MalShare

SHA256 Hash	File type	Added	Source	Yara Hits
1b8e25998dfb3e98aa1b55a97a648470b36546c131c11ffb3c7bfaf4d4fb799b	PE32	2022-02-19 11:06:20	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/sniff_audio YRP/cred_ff YRP/spreading_share YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/DarkComet_1 YRP/DarkComet_3 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet
0cf6cbd60161b7bf59f6d6f0cb451cc98d09043a4d784f1ead7d355a651b3838	PE32	2022-02-19 09:06:51	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
37b88a783a39c8217291509309c4154bd80cd1c7b581a41f2f4a0c6aca82f990	PE32	2022-02-19 06:39:34	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/VM_Generic_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbgtools YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/disable_antivirus YRP/inject_thread YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/cred_ff YRP/spreading_share YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/DarkComet_1 YRP/DarkComet_3 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet
141f9470d9d776207e0fd68ae50076204aab501286ce090f78bb5abe927f241f	PE32	2022-02-18 06:05:31	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/Browsers YRP/VM_Generic_Detection YRP/Sandboxie_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/antisb_sandboxie YRP/disable_antivirus YRP/inject_thread YRP/create_service YRP/network_udp_sock YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/sniff_audio YRP/cred_ff YRP/spreading_share YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/DarkComet_1 YRP/DarkComet_3 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet
0f6dbbd33f333545a147c4b54c2d735a50005b139f60d6d9b8ccd3b40aa362d8	PE32	2022-02-18 04:57:15	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/D1S1Gv11betaD1N [+] YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/borland_delphi_dll YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/VM_Generic_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/Check_VBox_Description YRP/vmdetect YRP/anti_dbgtools YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/antivm_bios YRP/disable_antivirus YRP/inject_thread YRP/create_service YRP/network_udp_sock YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/sniff_audio YRP/cred_ff YRP/spreading_share YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/DarkComet_1 YRP/DarkComet_3 FlorianRoth/Typical_Malware_String_Transforms FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet
5116c025903794c57640f12b9d8adb5ad349d3d429b3f4af02d5e99d30ec2da5	PE32	2022-02-18 02:14:52	User Submission	CuckooSandbox/vmdetect YRP/Borland YRP/D1S1Gv11betaD1N YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/borland_delphi YRP/borland_delphi_dll YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/VM_Generic_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbgtools YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/disable_antivirus YRP/inject_thread YRP/create_service YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/sniff_audio YRP/cred_ff YRP/spreading_share YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/DarkComet_1 YRP/DarkComet_3 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet
a84633a26947406eaf4a2189d35aab12bc4f7b3d988e748970a1e455124f9a88	PE32	2022-02-17 11:01:32	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
f0701ecae15c65f23eecdab3a790827e02403c02e1f03f7ad1cfac1b3e27a8bd	PE32	2022-02-17 10:13:51	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/D1S1Gv11betaD1N [+] YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/borland_delphi_dll YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/VM_Generic_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbgtools YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/disable_antivirus YRP/inject_thread YRP/create_service YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/sniff_audio YRP/cred_ff YRP/spreading_share YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/DarkComet_1 YRP/DarkComet_3 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet
468e7bf4683f3683ead964271f0ff17902c0458040689431d8d8e9ba40b121c0	PE32	2022-02-17 02:17:58	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/VM_Generic_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbgtools YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/disable_antivirus YRP/inject_thread YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/cred_ff YRP/spreading_share YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/DarkComet_1 YRP/DarkComet_3 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet
47f3284ae6d491342d1d384d7ed33ed889402af2c6e0f6ee850ae3b1b69c8bbb	PE32	2022-02-16 22:18:18	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Sandboxie_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/antisb_sandboxie YRP/disable_antivirus YRP/inject_thread YRP/create_service YRP/network_udp_sock YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/sniff_audio YRP/cred_ff YRP/spreading_share YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/DarkComet_1 YRP/DarkComet_3 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet
0cd242d20bf374c533a65777ba29dd746bf9615e7fdb44d5568f40436e3682b9	PE32	2022-02-16 19:23:14	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
6e2890cc902c7eb5a15b15190305e8b2240267ac7be27be604fc4774b7d3a7a3	PE32	2022-02-16 16:31:42	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
205ed44d898205301701196be3901a354814b5d1b2bbf72453ddd1f0934f9d2f	PE32	2022-02-15 22:52:37	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/sniff_audio YRP/cred_ff YRP/spreading_share YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/DarkComet_1 YRP/DarkComet_3 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet
b39f169fcf8aaeea4a272e3eeacb55defae413f5ed6eae830ea4c60b397238f4	PE32	2022-02-15 22:23:33	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
1ebe3ebcd70861a7ad9b79b00e402ce059cb61d930fbfc85d210c11a07b98630	PE32	2022-02-15 21:13:25	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/Borland YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/sniff_audio YRP/cred_ff YRP/spreading_share YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/DarkComet_1 YRP/DarkComet_3 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet
0d64bfe1a5e515d9b2fcf7e85f95d7de7c6ee4fc8212359649f4d55acba20d11	PE32	2021-12-13 18:05:02	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
d0a8468dfbafda6ac1a013bd391f81c806f59ce4af63dc1875c4362a4e5ae1d4	PE32	2021-12-13 18:04:37	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
2e15ef27dc6e9b414c7cb2cf9ae5ce50f13f889461442c33f3128b569ede31bf	PE32	2021-09-30 14:03:59	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
bdb182db84224402af4174f2e0808dc6becb2b965b5015c59309be5b5b537012	PE32	2021-09-30 14:03:21	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
f20bcc23430a216c14e45207e84ca8cd819049af8d427e6a3ab38255c1fa8dda	PE32	2021-09-29 10:04:57	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
5d6a551a0ad117a907bcd225ea0d97355b88063e472007d33e2e159cc635fc03	PE32	2021-09-24 09:09:15	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
a03f3f9f48a88f30a6826f42bff8e45565d2c058abed4a83725af7db272b216b	PE32	2021-09-24 09:06:55	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
cee4e670f5caa5f4da865a0d00549f261382aa383c0debc1f7a4d0cd183ddd9e	PE32	2021-09-22 16:05:10	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
d58433a93fdaaa9e6440f0a2cc3f3b3e63a9b772cf41d797a81e40e88569b84f	PE32	2021-09-21 11:10:49	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/Borland YRP/UPXv20MarkusLaszloReiser [+] YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/IsBeyondImageSize YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Base64_encoded_Executable YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/UPX YRP/suspicious_packer_section YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
d35485fe44100a4643b22dc9ccaf443a4e98890710ee52701147e2144cf164ab	PE32	2021-09-21 11:03:56	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
5a1c8ef15cccd50082c6862f1df8fccc40cfa7b94e7710caaf60751c714c6cb1	PE32	2021-09-21 11:03:49	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
820f2381fe1860a8b6f9e66032ac4bb79ac6b7b9269264c547e4c63151593df0	PE32	2021-09-21 11:03:28	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/NETexecutableMicrosoft YRP/mpress_2_xx_net [+] YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__RemoteAPI YRP/ThreadControl__Context YRP/anti_dbg YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Njrat YRP/win_exe_njRAT YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
f696bb0ca1c8c2d9fc4a65cacafd614945e657c262926d34f18dfe4a958ced7d	PE32	2021-09-14 13:19:22	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
844fdc307207e49c308561468f99e2255b4c2759370e1c3b13919db926630d41	PE32	2021-09-14 12:39:49	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
04c164391efcedd93b5c04dc137e8b80336265246fa15318a67d4b2d20bf257f	PE32	2021-09-11 09:00:13	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/NETexecutableMicrosoft YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/borland_delphi YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__RemoteAPI YRP/ThreadControl__Context YRP/anti_dbg YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Big_Numbers3 YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Njrat YRP/win_exe_njRAT YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
cfa850db87d98eed49dec543a7977ef9221dc62bd48c7aaaaafe1327c864aa72	PE32	2021-09-08 09:01:40	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/Borland YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/SEH__vba YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_dropper YRP/network_ftp YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Big_Numbers3 YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
3abb3ace2dabfe5cc6096267caf3e7beca2c13bf5a04cffdf73b994e6ad8bfbf	PE32	2021-09-07 09:12:03	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
3a12cc682e8095e162635c7b4b252a41aa5475bb05b90733b2feb7082083c6b5	PE32	2021-09-07 09:11:56	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
d8b6d9bf469cf33b4effbfc8bcac272a66a01213184580a668a2517df93834a2	PE32	2021-09-07 09:10:47	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
7118c3db49b6e9278fb34a7696089f4f44f3b8ae4cb85083af64ea2100c5e716	PE32	2021-09-06 09:04:04	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
5daf38ba7d08872375f14a3d8de794d20aa37e1caeda4da0558e2a9cd4ed668a	PE32	2021-09-03 12:06:23	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDigitalSignature YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 YRP/fin7_functions FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
b13b73296a76348fa21f9d6120e93b0e6788dd1e0ffe245c23313384db089fd6	PE32	2021-09-03 12:06:16	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 YRP/fin7_functions FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
43bfc71737bff97fad2484a55e501262e2b25a03aac1a200843f3222f3dcc9a4	PE32	2021-09-03 12:05:38	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
83b37218aff6b33a2633e9c345474342597900bd93bd0f556b47edb68881e77e	PE32	2021-09-01 03:10:43	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
9d05eb381c6e21b36c720b02cf48019ada67c029468b05f6aaaeee12a9fffe26	PE32	2021-09-01 03:09:38	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
caf514da7bc3aa87587e72da8f1c348533f4a212fc29c8d3d8ae6cc92194e53b	PE32	2021-09-01 03:09:26	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
494f1f9db5268247533e28b2a3785de4bea7cd123e050d97700964943922a6db	PE32	2021-09-01 03:09:23	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
1c85f500e9ca0788bfd183ad5c8a5a8dafe9dd89e76ed7cef7e025f942cd8df4	PE32	2021-08-31 13:09:09	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
802b67f035f6b75aa99b4c04c7701ca80f132ec5007d066f04c174e304423f94	PE32	2021-08-31 13:06:38	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
c57eca59361819324f22e8203e46bb7e5a92bdea1c8b2a1f03b3e9a4e2a309f8	PE32	2021-08-31 09:06:16	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/D1S1Gv11betaD1N [+] YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/borland_delphi_dll YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/VM_Generic_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbgtools YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/disable_antivirus YRP/inject_thread YRP/create_service YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/sniff_audio YRP/cred_ff YRP/spreading_share YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/DarkComet_1 YRP/DarkComet_3 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet
eadb655f8e92bf218894b479082dc74e0fce5a44cef4d74a6c3cf51c1773e4e3	PE32	2021-08-31 09:06:04	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
c29d545bd166e0fc8f641c4ba229bfe991bb35b66a87e41122af702007eb6e30	PE32	2021-08-31 09:05:47	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
8b96f06dd85d4881cce875663d61af6f8927dbf6536fcad9b792b9d20494411e	PE32	2021-08-30 09:07:36	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/UPXv20MarkusLaszloReiser YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser [+] YRP/UPX20030XMarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/suspicious_packer_section YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
d64c2da29df9186c58c5fceb4b2f1dca1c3360c74a342f4a61227e9a97a79d0f	PE32	2021-07-31 17:00:27	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
c1b32a3c7242d5ee0f85b5e7f7c5af993b827b9478c8bc9dd8c440811830dd66	PE32	2021-07-21 12:00:56	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
8eb3881ba7d320c0760042529414e8ee87b8bfc648c34d87dd36ed854b0c8b7b	PE32	2021-07-19 21:00:45	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/NETexecutableMicrosoft YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/disable_dep YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Njrat YRP/win_exe_njRAT YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
ff69421b187848fd2cdf09cf5ecf9fc9d1b8758a79bafe1bae2240ad29993429	PE32	2021-06-29 10:01:03	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
86866c168eb4c338f51d21e7585a7a854efc662e87f2109a19903c79b9e03aa4	PE32	2021-06-15 17:02:55	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
de19d8ea2911ff7e337823576e214151ad4426206db8e9ea9880778f2592f935	PE32	2021-05-25 12:01:19	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
6cf389d3702a54bfed32188a18fff18ccdef3047601c93597b30cc0a3c4930f4	PE32	2020-07-11 01:10:41	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
a207dcc816a09d6e115c0a08015779c283906a358b66c94d531df9f6e73b1033	PE32	2020-07-08 22:50:11	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
e6ff204abdda3b4dc069e7688f8913ecf8f50639b5ef993ddf73b09364ed4385	PE32	2020-07-07 21:31:20	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
2fa59f06afb2e3c9bfa441137dbb4edeaec4c3c6ebf1fab6a7bf33cfa253a588	PE32	2020-07-07 15:51:05	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
00bafc075224d7f64e56ed9d1163c024a4049f195c8fb2ed623a754916db31b6	PE32	2020-07-07 10:12:15	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/anti_dbg YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/network_dga YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/BLOWFISH_Constants YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/BASE64_table YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
11819490e7a74fd3130acfcca64d1141212e99bb5360e14b3021f2e891353136	PE32	2020-06-30 04:57:00	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/Browsers YRP/VM_Generic_Detection YRP/Sandboxie_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/antisb_sandboxie YRP/disable_antivirus YRP/inject_thread YRP/create_service YRP/network_udp_sock YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/sniff_audio YRP/cred_ff YRP/spreading_share YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/DarkComet_1 YRP/DarkComet_3 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet
67e357ef2a5f3ad0b57a41cd1aa5c6367d3c386334b44504c6b3a1f8460c3775	PE32	2020-06-27 22:13:55	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
11b8de50a6ef43b2a250688e786400eaa3827f12312e7dec400b24a9f31dbceb	PE32	2020-06-27 13:37:30	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/DarkComet_1 YRP/DarkComet_3 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet
162771fef67e08f55047d7acd1c309e71d276e30fd1a60c14434b08a90d2928d	PE32	2020-06-27 10:48:14	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
329ac2dba95bccdb0a3f331881b6ec5469593e93c75b0ba3337a337e96370729	PE32	2020-06-27 04:52:39	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/sniff_audio YRP/cred_ff YRP/spreading_share YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/DarkComet_1 YRP/DarkComet_3 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet
805ef0364326f7ad9d3bdfcc90b0c0d2c66e766d477608b1b5e12b650adc0e15	PE32	2020-01-15 16:13:03	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/D1S1Gv11betaD1N [+] YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/borland_delphi_dll YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/VM_Generic_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/Check_VBox_Description YRP/vmdetect YRP/anti_dbgtools YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/antivm_bios YRP/disable_antivirus YRP/inject_thread YRP/create_service YRP/network_udp_sock YRP/network_dyndns YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/sniff_audio YRP/cred_ff YRP/spreading_share YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/DarkComet_1 YRP/DarkComet_3 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet
c9470acc55c59288e479453b6c5d0a60a5c6d3b6c4bf40f7de8883e9a0c37410	PE32	2020-01-15 10:32:08	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/Browsers YRP/VM_Generic_Detection YRP/Sandboxie_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/antisb_sandboxie YRP/disable_antivirus YRP/inject_thread YRP/create_service YRP/network_udp_sock YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/sniff_audio YRP/cred_ff YRP/spreading_share YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/DarkComet_1 YRP/DarkComet_3 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet
0198e4ece40cebc1f98328360ca69e4b5386c2ff444596b268eb9af4ff137c97	PE32	2020-01-15 09:45:30	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
49c7d621f4db7b3df7494ba788b4f3d272c744377710242b6e79854aa305ab1e	PE32	2020-01-15 09:42:22	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/sniff_audio YRP/cred_ff YRP/spreading_share YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/DarkComet_1 YRP/DarkComet_3 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet
30d0a1ce69c85c51d3a09ae7003a047e95fbbfded828c1193e1c303f7d69d22c	PE32	2020-01-15 09:42:15	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
582035e362c45975270e6868f215f00ee07866ae05e7a7b63fbaab44381bf423	PE32	2020-01-15 09:42:11	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
106ab81f2ef0b9c595f3636a0b66cadad29f65111e78b1222c283e4740daa51b	PE32	2020-01-15 09:41:43	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
29695b55ee35dbb3518fa5def7b60f81dc0a80221761e3994e72d943b5c9c335	PE32	2019-12-19 00:25:16	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
cc51f7d4dea27bb91f5f414cefe825ea45a52d9250858256e4412bd45a68e5c1	PE32	2019-12-01 13:03:25	https://cdn.discordapp.com/attachments/341529...	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
148605f3fd9b81d231705978f77c535fc3359c04775028bfcb0360785d96593b	PE32	2019-12-01 13:03:23	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
7d5175fbb32b888f3adeea3e169b4a77de6eeed3e264bacd5c234542d02dddff	PE32	2019-11-30 13:02:41	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
731bf93dd8c38122503a1d07c57060bfbbeb0456f6148762dabd8481982f6a2c	PE32	2019-11-30 13:02:38	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
b258996dcbc86beabcc1d037825d572005ed3ead620df1517f2118f4eaa8de3b	PE32	2019-11-25 01:06:25	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
851adabc7f662c66216e1a8cd7c591086336499cd6b429602855e3d7bd039ad3	PE32	2019-11-25 01:01:01	https://cdn.discordapp.com/attachments/543105...	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
85eeec0fd25227adfb63cd2ad8e30a1657dbe4463a2406f6ddf24e5b06a31f71	PE32	2019-11-24 14:09:47	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/sniff_audio YRP/cred_ff YRP/spreading_share YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/DarkComet_1 YRP/DarkComet_3 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet
4e572959a303c797ba9865db7d0619315d7982a67a5d295ab443f4263a6755a5	PE32	2019-11-24 14:09:43	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/UPXv20MarkusLaszloReiser YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser [+] YRP/UPXProtectorv10x2 YRP/UPX20030XMarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/sniff_audio YRP/cred_ff YRP/spreading_share YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/UPX YRP/suspicious_packer_section YRP/DarkComet_1 YRP/DarkComet_3 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet
3bb6c842a92a77d921779d670d48ce11d5b76c698bedbe64d3adc77dc4013545	PE32	2019-11-24 14:04:15	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/sniff_audio YRP/cred_ff YRP/spreading_share YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/DarkComet_1 YRP/DarkComet_3 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet
0c5741091dba139732676bf6a1ce5050c4210146763b5207b253f7cbd0ef399a	PE32	2019-11-24 10:45:01	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/DarkComet_1 YRP/DarkComet_3 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet
f272c0040e92124f755b0f82489dccbce80891dcf357d16508b644de8782224b	PE32	2019-11-24 10:44:57	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/DarkComet_1 YRP/DarkComet_3 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet
375cc3c9de66c7ee2095982f7554cd117a938310c79c45650231c458ef9457ab	PE32	2019-11-17 14:44:35	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
5002fedc9050fc2b3d7fe9cc8a97636841bd7849bde1a11c19c0b7d87e0b2dcc	PE32	2019-11-11 13:01:34	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
768a4eda06f87e6c415058ca55dd956526f5e21c7f667e689fce3882b0dd79b3	PE32	2019-11-10 13:04:28	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
8a365e949368e51294b2b4004b4e71bbfe99df71062a00324bdaf589a772e0a7	PE32	2019-11-09 13:05:49	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
c439c14021fc0aa06d37ea075b6629e4eedee4518a5960f73941bc82291cf784	PE32	2019-11-08 01:03:24	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
af57a3360bebeff6a73f039f789e86f26358aba46f54b3e4bf51a4e00353a930	PE32	2019-11-03 13:04:14	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/D1S1Gv11betaD1N [+] YRP/IsPE32 YRP/IsWindowsGUI YRP/IsBeyondImageSize YRP/borland_delphi YRP/borland_delphi_dll YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/VM_Generic_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbgtools YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/disable_antivirus YRP/inject_thread YRP/create_service YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/sniff_audio YRP/cred_ff YRP/spreading_share YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/DarkComet_1 YRP/DarkComet_3 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet
7845e3ad0296d12893b2735d4030376213e1b68f335c679c5e150f6a021618e0	PE32	2019-10-30 13:00:43	https://cdn.discordapp.com/attachments/603167...	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
0049b99fa85aebfcb6cb552c8c438b0d6db09f69fecb03197727a06055b594e3	PE32	2019-10-29 13:06:28	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
db6c2d47639da357a2c7477d961977a863d82172a201b6de1fe67131da256fdc	ASCII	2019-10-26 14:42:22	User Submission	YRP/Borland YRP/domain YRP/IP YRP/url [+] YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/rat_vnc YRP/Ap0calypse YRP/BlueBanana YRP/DarkRAT YRP/JavaDropper YRP/LostDoor YRP/NanoCore YRP/Paradox YRP/QRat YRP/Vertex YRP/BlackShades_4 YRP/BlackShades_25052015 YRP/DarkComet_3 YRP/ShadowTech YRP/NetWiredRC_B YRP/Adzok YRP/Bozok FlorianRoth/RAT_Adzok FlorianRoth/RAT_Ap0calypse FlorianRoth/RAT_BlackShades FlorianRoth/RAT_BlueBanana FlorianRoth/RAT_Bozok FlorianRoth/RAT_ClientMesh FlorianRoth/RAT_DarkComet FlorianRoth/RAT_DarkRAT FlorianRoth/RAT_JavaDropper FlorianRoth/RAT_LostDoor FlorianRoth/RAT_NanoCore FlorianRoth/RAT_Paradox FlorianRoth/RAT_QRat FlorianRoth/RAT_ShadowTech FlorianRoth/RAT_Sub7Nation FlorianRoth/RAT_Vertex KevTheHermit/Paradox KevTheHermit/Bozok KevTheHermit/DarkRAT KevTheHermit/JavaDropper KevTheHermit/LostDoor KevTheHermit/BlackShades KevTheHermit/BlueBanana KevTheHermit/NanoCore KevTheHermit/DarkComet KevTheHermit/Ap0calypse KevTheHermit/Adzok KevTheHermit/ShadowTech KevTheHermit/Vertex BAMFDetect/BlackShadesServer BAMFDetect/NanoCore BAMFDetect/Bozok
f1adecf5d72f5de7662e1b1a454ec8b2458cddee12c13afef17762a510b2171e	ASCII	2019-10-26 14:41:03	User Submission	YRP/Borland YRP/domain YRP/IP YRP/url [+] YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/rat_vnc YRP/Ap0calypse YRP/BlueBanana YRP/DarkRAT YRP/JavaDropper YRP/LostDoor YRP/NanoCore YRP/Paradox YRP/QRat YRP/BlackShades_4 YRP/BlackShades_25052015 YRP/DarkComet_3 YRP/ShadowTech YRP/NetWiredRC_B YRP/Adzok YRP/Bozok FlorianRoth/RAT_Adzok FlorianRoth/RAT_Ap0calypse FlorianRoth/RAT_BlackShades FlorianRoth/RAT_BlueBanana FlorianRoth/RAT_Bozok FlorianRoth/RAT_ClientMesh FlorianRoth/RAT_DarkComet FlorianRoth/RAT_DarkRAT FlorianRoth/RAT_JavaDropper FlorianRoth/RAT_LostDoor FlorianRoth/RAT_NanoCore FlorianRoth/RAT_Paradox FlorianRoth/RAT_QRat FlorianRoth/RAT_ShadowTech FlorianRoth/RAT_Sub7Nation KevTheHermit/Paradox KevTheHermit/Bozok KevTheHermit/DarkRAT KevTheHermit/JavaDropper KevTheHermit/LostDoor KevTheHermit/BlackShades KevTheHermit/BlueBanana KevTheHermit/NanoCore KevTheHermit/DarkComet KevTheHermit/Ap0calypse KevTheHermit/Adzok KevTheHermit/ShadowTech BAMFDetect/BlackShadesServer BAMFDetect/NanoCore BAMFDetect/Bozok
df1a7dde487da677bb2ec9805e56397ea8110e66ffa1f9a1be50fabdc9fd2378	ASCII	2019-10-25 22:23:27	User Submission	YRP/Borland YRP/domain YRP/IP YRP/url [+] YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/disable_firewall YRP/rat_vnc YRP/spyeye_plugins YRP/Ap0calypse YRP/BlueBanana YRP/DarkRAT YRP/LostDoor YRP/NanoCore YRP/Paradox YRP/Sub7Nation YRP/Vertex YRP/unrecom YRP/BlackShades_4 YRP/BlackShades_25052015 YRP/DarkComet_3 YRP/Bozok FlorianRoth/RAT_Ap0calypse FlorianRoth/RAT_BlackShades FlorianRoth/RAT_BlueBanana FlorianRoth/RAT_Bozok FlorianRoth/RAT_ClientMesh FlorianRoth/RAT_DarkComet FlorianRoth/RAT_DarkRAT FlorianRoth/RAT_LostDoor FlorianRoth/RAT_NanoCore FlorianRoth/RAT_Paradox FlorianRoth/RAT_Sub7Nation FlorianRoth/RAT_Vertex FlorianRoth/RAT_adWind FlorianRoth/RAT_jRat FlorianRoth/RAT_unrecom KevTheHermit/Paradox KevTheHermit/jRat KevTheHermit/Bozok KevTheHermit/unrecom KevTheHermit/DarkRAT KevTheHermit/LostDoor KevTheHermit/BlackShades KevTheHermit/Sub7Nation KevTheHermit/BlueBanana KevTheHermit/NanoCore KevTheHermit/adWind KevTheHermit/DarkComet KevTheHermit/Ap0calypse KevTheHermit/Vertex BAMFDetect/BlackShadesServer BAMFDetect/NanoCore BAMFDetect/Bozok
1f101859c6771ee68096446d2c411b5f0136d03448d8912acf4e02b72b3d20b5	ASCII	2019-10-25 22:23:08	User Submission	YRP/Borland YRP/domain YRP/IP YRP/url [+] YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/disable_firewall YRP/rat_vnc YRP/Big_Numbers1 YRP/spyeye_plugins YRP/Ap0calypse YRP/BlueBanana YRP/DarkRAT YRP/JavaDropper YRP/LostDoor YRP/NanoCore YRP/Paradox YRP/BlackShades_4 YRP/BlackShades_25052015 YRP/Crimson YRP/DarkComet_3 YRP/ShadowTech YRP/NetWiredRC_B YRP/Adzok YRP/Bozok FlorianRoth/RAT_Adzok FlorianRoth/RAT_Ap0calypse FlorianRoth/RAT_BlackShades FlorianRoth/RAT_BlueBanana FlorianRoth/RAT_Bozok FlorianRoth/RAT_ClientMesh FlorianRoth/RAT_DarkComet FlorianRoth/RAT_DarkRAT FlorianRoth/RAT_JavaDropper FlorianRoth/RAT_LostDoor FlorianRoth/RAT_NanoCore FlorianRoth/RAT_Paradox FlorianRoth/RAT_ShadowTech FlorianRoth/RAT_adWind FlorianRoth/RAT_jRat KevTheHermit/Paradox KevTheHermit/jRat KevTheHermit/Bozok KevTheHermit/DarkRAT KevTheHermit/JavaDropper KevTheHermit/LostDoor KevTheHermit/BlackShades KevTheHermit/NetWire KevTheHermit/BlueBanana KevTheHermit/Crimson KevTheHermit/NanoCore KevTheHermit/adWind KevTheHermit/DarkComet KevTheHermit/Ap0calypse KevTheHermit/Adzok KevTheHermit/ShadowTech BAMFDetect/BlackShadesServer BAMFDetect/NanoCore BAMFDetect/Bozok
ad945bc205cdfeb178ad63d3ff1e5a63419c387d837acdb6495b94c8ef665a5c	ASCII	2019-10-25 22:22:56	User Submission	YRP/Borland YRP/domain YRP/IP YRP/url [+] YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/rat_vnc YRP/Ap0calypse YRP/BlueBanana YRP/DarkRAT YRP/JavaDropper YRP/LostDoor YRP/NanoCore YRP/Paradox YRP/QRat YRP/BlackShades_4 YRP/BlackShades_25052015 YRP/DarkComet_3 YRP/ShadowTech YRP/NetWiredRC_B YRP/Adzok YRP/Bozok FlorianRoth/RAT_Adzok FlorianRoth/RAT_Ap0calypse FlorianRoth/RAT_BlackShades FlorianRoth/RAT_BlueBanana FlorianRoth/RAT_Bozok FlorianRoth/RAT_ClientMesh FlorianRoth/RAT_DarkComet FlorianRoth/RAT_DarkRAT FlorianRoth/RAT_JavaDropper FlorianRoth/RAT_LostDoor FlorianRoth/RAT_NanoCore FlorianRoth/RAT_Paradox FlorianRoth/RAT_QRat FlorianRoth/RAT_ShadowTech FlorianRoth/RAT_Sub7Nation KevTheHermit/Paradox KevTheHermit/Bozok KevTheHermit/DarkRAT KevTheHermit/JavaDropper KevTheHermit/LostDoor KevTheHermit/BlackShades KevTheHermit/BlueBanana KevTheHermit/NanoCore KevTheHermit/DarkComet KevTheHermit/Ap0calypse KevTheHermit/Adzok KevTheHermit/ShadowTech BAMFDetect/BlackShadesServer BAMFDetect/NanoCore BAMFDetect/Bozok
f5e6834a4ca9a91f565744d14978c4a4c0d12456d93d7cfbe01e42841f11aba5	ASCII	2019-10-25 22:22:44	User Submission	YRP/Borland YRP/IsSuspicious YRP/domain YRP/IP [+] YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/disable_firewall YRP/rat_vnc YRP/Big_Numbers1 YRP/NanoCore YRP/DarkComet_3 YRP/Bozok FlorianRoth/RAT_Bozok FlorianRoth/RAT_DarkComet FlorianRoth/RAT_NanoCore KevTheHermit/Bozok KevTheHermit/NanoCore KevTheHermit/DarkComet BAMFDetect/NanoCore BAMFDetect/Bozok
c38787d9ec611ffc0bf51bba81fa954cfa5c7762294da81fecca4d393721f4e2	PE32	2019-10-18 02:03:13	http://rogor.beget.tech/update.exe	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsBeyondImageSize YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
1d3490d483add4321d1e7e36b261ca531f044add59aa92503f65653beabf98a7	PE32	2019-10-13 14:04:09	http://83.170.193.178/icons/stub.exe	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
214018c923bca8493dfefa0401ba7eeb836a6bd7ab7212b85d97fe44385aac51	PE32	2019-10-13 14:03:14	http://83.170.193.178/icons/al.exe	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_60_70 YRP/Borland YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsBeyondImageSize YRP/borland_delphi YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/DebuggerException__SetConsoleCtrl YRP/ThreadControl__Context YRP/anti_dbg YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/CRC32_poly_Constant YRP/MD5_Constants YRP/BASE64_table YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Delphi_DecodeDate YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 YRP/easterjackpos FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet BAMFDetect/easterjackpos

Recent Searches
yrp/darkcomet_3
yrp/pcguardv405dv410dv415d
yrp/sysocmgr
yrp/xdedic_sysscan_unpacked
yrp/exe_stealth_275a_webtoolmaster_additional
yrp/misdat_backdoor
yrp/eval_post
yrp/telock_098_special_build_forgot_hexer
yrp/gpinstallv50332
yrp/crc32_table

Search

Recent Searches