MalShare

SHA256 Hash	File type	Added	Source	Yara Hits
4e0cadec85e1e4b8666d0c114cdccd8c50ed59a7a6e8dd54cc5ed1abaabe889d	MS-DOS	2022-02-24 04:09:07	User Submission	YRP/Safeguard_103_Simonzh YRP/UPXv20MarkusLaszloReiser YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/UPX20030XMarkusOberhumerLaszloMolnarJohnReiser [+] YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/contentis_base64 YRP/DebuggerException__SetConsoleCtrl YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/win_registry YRP/win_files_operation YRP/UPX YRP/suspicious_packer_section
b4daca4dfc79f1b55ac646a376c5597cc1a35a17c5244b039cb65b64d2a61c77	PE32	2022-02-22 18:59:12	User Submission	YRP/Safeguard_103_Simonzh YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/contentis_base64 YRP/Antivirus YRP/Dropper_Strings YRP/DebuggerException__SetConsoleCtrl YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Str_Win32_Winsock2_Library YRP/UPX YRP/suspicious_packer_section
dcd77cbafb9f454fd8f2455d65a7d095c64f1af7efc38e91b20bf50aa145ef0e	PE32	2022-02-19 16:31:00	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/RE_Tools YRP/Antivirus YRP/Dropper_Strings YRP/anti_dbg YRP/anti_dbgtools YRP/inject_thread YRP/hijack_network YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Str_Win32_Winsock2_Library YRP/UPX YRP/suspicious_packer_section
81b0b7a56f17bfb79cd5ce7481bd1118f40ae722ae1e88c37045e7f08ff0e929	PE32	2022-02-19 15:27:15	User Submission	YRP/Armadillo_v1xx_v2xx_additional YRP/Microsoft_Visual_Cpp_60_DLL_additional YRP/Microsoft_Visual_Cpp_v70_DLL YRP/Microsoft_Visual_Cpp_v50v60_MFC [+] YRP/Microsoft_Visual_Cpp_60_DLL_Debug YRP/Armadillo_v1xx_v2xx YRP/Microsoft_Visual_Cpp_v60_DLL YRP/Microsoft_Visual_Cpp_60_DLL YRP/Microsoft_Visual_Cpp_60 YRP/Armadillov1xxv2xx YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_getEIP_method_4 YRP/domain YRP/contentis_base64 FlorianRoth/DragonFly_APT_Sep17_3
2df76bec078712e6bd9710bde12345f1e29fbdbbd9b9bfc96c3fedae81350f2b	PE32	2022-02-19 03:56:47	User Submission	CuckooSandbox/vmdetect YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi [+] YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/UPXv20MarkusLaszloReiser YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/UPX20030XMarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/borland_delphi YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Antivirus YRP/VMWare_Detection YRP/Misc_Suspicious_Strings YRP/vmdetect YRP/escalate_priv YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers1 YRP/DES_sbox YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API
84c51c1899086f76c8a206c7ab80a32af7721e87c76ed101f5501018a1ef85ba	PE32	2022-02-19 03:03:15	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI YRP/HasModified_DOS_Message [+] YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/network_tcp_listen YRP/network_irc YRP/network_tcp_socket YRP/network_dns YRP/cred_local YRP/win_mutex YRP/win_token YRP/win_files_operation YRP/Big_Numbers1 YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API
3e768581d69952a1aa7d3c13f2a62e8dea3f31b3347db973b2c9ccbbdb6fd25a	PE32	2022-02-18 19:51:01	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/RE_Tools YRP/Antivirus YRP/Dropper_Strings YRP/anti_dbg YRP/anti_dbgtools YRP/inject_thread YRP/hijack_network YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Str_Win32_Winsock2_Library YRP/UPX YRP/suspicious_packer_section
150ea9171ca16f43495446e67cb37ecce64585cfd5113eac3cbc57ffad972663	PE32	2022-02-18 15:43:49	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/RE_Tools YRP/Antivirus YRP/Dropper_Strings YRP/anti_dbg YRP/anti_dbgtools YRP/inject_thread YRP/hijack_network YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Str_Win32_Winsock2_Library YRP/UPX YRP/suspicious_packer_section
f8fc66da9a78627c2dfb2c89ed0c8f6ce676931712ac19c064b3cdd4fb56bbab	PE32	2022-02-18 08:16:23	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/RE_Tools YRP/Antivirus YRP/Dropper_Strings YRP/anti_dbg YRP/anti_dbgtools YRP/inject_thread YRP/hijack_network YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Str_Win32_Winsock2_Library YRP/UPX YRP/suspicious_packer_section
00bdbbed5cc9f1eaeffb1cd7ae8763e069cdbd16ffc339c653b58cc627839d7e	PE32	2022-02-18 06:15:38	User Submission	YRP/PackerUPX_CompresorGratuito_wwwupxsourceforgenet YRP/UPX_wwwupxsourceforgenet_additional YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h YRP/Netopsystems_FEAD_Optimizer_1 [+] YRP/UPX_290_LZMA YRP/UPX_290_LZMA_Markus_Oberhumer_Laszlo_Molnar_John_Reiser YRP/UPX_290_LZMA_additional YRP/UPX_wwwupxsourceforgenet YRP/UPXv20MarkusLaszloReiser YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/UPX20030XMarkusOberhumerLaszloMolnarJohnReiser YRP/UPX290LZMAMarkusOberhumerLaszloMolnarJohnReiser YRP/upx_3 YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasRichSignature YRP/maldoc_getEIP_method_4 YRP/domain YRP/contentis_base64 YRP/UPX YRP/suspicious_packer_section FlorianRoth/DragonFly_APT_Sep17_3
5719cb2e6bd10f1ad36db8a6294b59ab72a63b6cdf2eb7672fdc28a391c269da	PE32	2022-02-18 04:55:14	User Submission	YRP/ACProtect_13x_14x_DLL_Risco_Software_Inc YRP/UPX_v0896_v102_v105_v122_DLL_additional YRP/UPX_v0896_v102_v105_v122 YRP/UPX_v0896_v102_v105_v122_DLL_Laszlo_Markus [+] YRP/UPX_v0896_v102_v105_v122_DLL YRP/UPX_v0896_v102_v105_v122_additional YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_getEIP_method_4 YRP/domain YRP/contentis_base64 YRP/UPX YRP/suspicious_packer_section FlorianRoth/DragonFly_APT_Sep17_3
51974a07ef3bb4624972a4d0501ca9546aafa38e47db3414d18530a25bdf8bcd	PE32	2022-02-18 04:38:00	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsDLL [+] YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/RE_Tools YRP/Antivirus YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/anti_dbgtools YRP/inject_thread YRP/hijack_network YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Str_Win32_Winsock2_Library YRP/UPX YRP/suspicious_packer_section
0139c6e539184802eeb7b20d3f2cd6048e64e6d1a6d308cc592bd6ca09f063f5	PE32	2022-02-18 03:58:27	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Misc_Suspicious_Strings YRP/network_udp_sock YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_irc YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/spreading_share YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/android_meterpreter YRP/Big_Numbers1 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/BASE64_table YRP/VC6_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
caaf4f11844516e2d8ac0167bf2d91ae49f9a7fbbaad14a05b1b7ce899e03ce8	PE32	2022-02-17 23:37:59	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/RE_Tools YRP/Antivirus YRP/Dropper_Strings YRP/anti_dbg YRP/anti_dbgtools YRP/inject_thread YRP/hijack_network YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Str_Win32_Winsock2_Library YRP/UPX YRP/suspicious_packer_section
5228aa04b4b85708b5a84ac33ae38cbc002b54f75fd2e168bda941b77d9f086e	PE32	2022-02-17 21:23:16	User Submission	YRP/RAR_SFX YRP/RAR_SFX_additional YRP/UPXv20MarkusLaszloReiser YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser [+] YRP/UPX20030XMarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/contentis_base64 YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/UPX YRP/suspicious_packer_section
fdf4aa16f19f493598863dc8dd8e57807d4f27a01addb188bfdcacdecd384350	PE32	2022-02-17 18:25:38	User Submission	YRP/Armadillo_v1xx_v2xx_additional YRP/Microsoft_Visual_Cpp_60_DLL_additional YRP/Microsoft_Visual_Cpp_v70_DLL YRP/Microsoft_Visual_Cpp_v50v60_MFC [+] YRP/Microsoft_Visual_Cpp_60_DLL_Debug YRP/Armadillo_v1xx_v2xx YRP/Microsoft_Visual_Cpp_v60_DLL YRP/Microsoft_Visual_Cpp_60_DLL YRP/Microsoft_Visual_Cpp_60 YRP/Armadillov1xxv2xx YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_getEIP_method_4 YRP/domain YRP/contentis_base64 YRP/Misc_Suspicious_Strings FlorianRoth/DragonFly_APT_Sep17_3
b45c75ba512c988a9da363d6647c2568ae497d2e51394fcc8dd37a5f3554c855	PE32	2022-02-17 17:59:10	User Submission	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional YRP/Borland_Delphi_v60_v70 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/BobSoftMiniDelphiBoBBobSoft YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/borland_delphi YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Browsers YRP/Obfuscated_Strings YRP/Misc_Suspicious_Strings YRP/network_udp_sock YRP/network_tcp_listen YRP/network_irc YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers1 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/BLOWFISH_Constants YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/DES_sbox YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
633c4526154f02ccd9d4b5b5832766589c10b742fbc6a4750c8e58dbbaa229a0	PE32	2022-02-17 12:04:22	User Submission	YRP/PackerUPX_CompresorGratuito_wwwupxsourceforgenet YRP/UPX_wwwupxsourceforgenet_additional YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h YRP/Netopsystems_FEAD_Optimizer_1 [+] YRP/UPX_290_LZMA YRP/UPX_290_LZMA_Markus_Oberhumer_Laszlo_Molnar_John_Reiser YRP/UPX_290_LZMA_additional YRP/UPX_wwwupxsourceforgenet YRP/UPXv20MarkusLaszloReiser YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/UPX20030XMarkusOberhumerLaszloMolnarJohnReiser YRP/UPX290LZMAMarkusOberhumerLaszloMolnarJohnReiser YRP/upx_3 YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasRichSignature YRP/maldoc_getEIP_method_4 YRP/domain YRP/contentis_base64 YRP/UPX YRP/suspicious_packer_section FlorianRoth/DragonFly_APT_Sep17_3
e22a2c4bb42c975dfe2b608882848c901b5f51dfa3153a9ae17c798761b504ad	PE32	2022-02-17 08:24:17	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasRichSignature YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/network_irc YRP/network_http YRP/lookupip YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/Big_Numbers1 YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API
fd38ef7d8ef1f091e70fd6462081e0a1c25aa3a4696d2a738e4eff635ff6b0bc	PE32	2022-02-17 08:13:29	User Submission	YRP/Armadillo_v1xx_v2xx_additional YRP/Microsoft_Visual_Cpp_60_DLL_additional YRP/Microsoft_Visual_Cpp_v70_DLL YRP/Microsoft_Visual_Cpp_v50v60_MFC [+] YRP/Microsoft_Visual_Cpp_60_DLL_Debug YRP/Armadillo_v1xx_v2xx YRP/Microsoft_Visual_Cpp_v60_DLL YRP/Microsoft_Visual_Cpp_60_DLL YRP/Microsoft_Visual_Cpp_60 YRP/Armadillov1xxv2xx YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/network_irc YRP/network_http YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/Big_Numbers1 YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API
7bcda00bcbd5461a10a2bbdda8834064413b72c3bb5dfd5b4afba08db0cfbd96	PE32	2022-02-17 06:05:42	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/RE_Tools YRP/Antivirus YRP/Dropper_Strings YRP/anti_dbg YRP/anti_dbgtools YRP/inject_thread YRP/hijack_network YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Str_Win32_Winsock2_Library YRP/UPX YRP/suspicious_packer_section
b2cd4e70e10028d621180d557c50fb1c54865dbac9018f68db15e8050ae5c5ea	PE32	2022-02-16 22:43:45	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsDLL [+] YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/RE_Tools YRP/Antivirus YRP/Dropper_Strings YRP/anti_dbg YRP/anti_dbgtools YRP/inject_thread YRP/hijack_network YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Str_Win32_Winsock2_Library YRP/UPX YRP/suspicious_packer_section
b3cca4bbfe1a62c1012a9796d43122d74916d4cfdeb62558fca56aaa64ebccdf	PE32	2022-02-16 22:19:54	User Submission	YRP/PackerUPX_CompresorGratuito_wwwupxsourceforgenet YRP/UPX_wwwupxsourceforgenet_additional YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h YRP/Netopsystems_FEAD_Optimizer_1 [+] YRP/UPX_290_LZMA YRP/UPX_290_LZMA_Markus_Oberhumer_Laszlo_Molnar_John_Reiser YRP/UPX_290_LZMA_additional YRP/UPX_wwwupxsourceforgenet YRP/UPXv20MarkusLaszloReiser YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/UPX20030XMarkusOberhumerLaszloMolnarJohnReiser YRP/UPX290LZMAMarkusOberhumerLaszloMolnarJohnReiser YRP/upx_3 YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasRichSignature YRP/maldoc_getEIP_method_4 YRP/domain YRP/contentis_base64 YRP/UPX YRP/suspicious_packer_section FlorianRoth/DragonFly_APT_Sep17_3
2a22c636b0530623a29003648407c73302f429dc682ad254c19477bf1d4d18de	PE32	2022-02-16 20:21:04	User Submission	CuckooSandbox/vmdetect YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional [+] YRP/Microsoft_Visual_Cpp_50 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Antivirus YRP/VMWare_Detection YRP/Misc_Suspicious_Strings YRP/vmdetect YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers1 YRP/MD5_Constants YRP/DES_sbox YRP/VC6_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API
ddfff1275549fc39710df06646805621b6090cc6e11134256c067786a2b5c735	PE32	2022-02-16 17:35:56	User Submission	YRP/ACProtect_13x_14x_DLL_Risco_Software_Inc YRP/UPX_v0896_v102_v105_v122_DLL_additional YRP/UPX_v0896_v102_v105_v122 YRP/UPX_v0896_v102_v105_v122_DLL_Laszlo_Markus [+] YRP/UPX_v0896_v102_v105_v122_DLL YRP/UPX_v0896_v102_v105_v122_additional YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_getEIP_method_4 YRP/domain YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/UPX YRP/suspicious_packer_section FlorianRoth/DragonFly_APT_Sep17_3
05914a2cb89884f14976c8e0e2ee59642bca0a6e79548857aad98bff8e3e245e	PE32	2022-02-16 10:46:10	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature [+] YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Browsers YRP/Antivirus YRP/Dropper_Strings YRP/hijack_network YRP/create_service YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/spreading_file YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/MD5_Constants YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/suspicious_packer_section FlorianRoth/Unspecified_Malware_Oct16_A
4c65429d47d583f5bf5b21219d2c81b5186733321eb447bddd83d68836f1fc47	PE32	2022-02-16 01:49:45	User Submission	YRP/IsPE32 YRP/HasDebugData YRP/IsBeyondImageSize YRP/ImportTableIsBad [+] YRP/HasRichSignature YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/RE_Tools YRP/Antivirus YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Misc_Suspicious_Strings YRP/DebuggerException__ConsoleCtrl YRP/DebuggerException__SetConsoleCtrl YRP/anti_dbg YRP/anti_dbgtools YRP/network_udp_sock YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_irc YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/spreading_share YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers1 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
efabed3d2b4081eee2f91ff210231dac308cc1a8b56e5d767e963c5fe50aadd5	PE32	2022-02-16 01:04:59	User Submission	YRP/PasswordReminder YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional [+] YRP/Microsoft_Visual_Cpp_50 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsConsole YRP/HasRichSignature YRP/without_images YRP/without_attachments YRP/without_urls YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/DebuggerCheck__QueryInfo YRP/create_service YRP/network_dropper YRP/network_tcp_socket YRP/escalate_priv YRP/screenshot YRP/cred_local YRP/spreading_share YRP/rat_telnet YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/CRC32_poly_Constant YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/UPX YRP/suspicious_packer_section
fe0aa0ba7eb9fcbd0eedb154a73732a4e914dd64bc6d3a3d0fbad069f349a7f0	PE32	2022-02-15 22:28:38	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI YRP/HasModified_DOS_Message [+] YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/network_tcp_listen YRP/network_irc YRP/network_tcp_socket YRP/network_dns YRP/cred_local YRP/win_mutex YRP/win_token YRP/win_files_operation YRP/Big_Numbers1 YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API
9d76b77758e5bbe93931e8ff30d297c255a55caaa20f4cf94c609e2534b7bcca	PE32	2022-02-15 21:10:36	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/RE_Tools YRP/Antivirus YRP/Dropper_Strings YRP/anti_dbg YRP/anti_dbgtools YRP/inject_thread YRP/hijack_network YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Str_Win32_Winsock2_Library YRP/UPX YRP/suspicious_packer_section
4d5ee87da426d190fa246f8d2f405a2d44973ea923fd1408c57f24daec96b707	PE32	2022-02-15 19:53:59	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/RE_Tools YRP/Antivirus YRP/Dropper_Strings YRP/anti_dbg YRP/anti_dbgtools YRP/inject_thread YRP/hijack_network YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Str_Win32_Winsock2_Library YRP/UPX YRP/suspicious_packer_section
cd8a7c5cf7ebb38b00aefa724a97fffdcd389160284c8b086b55e126e4d1f0bc	data	2020-07-10 18:54:27	User Submission	YRP/maldoc_getEIP_method_4 YRP/domain
c0d295d414ccd0b84a0e6c9f8c42083355a92ba97182d3aed9d5e8a99e3a99b1	PE32	2020-07-10 17:54:46	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/IsPacked YRP/HasRichSignature YRP/maldoc_getEIP_method_4 YRP/domain YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/anti_dbg YRP/win_files_operation
11816c05c63996e184b06f9406aa08f76a9865fe2efc5615c88dd4123137c828	PE32	2020-06-30 02:58:27	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/contentis_base64 YRP/Browsers YRP/Antivirus YRP/Dropper_Strings YRP/hijack_network YRP/create_service YRP/escalate_priv YRP/screenshot YRP/spreading_file YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/MD5_Constants YRP/Str_Win32_Winsock2_Library YRP/suspicious_packer_section
1196d13c615e4fe3e11e6da4fd80b39f83efa1d3e0b73cbacb62b2da793f5bfd	PE32	2020-06-29 08:39:56	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/contentis_base64 YRP/Browsers YRP/Antivirus YRP/Dropper_Strings YRP/hijack_network YRP/create_service YRP/network_dns YRP/spreading_file YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/suspicious_packer_section FlorianRoth/Unspecified_Malware_Oct16_A
2ef3161d9e6333008eb10054ba8d20195f450b27ed882bf41b07252112489ada	PE32	2020-06-29 03:02:08	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/IsBeyondImageSize YRP/HasRichSignature YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/RE_Tools YRP/Antivirus YRP/Dropper_Strings YRP/anti_dbg YRP/anti_dbgtools YRP/inject_thread YRP/hijack_network YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Str_Win32_Winsock2_Library YRP/UPX YRP/suspicious_packer_section
1165364c55d4e45755a882faa7e9b0f07f7010fb1da88c2f76e5ac796b7caa95	PE32	2020-06-29 03:00:58	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/contentis_base64 YRP/Browsers YRP/Antivirus YRP/Dropper_Strings YRP/hijack_network YRP/create_service YRP/escalate_priv YRP/spreading_file YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/MD5_Constants YRP/Str_Win32_Winsock2_Library YRP/suspicious_packer_section FlorianRoth/Unspecified_Malware_Oct16_A
1100f79742f13cf6c74d1a95f91ab04440def45ef8962d036c3cf27f7b3c6cdf	PE32	2020-06-28 05:34:48	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Browsers YRP/Antivirus YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/SEH__vectored YRP/inject_thread YRP/hijack_network YRP/create_service YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/spreading_file YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/MD5_Constants YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/suspicious_packer_section FlorianRoth/Unspecified_Malware_Oct16_A
110f1fbcc210b667ceff56c5468ece77fdfd698dd04ba8c6930a3b73d963740f	PE32	2020-06-27 22:44:13	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature [+] YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/contentis_base64 YRP/Browsers YRP/Antivirus YRP/Dropper_Strings YRP/hijack_network YRP/create_service YRP/escalate_priv YRP/spreading_file YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/MD5_Constants YRP/Str_Win32_Winsock2_Library YRP/suspicious_packer_section FlorianRoth/Unspecified_Malware_Oct16_A
11db81d3071794dc1dd8af256ed8df29db5e259b3786606fb567a2d9c021f97f	PE32	2020-06-27 16:03:03	User Submission	YRP/nSpackV2xLiuXingPing YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/HasOverlay YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/contentis_base64 YRP/Browsers YRP/Antivirus YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/anti_dbg YRP/hijack_network YRP/create_service YRP/network_dropper YRP/network_dns YRP/keylogger YRP/spreading_file YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/CRC32_poly_Constant YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/suspicious_packer_section FlorianRoth/Unspecified_Malware_Oct16_A
11b0fee7924f9368a51cfc803c85e914fdde03b3510ff8bd88d266232c168bc7	PE32	2020-06-27 13:40:35	User Submission	YRP/Safeguard_103_Simonzh YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/maldoc_getEIP_method_4 YRP/domain YRP/url YRP/contentis_base64 YRP/Antivirus YRP/Dropper_Strings YRP/screenshot YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Str_Win32_Winsock2_Library YRP/UPX YRP/suspicious_packer_section
11ba9a9cb82239cbe40d0410dc002d405f86ef55a285144bee1dddc2d9c510f0	PE32	2020-06-27 11:51:15	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/eXPressorv13CGSoftLabs YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/contentis_base64 YRP/Browsers YRP/Obfuscated_Strings YRP/Misc_Suspicious_Strings YRP/network_udp_sock YRP/network_tcp_listen YRP/network_irc YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers1 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/DES_sbox YRP/BASE64_table YRP/VC6_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
11354dad146bdfe53e015d29d14ed508af55e4c5d85de2985edf3e4b5834aa5d	PE32	2020-06-27 10:06:12	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature [+] YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/contentis_base64 YRP/Browsers YRP/Antivirus YRP/Dropper_Strings YRP/hijack_network YRP/create_service YRP/escalate_priv YRP/spreading_file YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/MD5_Constants YRP/Str_Win32_Winsock2_Library YRP/suspicious_packer_section FlorianRoth/Unspecified_Malware_Oct16_A
112b3aee1d1b21301c266f3f5a3582d1323012966d7f74c2a2ac127071e1bfde	PE32	2020-06-26 22:49:34	User Submission	YRP/IsPE32 YRP/IsConsole YRP/MinGW_1 YRP/maldoc_getEIP_method_1 [+] YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Browsers YRP/Antivirus YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/spreading_file YRP/win_registry YRP/win_token YRP/win_files_operation YRP/android_meterpreter YRP/CRC32_poly_Constant YRP/CRC32b_poly_Constant YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/suspicious_packer_section FlorianRoth/Unspecified_Malware_Oct16_A
1111afc6c111a767d3afd7a33734594c99ffbfddfe628ebc4d88f6d57a99e89b	PE32	2020-06-26 20:26:11	User Submission	CuckooSandbox/embedded_macho YRP/UPXv20MarkusLaszloReiser YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/contentis_base64 YRP/Browsers YRP/Antivirus YRP/Dropper_Strings YRP/hijack_network YRP/create_service YRP/network_dropper YRP/network_dns YRP/spreading_file YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/UPX YRP/suspicious_packer_section FlorianRoth/Unspecified_Malware_Oct16_A
1110b190427649400d71bd6fd0dd856ec628cb1f270e6cde551a71d7fbda0358	PE32	2020-06-26 18:17:14	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasRichSignature YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/contentis_base64 YRP/Browsers YRP/Antivirus YRP/Dropper_Strings YRP/hijack_network YRP/create_service YRP/escalate_priv YRP/spreading_file YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/MD5_Constants YRP/Str_Win32_Winsock2_Library YRP/suspicious_packer_section FlorianRoth/Unspecified_Malware_Oct16_A
6d59f5b6bed43804ea372c82ab89bef56f7da0a4cd4d710c9bc24a61b020cfff	PE32	2020-01-27 17:16:59	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/maldoc_getEIP_method_4 YRP/domain YRP/contentis_base64 YRP/Antivirus YRP/ThreadControl__Context YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/inject_thread YRP/create_service YRP/network_tcp_socket YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Str_Win32_Winsock2_Library
ad20e1863485fd8771406442033fb63917514ee4134d3604c0e01113e6d1dac4	PE32	2020-01-15 12:54:46	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/IsBeyondImageSize YRP/HasRichSignature YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/RE_Tools YRP/Antivirus YRP/Dropper_Strings YRP/anti_dbg YRP/anti_dbgtools YRP/inject_thread YRP/hijack_network YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Str_Win32_Winsock2_Library YRP/UPX YRP/suspicious_packer_section
3224168b09d0b109f8cb213e7b34cd3d721c03191c7c5e4fa898fa58af91a9aa	PE32	2020-01-15 12:16:22	User Submission	YRP/AHTeam_EP_Protector_03_fake_PCGuard_403_415_FEUERRADER YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsDLL [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/RE_Tools YRP/Antivirus YRP/Dropper_Strings YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/anti_dbgtools YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_tcp_socket YRP/escalate_priv YRP/sniff_lan YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Str_Win32_Winsock2_Library YRP/UPX YRP/suspicious_packer_section
28ad2541eb609fe8c776bac502851c2488ed6ae4f27de7ea4c017679169db90a	PE32	2020-01-15 12:16:19	User Submission	YRP/ACProtect_13x_14x_DLL_Risco_Software_Inc YRP/UPX_v0896_v102_v105_v122_DLL_additional YRP/UPX_v0896_v102_v105_v122 YRP/UPX_v0896_v102_v105_v122_DLL_Laszlo_Markus [+] YRP/UPX_v0896_v102_v105_v122_DLL YRP/UPX_v0896_v102_v105_v122_additional YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/contentis_base64 YRP/Dropper_Strings YRP/anti_dbg YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Str_Win32_Winsock2_Library YRP/UPX YRP/suspicious_packer_section
0dd378c0a1b8a89e20924e449a97d68acbce815388175a8391218332bdff694b	PE32	2020-01-15 11:51:22	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Antivirus YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Misc_Suspicious_Strings YRP/disable_firewall YRP/hijack_network YRP/network_tcp_socket YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library
0c3f6774c3a71d2b0395711235118dda57c04fb5f705dae0eaad00db19aa4a7a	PE32	2020-01-15 11:51:18	User Submission	YRP/PackerUPX_CompresorGratuito_wwwupxsourceforgenet YRP/UPX_wwwupxsourceforgenet_additional YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h YRP/Netopsystems_FEAD_Optimizer_1 [+] YRP/UPX_290_LZMA YRP/UPX_290_LZMA_Markus_Oberhumer_Laszlo_Molnar_John_Reiser YRP/UPX_290_LZMA_additional YRP/UPX_wwwupxsourceforgenet YRP/UPX290LZMAMarkusOberhumerLaszloMolnarJohnReiser YRP/upx_3 YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasRichSignature YRP/maldoc_getEIP_method_4 YRP/domain YRP/url YRP/contentis_base64 YRP/Obfuscated_Strings YRP/win_registry YRP/CRC32_poly_Constant YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/UPX YRP/suspicious_packer_section FlorianRoth/DragonFly_APT_Sep17_3
c145ab66a3fe2fe00915cb40ba7ccad9fe7d20b74e9ff8713f59be3f68dd4742	PE32	2020-01-15 10:35:32	User Submission	YRP/Microsoft_Visual_Cpp_v60 YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/RE_Tools YRP/Antivirus YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Misc_Suspicious_Strings YRP/DebuggerException__ConsoleCtrl YRP/DebuggerException__SetConsoleCtrl YRP/anti_dbgtools YRP/network_udp_sock YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_irc YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/spreading_share YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/android_meterpreter YRP/Big_Numbers1 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/BASE64_table YRP/VC6_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
034682b9612d8a4d11513343330e34f55052312255ea8a3a13fa73d59e2bf3b3	MS-DOS	2020-01-15 10:34:10	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasModified_DOS_Message YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/RE_Tools YRP/Antivirus YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/Check_FindWindowA_iat YRP/anti_dbgtools YRP/hijack_network YRP/network_udp_sock YRP/network_tcp_listen YRP/network_irc YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers1 YRP/BASE64_table YRP/VC6_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/suspicious_packer_section
4986664c8acf358d27d76434bdf533e8351d56fa63fab3f4234ec0ab037cc778	PE32	2020-01-15 10:29:37	User Submission	YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h YRP/ASPack_102b_or_10803 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsPacked YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/maldoc_getEIP_method_4 YRP/domain YRP/contentis_base64 YRP/Obfuscated_Strings YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table
6d34c46de19b3969ec05966d3ab465eac3bae0ad5a398d5b06a51b24cf1be052	PE32	2020-01-15 08:14:53	User Submission	YRP/Armadillo_v1xx_v2xx_additional YRP/Microsoft_Visual_Cpp_60_DLL_additional YRP/Microsoft_Visual_Cpp_v70_DLL YRP/Microsoft_Visual_Cpp_v50v60_MFC [+] YRP/Microsoft_Visual_Cpp_60_DLL_Debug YRP/Armadillo_v1xx_v2xx YRP/Microsoft_Visual_Cpp_v60_DLL YRP/Microsoft_Visual_Cpp_60_DLL YRP/Microsoft_Visual_Cpp_60 YRP/Armadillov1xxv2xx YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/network_irc YRP/network_http YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/Big_Numbers1 YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/suspicious_packer_section
a241fe4eb5b93339b32d03eb46fbc72639cc62cc9bc8e63489951a81c6fc1f1d	PE32	2020-01-15 08:14:39	User Submission	YRP/EXECryptor_224_StrongbitSoftComplete_Development_h2_additional YRP/EXECryptor_V22X_V24X_StrongBit_Technology_SignByfly YRP/EXECryptor_V22X_V24X_StrongBit_Technology YRP/EXECryptor_22x_SoftComplete_Developement [+] YRP/EXECryptor_224_StrongbitSoftComplete_Development_h2 YRP/EXECryptor_224_StrongbitSoftComplete_Development_h1 YRP/EXECryptor2223compressedcodewwwstrongbitcom YRP/EXECryptor224StrongbitSoftCompleteDevelopmenth1 YRP/EXECryptor224StrongbitSoftCompleteDevelopmenth2 YRP/EXECryptor224StrongbitSoftCompleteDevelopmenth3 YRP/EXECryptor2xxcompressedresources YRP/EXECryptorV22Xsoftcompletecom YRP/EXECryptor2223protectedIAT YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasModified_DOS_Message YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/maldoc_getEIP_method_4 YRP/domain YRP/contentis_base64 YRP/Obfuscated_Strings YRP/Misc_Suspicious_Strings YRP/CRC32_poly_Constant
04f82d7e88e7a7363585755e61b228ae9ed340c4a64cba6354fda41581bb52f5	PE32	2020-01-13 21:12:29	User Submission	YRP/Safeguard_103_Simonzh YRP/UPXv20MarkusLaszloReiser YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/UPX20030XMarkusOberhumerLaszloMolnarJohnReiser [+] YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/maldoc_getEIP_method_4 YRP/domain YRP/contentis_base64 YRP/screenshot YRP/win_registry YRP/win_private_profile YRP/win_files_operation YRP/Big_Numbers0 YRP/CRC32_poly_Constant YRP/UPX YRP/suspicious_packer_section
743e70ce2543d656a7c1067395f19b6210af18ba9d76ed9289dabae5cf8250a7	PE32	2020-01-13 21:08:05	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsConsole YRP/IsPacked YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/contentis_base64 YRP/Browsers YRP/Antivirus YRP/Dropper_Strings YRP/hijack_network YRP/create_service YRP/network_tcp_listen YRP/network_dns YRP/spreading_file YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/MD5_Constants YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/suspicious_packer_section FlorianRoth/Unspecified_Malware_Oct16_A
2861c748d3b0ec8944f264a6892257c05d4e0ff7d71d00efa3c9f0367c21eac7	PE32	2020-01-13 14:30:05	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/IsBeyondImageSize YRP/HasRichSignature YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/RE_Tools YRP/Antivirus YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/anti_dbgtools YRP/inject_thread YRP/hijack_network YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Str_Win32_Winsock2_Library YRP/UPX YRP/suspicious_packer_section
ca9f50b124325268b05e1646ce8eaf8ccaef81f5842269ef67ec7e45bca31a6a	PE32	2020-01-13 14:30:02	User Submission	YRP/PackerUPX_CompresorGratuito_wwwupxsourceforgenet YRP/UPX_wwwupxsourceforgenet_additional YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h YRP/Netopsystems_FEAD_Optimizer_1 [+] YRP/UPX_290_LZMA YRP/UPX_290_LZMA_Markus_Oberhumer_Laszlo_Molnar_John_Reiser YRP/UPX_290_LZMA_additional YRP/UPX_wwwupxsourceforgenet YRP/UPXv20MarkusLaszloReiser YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/UPX20030XMarkusOberhumerLaszloMolnarJohnReiser YRP/UPX290LZMAMarkusOberhumerLaszloMolnarJohnReiser YRP/upx_3 YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasRichSignature YRP/maldoc_getEIP_method_4 YRP/domain YRP/contentis_base64 YRP/UPX YRP/suspicious_packer_section FlorianRoth/DragonFly_APT_Sep17_3
09407671da79346e0bba30d398e224dfce002db79e67ff8c0013a9ae3a1cf4e6	PE32	2020-01-13 12:18:45	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 YRP/Microsoft_Visual_Cpp_v50v60_MFC [+] YRP/Install_Shield_2000 YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/InstallShield_2000_additional YRP/IsPE32 YRP/IsConsole YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_getEIP_method_4 YRP/domain YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/DebuggerException__SetConsoleCtrl YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/network_tcp_listen YRP/network_tcp_socket YRP/win_files_operation YRP/Str_Win32_Winsock2_Library
e0d9355da6e94c64928cd16962a3f2acabb06c48b1eed9d745a8387168e17639	PE32	2020-01-13 12:18:25	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsConsole YRP/HasRichSignature YRP/maldoc_getEIP_method_4 YRP/domain YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/win_files_operation YRP/Str_Win32_Winsock2_Library FlorianRoth/DragonFly_APT_Sep17_3
ed23658b1cd883f0946e653030af2c25882709abefcd82f70ef0bb8e5b6ec0b9	PE32	2020-01-13 12:16:55	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsConsole YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_getEIP_method_4 YRP/domain YRP/contentis_base64
8c36499dadd1a710b2729ca530150264af250877d9ac78eb9306f203e854fd77	PE32	2019-12-02 18:01:59	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Antivirus YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/disable_firewall YRP/hijack_network YRP/network_smtp_raw YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/cred_local YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/GenerateTLSClientHelloPacket_Test
2556df55b5981dea88485cc130a3e91c89e533183cd14cf2cb2ed0658846a23a	PE32	2019-11-24 10:49:40	User Submission	YRP/PackerUPX_CompresorGratuito_wwwupxsourceforgenet YRP/UPX_wwwupxsourceforgenet_additional YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h YRP/Netopsystems_FEAD_Optimizer_1 [+] YRP/UPX_290_LZMA YRP/UPX_290_LZMA_Markus_Oberhumer_Laszlo_Molnar_John_Reiser YRP/UPX_290_LZMA_additional YRP/UPX_wwwupxsourceforgenet YRP/UPX290LZMAMarkusOberhumerLaszloMolnarJohnReiser YRP/upx_1_00_to_1_07 YRP/upx_3 YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_getEIP_method_4 YRP/domain YRP/url YRP/contentis_base64 YRP/win_registry YRP/Str_Win32_Winsock2_Library YRP/UPX YRP/suspicious_packer_section
3ac7406d90a228f0706775e94aa7abd848906e20b1f287ac85f7f579ec958dee	PE32	2019-11-24 10:37:24	User Submission	YRP/IsPE32 YRP/IsConsole YRP/HasOverlay YRP/Cygwin [+] YRP/maldoc_getEIP_method_4 YRP/domain YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/spyeye FlorianRoth/DragonFly_APT_Sep17_3
4583f77998cb110dc22a60f47357b1dcf98f9d356e080017a32b59ae47ce5767	PE32	2019-11-24 10:07:43	User Submission	YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h YRP/ASPack_102b_or_10803 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsPacked YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/maldoc_getEIP_method_4 YRP/domain YRP/contentis_base64 YRP/Antivirus YRP/Obfuscated_Strings YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table
1ac71b5afde7dd935ae31dfc995b797c18a47307be0ed61cf692ba86e03b3509	PE32	2019-11-24 10:06:46	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/PECompactv2xx YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/contentis_base64 YRP/Obfuscated_Strings YRP/Misc_Suspicious_Strings YRP/network_udp_sock YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_irc YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/spreading_share YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/android_meterpreter YRP/Big_Numbers1 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/BASE64_table YRP/VC6_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/suspicious_packer_section
ea837cc1504bd7bba727aede505e683220a10da04eb2ba304d0bf1b6bd3b8213	PE32	2019-07-28 14:14:39	User Submission	CuckooSandbox/embedded_macho YRP/generic_javascript_obfuscation YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasRichSignature YRP/possible_exploit YRP/powershell YRP/maldoc_indirect_function_call_3 YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/maldoc_OLE_file_magic_number YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/disable_dep YRP/hijack_network YRP/network_tcp_socket YRP/keylogger YRP/spreading_file YRP/win_registry YRP/win_files_operation YRP/win_hook YRP/android_meterpreter YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/MS17_010_WanaCry_worm YRP/WannaDecryptor YRP/NHS_Strain_Wanna YRP/Wanna_Cry_Ransomware_Generic YRP/WannaCry_Ransomware YRP/WannaCry_Ransomware_Gen YRP/WannaCry_Ransomware_Dropper YRP/WannaCry_SMB_Exploit YRP/suspicious_packer_section YRP/IMPLANT_10_v2 FlorianRoth/IMPLANT_10_v2 FlorianRoth/WannaCry_Ransomware FlorianRoth/WannaCry_Ransomware_Gen
c331addf619d8214b974163610dec53cdd5248ba51036a70be7f38b9d86f61de	PE32	2019-05-27 01:15:49	http://xchx2001.com.img.800cdn.com/zine.exe	YRP/Safeguard_103_Simonzh YRP/UPXv20MarkusLaszloReiser YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/UPX20030XMarkusOberhumerLaszloMolnarJohnReiser [+] YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/network_smtp_raw YRP/network_dropper YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Str_Win32_Winsock2_Library YRP/UPX YRP/suspicious_packer_section
c3cb5afcfe9c15dfcc1d2bb089a3229c1f8caa9918fd1f25092f349ebb0adecb	PE32	2019-05-07 16:49:32	http://phylab.ujs.edu.cn/syjx/kj/%E5%85%A8%E6...	YRP/UPXv20MarkusLaszloReiser YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/UPX20030XMarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/maldoc_getEIP_method_4 YRP/domain YRP/contentis_base64 YRP/win_registry YRP/win_files_operation YRP/UPX YRP/suspicious_packer_section
b45954f36e129f37f0a5a2a338daea7b1507fde4b3caff2f90934c24029c5ef8	Composite	2019-05-06 07:34:33	User Submission	CuckooSandbox/shellcode CuckooSandbox/embedded_pe CuckooSandbox/embedded_win_api YRP/maldoc_getEIP_method_4 [+] YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/maldoc_OLE_file_magic_number YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/BLOWFISH_Constants YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/DES_sbox YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table YRP/Str_Win32_Winsock2_Library
028af72e5935654b11017f7a9ddc81397862732628ea94a8a948be068b421a02	PE32	2018-09-07 10:44:31	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/AutoIt_2 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/AutoIt YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/contentis_base64 YRP/Antivirus YRP/Dropper_Strings YRP/AutoIT_compiled_script YRP/anti_dbg YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_http YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/spreading_file YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers3 YRP/CRC32_poly_Constant YRP/MD5_Constants YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API FlorianRoth/Unspecified_Malware_Oct16_A
c2c46fab85339919d48302fb95942aa05da934791173676263ccb041b856ca58	PE32	2018-08-28 18:20:39	http://92.63.197.60/o.exe	CuckooSandbox/vmdetect YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional [+] YRP/Microsoft_Visual_Cpp_50 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData YRP/IsBeyondImageSize YRP/HasRichSignature YRP/powershell YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/Check_Dlls YRP/Check_Wine YRP/vmdetect YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/disable_antivirus YRP/network_dropper YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/vmdetect_misc YRP/CRC32_poly_Constant YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API FlorianRoth/DragonFly_APT_Sep17_3
837bb33a8ca2e5aa678552989a8b26e84f113597364f4fc2d8c1a6a7416028ff	Composite	2018-08-23 08:49:27	User Submission	CuckooSandbox/shellcode CuckooSandbox/embedded_pe CuckooSandbox/embedded_win_api YRP/maldoc_find_kernel32_base_method_1 [+] YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/maldoc_OLE_file_magic_number YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/BLOWFISH_Constants YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/DES_sbox YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table YRP/Str_Win32_Winsock2_Library
f86f18f4a98ead4fe3365f17ec995ae5c110fae638df15d18add245972216086	Composite	2018-07-14 11:48:43	User Submission	CuckooSandbox/shellcode CuckooSandbox/embedded_pe CuckooSandbox/embedded_win_api YRP/maldoc_find_kernel32_base_method_1 [+] YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/maldoc_OLE_file_magic_number YRP/escalate_priv YRP/screenshot YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/CRC32_poly_Constant
7f9af6ca055b3c98651962afdadea13819185f068600940a6553d3f572a8f4a9	PE32	2018-05-13 00:17:30	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/maldoc_getEIP_method_4 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Browsers YRP/Antivirus YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/hijack_network YRP/create_service YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/spreading_file YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers3 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/suspicious_packer_section FlorianRoth/Unspecified_Malware_Oct16_A

Recent Searches
yrp/maldoc_geteip_method_4
yrp/nettravstrings
yrp/str_win32_wininet_library
yrp/elise
yrp/nspack_v13_liuxingping
yrp/webshell_go_shell
yrp/splayerv008
yrp/virogen_crypt_v075_virogen
yrp/migrate_apc
yrp/nspack_1x2x_north_starliu_xing_ping

Search

Recent Searches