MalShare
SHA256 Hash File type Added Source Yara Hits
ASCII 2022-03-20 18:29:54User Submission YRP/powershell YRP/domain YRP/contentis_base64 YRP/Antivirus
ASCII 2022-03-20 15:50:30User Submission YRP/powershell YRP/domain YRP/IP YRP/url [+]
ASCII 2022-03-20 14:28:38User Submission YRP/powershell YRP/domain YRP/IP YRP/url [+]
ASCII 2022-03-20 14:08:57User Submission YRP/powershell YRP/domain YRP/IP YRP/url [+]
ASCII 2022-03-20 13:22:24User Submission YRP/powershell YRP/domain YRP/contentis_base64 YRP/Antivirus
ASCII 2022-03-20 13:15:43User Submission YRP/powershell YRP/domain YRP/IP YRP/url [+]
PE32 2022-03-20 12:55:55User Submission YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
ASCII 2022-03-20 12:44:15User Submission YRP/powershell YRP/domain YRP/contentis_base64 YRP/Dropper_Strings [+]
ASCII 2022-03-20 12:13:44User Submission YRP/powershell YRP/domain YRP/contentis_base64
ASCII 2022-03-20 12:13:00User Submission YRP/powershell YRP/domain YRP/IP YRP/url [+]
ASCII 2022-03-20 11:10:50User Submission YRP/powershell YRP/domain YRP/IP YRP/url [+]
ASCII 2022-03-20 09:00:21User Submission YRP/powershell YRP/domain YRP/IP YRP/url [+]
PE32 2022-03-20 03:23:15User Submission YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+]
PE32 2022-03-20 03:16:54User Submission YRP/Borland YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE [+]
PE32 2022-03-20 03:05:05User Submission YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+]
PE32 2022-03-20 03:02:09User Submission YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+]
ASCII 2022-03-19 20:00:40User Submission YRP/powershell YRP/domain YRP/IP YRP/url [+]
ASCII 2022-03-19 12:00:19http://14.55.65.217:8080/a/lr.ps1 YRP/powershell YRP/domain YRP/IP YRP/url [+]
PE32 2022-03-19 03:09:12User Submission YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+]
ASCII 2022-03-18 13:05:35User Submission YRP/powershell YRP/domain YRP/url YRP/contentis_base64
PE32+ 2022-03-18 12:07:40User Submission YRP/IsPE64 YRP/IsDLL YRP/IsWindowsGUI YRP/HasRichSignature [+]
PE32 2022-03-18 12:07:35User Submission YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
PE32 2022-03-18 12:07:35User Submission YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
Composite 2022-03-18 11:00:52User Submission YRP/powershell YRP/office_document_vba YRP/Contains_VBA_macro_code YRP/domain [+]
Composite 2022-03-18 11:00:36User Submission YRP/powershell YRP/office_document_vba YRP/Office_AutoOpen_Macro YRP/Contains_VBA_macro_code [+]
DOS 2022-03-18 09:03:46User Submission YRP/powershell YRP/domain YRP/IP YRP/url [+]
DOS 2022-03-18 09:03:12User Submission YRP/powershell YRP/domain YRP/IP YRP/url [+]
DOS 2022-03-18 09:03:01User Submission YRP/powershell YRP/domain YRP/IP YRP/url [+]
DOS 2022-03-18 09:02:56User Submission YRP/powershell YRP/domain YRP/IP YRP/url [+]
DOS 2022-03-18 09:02:35User Submission YRP/powershell YRP/domain YRP/IP YRP/url [+]
ASCII 2022-03-18 09:00:18User Submission YRP/powershell YRP/domain YRP/contentis_base64 FlorianRoth/PowerShell_Case_Anomaly [+]
PE32 2022-03-18 03:35:05User Submission YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+]
PE32+ 2022-03-18 03:03:47User Submission YRP/IsPE64 YRP/IsWindowsGUI YRP/HasOverlay YRP/ImportTableIsBad [+]
PE32 2022-03-18 03:02:24User Submission YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+]
HTML 2022-03-18 00:05:31https://www.cisa.gov/uscert/ncas/alerts/aa22-... YRP/powershell YRP/domain YRP/IP YRP/url [+]
Composite 2022-03-17 19:03:17User Submission YRP/powershell YRP/office_document_vba YRP/Office_AutoOpen_Macro YRP/Contains_VBA_macro_code [+]
ASCII 2022-03-17 14:02:42User Submission YRP/powershell YRP/domain YRP/contentis_base64 FlorianRoth/PowerShell_Case_Anomaly [+]
HTML 2022-03-17 12:05:01https://www.cisa.gov/uscert/ncas/alerts/aa22-... YRP/powershell YRP/domain YRP/IP YRP/url [+]
PE32+ 2022-03-17 03:17:13User Submission YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI YRP/HasOverlay [+]
PE32+ 2022-03-17 03:13:20User Submission YRP/possible_includes_base64_packed_functions YRP/IsPE64 YRP/IsWindowsGUI YRP/IsPacked [+]
PE32 2022-03-17 03:01:04User Submission YRP/VC8_Microsoft_Corporation YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+]
PE32 2022-03-16 19:01:43User Submission YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+]
PE32 2022-03-16 03:34:17User Submission YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI [+]
PE32 2022-03-16 03:07:15User Submission YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+]
PE32+ 2022-03-16 01:02:29User Submission YRP/IsPE64 YRP/IsWindowsGUI YRP/HasDebugData YRP/HasRichSignature [+]
HTML 2022-03-15 18:03:41User Submission YRP/powershell YRP/domain YRP/url YRP/contentis_base64 [+]
HTML 2022-03-15 18:02:41User Submission YRP/powershell YRP/domain YRP/url YRP/contentis_base64 [+]
PE32 2022-03-15 17:02:06User Submission YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+]
ASCII 2022-03-15 16:05:08User Submission CuckooSandbox/embedded_win_api YRP/powershell YRP/domain YRP/contentis_base64 [+]
ASCII 2022-03-15 16:04:57User Submission YRP/powershell YRP/domain YRP/contentis_base64 FlorianRoth/PowerShell_Case_Anomaly
ASCII 2022-03-15 16:04:22User Submission CuckooSandbox/embedded_win_api YRP/powershell YRP/domain YRP/contentis_base64 [+]
Composite 2022-03-15 15:06:14User Submission YRP/Contains_UserForm_Object YRP/powershell YRP/office_document_vba YRP/Contains_VBA_macro_code [+]
ASCII 2022-03-15 15:05:33User Submission YRP/powershell YRP/domain YRP/contentis_base64 YRP/Antivirus
ASCII 2022-03-15 13:03:29User Submission YRP/powershell YRP/domain YRP/contentis_base64 YRP/Misc_Suspicious_Strings [+]
ASCII 2022-03-15 11:05:40User Submission YRP/powershell YRP/domain YRP/IP YRP/url [+]
ASCII 2022-03-14 20:02:27User Submission CuckooSandbox/embedded_win_api YRP/powershell YRP/domain YRP/contentis_base64 [+]
DOS 2022-03-14 05:02:37User Submission YRP/powershell YRP/domain YRP/contentis_base64
HTML 2022-03-14 05:02:19User Submission CuckooSandbox/embedded_win_api YRP/powershell YRP/domain YRP/IP [+]
PE32 2022-03-12 19:01:36User Submission YRP/Visual_Cpp_2005_DLL_Microsoft YRP/Visual_Cpp_2003_DLL_Microsoft YRP/IsPE32 YRP/IsDLL [+]
DOS 2022-03-12 03:48:37User Submission YRP/powershell YRP/domain YRP/IP YRP/url [+]
PE32 2022-03-12 03:07:14User Submission YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+]
PE32 2022-03-12 02:03:51User Submission YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/Borland YRP/IsPE32 [+]
ISO-8859 2022-03-11 16:43:48User Submission CuckooSandbox/embedded_win_api YRP/powershell YRP/domain YRP/contentis_base64 [+]
ISO-8859 2022-03-11 14:04:25User Submission YRP/powershell YRP/domain YRP/IP YRP/contentis_base64 [+]
PE32 2022-03-11 04:01:11User Submission YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+]
ASCII 2022-03-10 12:04:02User Submission YRP/powershell YRP/domain YRP/contentis_base64 YRP/Antivirus
ASCII 2022-03-10 12:03:45User Submission YRP/powershell YRP/domain YRP/contentis_base64 YRP/Antivirus [+]
PE32 2022-03-09 23:01:56User Submission YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+]
ISO-8859 2022-03-09 16:07:45User Submission YRP/powershell YRP/domain YRP/IP YRP/contentis_base64 [+]
Composite 2022-03-09 16:05:26User Submission CuckooSandbox/embedded_win_api YRP/powershell YRP/office_document_vba YRP/Contains_VBA_macro_code [+]
ASCII 2022-03-09 16:02:11User Submission YRP/powershell YRP/domain YRP/url YRP/contentis_base64 [+]
ASCII 2022-03-09 16:02:04User Submission YRP/powershell YRP/domain YRP/contentis_base64 FlorianRoth/PowerShell_Case_Anomaly
ASCII 2022-03-09 16:01:58User Submission CuckooSandbox/embedded_win_api YRP/powershell YRP/domain YRP/contentis_base64 [+]
ASCII 2022-03-09 16:01:51User Submission CuckooSandbox/embedded_win_api YRP/powershell YRP/domain YRP/contentis_base64 [+]
ASCII 2022-03-09 16:01:45User Submission YRP/powershell YRP/domain YRP/contentis_base64 YRP/Antivirus
ISO 2022-03-09 15:01:08User Submission CuckooSandbox/embedded_pe CuckooSandbox/embedded_win_api YRP/powershell YRP/domain [+]
ASCII 2022-03-09 11:46:51User Submission YRP/powershell YRP/domain YRP/IP YRP/url [+]
ISO 2022-03-09 11:13:07User Submission YRP/powershell YRP/domain YRP/IP YRP/url [+]
PE32 2022-03-09 03:14:12User Submission YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI [+]
HTML 2022-03-09 00:00:46https://blogs.blackberry.com/ja/jp/2022/01/th... YRP/powershell YRP/domain YRP/url YRP/contentis_base64 [+]
ASCII 2022-03-08 23:01:20User Submission YRP/powershell YRP/domain YRP/url YRP/contentis_base64 [+]
PE32 2022-03-08 20:07:35User Submission YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+]
PE32 2022-03-08 19:08:47User Submission YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+]
ASCII 2022-03-08 19:07:48User Submission CuckooSandbox/embedded_win_api YRP/powershell YRP/domain YRP/contentis_base64 [+]
ASCII 2022-03-08 19:07:43User Submission YRP/powershell YRP/domain YRP/url YRP/contentis_base64 [+]
PE32+ 2022-03-08 19:07:26User Submission YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsConsole YRP/HasDebugData [+]
UTF-8 2022-03-08 14:04:07User Submission YRP/powershell YRP/domain YRP/url YRP/contentis_base64
MS 2022-03-08 14:02:38User Submission YRP/powershell YRP/domain YRP/contentis_base64 YRP/Antivirus
HTML 2022-03-08 12:00:38https://blogs.blackberry.com/ja/jp/2022/01/th... YRP/powershell YRP/domain YRP/url YRP/contentis_base64 [+]
ASCII 2022-03-08 11:14:56User Submission YRP/powershell YRP/domain YRP/IP YRP/url [+]
ASCII 2022-03-08 11:14:55User Submission YRP/powershell YRP/domain YRP/IP YRP/url [+]
ASCII 2022-03-08 11:14:53User Submission YRP/powershell YRP/domain YRP/IP YRP/url [+]
ASCII 2022-03-08 11:14:51User Submission YRP/powershell YRP/domain YRP/IP YRP/url [+]
ASCII 2022-03-08 11:14:50User Submission YRP/powershell YRP/domain YRP/IP YRP/url [+]
ASCII 2022-03-08 11:14:49User Submission YRP/powershell YRP/domain YRP/IP YRP/url [+]
ASCII 2022-03-08 11:14:48User Submission YRP/powershell YRP/domain YRP/IP YRP/url [+]
ASCII 2022-03-08 11:14:47User Submission YRP/powershell YRP/domain YRP/IP YRP/url [+]
ASCII 2022-03-08 11:14:46User Submission YRP/powershell YRP/domain YRP/IP YRP/url [+]
ASCII 2022-03-08 11:14:44User Submission YRP/powershell YRP/domain YRP/IP YRP/url [+]
ASCII 2022-03-08 11:14:42User Submission YRP/powershell YRP/domain YRP/IP YRP/url [+]