MalShare

SHA256 Hash	File type	Added	Source	Yara Hits
c27c16af4d315e2022f2bda8d6f7ed9802ca944c3005d70a08f7ca9763b31b20	PE32	2022-03-20 23:16:49	User Submission	YRP/VC8_Microsoft_Corporation YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Browsers YRP/WMI_strings YRP/DebuggerException__SetConsoleCtrl YRP/ThreadControl__Context YRP/DebuggerCheck__MemoryWorkingSet YRP/anti_dbg YRP/inject_thread YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/network_dga YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/migrate_apc YRP/spreading_file YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Big_Numbers2 YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/RijnDael_AES YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/suspicious_packer_section YRP/GenerateTLSClientHelloPacket_Test
8426fd32ca58e7c77d51f9ee9f13dd84e7ef07ee1fe028b55fde07de922e905b	PE32	2022-03-20 23:00:12	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/anti_dbg YRP/disable_dep YRP/inject_thread YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/keylogger YRP/sniff_audio YRP/cred_ff YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Big_Numbers2 YRP/Big_Numbers3 YRP/Prime_Constants_long YRP/RijnDael_AES YRP/Str_Win32_Winsock2_Library YRP/GenerateTLSClientHelloPacket_Test
2b99b6baf3dca3e645c68bdf5b307f2788c631a438336d093998a7acc599c5f9	PE32	2022-03-20 21:22:32	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/UPXv20MarkusLaszloReiser YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser [+] YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/anti_dbg YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_files_operation YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/Str_Win32_Http_API YRP/UPX YRP/suspicious_packer_section
43044908753dee50f5d7f51926d2e2103673e369ffd2128ec3b63bc9a1a7477b	PE32	2022-03-20 20:14:49	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/UPXv20MarkusLaszloReiser YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser [+] YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/anti_dbg YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_files_operation YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/Str_Win32_Http_API YRP/UPX YRP/suspicious_packer_section
faaf677828e8977f44f52c795f2c2e73c56e59bc5eb340cb6c04c2cc51f62155	PE32	2022-03-20 20:14:28	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/DebuggerException__SetConsoleCtrl YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/VC8_Random
98afd680cc4af78efa802f72ac38570c79093431f5df309aadd982cfffba6567	PE32	2022-03-20 19:42:11	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/UPXv20MarkusLaszloReiser YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser [+] YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/anti_dbg YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_files_operation YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/Str_Win32_Http_API YRP/UPX YRP/suspicious_packer_section
aec910e58c47c81a85d972af2aa8bdef621c03cd655cba254eb727d36fb03061	PE32	2022-03-20 17:58:30	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/UPXv20MarkusLaszloReiser YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser [+] YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/anti_dbg YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_files_operation YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/Str_Win32_Http_API YRP/UPX YRP/suspicious_packer_section
fd5616d669a89ba643bd4cc035d4d1924a71b11618cd61c8e783de746753b62a	PE32	2022-03-20 16:39:25	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasDebugData YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/win_files_operation
fd28ac9eba5ec352d343e94b7667fa079ba885ff594d52fe591cf81eea2c03ee	PE32	2022-03-20 16:38:52	User Submission	YRP/Armadillo_v2xx_CopyMem_II_additional YRP/Microsoft_Visual_Cpp_70_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/DebuggerException__SetConsoleCtrl YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/network_tcp_listen YRP/network_tcp_socket YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_private_profile YRP/win_files_operation YRP/DES_sbox YRP/VC8_Random YRP/Str_Win32_Winsock2_Library
e1b147aa2efa6849743f570a3aca8390faf4b90aed490a5682816dd9ef10e473	PE32	2022-03-20 16:36:31	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/anti_dbg YRP/win_files_operation YRP/Str_Win32_Winsock2_Library
ce3c220728c7e22791a10946f7d941e8ae8629bb3418610e3aa3c9b2b2ff440f	PE32	2022-03-20 16:34:39	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/UPXv20MarkusLaszloReiser YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser [+] YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/anti_dbg YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_files_operation YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/Str_Win32_Http_API YRP/UPX YRP/suspicious_packer_section
fa7ad019008c5bd1b69b90de051e62e91d5e81350ba6200be27d5851a8fa391e	PE32	2022-03-20 16:32:27	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasDebugData YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Dropper_Strings YRP/anti_dbg YRP/disable_dep YRP/network_http YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
f716ab9313b06641383d661d1e404c2ed76352f17fb7143bccf4d2d317301239	PE32	2022-03-20 16:25:00	User Submission	YRP/Armadillo_v2xx_CopyMem_II_additional YRP/Microsoft_Visual_Cpp_70_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/DebuggerException__SetConsoleCtrl YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/network_tcp_listen YRP/network_tcp_socket YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_private_profile YRP/win_files_operation YRP/DES_sbox YRP/VC8_Random YRP/Str_Win32_Winsock2_Library
f163f4788da0d445dec687df7d215b6af3c4bea10589fa268e6aff20ff335510	PE32	2022-03-20 16:13:48	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsPacked YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/anti_dbg YRP/escalate_priv YRP/screenshot YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants
ecfc7d6cf284dc8cdd7fd02e7193319c0ec75e3c0e38be530c21bc0c01d36728	PE32	2022-03-20 16:04:30	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/anti_dbg YRP/win_files_operation
e9e5459e32521a8ca1c075a96d3358337919321f5d149fe3a8cc5f6f57b33923	PE32	2022-03-20 15:57:49	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 [+] YRP/domain YRP/contentis_base64 YRP/CRC32_poly_Constant YRP/RijnDael_AES
b5f67c8331be0e25e77f2750715d0fdc7a383df44ec7eff2bbe4bb470f21124b	PE32	2022-03-20 15:55:50	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/UPXv20MarkusLaszloReiser YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser [+] YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/anti_dbg YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_files_operation YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/Str_Win32_Http_API YRP/UPX YRP/suspicious_packer_section
e34d88c4c5cbce728fc194ed66fd63c8a329c136a6929d13868f1cbfbb2d5164	PE32	2022-03-20 15:43:34	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasDebugData YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/contentis_base64 YRP/Dropper_Strings YRP/anti_dbg YRP/network_http YRP/escalate_priv YRP/keylogger YRP/win_token YRP/win_files_operation YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
d7a9047d6d19050866c5b5c7d08f4b45208d9b2a2a4f4179cadaf37ea92cfa89	PE32	2022-03-20 15:18:07	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsConsole [+] YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/contentis_base64 YRP/DebuggerException__SetConsoleCtrl YRP/anti_dbg YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_files_operation
d39a3e2c2724c5e9c0861a94d46530259ea69c06dd40176636080b82b7f879a1	PE32	2022-03-20 15:09:56	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/anti_dbg YRP/network_tcp_socket YRP/network_dns YRP/win_registry YRP/win_files_operation YRP/BASE64_table YRP/Str_Win32_Winsock2_Library
d31c1aa598252bced9b3fef25a20045d48b91e929e8d7353ffd30bdb3a1a3cf4	PE32	2022-03-20 15:08:42	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsPacked YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/anti_dbg YRP/escalate_priv YRP/screenshot YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants
d064cc1d0d70ce88dce14f6d33689c5f2622026ae3f6601fa7f0724a36624016	PE32	2022-03-20 15:03:14	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 [+] YRP/domain YRP/contentis_base64 YRP/CRC32_poly_Constant YRP/RijnDael_AES
c256666562b73aee6208fa0bacff25b832c0ec16fe7e7081a7c7ff3ef2016c83	PE32	2022-03-20 14:34:10	User Submission	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional YRP/Borland_Delphi_v60_v70 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/BobSoftMiniDelphiBoBBobSoft YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Delphi_DecodeDate
bf9caae4940f91401db499ed61a89d3e5ed867bc846f229cced95288739f8dc6	PE32	2022-03-20 14:29:00	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsPacked YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/anti_dbg YRP/escalate_priv YRP/screenshot YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants
b8a7600b813dbd100629f8353a30592f21163319ab6229b1b46c2693483b2ae1	PE32	2022-03-20 14:14:23	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasDebugData YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/anti_dbg YRP/win_files_operation
b5e39716f576e5ff21e945560a98ee7ca7309491b2b7f2643728cd341b9c19de	PE32	2022-03-20 14:07:55	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/anti_dbg YRP/escalate_priv YRP/screenshot YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants
ae64e86e27b074ef0869d747916c9056b5e180f37f80624019d993f2b744dd35	PE32	2022-03-20 13:49:49	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsConsole [+] YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/DebuggerException__SetConsoleCtrl YRP/anti_dbg YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_files_operation
abf8160dd66f87903ba311f77da9f6b5c66538ffd5eedc9555a46369a6917b27	PE32	2022-03-20 13:44:40	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsPacked YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/anti_dbg YRP/escalate_priv YRP/screenshot YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants
aa509d1b61485ca731f996f34538a4ee467cff6ccbfb215f261b4ebe5d655ce8	PE32	2022-03-20 13:41:29	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsConsole [+] YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/DebuggerException__SetConsoleCtrl YRP/anti_dbg YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_files_operation
a934394936e2250fcdf2140235f1948fa86f49264a6d345289061b334c7037d9	PE32	2022-03-20 13:38:11	User Submission	CuckooSandbox/embedded_macho YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Browsers YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/network_http YRP/win_mutex YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/with_sqlite
a8f8da85066d1c19257135bd264d5373ebb151fe330d16fedb093d441ecc1989	PE32	2022-03-20 13:37:39	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/anti_dbg YRP/win_files_operation
a6196179c44372989a82cd3bc60a87262a4bb6a583f6aa38789b4ecafbe5c7b8	PE32	2022-03-20 13:30:34	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/BITS_CLSID YRP/DebuggerCheck__QueryInfo YRP/anti_dbg YRP/create_service YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/MD5_API YRP/VC8_Random YRP/Str_Win32_Winsock2_Library
152dfd82928cddb758f12c3203015640d071e88fd41edb69f906025b8086540c	PE32	2022-03-20 13:07:52	User Submission	YRP/Armadillo_v2xx_CopyMem_II_additional YRP/Microsoft_Visual_Cpp_70_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/contentis_base64 YRP/DebuggerException__SetConsoleCtrl YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/VC8_Random
9b233994400898091ccf11650beeab0d234ca3c9c5472dcbaa95360eb14d5516	MS-DOS	2022-03-20 13:04:44	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/IsBeyondImageSize [+] YRP/HasModified_DOS_Message YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/Obfuscated_Strings YRP/win_registry YRP/Prime_Constants_long YRP/RijnDael_AES YRP/BASE64_table YRP/VC8_Random FlorianRoth/WiltedTulip_ReflectiveLoader
8348b0756633b675ff22ed3b840497f2393e8d9587f8933ac2469d689c16368a	PE32	2022-03-20 12:55:55	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Armadillo_v4x YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData YRP/HasRichSignature YRP/powershell YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Browsers YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/inject_thread YRP/network_dropper YRP/network_dns YRP/escalate_priv YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/Str_Win32_Winsock2_Library YRP/Codoso_Gh0st_2 YRP/Codoso_Gh0st_1 YRP/fin7_functions FlorianRoth/Codoso_Gh0st_2 FlorianRoth/Codoso_Gh0st_1
96dde0a25cc6ca81a6d3d5025a36827b598d94f0fca6ab0363bfc893706f2e87	PE32	2022-03-20 12:54:32	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 [+] YRP/domain YRP/contentis_base64 YRP/CRC32_poly_Constant YRP/RijnDael_AES
9486d93dedcb4e1eabc7ab1c778b01459f8afc13aba9d3017e20003c22476100	PE32	2022-03-20 12:49:31	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/DebuggerCheck__QueryInfo YRP/ThreadControl__Context YRP/SEH__vectored YRP/anti_dbg YRP/disable_dep YRP/inject_thread YRP/network_tcp_listen YRP/network_http YRP/network_tcp_socket YRP/escalate_priv YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/GenerateTLSClientHelloPacket_Test
93716c86a95207d2a151c0b3ff70e14b16fd7bf7dace1b17449f51eb05a17c2a	PE32	2022-03-20 12:46:36	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsPacked YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/anti_dbg YRP/escalate_priv YRP/screenshot YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants
8d5d64d7fe461ea3d2c4ef989b5919dd74f0d7a5803fcaeb23bda4d815f22d83	PE32	2022-03-20 12:34:26	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsPacked YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/anti_dbg YRP/escalate_priv YRP/screenshot YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants
84b87be120ec7d63af6e791e1642c63d4d83c09a1726f3b036c19547ccbef6be	MS-DOS	2022-03-20 12:18:33	User Submission	YRP/Visual_Cpp_2005_DLL_Microsoft YRP/Visual_Cpp_2003_DLL_Microsoft YRP/IsPE32 YRP/IsDLL [+] YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/ThreadControl__Context YRP/anti_dbg YRP/inject_thread YRP/network_http YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Prime_Constants_long YRP/RijnDael_AES YRP/BASE64_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API FlorianRoth/WiltedTulip_ReflectiveLoader FlorianRoth/ReflectiveLoader
8270d45e0ff9f3bf19cb0bcaf72e21190d3c404ccd79e7b773b4ba3b915f37cd	PE32	2022-03-20 12:15:03	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 [+] YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/anti_dbg YRP/inject_thread YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/network_dga YRP/escalate_priv YRP/win_mutex YRP/win_token YRP/win_files_operation YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API FlorianRoth/ReflectiveLoader
7b4a13c022f0948f0a7ace0c2ea8b85af4f596338af14c3a1be2e63f55cbb335	PE32	2022-03-20 11:59:51	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/DebuggerCheck__RemoteAPI YRP/Check_Debugger YRP/anti_dbg YRP/network_http YRP/network_tcp_socket YRP/network_dga YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
6ad2831339a2a6fc8d140c8718cf38fabef9915409bd32cd86221b515b4be629	PE32	2022-03-20 11:22:45	User Submission	CuckooSandbox/vmdetect YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature [+] YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/VMWare_Detection YRP/vmdetect YRP/network_tcp_socket YRP/CRC32_poly_Constant YRP/CRC32_table YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/suspicious_packer_section
681836cd8181c784646b39238d8e4d9323b91c71690894782220e2678c1f3191	PE32	2022-03-20 11:16:14	User Submission	YRP/IsPE32 YRP/IsConsole YRP/HasDebugData YRP/HasRichSignature [+] YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/WMI_strings YRP/anti_dbg YRP/CRC32_poly_Constant YRP/RijnDael_AES
66e66bf9b217bc603627b0ed7178b6a8156b3fd1a5bd43865799460cd8698d4a	PE32	2022-03-20 11:13:37	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32c_poly_Constant YRP/CRC32_poly_Constant YRP/CRC32_table YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/GenerateTLSClientHelloPacket_Test
55ebe7258f8c713648707d2f23ac07cda79caedfe130c7cb42c7abb54e4cd9b9	PE32	2022-03-20 10:37:58	User Submission	YRP/possible_includes_base64_packed_functions YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsConsole YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Qemu_Detection YRP/anti_dbg YRP/win_files_operation YRP/suspicious_packer_section
53a57e1bd19960ce52a8c7877f25ac897330e102c9ad403fc16c2cb5e8c12f90	PE32	2022-03-20 10:33:21	User Submission	YRP/Armadillo_v2xx_CopyMem_II_additional YRP/Microsoft_Visual_Cpp_70_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/DebuggerException__SetConsoleCtrl YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/network_tcp_listen YRP/network_tcp_socket YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_private_profile YRP/win_files_operation YRP/DES_sbox YRP/VC8_Random YRP/Str_Win32_Winsock2_Library
1eff8f38e89805c73b7f6145530038d7baff71905ae128c76444e1b56b741c00	PE32	2022-03-20 09:01:19	User Submission	YRP/IsPE32 YRP/IsConsole YRP/IsBeyondImageSize YRP/maldoc_find_kernel32_base_method_1 [+] YRP/domain YRP/contentis_base64
6466e7d44b195aef5ae22a5db00e884544a937909f424518c8e34545057a2b2a	PE32	2022-03-20 03:28:23	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/anti_dbg YRP/win_files_operation YRP/Big_Numbers1
d733820d2a64caf8d0fdc1699ce9e49c9683b02c3ce1f9ffd67ca2c8120e747c	PE32	2022-03-20 03:23:54	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/anti_dbg YRP/screenshot YRP/win_registry YRP/win_files_operation YRP/CRC32_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/suspicious_packer_section
db7a30e9b00ca0f55460c2b617afef03bfa42f53d60d32fe29014f9daf1574e7	PE32	2022-03-20 03:22:54	User Submission	YRP/Safeguard_103_Simonzh YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/DebuggerException__SetConsoleCtrl YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/win_registry YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants
2543f5e64526ac9b75b65c2ebddb5513e9bc12a7ef669909030146a5d23248b1	PE32	2022-03-20 03:18:59	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsPacked YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/anti_dbg YRP/win_registry YRP/win_files_operation YRP/MD5_Constants
314404106e72221926eb422e82cfae3e96708a6c6fd0f3dbc6e247834423f330	PE32	2022-03-20 03:13:17	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsConsole [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/anti_dbg YRP/win_mutex YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers2 YRP/BASE64_table YRP/GenerateTLSClientHelloPacket_Test
2a8dd63e2c25138a601dd9ac0b240b13f4b37a8c5782cd1e65261432a41f6aa2	PE32	2022-03-20 03:13:01	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsConsole [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/WMI_strings YRP/anti_dbg YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table YRP/GenerateTLSClientHelloPacket_Test
b47e5b1053024fc778fabee51f8e6ad0b60adc8fc883d0da349ede7a3ad101d1	PE32	2022-03-20 03:08:09	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/DebuggerException__SetConsoleCtrl YRP/anti_dbg YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/win_files_operation YRP/android_meterpreter YRP/Big_Numbers0 YRP/Big_Numbers2 YRP/Prime_Constants_long YRP/BLOWFISH_Constants YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/WHIRLPOOL_Constants YRP/DES_Long YRP/DES_sbox YRP/RijnDael_AES YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/GenerateTLSClientHelloPacket_Test
7b40cc1f05bd9acac6388fc820c07d75bac5c28afc2c5372a8a85f3fa9c7794a	PE32	2022-03-20 03:07:32	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Antivirus YRP/VM_Generic_Detection YRP/anti_dbg YRP/escalate_priv YRP/screenshot YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers1 YRP/CRC32_poly_Constant YRP/CRC32_table
d84040ec37eb1a561d83dc8de1b9cd244a4d9533c60d757478ba96227edc856e	PE32	2022-03-20 03:02:41	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Antivirus YRP/anti_dbg YRP/network_http YRP/network_dga YRP/screenshot YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/Advapi_Hash_API YRP/MD5_Constants YRP/BASE64_table YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
6e4577bc7c8dca940fddbe57b543153e75abd39d261faec403efb8a5a35d243a	PE32	2022-03-20 03:02:23	User Submission	YRP/ASProtect_v132 YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/WMI_strings YRP/DebuggerException__SetConsoleCtrl YRP/anti_dbg YRP/disable_dep YRP/create_service YRP/screenshot YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers1 YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/DES_sbox YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table
95d9fecc63e017346ddd3f9841326f1ece24d00b568ef67b1a30e9b6888ad593	PE32	2022-03-20 03:01:40	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/anti_dbg YRP/win_files_operation YRP/Big_Numbers1
a4fb1fed9a9146b11bc320d5c0c471681ef43f0c62908ef7cfc60aa003decc52	PE32	2022-03-20 03:00:29	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/anti_dbg YRP/escalate_priv YRP/screenshot YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants
41c1fd113e1ce21fb983a56e052608693c0ae0cd90b7948d11bb90ac72991ecb	PE32	2022-03-20 01:12:46	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_dep YRP/inject_thread YRP/network_dropper YRP/network_dns YRP/escalate_priv YRP/keylogger YRP/sniff_audio YRP/cred_ff YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API FlorianRoth/Malware_Floxif_mpsvc_dll
2df20feb158d1fd59acc38775a791ac1ee3093bffe2add9e568825b4e6700cb3	PE32	2022-03-20 00:28:12	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/anti_dbg YRP/win_files_operation
2d6168e0162875170aa96e1c29da0e6f809c834b68630277569fea3f298f1bda	PE32	2022-03-20 00:26:40	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/maldoc_find_kernel32_base_method_1 [+] YRP/domain YRP/url YRP/contentis_base64 YRP/keylogger
1c9ac73de149a9df1d58572db60bfa8824470f11c109ea55b91aada0d6c8a2a6	PE32	2022-03-19 23:48:34	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsPacked YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/anti_dbg YRP/escalate_priv YRP/screenshot YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants
81ec5293c1be63d2bdb173f258830914b3dfd094159211f1703b4666eeca1cbc	PE32	2022-03-19 20:00:53	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsPacked YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/contentis_base64 YRP/anti_dbg YRP/win_files_operation
eb11729804c030f17ae3daf219cb9526fd22d02e6d4b59b88cdd8cb748b5635b	PE32	2022-03-19 18:02:46	User Submission	CuckooSandbox/embedded_macho YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/network_http YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/with_sqlite
3cc17e8a578397b8dad4299539f31925ea3777455d112dafbaf7df283c7cb11e	PE32	2022-03-19 07:08:34	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/contentis_base64 YRP/anti_dbg YRP/network_tcp_socket YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/Big_Numbers1 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/with_sqlite
3b4357ccbe5c7ec75510c453b4b191cf5f076babbf645938d4584ba9bc532e19	PE32	2022-03-19 07:01:53	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsPacked YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/WMI_strings YRP/anti_dbg YRP/escalate_priv YRP/screenshot YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG
ee94849e0fb00903f14b9838bf0b702216f377ab10f1fe9fb22c8fdf350a6c96	PE32	2022-03-19 03:34:48	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/anti_dbg YRP/win_files_operation YRP/Big_Numbers1
08b4215f1682fe599d8246a5b2dd0b2cdb4545892c47dd6481ade3d2563815bb	PE32	2022-03-19 03:24:15	User Submission	YRP/Safeguard_103_Simonzh YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/DebuggerException__SetConsoleCtrl YRP/Check_OutputDebugStringA_iat YRP/DebuggerCheck__MemoryWorkingSet YRP/anti_dbg YRP/antisb_threatExpert YRP/inject_thread YRP/network_tcp_listen YRP/network_tcp_socket YRP/escalate_priv YRP/migrate_apc YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API YRP/suspicious_packer_section
660be1c54a68cda1db200ffe50927cc506b8d664fcf765102766c8ad2278f65d	PE32	2022-03-19 03:21:49	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Antivirus YRP/anti_dbg YRP/network_http YRP/network_dga YRP/screenshot YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/Advapi_Hash_API YRP/MD5_Constants YRP/BASE64_table YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
2ced52667838d09afeb9b0627996af2ceeb04a1e86f331c885c836edd97f7eb2	PE32	2022-03-19 03:18:22	User Submission	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional YRP/Borland_Delphi_v60_v70 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/BobSoftMiniDelphiBoBBobSoft YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasDigitalSignature YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/anti_dbg YRP/escalate_priv YRP/screenshot YRP/win_token YRP/win_files_operation YRP/Big_Numbers1 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/GenerateTLSClientHelloPacket_Test
389c0047e70349e7d76eb4f09b9b44e3b8d21f2aa23d830e3add9a567e9d02d5	PE32	2022-03-19 03:10:26	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/anti_dbg YRP/win_files_operation YRP/Big_Numbers1
3b5dbaad610f83173c0cc9d84216d39a9cf50d1327a24cb7846c355614393ce3	PE32	2022-03-19 03:09:22	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/anti_dbg YRP/win_token YRP/win_files_operation YRP/Big_Numbers1
3e9f8a23ab29dc16006d57204e1bf006257de4378cf4e10943bea540cdf2b468	PE32	2022-03-19 03:04:33	User Submission	CuckooSandbox/embedded_macho YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/network_http YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/with_sqlite
40a3de3888ab4b94a8f6bd5a3ad10e78bd97fcd1ff53af160be10212c2fe76d1	PE32	2022-03-19 03:02:22	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/BITS_CLSID YRP/anti_dbg YRP/network_http YRP/network_dga YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/android_meterpreter YRP/Advapi_Hash_API YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
98e7864c45b16b27a96bb886a7da3189e78a7586ed5e892c5c718be441cc09c1	PE32	2022-03-19 03:01:48	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/anti_dbg YRP/win_token YRP/win_files_operation YRP/Big_Numbers1
5f0ccb71ba3678d2f7c0b4d4c45e43dfc5550257c05e64e5c31810222f9b3bb4	PE32	2022-03-19 03:01:11	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/anti_dbg YRP/screenshot YRP/win_mutex YRP/win_token YRP/win_files_operation YRP/Advapi_Hash_API YRP/Str_Win32_Http_API
30d61c9063fe72a9a6a1519ad4a2c43dc7e88fac46904e6f7227fa789be5dbb6	PE32	2022-03-18 18:00:33	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsConsole [+] YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/anti_dbg YRP/win_files_operation
b87a9363db44da3f9677ad32fd2e644b1ea1d0149c3bf8b74af3cb39d77e7e78	PE32	2022-03-18 17:02:49	User Submission	CuckooSandbox/embedded_macho YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/network_http YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/with_sqlite
8670bff227794e363192395e216ab597a45cabb24eada8deeb3c3c50befa3980	PE32	2022-03-18 12:07:51	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/anti_dbg YRP/win_files_operation YRP/BASE64_table
0f57321617eeb4badacc5f98c543350a7377ca91a9e9c293e1f09e8bc74d43c0	PE32	2022-03-18 12:07:46	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/win_files_operation YRP/BASE64_table
ad2ac37e107f15a9f571298de45225d9dc218030b8fc70e6e27c5c5d4fa1ce9d	PE32	2022-03-18 12:07:41	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/win_files_operation YRP/BASE64_table
e44e4aa9bfeb39d0b2ab709d69349dee1664bcb23e8e6c9cfd45f9c898568580	PE32	2022-03-18 12:04:53	User Submission	YRP/IsPE32 YRP/HasOverlay YRP/HasDigitalSignature YRP/HasRichSignature [+] YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/anti_dbg YRP/win_files_operation
0b2db410c50d9e4eb7e88177c463be3da5fff5527d9dc2ae10fa26ebe2721ef1	PE32	2022-03-18 11:02:34	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/anti_dbg YRP/win_files_operation YRP/Big_Numbers2 YRP/Big_Numbers3 YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table
5ace36ce31db7a6c248891433b823d36420207e67e9bdc8f61caf2bad01fc34e	PE32	2022-03-18 10:05:26	User Submission	CuckooSandbox/embedded_macho YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/network_http YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/with_sqlite
2779a981bae47dccca241d3af3e2b794722dbad3aa7e04a81198e8e9267b0882	PE32	2022-03-18 07:03:34	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/contentis_base64 YRP/anti_dbg YRP/network_tcp_socket YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/Big_Numbers1 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/with_sqlite
d0f3e331802a41969a5efcb7b89948623dc35a519befff49a943410dddac0c16	PE32	2022-03-18 06:00:30	User Submission	CuckooSandbox/vmdetect YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/vmdetect YRP/Big_Numbers1 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/BASE64_table YRP/suspicious_packer_section
0482412106e3f61690e08321a551d208b3a3deca49bfb23d16121057db216ca1	PE32	2022-03-18 03:34:24	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsPacked YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/BITS_CLSID YRP/anti_dbg YRP/network_http YRP/network_dga YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/android_meterpreter YRP/Advapi_Hash_API YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
586565cb4c1494c05639e9aed572f8c8a405d1420c4332455fefb6102e81709b	PE32	2022-03-18 03:33:30	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsPacked YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Browsers YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/cred_local YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Str_Win32_Http_API
af729a976dcebe64930a1a911d1fb695fea2151a89c9f6a580f7e4f72bb6c8d8	PE32	2022-03-18 03:24:26	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/anti_dbg YRP/screenshot YRP/win_mutex YRP/win_token YRP/win_files_operation YRP/Advapi_Hash_API YRP/Str_Win32_Http_API
f6ae7232bae7df2bcef0146c867f4288e52c2ff8a365d0d665a20c5d35112676	PE32	2022-03-18 03:24:09	User Submission	YRP/Safeguard_103_Simonzh YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/DebuggerException__SetConsoleCtrl YRP/Check_OutputDebugStringA_iat YRP/DebuggerCheck__MemoryWorkingSet YRP/anti_dbg YRP/antisb_threatExpert YRP/inject_thread YRP/network_tcp_listen YRP/network_tcp_socket YRP/escalate_priv YRP/migrate_apc YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/android_meterpreter YRP/Big_Numbers1 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API YRP/suspicious_packer_section
7c6d83ab98a0b82641bb45a2457d29eb34102c76e57412a260b27543c9103046	PE32	2022-03-18 03:23:51	User Submission	YRP/Safeguard_103_Simonzh YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/win_registry YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/BASE64_table
04986ae1cd326891721fcb3f387d355e160d64cc8122421a83d46c687e31a700	PE32	2022-03-18 03:21:20	User Submission	CuckooSandbox/vmdetect YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/DebuggerCheck__QueryInfo YRP/vmdetect YRP/anti_dbg YRP/antisb_threatExpert YRP/escalate_priv YRP/cred_local YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers1 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/Str_Win32_Http_API
3e022380a4b739fa20d9a66ddf0e7f814b6b46ebe603b19f85bd6261408bd2ca	PE32	2022-03-18 03:21:03	User Submission	YRP/Safeguard_103_Simonzh YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/DebuggerException__SetConsoleCtrl YRP/Check_OutputDebugStringA_iat YRP/DebuggerCheck__MemoryWorkingSet YRP/anti_dbg YRP/antisb_threatExpert YRP/inject_thread YRP/network_tcp_listen YRP/network_tcp_socket YRP/escalate_priv YRP/migrate_apc YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API YRP/suspicious_packer_section
1514a68e32606b7718db8ad1f76d92c71daa1ce1956115db73d3d726dd43bcfa	PE32	2022-03-18 03:14:11	User Submission	YRP/Safeguard_103_Simonzh YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDigitalSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/BASE64_table YRP/Str_Win32_Http_API
88d141b300ce2b3a338ec9cff0973830697cb122a195c100e445ed06ccc9a643	PE32	2022-03-18 03:10:45	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/anti_dbg YRP/win_files_operation YRP/Big_Numbers1
57158333d378f7fecca5a7f01d87bc32c5d53c0ac46093a244ff4473829d52e7	PE32	2022-03-18 03:07:41	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Antivirus YRP/anti_dbg YRP/network_http YRP/network_dga YRP/screenshot YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/Advapi_Hash_API YRP/MD5_Constants YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
ac5606aec1f9882477290c2d719fc6e0374bf8ed2b711bf602dc9ffbf79334a5	PE32	2022-03-18 03:07:34	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/anti_dbg YRP/win_files_operation
4a342bfe78384a69f32343586ac44337a4cfe56f9ad0da53554f1f710e204f26	PE32	2022-03-18 03:07:20	User Submission	YRP/Safeguard_103_Simonzh YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/DebuggerCheck__QueryInfo YRP/DebuggerHiding__Thread YRP/DebuggerException__SetConsoleCtrl YRP/Check_OutputDebugStringA_iat YRP/DebuggerCheck__MemoryWorkingSet YRP/anti_dbg YRP/antisb_threatExpert YRP/disable_dep YRP/inject_thread YRP/network_tcp_listen YRP/network_tcp_socket YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API

Recent Searches
yrp/maldoc_find_kernel32_base_method_1
yrp/webshell_simple_cmd
yrp/win_files_operation
yrp/anti_dbg
yrp/trojan_win32_adupib
yrp/fsgv20
yrp/office_document_vba
yrp/webshell_go_shell
yrp/ascryptv01storm4
yrp/amasty_biz_js

Search

Recent Searches