_additional YRP/Microsoft_Visual_Cpp_70_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/hijack_network YRP/network_tcp_listen YRP/network_http YRP/network_tcp_socket YRP/check_patchlevel YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
4a5b2ce096211933ff857fe0c754056321347d6c6de71fef8caec47a3b0c11eb	PE32	2022-02-19 06:59:04	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/D1S1Gv11betaD1N YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/borland_delphi YRP/borland_delphi_dll YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/hijack_network YRP/escalate_priv YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/ScarhiknStrings YRP/Scarhikn
467b9228527e7e1cd433607d397ba792d1a07167787cefd0232151bd421c8682	PE32	2022-02-19 05:39:13	User Submission	YRP/Armadillo_v2xx_CopyMem_II_additional YRP/Microsoft_Visual_Cpp_70_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/hijack_network YRP/network_tcp_listen YRP/network_http YRP/network_tcp_socket YRP/check_patchlevel YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
749278d8b9578611445e6171aeb4d5fcb4d9c6c1e064a1618e5b320332be3953	PE32	2022-02-19 03:59:30	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasRichSignature YRP/with_images YRP/without_attachments YRP/with_urls YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/inject_thread YRP/hijack_network YRP/network_http YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/BASE64_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/UPX YRP/suspicious_packer_section YRP/Chinese_Hacktool_1014
18c8d4d46c06ec4f8b21bc5ffbc47a3791a06569d3ebac7c71872c07b607659e	PE32	2022-02-19 03:57:46	User Submission	YRP/Armadillo_v2xx_CopyMem_II_additional YRP/Microsoft_Visual_Cpp_70_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/hijack_network YRP/network_tcp_listen YRP/network_http YRP/network_tcp_socket YRP/check_patchlevel YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
788a0144eb15268f5e25aff26e404a2b1710e6d5cde22f3c421145c7d5d63e92	PE32	2022-02-19 03:37:18	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Antivirus YRP/WMI_strings YRP/anti_dbg YRP/hijack_network YRP/network_udp_sock YRP/network_tcp_socket YRP/network_dns YRP/win_mutex YRP/win_registry YRP/win_private_profile YRP/win_files_operation YRP/Big_Numbers1 YRP/MD5_Constants YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API
e8f9eb8d80be52a1fba15c13a8c7a4a2b75bb2fdf05bb9f385562e414872f27f	PE32	2022-02-19 03:21:44	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasRichSignature YRP/with_images YRP/without_attachments YRP/with_urls YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Browsers YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/inject_thread YRP/hijack_network YRP/network_http YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/MD5_Constants YRP/MD5_API YRP/BASE64_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/suspicious_packer_section
3eff7cd10a7c04d10fb1293735886030a6451a803e81ea1ecf94fe6c54b1e09c	PE32	2022-02-19 01:48:28	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/with_images YRP/without_attachments YRP/with_urls YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Browsers YRP/Misc_Suspicious_Strings YRP/inject_thread YRP/hijack_network YRP/network_http YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/MD5_Constants YRP/BASE64_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
1c5266c62fb62932d3a8deff938cb5251592748e5a4f447713f94d9ce93aa78e	PE32	2022-02-19 01:35:44	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/with_images YRP/without_attachments YRP/with_urls YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Misc_Suspicious_Strings YRP/inject_thread YRP/hijack_network YRP/network_http YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/MD5_Constants YRP/BASE64_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
f492cb4c36bb954e5e9d1aa1c4f6014df91b5c8a60f0466eaca1736cfed054ac	PE32	2022-02-19 01:33:25	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/D1S1Gv11betaD1N YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/borland_delphi YRP/borland_delphi_dll YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/hijack_network YRP/escalate_priv YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers1 YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/suspicious_packer_section YRP/ScarhiknStrings YRP/Scarhikn
ca6ffff34039a08a8de44ccf10356714aec5999840817fb32bc1414655f649d3	PE32	2022-02-19 01:24:29	User Submission	YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Misc_Suspicious_Strings YRP/DebuggerException__SetConsoleCtrl YRP/anti_dbg YRP/hijack_network YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/UPX YRP/suspicious_packer_section
f0ca36db8027bdadfff41d595334e3b471f0a9667a5f228fc9cd42db5147a6f5	PE32	2022-02-19 01:21:01	User Submission	YRP/Armadillo_v2xx_CopyMem_II_additional YRP/Microsoft_Visual_Cpp_70_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/hijack_network YRP/network_tcp_listen YRP/network_http YRP/network_tcp_socket YRP/check_patchlevel YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
769070d038b05c8440b186adf23d101d99b7189de14a6706afd3fdd70ed3ecd4	PE32	2022-02-18 23:15:20	User Submission	YRP/possible_includes_base64_packed_functions YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional [+] YRP/Microsoft_Visual_Cpp_50 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/with_images YRP/without_attachments YRP/with_urls YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/inject_thread YRP/hijack_network YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_tcp_socket YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/BASE64_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/Chinese_Hacktool_1014
49bf50c6bc85715f79f3f313fde76289cd65ff2a344477fad4f6b4aca539f4a2	PE32	2022-02-18 22:27:57	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/hijack_network YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/UPX YRP/suspicious_packer_section FlorianRoth/DragonFly_APT_Sep17_3
aa469c1fa9e45d8add0b4ad0eab44055fbeb3d32077196c6f16da839055e015a	PE32	2022-02-18 22:06:52	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/D1S1Gv11betaD1N YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/borland_delphi YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/hijack_network YRP/escalate_priv YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/suspicious_packer_section YRP/ScarhiknStrings YRP/Scarhikn
3e768581d69952a1aa7d3c13f2a62e8dea3f31b3347db973b2c9ccbbdb6fd25a	PE32	2022-02-18 20:51:01	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/RE_Tools YRP/Antivirus YRP/Dropper_Strings YRP/anti_dbg YRP/anti_dbgtools YRP/inject_thread YRP/hijack_network YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Str_Win32_Winsock2_Library YRP/UPX YRP/suspicious_packer_section
b9b511b8b3381af44d530c8bab9afd5f029beb77144fec620f588abaed20b1d1	PE32	2022-02-18 20:18:41	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/D1S1Gv11betaD1N YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/borland_delphi YRP/borland_delphi_dll YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/hijack_network YRP/escalate_priv YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/ScarhiknStrings YRP/Scarhikn
90fdebd070f7e7040caf92f71187166c9691a3b9bfc59bf95ac5dbda8dcd5961	PE32	2022-02-18 18:23:45	User Submission	YRP/Armadillo_v2xx_CopyMem_II_additional YRP/Microsoft_Visual_Cpp_70_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/hijack_network YRP/network_tcp_listen YRP/network_http YRP/network_tcp_socket YRP/check_patchlevel YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
ac61ec24270685ab84adfedb641ee54da655b8d3dc59ff0a16dc696dcdef7ebb	PE32	2022-02-18 17:05:54	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/inject_thread YRP/hijack_network YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/MD5_Constants YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/UPX YRP/suspicious_packer_section
cb9fc9bb56283c3bb177fc6ea267bae90092fe70332d605b0f00033a872a9355	PE32	2022-02-18 16:54:18	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/Browsers YRP/Dropper_Strings YRP/ThreadControl__Context YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Delphi_DecodeDate YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/CookieTools
150ea9171ca16f43495446e67cb37ecce64585cfd5113eac3cbc57ffad972663	PE32	2022-02-18 16:43:49	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/RE_Tools YRP/Antivirus YRP/Dropper_Strings YRP/anti_dbg YRP/anti_dbgtools YRP/inject_thread YRP/hijack_network YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Str_Win32_Winsock2_Library YRP/UPX YRP/suspicious_packer_section
b6fc1b8d424500fddf37828fe1a29d6f6e82f856c3d90a49088540651437bea5	PE32	2022-02-18 14:54:33	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/hijack_network YRP/network_http YRP/network_tcp_socket YRP/screenshot YRP/keylogger YRP/spreading_file YRP/win_registry YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/android_meterpreter YRP/Big_Numbers1 YRP/MD5_Constants YRP/BASE64_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/UPX YRP/suspicious_packer_section
6d8e1c6ec61f39b39e79f4e51df7c93e6a000b30ccefbf12dde4118acb439fe4	PE32	2022-02-18 13:37:29	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_60_70 YRP/Borland YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/borland_delphi YRP/borland_delphi_dll YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/contentis_base64 YRP/Browsers YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Delphi_DecodeDate YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/FVEY_ShadowBrokers_Jan17_Screen_Strings
f0ead359bf9c5642b5985f4152ac210b5012bf225faae0eb95d841e817899cb6	PE32	2022-02-18 12:45:25	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/D1S1Gv11betaD1N YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/borland_delphi YRP/borland_delphi_dll YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/hijack_network YRP/escalate_priv YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/ScarhiknStrings YRP/Scarhikn
c8dd5799546659012d789ef06822c6919f210b4eca51beb9b30156fce451cebd	PE32	2022-02-18 11:53:25	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Antivirus YRP/Dropper_Strings YRP/hijack_network YRP/network_tcp_listen YRP/network_http YRP/network_tcp_socket YRP/screenshot YRP/keylogger YRP/spreading_file YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/MD5_Constants YRP/DES_sbox YRP/BASE64_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
f8fc66da9a78627c2dfb2c89ed0c8f6ce676931712ac19c064b3cdd4fb56bbab	PE32	2022-02-18 09:16:23	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/RE_Tools YRP/Antivirus YRP/Dropper_Strings YRP/anti_dbg YRP/anti_dbgtools YRP/inject_thread YRP/hijack_network YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Str_Win32_Winsock2_Library YRP/UPX YRP/suspicious_packer_section
f3b126979c0d9a41257d06234bd638c814d24b57bba172e56717314d2fb7a4f4	PE32	2022-02-18 08:00:12	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/Borland YRP/UPXProtectorv10x2 YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/with_images YRP/without_attachments YRP/with_urls YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Misc_Suspicious_Strings YRP/inject_thread YRP/hijack_network YRP/network_http YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/rat_webcam YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/MD5_Constants YRP/BASE64_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/UPX YRP/suspicious_packer_section
dbba93832010daec634ab36fb2e66a26d88838f425ceab99167799f0563ca6ae	PE32	2022-02-18 07:48:35	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasRichSignature YRP/with_images YRP/without_attachments YRP/with_urls YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Misc_Suspicious_Strings YRP/hijack_network YRP/network_http YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/BASE64_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/suspicious_packer_section YRP/Chinese_Hacktool_1014
9a3c7859a34e440ca4acca72fda894c41b87b64f522fc99813e23b9c7cc1d189	PE32	2022-02-18 07:38:55	User Submission	YRP/Armadillo_v2xx_CopyMem_II_additional YRP/Microsoft_Visual_Cpp_70_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/hijack_network YRP/network_tcp_listen YRP/network_http YRP/network_tcp_socket YRP/check_patchlevel YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
4b5116ec00c333a6246b87978c4dc355f44a729e97959a4c24f5eccaef428f7b	PE32	2022-02-18 07:37:24	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/RE_Tools YRP/Antivirus YRP/DebuggerHiding__Thread YRP/anti_dbg YRP/anti_dbgtools YRP/inject_thread YRP/hijack_network YRP/create_service YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API
50f5ceb3dbfd18734191f348c954f15cd6eb381f96b619bd6247c7f3d6d45f0b	PE32	2022-02-18 07:19:20	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/RE_Tools YRP/Antivirus YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/anti_dbgtools YRP/hijack_network YRP/network_tcp_listen YRP/network_irc YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/spreading_share YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers1 YRP/MD5_Constants YRP/spyeye YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/suspicious_packer_section
7d2b6fb75e5fc6985d68e5483fd97ad78296104b130237db8178ab3c233718b7	PE32	2022-02-18 06:36:42	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/Borland YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/with_images YRP/without_attachments YRP/with_urls YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Browsers YRP/Misc_Suspicious_Strings YRP/inject_thread YRP/hijack_network YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/screenshot YRP/keylogger YRP/spreading_file YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/DES_sbox YRP/BASE64_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/UPX YRP/suspicious_packer_section YRP/GenerateTLSClientHelloPacket_Test
fd949d5b4bb1436c5894520ee176c868addc542248da14a5b6e6ae85559081cf	PE32	2022-02-18 06:32:14	User Submission	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional YRP/Borland_Delphi_v60_v70 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/BobSoftMiniDelphiBoBBobSoft YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/hijack_network YRP/network_udp_sock YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/network_ssl YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/win_hook YRP/android_meterpreter YRP/BASE64_table YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Delphi_DecodeDate YRP/Str_Win32_Winsock2_Library YRP/CookieTools
a39c8fe97fc501c762442abb44d2b74041b8761289c056083245e6a0c524e8e1	PE32	2022-02-18 06:13:18	User Submission	YRP/MaskPEV20yzkzero YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature [+] YRP/domain YRP/contentis_base64 YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_tcp_socket YRP/escalate_priv YRP/screenshot YRP/sniff_audio YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/android_meterpreter YRP/MD5_Constants YRP/Str_Win32_Winsock2_Library YRP/suspicious_packer_section
ec4ec4555fd0942152a1fb5eed92b5b4fe8b09e4088056318b0279f3e1c9ea14	PE32	2022-02-18 06:12:40	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/Borland YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasRichSignature YRP/borland_delphi_dll YRP/with_images YRP/without_attachments YRP/with_urls YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/anti_dbg YRP/inject_thread YRP/hijack_network YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/MD5_Constants YRP/BASE64_table YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Delphi_DecodeDate YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/UPX YRP/suspicious_packer_section
3c1cdfd88d1bd8ec776e8b4a06177423493f395763d3e0e26a225e8658b164fd	PE32	2022-02-18 05:40:29	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/with_images YRP/without_attachments YRP/with_urls YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/inject_thread YRP/hijack_network YRP/network_udp_sock YRP/network_http YRP/network_tcp_socket YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/CRC32b_poly_Constant YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/BASE64_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/UPX YRP/suspicious_packer_section
51974a07ef3bb4624972a4d0501ca9546aafa38e47db3414d18530a25bdf8bcd	PE32	2022-02-18 05:38:00	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsDLL [+] YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/RE_Tools YRP/Antivirus YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/anti_dbgtools YRP/inject_thread YRP/hijack_network YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Str_Win32_Winsock2_Library YRP/UPX YRP/suspicious_packer_section
4931e5dda49db32ff003be7bf56083e7aa529aca6e671b705ca54422d7c624bf	PE32	2022-02-18 05:29:13	User Submission	YRP/Microsoft_Visual_Basic_v50 YRP/VMProtect_1704_phpbb3 YRP/MaskPEV20yzkzero YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_tcp_socket YRP/escalate_priv YRP/screenshot YRP/sniff_audio YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/android_meterpreter YRP/MD5_Constants YRP/Str_Win32_Winsock2_Library YRP/suspicious_packer_section
cfdf4dcb84b7e6716ea7ceee7dc81e4c5f415d12a07a3b9a713b7de32d8abd91	PE32	2022-02-18 05:26:25	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasRichSignature YRP/with_images YRP/without_attachments YRP/with_urls YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VM_Generic_Detection YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/antivm_bios YRP/hijack_network YRP/network_http YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/MD5_Constants YRP/RijnDael_AES YRP/BASE64_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/UPX YRP/suspicious_packer_section
23c4d570d5f02afe26b3ad50b365e3ce27ce343f9e5efb7cf8f0260163b6aace	PE32	2022-02-18 04:54:19	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/with_images YRP/without_attachments YRP/with_urls YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/inject_thread YRP/hijack_network YRP/network_http YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/MD5_Constants YRP/BASE64_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/UPX YRP/suspicious_packer_section
580d2602cffa637baa9d7697da3c0900c3232bfc387d52381a849b0b81ea8502	PE32	2022-02-18 04:52:18	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/with_images YRP/without_attachments YRP/with_urls YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Browsers YRP/Misc_Suspicious_Strings YRP/hijack_network YRP/network_http YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/MD5_Constants YRP/BASE64_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
45d0b0233fa5b0b41c2c1bf3250ac66f1d30cce412fd5ca39e067777b42b7ebf	PE32	2022-02-18 04:43:29	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/inject_thread YRP/hijack_network YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/VC8_Random YRP/Str_Win32_Winsock2_Library
8400b4fcbedb2d0e001b73763d3963ce10757a65087f81f85a68d8d82a237903	PE32	2022-02-18 04:35:35	User Submission	YRP/Armadillo_v2xx_CopyMem_II_additional YRP/Microsoft_Visual_Cpp_70_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/hijack_network YRP/network_tcp_listen YRP/network_http YRP/network_tcp_socket YRP/check_patchlevel YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
c91aa39b6154ce72e4c07e9bb5169564ca432005e96830a4373f648c0296069a	PE32	2022-02-18 04:23:27	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasRichSignature YRP/with_images YRP/without_attachments YRP/with_urls YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/inject_thread YRP/hijack_network YRP/network_http YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/BASE64_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/UPX YRP/suspicious_packer_section YRP/Chinese_Hacktool_1014
4e421bdfa3e21b0ce5670a56a027e8fd6760ba37c0e48acbf3600e602d0f1ebd	PE32	2022-02-18 04:14:01	User Submission	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Browsers YRP/Dropper_Strings YRP/hijack_network YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/network_ssl YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/BASE64_table YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Delphi_DecodeDate YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/CookieTools
29d253380460a28bd44f18932165d9adb134857e351de0d04a029c436728c6b4	PE32	2022-02-18 03:50:44	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Antivirus YRP/WMI_strings YRP/anti_dbg YRP/hijack_network YRP/network_udp_sock YRP/network_tcp_socket YRP/network_dns YRP/win_mutex YRP/win_registry YRP/win_private_profile YRP/win_files_operation YRP/Big_Numbers1 YRP/MD5_Constants YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API
49095ca6f1ea41c2613b773602be323cebc31b54ee24754df9e9274fe9ecc025	PE32	2022-02-18 03:22:40	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/D1S1Gv11betaD1N YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/borland_delphi YRP/borland_delphi_dll YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/hijack_network YRP/escalate_priv YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers1 YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/suspicious_packer_section YRP/ScarhiknStrings YRP/Scarhikn
860ae77c4a15281193b973e4fb9b276791f3a55fc9e7856f8ea4438daf076d59	PE32	2022-02-18 03:14:38	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/DebuggerHiding__Active YRP/anti_dbg YRP/hijack_network YRP/network_http YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/MD5_Constants YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/UPX YRP/suspicious_packer_section
a3b53335d5647b65a4319cb23066d88732722bec17491a09294d18bd7030747d	PE32	2022-02-18 02:55:02	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/inject_thread YRP/hijack_network YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/MD5_Constants YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/UPX YRP/suspicious_packer_section
1f991f9dd990bae020ef5ea71625da5685e126ecd31fab5426c2d2bb744f9d9c	PE32	2022-02-18 02:49:23	User Submission	YRP/Armadillo_v2xx_CopyMem_II_additional YRP/Microsoft_Visual_Cpp_70_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/hijack_network YRP/network_tcp_listen YRP/network_http YRP/network_tcp_socket YRP/check_patchlevel YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
8b76feb1b743532a0a60e45685382ba1e0f157d50122db6de2dffa37b39a6a89	PE32	2022-02-18 02:28:06	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/Borland YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasRichSignature YRP/borland_delphi_dll YRP/with_images YRP/without_attachments YRP/with_urls YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/anti_dbg YRP/inject_thread YRP/hijack_network YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/MD5_Constants YRP/DES_sbox YRP/BASE64_table YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Delphi_DecodeDate YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/UPX YRP/suspicious_packer_section
bab8ffa96815ad6d24cc5d0b235016d63d84bb0bf805ecb6e0ab4cdd4e4f0cff	PE32	2022-02-18 02:24:23	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Microsoft_Visual_Cpp_v60_DLL YRP/IsPE32 YRP/IsDLL [+] YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_tcp_socket YRP/escalate_priv YRP/screenshot YRP/sniff_audio YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/android_meterpreter YRP/MD5_Constants YRP/Str_Win32_Winsock2_Library
89dcb9307ef18d7e24576267dd04ceca9c9c2de9d51979e1099245beb36e3d1f	PE32	2022-02-18 01:42:47	User Submission	YRP/Safeguard_103_Simonzh YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/HasModified_DOS_Message YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/RE_Tools YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/anti_dbgtools YRP/inject_thread YRP/hijack_network YRP/network_udp_sock YRP/network_http YRP/network_tcp_socket YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/suspicious_packer_section
0799f407e083ea1944188d6c71d684fb6816907a319356b04a8b83305482a7b8	PE32	2022-02-18 01:14:06	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/RE_Tools YRP/Antivirus YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/anti_dbgtools YRP/inject_thread YRP/hijack_network YRP/network_tcp_listen YRP/network_irc YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/spreading_share YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers1 YRP/MD5_Constants YRP/spyeye YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library
caaf4f11844516e2d8ac0167bf2d91ae49f9a7fbbaad14a05b1b7ce899e03ce8	PE32	2022-02-18 00:37:59	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/RE_Tools YRP/Antivirus YRP/Dropper_Strings YRP/anti_dbg YRP/anti_dbgtools YRP/inject_thread YRP/hijack_network YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Str_Win32_Winsock2_Library YRP/UPX YRP/suspicious_packer_section
47daf797e635928f54d9c56d696a532b45add8b119bcaf4c77866d89b60e2eb7	PE32	2022-02-18 00:30:56	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/with_images YRP/without_attachments YRP/with_urls YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Browsers YRP/Misc_Suspicious_Strings YRP/inject_thread YRP/hijack_network YRP/network_http YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Big_Numbers4 YRP/Advapi_Hash_API YRP/MD5_Constants YRP/BASE64_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/UPX YRP/suspicious_packer_section
e75a412a9145bd44e77657b597c13ee7148c6afbcb04a0b89c57998161fcebc8	PE32	2022-02-18 00:10:05	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/with_images YRP/without_attachments YRP/with_urls YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Browsers YRP/Misc_Suspicious_Strings YRP/inject_thread YRP/hijack_network YRP/network_http YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/MD5_Constants YRP/BASE64_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
f0c2b68dc58e0cfc45df4695176d97ffbd3c083c27e1e9e4158cbfdd2dd29e89	PE32	2022-02-17 23:58:31	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain [+] YRP/contentis_base64 YRP/System_Tools YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/hijack_network YRP/network_dropper YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API
a3065f27feed0433a1c7a0c34f9c1b1ff5f0ecf9f3462f1bd9ebea8d4017b9e4	PE32	2022-02-17 23:52:47	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/with_images YRP/without_attachments YRP/with_urls YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/inject_thread YRP/hijack_network YRP/network_http YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/BASE64_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
7616ab955bcd020a5c884ac20ce559cdf867306e221d22d4b9d296e0221dbf00	PE32	2022-02-17 23:47:07	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/inject_thread YRP/hijack_network YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/MD5_Constants YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/UPX YRP/suspicious_packer_section
5f0bc8aeb61c06cc3a216cd7a500e391ec119adee14b1472fe36a4a8cade9d57	PE32	2022-02-17 23:45:27	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/with_images YRP/without_attachments YRP/with_urls YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Browsers YRP/Misc_Suspicious_Strings YRP/hijack_network YRP/network_http YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/MD5_Constants YRP/BASE64_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
2f616d5aed310c5b2304cb9691eab36facc4179192e603bca7c43b7a5c362922	PE32	2022-02-17 23:42:58	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/PECompactv2xx YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasRichSignature YRP/with_images YRP/without_attachments YRP/with_urls YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Browsers YRP/Misc_Suspicious_Strings YRP/hijack_network YRP/network_http YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/MD5_Constants YRP/BASE64_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/UPX YRP/suspicious_packer_section
8d6d58800473aa15b3dac92122e81aed3387c1183965c00e051c50833345abf3	PE32	2022-02-17 23:41:44	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/IsBeyondImageSize YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/RE_Tools YRP/Antivirus YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/anti_dbgtools YRP/hijack_network YRP/network_tcp_listen YRP/network_irc YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/spreading_share YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers1 YRP/MD5_Constants YRP/spyeye YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library
c2982b6c6353a5420bcadf28d7655e10b5f4e771053e3869ce81a154f8bf5cc6	PE32	2022-02-17 23:41:31	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Browsers YRP/Misc_Suspicious_Strings YRP/inject_thread YRP/hijack_network YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/MD5_Constants YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/UPX YRP/suspicious_packer_section
683b971e5d823679a4c87574e10e887f2f56dd67d5ffe51f20f722dbaa288e1d	PE32	2022-02-17 23:33:06	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasRichSignature YRP/with_images YRP/without_attachments YRP/with_urls YRP/domain YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/inject_thread YRP/hijack_network YRP/network_smtp_raw YRP/network_http YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
ef6f7171d53e27f8706857184993105f52cb85ca5d52e3f382c4f61df9f18662	MS-DOS	2022-02-17 23:30:10	User Submission	YRP/Mew_11_SE_v12_Eng_Northfox_ YRP/MEW_11_SE_12 YRP/MEW_11_SE_12_additional YRP/MEW_11_SE_v12_NorthfoxHCC_additional [+] YRP/MEW_11_SE_11_Northfox YRP/Mew_11_SE_v12_Eng_Northfox YRP/MEW_11_SE_v12_NorthfoxHCC YRP/MEW_11_SE_v11_Northfox YRP/MEW_11_SE_v11_Northfox_HCC YRP/MEW_11_SE_v11_Northfox_HCC_additional YRP/PEPaCKv10CCopyright1998byANAKiN YRP/mew_11_xx YRP/IsPE32 YRP/IsWindowsGUI YRP/HasModified_DOS_Message YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/RE_Tools YRP/Antivirus YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/anti_dbgtools YRP/hijack_network YRP/network_udp_sock YRP/network_tcp_listen YRP/network_irc YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/keylogger YRP/spreading_share YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers1 YRP/MD5_Constants YRP/spyeye YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/suspicious_packer_section

Recent Searches
yrp/hijack_network
yrp/createinstall_200335
yrp/createinstallv200335
yrp/dcp_des_init
yrp/dos_nc
yrp/execryptor224strongbitsoftcompletedevelopmenth1
yrp/microsoft_cab_sfx_module
yrp/incrypter_03_ininy_by_z3e_nife
yrp/linuxhacktool_eyes_pscan2
yrp/nullsoft_install_system_20

Search

Recent Searches