MalShare

SHA256 Hash	File type	Added	Source	Yara Hits
8426fd32ca58e7c77d51f9ee9f13dd84e7ef07ee1fe028b55fde07de922e905b	PE32	2022-03-20 23:00:12	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/anti_dbg YRP/disable_dep YRP/inject_thread YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/keylogger YRP/sniff_audio YRP/cred_ff YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Big_Numbers2 YRP/Big_Numbers3 YRP/Prime_Constants_long YRP/RijnDael_AES YRP/Str_Win32_Winsock2_Library YRP/GenerateTLSClientHelloPacket_Test
2619862c382d3e375f13f3859c6ab44db1a4bce905b4a617df2390fbf36902e7	PE32+	2022-03-20 21:40:34	User Submission	CuckooSandbox/embedded_macho YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsConsole [+] YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/System_Tools YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/Big_Numbers3 YRP/Prime_Constants_long YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/DES_sbox YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG
9b233994400898091ccf11650beeab0d234ca3c9c5472dcbaa95360eb14d5516	MS-DOS	2022-03-20 13:04:44	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/IsBeyondImageSize [+] YRP/HasModified_DOS_Message YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/Obfuscated_Strings YRP/win_registry YRP/Prime_Constants_long YRP/RijnDael_AES YRP/BASE64_table YRP/VC8_Random FlorianRoth/WiltedTulip_ReflectiveLoader
84b87be120ec7d63af6e791e1642c63d4d83c09a1726f3b036c19547ccbef6be	MS-DOS	2022-03-20 12:18:33	User Submission	YRP/Visual_Cpp_2005_DLL_Microsoft YRP/Visual_Cpp_2003_DLL_Microsoft YRP/IsPE32 YRP/IsDLL [+] YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/ThreadControl__Context YRP/anti_dbg YRP/inject_thread YRP/network_http YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Prime_Constants_long YRP/RijnDael_AES YRP/BASE64_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API FlorianRoth/WiltedTulip_ReflectiveLoader FlorianRoth/ReflectiveLoader
b47e5b1053024fc778fabee51f8e6ad0b60adc8fc883d0da349ede7a3ad101d1	PE32	2022-03-20 03:08:09	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/DebuggerException__SetConsoleCtrl YRP/anti_dbg YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/win_files_operation YRP/android_meterpreter YRP/Big_Numbers0 YRP/Big_Numbers2 YRP/Prime_Constants_long YRP/BLOWFISH_Constants YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/WHIRLPOOL_Constants YRP/DES_Long YRP/DES_sbox YRP/RijnDael_AES YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/GenerateTLSClientHelloPacket_Test
7a96c5a32badb9650faa842922ad545b7336a676f033e724c1bed574a7c9a960	PE32	2022-03-17 01:01:07	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/SEH__vectored YRP/vmdetect YRP/Check_FindWindowA_iat YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_threatExpert YRP/antivm_bios YRP/inject_thread YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32_table YRP/DES_sbox YRP/BASE64_table YRP/spyeye YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
5c49f98d3516edf56c996c2da5f095a0b97df772a558bb2e9d5a5d4355adab05	PE32	2022-03-16 22:03:11	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/SEH__vectored YRP/vmdetect YRP/Check_FindWindowA_iat YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_threatExpert YRP/antivm_bios YRP/inject_thread YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32_table YRP/DES_sbox YRP/BASE64_table YRP/spyeye YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
ebfdee6e5fe2aa5699280248a5e7b714ca18e5bfd284cac0ba4fb88ccbcec5b6	PE32+	2022-03-16 15:18:43	User Submission	CuckooSandbox/embedded_macho YRP/IsPE64 YRP/IsConsole YRP/HasRichSignature [+] YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/Prime_Constants_long YRP/BLOWFISH_Constants YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/DES_sbox YRP/BASE64_table YRP/suspicious_packer_section
2c940a35025dd3847f7c954a282f65e9c2312d2ada28686f9d1dc73d1c500224	PE32+	2022-03-16 15:14:13	User Submission	CuckooSandbox/embedded_macho YRP/IsPE64 YRP/IsConsole YRP/HasRichSignature [+] YRP/domain YRP/contentis_base64 YRP/System_Tools YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/Big_Numbers3 YRP/Prime_Constants_long YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/DES_sbox YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG
67eff1dc0836f810382eff5ae6c3b92751dc1b11fc42481a0c66644efb470156	PE32	2022-03-16 10:00:20	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/SEH__vectored YRP/vmdetect YRP/Check_FindWindowA_iat YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_threatExpert YRP/antivm_bios YRP/inject_thread YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32_table YRP/DES_sbox YRP/BASE64_table YRP/spyeye YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
aa71d1f8581296304caf7f0a046273e1db94101509319733dc973500dd03fdec	PE32	2022-03-11 19:08:28	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 [+] YRP/domain YRP/contentis_base64 YRP/Obfuscated_Strings YRP/win_registry YRP/Prime_Constants_long YRP/RijnDael_AES YRP/BASE64_table
c7f90e07d571707c42557c6169817834d791c438e964878729c941733b3c8ca6	PE32	2022-03-11 19:06:28	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 [+] YRP/domain YRP/contentis_base64 YRP/Obfuscated_Strings YRP/win_registry YRP/Prime_Constants_long YRP/RijnDael_AES YRP/BASE64_table
b375967d95d53c271d9ec0c53a315f6e6dde924ac64f9e97545ae33a1526495f	PE32	2022-03-11 10:01:13	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/SEH__vectored YRP/vmdetect YRP/Check_FindWindowA_iat YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_threatExpert YRP/antivm_bios YRP/inject_thread YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32_table YRP/DES_sbox YRP/BASE64_table YRP/spyeye YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
9ce72a30d4f6edd1f3bb5060bbe9e029a2910b74dcdc18588810716b96816fe4	PE32	2022-03-11 10:00:53	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/SEH__vectored YRP/vmdetect YRP/Check_FindWindowA_iat YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_threatExpert YRP/antivm_bios YRP/inject_thread YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32_table YRP/DES_sbox YRP/BASE64_table YRP/spyeye YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
9954343d321e004ca91d545120342779badff504f07e27144a511640d19a90bf	PE32	2022-03-11 10:00:46	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/SEH__vectored YRP/vmdetect YRP/Check_FindWindowA_iat YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_threatExpert YRP/antivm_bios YRP/inject_thread YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32_table YRP/DES_sbox YRP/BASE64_table YRP/spyeye YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
6f338c5257bcb275a120e49879e6608dd3291ad7547f353812034990c36fe64c	PE32	2022-03-11 10:00:26	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/SEH__vectored YRP/vmdetect YRP/Check_FindWindowA_iat YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_threatExpert YRP/antivm_bios YRP/inject_thread YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32_table YRP/DES_sbox YRP/BASE64_table YRP/spyeye YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
6e7f8dc29296ce3dbe4bd445d2c7b97235f5fc831c60e42648c433d762fb8200	PE32+	2022-03-11 03:34:25	User Submission	YRP/IsPE64 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/BITS_CLSID YRP/DebuggerCheck__QueryInfo YRP/anti_dbg YRP/disable_antivirus YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/android_meterpreter YRP/Big_Numbers1 YRP/Prime_Constants_long YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/CRC32b_poly_Constant YRP/BLOWFISH_Constants YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/DES_sbox YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API YRP/suspicious_packer_section
c5db84fe0f762ebc2abe484d59d51fdf35a37f3a32e6f44d8197b1e8cda98e84	PE32	2022-03-10 15:10:34	User Submission	YRP/Armadillo_v1xx_v2xx_additional YRP/Microsoft_Visual_Cpp_60_DLL_additional YRP/Microsoft_Visual_Cpp_v70_DLL YRP/Microsoft_Visual_Cpp_v50v60_MFC [+] YRP/Microsoft_Visual_Cpp_60_DLL_Debug YRP/Armadillo_v1xx_v2xx YRP/Microsoft_Visual_Cpp_v60_DLL YRP/Microsoft_Visual_Cpp_60_DLL YRP/Microsoft_Visual_Cpp_60 YRP/Armadillov1xxv2xx YRP/IsPE32 YRP/IsDLL YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/ThreadControl__Context YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Prime_Constants_long YRP/CRC32b_poly_Constant YRP/MD5_Constants YRP/DES_sbox YRP/BASE64_table FlorianRoth/Gazer_logfile_name
7aae8d6047d6635874d9ec315a023918d172e7151f0e191d3c922871a7fffdf4	PE32	2022-03-06 22:04:39	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/SEH__vectored YRP/vmdetect YRP/Check_FindWindowA_iat YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_threatExpert YRP/antivm_bios YRP/inject_thread YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32_table YRP/DES_sbox YRP/BASE64_table YRP/spyeye YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
795441cb22dd9890feb55a429a83200c4e041f8b5e6a9ea68642d667bd93422b	PE32	2022-03-06 22:04:33	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/SEH__vectored YRP/vmdetect YRP/Check_FindWindowA_iat YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_threatExpert YRP/antivm_bios YRP/inject_thread YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32_table YRP/DES_sbox YRP/BASE64_table YRP/spyeye YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
5c1c996b5c3c0c5bc79a8bdc81cce4b677526c1cd356635c5d3ef5d2c4340309	PE32	2022-03-06 22:04:22	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/SEH__vectored YRP/vmdetect YRP/Check_FindWindowA_iat YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_threatExpert YRP/antivm_bios YRP/inject_thread YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32_table YRP/DES_sbox YRP/BASE64_table YRP/spyeye YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
e1a0753e4f6cdc3c0d76bf398e51caf1fc2832e7f2680ef4edfb3c085fcf7ee1	PE32	2022-03-06 22:03:52	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/SEH__vectored YRP/vmdetect YRP/Check_FindWindowA_iat YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_threatExpert YRP/antivm_bios YRP/inject_thread YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32_table YRP/DES_sbox YRP/BASE64_table YRP/spyeye YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
17b1ff82f6fdf389b7ad59c0f8f3dd8bb8a0066a10382ac4802faa5c69ba8e32	PE32	2022-03-06 22:03:46	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/SEH__vectored YRP/vmdetect YRP/Check_FindWindowA_iat YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_threatExpert YRP/antivm_bios YRP/inject_thread YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32_table YRP/DES_sbox YRP/BASE64_table YRP/spyeye YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
e04abe63720769a5c9aed0a9b49990dd78a4cfc9ebaf7abe9a219ac39eba6620	PE32	2022-03-06 22:03:37	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/SEH__vectored YRP/vmdetect YRP/Check_FindWindowA_iat YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_threatExpert YRP/antivm_bios YRP/inject_thread YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32_table YRP/DES_sbox YRP/BASE64_table YRP/spyeye YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
d8b3205d3aca558dba905ea3ae8e8a489010b7aa27d46c2edb79294970688d53	PE32	2022-03-06 22:03:20	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/SEH__vectored YRP/vmdetect YRP/Check_FindWindowA_iat YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_threatExpert YRP/antivm_bios YRP/inject_thread YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32_table YRP/DES_sbox YRP/BASE64_table YRP/spyeye YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
d897d8221b8eb76d188ff014c0a7000e343def3f3656de106a2332dfb525b10d	PE32	2022-03-06 22:02:59	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/SEH__vectored YRP/vmdetect YRP/Check_FindWindowA_iat YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_threatExpert YRP/antivm_bios YRP/inject_thread YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32_table YRP/DES_sbox YRP/BASE64_table YRP/spyeye YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
f6d31943805f4b5442a1f1b64dac9bf221517e94732975f3b3a9977b1c58b565	PE32	2022-03-06 22:02:52	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/SEH__vectored YRP/vmdetect YRP/Check_FindWindowA_iat YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_threatExpert YRP/antivm_bios YRP/inject_thread YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32_table YRP/DES_sbox YRP/BASE64_table YRP/spyeye YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
c1bf03b66f471fea058779ece423d80ff9602122a67a0f89b5a506c1881f92b3	PE32	2022-03-06 22:02:46	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/SEH__vectored YRP/vmdetect YRP/Check_FindWindowA_iat YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_threatExpert YRP/antivm_bios YRP/inject_thread YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32_table YRP/DES_sbox YRP/BASE64_table YRP/spyeye YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
bf3707f3452afea0c36daa35a9b5733c51fbe55bea56fa25403fda296df03404	PE32	2022-03-06 22:02:31	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/SEH__vectored YRP/vmdetect YRP/Check_FindWindowA_iat YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_threatExpert YRP/antivm_bios YRP/inject_thread YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32_table YRP/DES_sbox YRP/BASE64_table YRP/spyeye YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
bb024552fee19d91554c034fc3b95ee5c0f7401887d2fef0f92692614f2292c6	PE32	2022-03-06 22:02:18	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/SEH__vectored YRP/vmdetect YRP/Check_FindWindowA_iat YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_threatExpert YRP/antivm_bios YRP/inject_thread YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32_table YRP/DES_sbox YRP/BASE64_table YRP/spyeye YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
b7f29f65d82ff24a750ea3539590bf3bb1f70748bb9b9ceaa3f6e09ff32a1123	PE32	2022-03-06 22:02:12	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/SEH__vectored YRP/vmdetect YRP/Check_FindWindowA_iat YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_threatExpert YRP/antivm_bios YRP/inject_thread YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32_table YRP/DES_sbox YRP/BASE64_table YRP/spyeye YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
bba47eef1547016da382b82802c5829269393f144c577b8ec8f4fbe870dbc618	PE32	2022-03-06 22:02:07	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/SEH__vectored YRP/vmdetect YRP/Check_FindWindowA_iat YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_threatExpert YRP/antivm_bios YRP/inject_thread YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32_table YRP/DES_sbox YRP/BASE64_table YRP/spyeye YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
b974d40a94585eaadfc7f64a55de3a2ab4a42adca3e4d39a09092434ae42ef44	PE32	2022-03-06 22:02:01	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/SEH__vectored YRP/vmdetect YRP/Check_FindWindowA_iat YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_threatExpert YRP/antivm_bios YRP/inject_thread YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32_table YRP/DES_sbox YRP/BASE64_table YRP/spyeye YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
afaf667854e5e5ab435421d964ed2ff892068f16cdf2338422a977316e740751	PE32	2022-03-06 22:01:54	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/SEH__vectored YRP/vmdetect YRP/Check_FindWindowA_iat YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_threatExpert YRP/antivm_bios YRP/inject_thread YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32_table YRP/DES_sbox YRP/BASE64_table YRP/spyeye YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
b396dcdd2293ab25e4872acfca750da24c0932fae58d417c221246bb68e624a5	PE32	2022-03-06 22:01:46	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/SEH__vectored YRP/vmdetect YRP/Check_FindWindowA_iat YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_threatExpert YRP/antivm_bios YRP/inject_thread YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32_table YRP/DES_sbox YRP/BASE64_table YRP/spyeye YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
ae959ec221035442e7391bdadcd326a02a1117c00baedbfde9cab31b23f6efdf	PE32	2022-03-06 22:01:41	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/SEH__vectored YRP/vmdetect YRP/Check_FindWindowA_iat YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_threatExpert YRP/antivm_bios YRP/inject_thread YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32_table YRP/DES_sbox YRP/BASE64_table YRP/spyeye YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
a7b7e1c7ad47732718161378ea12e56fd30463ffe63bbde6e4b89262fe72e87c	PE32	2022-03-06 22:01:27	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/SEH__vectored YRP/vmdetect YRP/Check_FindWindowA_iat YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_threatExpert YRP/antivm_bios YRP/inject_thread YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32_table YRP/DES_sbox YRP/BASE64_table YRP/spyeye YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
9fabe904c834ce18def4f058cd5c04367db9cc3714963eca1afd27992eac3101	PE32	2022-03-06 22:01:21	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/SEH__vectored YRP/vmdetect YRP/Check_FindWindowA_iat YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_threatExpert YRP/antivm_bios YRP/inject_thread YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32_table YRP/DES_sbox YRP/BASE64_table YRP/spyeye YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
5c93a4ec7b5f9ba28d3c86b53f1766f5445ecb9b17dc39091046b04e55d9083a	PE32	2022-03-06 22:01:13	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/SEH__vectored YRP/vmdetect YRP/Check_FindWindowA_iat YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_threatExpert YRP/antivm_bios YRP/inject_thread YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32_table YRP/DES_sbox YRP/BASE64_table YRP/spyeye YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
5a6c12a58a90a144d69916c776baeffdbe446f963322d0b1c060c40015bbbc74	PE32	2022-03-06 22:01:07	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/SEH__vectored YRP/vmdetect YRP/Check_FindWindowA_iat YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_threatExpert YRP/antivm_bios YRP/inject_thread YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32_table YRP/DES_sbox YRP/BASE64_table YRP/spyeye YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
5339ed1ce76d0c89e3800cc10e6049164770870c046d23d2b626a5a3e8c4ae8d	PE32	2022-03-06 22:01:01	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/SEH__vectored YRP/vmdetect YRP/Check_FindWindowA_iat YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_threatExpert YRP/antivm_bios YRP/inject_thread YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32_table YRP/DES_sbox YRP/BASE64_table YRP/spyeye YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
9a7654ccf7e364dee40625a625f28fd5074fb89af80292a2cc041fb304bfc9a8	PE32	2022-03-06 22:00:55	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/SEH__vectored YRP/vmdetect YRP/Check_FindWindowA_iat YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_threatExpert YRP/antivm_bios YRP/inject_thread YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32_table YRP/DES_sbox YRP/BASE64_table YRP/spyeye YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
52a7b69c291f1fc198f0585371d35e6d013126ec8bf8416ff19dec0df5abb794	PE32	2022-03-06 22:00:48	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/SEH__vectored YRP/vmdetect YRP/Check_FindWindowA_iat YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_threatExpert YRP/antivm_bios YRP/inject_thread YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32_table YRP/DES_sbox YRP/BASE64_table YRP/spyeye YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
302422d0180ff35cd414c163df958506d188fcf9c8abfa688b61101dc36c02b8	PE32	2022-03-06 06:02:20	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain [+] YRP/contentis_base64 YRP/Dropper_Strings YRP/win_registry YRP/win_files_operation YRP/Prime_Constants_long
f59c37560c45b4867ef785164630cae8a4b61168976488afaa14cca966f1368d	PE32	2022-03-06 05:00:15	User Submission	CuckooSandbox/vmdetect YRP/possible_includes_base64_packed_functions YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/DebuggerHiding__Thread YRP/DebuggerException__SetConsoleCtrl YRP/vmdetect YRP/disable_dep YRP/escalate_priv YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers1 YRP/Prime_Constants_long YRP/Crypt32_CryptBinaryToString_API YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/Str_Win32_Winsock2_Library
40d3d85d378693e99aee596f0b6d4e33197fde57f397e33a82198c96efad46de	PE32	2022-03-06 02:00:54	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_v40_v50 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/DebuggerException__SetConsoleCtrl YRP/vmdetect YRP/escalate_priv YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Prime_Constants_long YRP/Crypt32_CryptBinaryToString_API YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/Str_Win32_Winsock2_Library
d97645f56a185c3501e768694cbaa8d1b6b9c2f134a6d4d465052e0ccd7666dd	PE32	2022-03-06 00:02:06	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/anti_dbg YRP/disable_dep YRP/inject_thread YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/keylogger YRP/sniff_audio YRP/cred_ff YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Big_Numbers2 YRP/Big_Numbers3 YRP/Prime_Constants_long YRP/RijnDael_AES YRP/Str_Win32_Winsock2_Library YRP/GenerateTLSClientHelloPacket_Test
676c70fdb372e71131f4fc6d42625d85b80e2cc2c37cb877bec7c69c4ded6f55	PE32	2022-03-05 17:01:53	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/DebuggerHiding__Thread YRP/DebuggerException__SetConsoleCtrl YRP/vmdetect YRP/disable_dep YRP/escalate_priv YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers1 YRP/Prime_Constants_long YRP/Crypt32_CryptBinaryToString_API YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/Str_Win32_Winsock2_Library
9ec8f988ff41765b68c6a4d29d259fafb62e97ad2d3633c43fbe0ab0dd12518d	PE32	2022-03-05 00:10:03	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/Check_Qemu_Description YRP/Check_Qemu_DeviceMap YRP/Check_VBox_Description YRP/Check_VBox_DeviceMap YRP/Check_VBox_Guest_Additions YRP/Check_VBox_VideoDrivers YRP/Check_VMWare_DeviceMap YRP/Check_VmTools YRP/WMI_VM_Detect YRP/vmdetect_misc YRP/Big_Numbers1 YRP/Big_Numbers2 YRP/Big_Numbers3 YRP/Big_Numbers4 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32b_poly_Constant YRP/BLOWFISH_Constants YRP/MD5_Constants YRP/RC6_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/TEAN YRP/DES_sbox YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table
8a0f23b8294eacf3d91de8e58159abefbbf0fdef1ffbebe0ee169357301867c5	PE32	2022-03-04 20:00:46	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/anti_dbg YRP/disable_dep YRP/inject_thread YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/keylogger YRP/sniff_audio YRP/cred_ff YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Big_Numbers2 YRP/Big_Numbers3 YRP/Prime_Constants_long YRP/RijnDael_AES YRP/Str_Win32_Winsock2_Library YRP/GenerateTLSClientHelloPacket_Test
d1ececa600d9b37a14dbdee36b5cd58a20932bf976cab21c461c42b96e79f196	PE32	2022-03-04 19:01:31	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/anti_dbg YRP/disable_dep YRP/inject_thread YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/keylogger YRP/sniff_audio YRP/cred_ff YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Big_Numbers2 YRP/Big_Numbers3 YRP/Prime_Constants_long YRP/RijnDael_AES YRP/Str_Win32_Winsock2_Library YRP/GenerateTLSClientHelloPacket_Test
048020114804099a71318c7f09ed18b195da4d081f88ac454ea0eb7e71ab7362	PE32	2022-03-04 02:02:33	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/anti_dbg YRP/disable_dep YRP/inject_thread YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/keylogger YRP/sniff_audio YRP/cred_ff YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Big_Numbers2 YRP/Big_Numbers3 YRP/Prime_Constants_long YRP/RijnDael_AES YRP/Str_Win32_Winsock2_Library YRP/GenerateTLSClientHelloPacket_Test
0a5c80d43ede4f8a426c1459ea359b8e23d16b656c831db794ff385e5ff235da	PE32	2022-03-03 02:03:02	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/anti_dbg YRP/disable_dep YRP/inject_thread YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/keylogger YRP/sniff_audio YRP/cred_ff YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Big_Numbers2 YRP/Big_Numbers3 YRP/Prime_Constants_long YRP/RijnDael_AES YRP/Str_Win32_Winsock2_Library YRP/GenerateTLSClientHelloPacket_Test
00c590d8d367caa741b5deed9f8e42541cdc16d7643d45ad2e4b82eb920eb3d3	PE32	2022-03-02 11:03:57	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/anti_dbg YRP/disable_dep YRP/inject_thread YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/keylogger YRP/sniff_audio YRP/cred_ff YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Big_Numbers2 YRP/Big_Numbers3 YRP/Prime_Constants_long YRP/RijnDael_AES YRP/Str_Win32_Winsock2_Library YRP/GenerateTLSClientHelloPacket_Test
00a511f69117f567864ff224295fbf6054666dd3e7cf7ef13ce48e725b68f743	PE32	2022-03-01 19:06:24	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/anti_dbg YRP/disable_dep YRP/inject_thread YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/keylogger YRP/sniff_audio YRP/cred_ff YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Big_Numbers2 YRP/Big_Numbers3 YRP/Prime_Constants_long YRP/RijnDael_AES YRP/Str_Win32_Winsock2_Library YRP/GenerateTLSClientHelloPacket_Test
4d773a3dadf90223f198e0fd9b30973d0bb8a4488c86b323cc4604605d524a5a	PE32	2022-02-28 21:01:36	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/anti_dbg YRP/disable_dep YRP/inject_thread YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/keylogger YRP/sniff_audio YRP/cred_ff YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Big_Numbers2 YRP/Big_Numbers3 YRP/Prime_Constants_long YRP/RijnDael_AES YRP/Str_Win32_Winsock2_Library YRP/GenerateTLSClientHelloPacket_Test
d780ca838863ff15183cbb2ea804fdb71eed52f228e9294a30751f5f9e69799e	PE32	2022-02-27 09:00:28	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/network_tcp_listen YRP/network_dns YRP/screenshot YRP/keylogger YRP/win_hook YRP/Big_Numbers1 YRP/Big_Numbers2 YRP/Big_Numbers3 YRP/Big_Numbers4 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/Advapi_Hash_API YRP/CRC32b_poly_Constant YRP/BLOWFISH_Constants YRP/MD5_Constants YRP/RC6_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/TEAN YRP/DES_sbox YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table YRP/CAP_HookExKeylogger
799ec17ce20d87ebe927ec99b24a3a4380556d5227a431caaee5e79c0a08854a	PE32	2022-02-25 19:01:40	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/anti_dbg YRP/disable_dep YRP/inject_thread YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/keylogger YRP/sniff_audio YRP/cred_ff YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Big_Numbers2 YRP/Big_Numbers3 YRP/Prime_Constants_long YRP/RijnDael_AES YRP/Str_Win32_Winsock2_Library YRP/GenerateTLSClientHelloPacket_Test
2e3051ee38be416469202eb564f51cfb96ff8e9a63103d99e12dcb2c6b000bd1	ELF	2022-02-25 10:09:54	User Submission	YRP/domain YRP/contentis_base64 YRP/android_meterpreter YRP/Big_Numbers4 [+] YRP/Prime_Constants_long YRP/SHA512_Constants YRP/DES_sbox YRP/BASE64_table
0c77dfbe9f7ffd39176805a96520fa14b9f686e9316869a0a1933eb90cf6258f	ELF	2022-02-25 10:09:52	User Submission	YRP/domain YRP/contentis_base64 YRP/android_meterpreter YRP/Big_Numbers4 [+] YRP/Prime_Constants_long YRP/SHA512_Constants YRP/DES_sbox YRP/BASE64_table
1584116aeede8202ea219d694d5b7f3a46500735a4f505f615ac8f24f9d4e5f9	MS-DOS	2022-02-25 06:00:44	User Submission	YRP/AHTeam_EP_Protector_03_fake_PCGuard_403_415_FEUERRADER YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasRichSignature YRP/powershell YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/ThreadControl__Context YRP/anti_dbg YRP/inject_thread YRP/network_http YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Prime_Constants_long YRP/RijnDael_AES YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API FlorianRoth/PowerShell_Susp_Parameter_Combo FlorianRoth/WiltedTulip_ReflectiveLoader FlorianRoth/ReflectiveLoader FlorianRoth/Beacon_K5om
d9e5dcac1e680220887d90b7a8afa0c8bbdd0f8f569bad470c8ec1cc5f6b5a72	PE32	2022-02-24 10:02:50	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/anti_dbg YRP/disable_dep YRP/inject_thread YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/keylogger YRP/sniff_audio YRP/cred_ff YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Big_Numbers2 YRP/Big_Numbers3 YRP/Prime_Constants_long YRP/RijnDael_AES YRP/Str_Win32_Winsock2_Library YRP/GenerateTLSClientHelloPacket_Test
f30c1165ef8dabaf0a6519cb1634a8408732c611c1e1d28d297ac19695193de1	ELF	2022-02-23 21:32:49	User Submission	CuckooSandbox/embedded_macho YRP/domain YRP/IP YRP/url [+] YRP/contentis_base64 YRP/android_meterpreter YRP/Big_Numbers1 YRP/Big_Numbers2 YRP/Big_Numbers3 YRP/Big_Numbers4 YRP/Big_Numbers5 YRP/Prime_Constants_char YRP/Prime_Constants_long YRP/BLOWFISH_Constants YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/DES_sbox YRP/BASE64_table
40edf052f2c3dc5e068ecaec76f7fa2141f2f950c663bd5fdc4a3b9fe08c230f	PE32	2022-02-23 18:36:33	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/anti_dbg YRP/Big_Numbers3 YRP/Prime_Constants_long YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants
55f210b030e9e87396d9c3452251e0e42a7a7fc321b51ade0bdecef153e090c4	PE32	2022-02-23 16:59:15	User Submission	YRP/possible_includes_base64_packed_functions YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/contentis_base64 YRP/Obfuscated_Strings YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32_table YRP/BLOWFISH_Constants YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/DES_sbox YRP/BASE64_table YRP/Delphi_CompareCall YRP/Delphi_Copy
68213d7ee40a84dc6133d39e866ecf0a99e45a52c9b2c685e83d0db72dc1f093	PE32	2022-02-23 16:07:07	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/create_service YRP/network_tcp_listen YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32_table YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/Ammyy_Admin_AA_v3 FlorianRoth/CN_Actor_RA_Tool_Ammyy_mscorsvw
f19e05da1067f4dbc25b48cda635a613e5353fdc19248f3d39654a80b9c35abc	PE32	2022-02-23 15:13:59	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/DES_sbox YRP/RsaRef2_NN_modExp YRP/RsaEuro_NN_modMult YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/suspicious_packer_section
1a550af23567aa4ac8d47a4a5809c25d977d336973ed5d152736393bead9bd2a	PE32	2022-02-23 02:27:38	User Submission	YRP/Visual_Cpp_2005_DLL_Microsoft YRP/Visual_Cpp_2003_DLL_Microsoft YRP/IsPE32 YRP/IsDLL [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/anti_dbg YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_files_operation YRP/win_hook YRP/Prime_Constants_long YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants
6e475f88970fdc247d8a8305f6bb81ff0cad0c427e6ea556f4250302a9b5acfd	PE32	2022-02-22 22:29:31	User Submission	YRP/IsPE32 YRP/IsDLL YRP/IsConsole YRP/HasDebugData [+] YRP/IsBeyondImageSize YRP/domain YRP/contentis_base64 YRP/Big_Numbers0 YRP/Prime_Constants_long YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG
eaa8707885c9c1389550f5efb47cde6e228a690fba02fecc6bdc0998309c13f6	PE32	2022-02-22 19:53:12	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/disable_antivirus YRP/network_tcp_socket YRP/screenshot YRP/win_registry YRP/win_private_profile YRP/win_files_operation YRP/Prime_Constants_long YRP/Str_Win32_Winsock2_Library
4771d3b3602f5592ee26e692dea24a1ed99e3c9b1b9078469b5aca478488c27e	PE32	2022-02-22 14:16:41	User Submission	YRP/ASProtect_v132 YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/inject_thread YRP/network_tcp_listen YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Big_Numbers2 YRP/Big_Numbers3 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32_table YRP/BLOWFISH_Constants YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/DES_Long YRP/RijnDael_AES YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/GenerateTLSClientHelloPacket_Test
3cf10a81dc2dc510f96fa211197498e86a3d387f26e516d2955dcd715c7e0be0	MS-DOS	2022-02-22 07:03:13	User Submission	YRP/Visual_Cpp_2005_DLL_Microsoft YRP/Visual_Cpp_2003_DLL_Microsoft YRP/IsPE32 YRP/IsDLL [+] YRP/IsWindowsGUI YRP/HasRichSignature YRP/powershell YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/ThreadControl__Context YRP/anti_dbg YRP/inject_thread YRP/network_http YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Prime_Constants_long YRP/RijnDael_AES YRP/BASE64_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API FlorianRoth/PowerShell_Susp_Parameter_Combo FlorianRoth/WiltedTulip_ReflectiveLoader FlorianRoth/ReflectiveLoader FlorianRoth/Beacon_K5om
8191c27aa7d7a53cb39d674dfc6391219a881b5bcadcc45afca76ea10bbf38ae	ELF	2022-02-20 11:38:42	User Submission	CuckooSandbox/embedded_win_api YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP [+] YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/android_meterpreter YRP/Prime_Constants_long YRP/LinuxBillGates YRP/ldpreload YRP/elknot_xor
c02c1a13a04ca7b5786ce763f8c5266f13468c4ef4b826c53206ed88cb7baf94	ELF	2022-02-20 11:38:27	User Submission	CuckooSandbox/embedded_win_api YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP [+] YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/android_meterpreter YRP/Prime_Constants_long YRP/LinuxBillGates YRP/ldpreload YRP/elknot_xor
9a67adfc3effed499dd9bd76a265f62953477c72bdff072eeb8273246ed0ac66	PE32	2022-02-18 19:17:46	User Submission	YRP/PureBasic_DLL_Neil_Hodgson YRP/PureBasic_DLL_Neil_Hodgson_additional YRP/UPXv20MarkusLaszloReiser YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser [+] YRP/PureBasicDLLNeilHodgson YRP/UPX20030XMarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsDLL YRP/IsConsole YRP/HasOverlay YRP/PureBasicDLL YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Browsers YRP/Dropper_Strings YRP/create_service YRP/network_udp_sock YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/UPX YRP/suspicious_packer_section
d39977e0e12ab2ca161406db2813d778392b83ded2ac17720db23de188b54abf	PE32	2022-02-18 03:02:56	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Misc_Suspicious_Strings YRP/network_tcp_socket YRP/escalate_priv YRP/win_token YRP/win_files_operation YRP/Prime_Constants_long YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/DES_sbox YRP/BASE64_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library
d6d43d42d59a2c9bef61d7b61c0007c0157bc1809fdce99817ae4f250ad8d85a	PE32	2022-02-17 23:29:44	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/SEH__vectored YRP/vmdetect YRP/Check_FindWindowA_iat YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_threatExpert YRP/antivm_bios YRP/inject_thread YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32_table YRP/DES_sbox YRP/BASE64_table YRP/spyeye YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
ab7055fb3e5657cc7e1cbeee83b22fb05478b16cbac5a34e90890b46b31c2b1e	PE32	2022-02-17 17:32:06	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Prime_Constants_long YRP/CRC32b_poly_Constant YRP/MD5_Constants YRP/DES_sbox YRP/BASE64_table
46091bf77918d1a9abed88f1950ab823e2ddb0a0f2b3f92f8eb4b96519d729c0	PE32	2022-02-17 16:37:32	User Submission	YRP/possible_includes_base64_packed_functions YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional [+] YRP/Microsoft_Visual_Cpp_50 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/with_images YRP/without_attachments YRP/with_urls YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/DebuggerHiding__Thread YRP/anti_dbg YRP/inject_thread YRP/hijack_network YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_tcp_socket YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Prime_Constants_long YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RsaRef2_NN_modExp YRP/RsaEuro_NN_modMult YRP/BASE64_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/UPX YRP/suspicious_packer_section
7493f662aecaf9db4d8e9121c831d87f09d236261b4d1347a98ef6242afd6d63	PE32	2022-02-17 16:22:51	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/win_files_operation YRP/Big_Numbers2 YRP/Prime_Constants_long YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/DES_Long YRP/RijnDael_AES YRP/BASE64_table YRP/Str_Win32_Winsock2_Library
1d6f0f1f528e3294e0063c5f3581ae4e1f8438d78208d51359b6fecf8be9069b	PE32	2022-02-17 12:30:22	User Submission	CuckooSandbox/vmdetect YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional [+] YRP/Microsoft_Visual_Cpp_50 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasModified_DOS_Message YRP/domain YRP/url YRP/contentis_base64 YRP/VirtualPC_Detection YRP/vmdetect YRP/anti_dbg YRP/inject_thread YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/Prime_Constants_long YRP/MD5_Constants YRP/RsaRef2_NN_modExp YRP/RsaEuro_NN_modMult
04f0479fa64f428deeee44db9faea856f3f6eebde4854114184cbafc2f6557b0	PE32+	2022-02-17 03:41:27	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/WMI_strings YRP/DebuggerCheck__QueryInfo YRP/DebuggerException__SetConsoleCtrl YRP/SEH__vectored YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/antisb_threatExpert YRP/win_registry YRP/win_files_operation YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32_table YRP/RijnDael_AES
bcb43c67709f4577967e3406c0bdee69bc6062582d813acf66f1d311f370ae08	PE32	2022-02-16 18:45:10	User Submission	YRP/MingWin32_GCC_3x YRP/Microsoft_Visual_Cpp_v71_DLL_Debug_additional YRP/MingWin32_v_h_additional YRP/MinGW_GCC_3x_additional [+] YRP/Dev_Cpp_4992_Bloodshed_Software YRP/Microsoft_Visual_Cpp_v71_DLL_Debug YRP/MinGW_GCC_3x YRP/MingWin32_GCC_3x_additional YRP/MingWin32_v_h YRP/Dev_Cue_4992_Bloodshed_Software YRP/MingWin32_Dev_Cpp_v4x_h_additional YRP/MingWin32_v YRP/MingWin32_Dev_Cpp_v4x_h YRP/MinGWGCC3x YRP/DevC4992BloodshedSoftware YRP/IsPE32 YRP/IsConsole YRP/HasOverlay YRP/MinGW_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/hijack_network YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/android_meterpreter YRP/Big_Numbers1 YRP/Big_Numbers2 YRP/Big_Numbers3 YRP/Prime_Constants_long YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/DES_Long YRP/OpenSSL_DSA YRP/RijnDael_AES YRP/BASE64_table YRP/spyeye YRP/Str_Win32_Winsock2_Library YRP/suspicious_packer_section
1f86759cec94a7fc427dd9dec190be256bc31ab58c9df3e3281f463db68e6ae7	PE32	2022-02-16 18:03:18	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/SEH__vectored YRP/vmdetect YRP/Check_FindWindowA_iat YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_threatExpert YRP/antivm_bios YRP/inject_thread YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32_table YRP/DES_sbox YRP/BASE64_table YRP/spyeye YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
d1cf40b3dd9373138876177b776b7dd7328996daaea9ee50e22e2cc2f967aa8c	PE32	2022-02-16 11:28:50	User Submission	YRP/UPXv20MarkusLaszloReiser YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/UPX20030XMarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 [+] YRP/IsDLL YRP/IsConsole YRP/IsPacked YRP/HasModified_DOS_Message YRP/domain YRP/IP YRP/contentis_base64 YRP/Browsers YRP/Dropper_Strings YRP/create_service YRP/network_udp_sock YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/UPX YRP/suspicious_packer_section
5a6be786fdf7035967e6859fd2910b0e955efcb1b8b29fd8c65819e6999b8dfe	PE32	2022-02-16 09:59:49	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature [+] YRP/domain YRP/contentis_base64 YRP/create_service YRP/network_http YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
30325573b25fc30f33fa3817f23ce1d9e29968d785d34b10977f2fe3651cd4a5	PE32	2022-02-16 09:58:27	User Submission	YRP/Visual_Cpp_2005_DLL_Microsoft YRP/Visual_Cpp_2003_DLL_Microsoft YRP/IsPE32 YRP/IsDLL [+] YRP/IsWindowsGUI YRP/HasRichSignature YRP/powershell YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/ThreadControl__Context YRP/anti_dbg YRP/inject_thread YRP/create_service YRP/network_http YRP/network_dns YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Prime_Constants_long YRP/RijnDael_AES YRP/BASE64_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API FlorianRoth/PowerShell_Susp_Parameter_Combo FlorianRoth/WiltedTulip_ReflectiveLoader FlorianRoth/ReflectiveLoader FlorianRoth/Beacon_K5om
2c6351a60f83ef185be9991b8ebfc11af7c29c59572a0b2af2471b10392614d7	ELF	2022-02-16 07:08:10	User Submission	CuckooSandbox/embedded_win_api YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP [+] YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/android_meterpreter YRP/Big_Numbers4 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/LinuxBillGates YRP/ldpreload
654d4bf3feac26ff54d7cb8f2e5aade1887ae927524c65850a13105abdbec07a	PE32	2022-02-16 06:04:23	User Submission	CuckooSandbox/vmdetect YRP/Armadillo_V500_V5X_Dll_Silicon_Realms_Toolworks YRP/Armadillo_V500_V5X_Dll_Silicon_Realms_Toolworks_SignByfly_additional YRP/Armadillo_V500_V5X_Dll_Silicon_Realms_Toolworks_SignByfly [+] YRP/IsPE32 YRP/IsDLL YRP/IsConsole YRP/IsPacked YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/VirtualPC_Detection YRP/DebuggerHiding__Active YRP/ThreadControl__Context YRP/vmdetect YRP/anti_dbg YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/network_ssl YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32_table YRP/BLOWFISH_Constants YRP/TEAN YRP/DES_Long YRP/Str_Win32_Winsock2_Library YRP/suspicious_packer_section
0a44f7a29907611784e77a492f03fbc3808f6380fac423653105e1f595c37a01	PE32	2022-02-16 01:07:46	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Antivirus YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/create_service YRP/network_http YRP/network_dropper YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RsaRef2_NN_modExp YRP/RsaEuro_NN_modInv YRP/RsaEuro_NN_modMult YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/suspicious_packer_section
361f73a559d46603a924801541a29760b9a50c67cf60d536f38972386f44afa4	ELF	2022-02-15 22:42:11	User Submission	CuckooSandbox/embedded_win_api YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP [+] YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/android_meterpreter YRP/Big_Numbers4 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/LinuxBillGates YRP/ldpreload YRP/suspicious_packer_section
2d3c861e23d1328b8d1467f88bb4370f2d1313189589ee2b8021fbad2f9c13aa	PE32	2022-02-15 21:44:25	User Submission	YRP/Visual_Cpp_2005_Release_Microsoft YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/Borland [+] YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData YRP/HasRichSignature YRP/borland_delphi_dll YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/DebuggerCheck__QueryInfo YRP/anti_dbg YRP/inject_thread YRP/network_udp_sock YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Big_Numbers3 YRP/Big_Numbers4 YRP/Prime_Constants_long YRP/Advapi_Hash_API YRP/BASE64_table YRP/Delphi_Random YRP/Delphi_RandomRange YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Delphi_DecodeDate YRP/Str_Win32_Winsock2_Library
a46649d0ef6a07a530f6082f91a102f127b235b8cb7bb1bd26f104bffcbad930	PE32	2022-02-15 06:01:29	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/anti_dbg YRP/disable_dep YRP/inject_thread YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/keylogger YRP/sniff_audio YRP/cred_ff YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/Big_Numbers2 YRP/Big_Numbers3 YRP/Prime_Constants_long YRP/RijnDael_AES YRP/Str_Win32_Winsock2_Library YRP/GenerateTLSClientHelloPacket_Test
63ac67025fb9d5f5ef19a9c9185a4569ab8d6562d1e4221bd3c695574e53b17a	MS-DOS	2022-02-15 00:27:29	User Submission	YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 [+] YRP/ThreadControl__Context YRP/anti_dbg YRP/inject_thread YRP/network_http YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Prime_Constants_long YRP/RijnDael_AES YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API FlorianRoth/ReflectiveLoader
e5c56709ee1369c7848f4d5c1a61635336b814473b6329950d488a77b2eab44e	MS-DOS	2022-02-15 00:27:14	User Submission	YRP/domain YRP/contentis_base64 YRP/ThreadControl__Context YRP/anti_dbg [+] YRP/inject_thread YRP/network_http YRP/network_tcp_socket YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Prime_Constants_long YRP/RijnDael_AES YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API FlorianRoth/ReflectiveLoader
501e0a251f6bcae3ffb16cc5e97206a4696e50aebdf515b4fe788998fee94763	MS-DOS	2022-02-15 00:27:09	User Submission	YRP/domain YRP/contentis_base64 YRP/ThreadControl__Context YRP/anti_dbg [+] YRP/inject_thread YRP/network_http YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Prime_Constants_long YRP/RijnDael_AES YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API FlorianRoth/ReflectiveLoader
c78ed9507d452df125af0a674792433f89ef05dc756c9b196904676c406e0971	MS-DOS	2022-02-15 00:26:54	User Submission	YRP/Visual_Cpp_2005_DLL_Microsoft YRP/Visual_Cpp_2003_DLL_Microsoft YRP/IsPE32 YRP/IsDLL [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/powershell YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/ThreadControl__Context YRP/anti_dbg YRP/inject_thread YRP/network_tcp_listen YRP/network_http YRP/network_tcp_socket YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Prime_Constants_long YRP/RijnDael_AES YRP/BASE64_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API FlorianRoth/PowerShell_Susp_Parameter_Combo FlorianRoth/WiltedTulip_ReflectiveLoader FlorianRoth/ReflectiveLoader FlorianRoth/Beacon_K5om
62f08d3eea98c4487b9a52cf04406d95a69c94c17855bda93afc7f1ed02e9774	MS-DOS	2022-02-15 00:24:23	User Submission	YRP/powershell YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain [+] YRP/IP YRP/url YRP/contentis_base64 YRP/ThreadControl__Context YRP/anti_dbg YRP/inject_thread YRP/network_http YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Prime_Constants_long YRP/RijnDael_AES YRP/BASE64_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API FlorianRoth/PowerShell_Susp_Parameter_Combo FlorianRoth/WiltedTulip_ReflectiveLoader FlorianRoth/ReflectiveLoader FlorianRoth/Beacon_K5om
3a43d79960766fa827e92f886e8167feb78cbe7e6e23296c86b0cfe846559c9a	MS-DOS	2022-02-15 00:23:32	User Submission	YRP/powershell YRP/domain YRP/IP YRP/url [+] YRP/contentis_base64 YRP/ThreadControl__Context YRP/anti_dbg YRP/inject_thread YRP/network_tcp_listen YRP/network_http YRP/network_tcp_socket YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Prime_Constants_long YRP/RijnDael_AES YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API FlorianRoth/PowerShell_Susp_Parameter_Combo FlorianRoth/WiltedTulip_ReflectiveLoader FlorianRoth/ReflectiveLoader FlorianRoth/Beacon_K5om
bb4519b11e2cf6ab00577807f21ef70be9090ed98a5d0e12963a99b257d8d0e5	MS-DOS	2022-02-15 00:23:10	User Submission	YRP/powershell YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain [+] YRP/IP YRP/url YRP/contentis_base64 YRP/ThreadControl__Context YRP/anti_dbg YRP/inject_thread YRP/network_http YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Prime_Constants_long YRP/RijnDael_AES YRP/BASE64_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API FlorianRoth/PowerShell_Susp_Parameter_Combo FlorianRoth/WiltedTulip_ReflectiveLoader FlorianRoth/ReflectiveLoader FlorianRoth/Beacon_K5om

Recent Searches
yrp/prime_constants_long
yrp/hmimyspacker10hmimys
yrp/contains_userform_object
yrp/phoenix_html5
yrp/escalate_priv
yrp/pe_protect_v09
yrp/fgint_convertbase256to64
yrp/sniff_audio
yrp/apt_equation_keyword
yrp/win_registry

Search

Recent Searches