MalShare

SHA256 Hash	File type	Added	Source	Yara Hits
e7dc967e475e7ad8d789385c2fead7e4301139d56e6b28c5b537a95e15e6c5b0	PE32+	2022-03-19 03:08:53	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/QtFrameWork YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/disable_antivirus YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/CRC32b_poly_Constant YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/suspicious_packer_section
4b2862a1665a62706f88304406b071a5c9a6b3093daadc073e174ac6d493f26c	Composite	2022-03-15 10:08:54	User Submission	CuckooSandbox/vmdetect YRP/office_document_vba YRP/Contains_VBA_macro_code YRP/domain [+] YRP/contentis_base64 YRP/maldoc_OLE_file_magic_number YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/vmdetect YRP/Big_Numbers2
d1144812715a8a677be08ab4f9fa964c337e192d38f4c32e6d97a8ea84e8c2ee	ASCII	2022-03-15 09:02:05	User Submission	YRP/domain YRP/contentis_base64 YRP/VirtualBox_Detection
6029310db6143242b0f1146267b8758686aae07aa21aeb48f44cad3ead8c67b2	PE32+	2022-03-12 03:01:41	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/QtFrameWork YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/disable_antivirus YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/CRC32b_poly_Constant YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/suspicious_packer_section
d42ae9509a110e4c8316bb71949c14a908f38277cbf6b4d2a216ba173aa24e55	PE32	2022-03-11 20:04:32	User Submission	CuckooSandbox/embedded_macho YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET [+] YRP/Microsoft_Visual_Studio_NET_additional YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/IsPacked YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/RE_Tools YRP/Antivirus YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/Base64d_PE YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__RemoteAPI YRP/anti_dbg YRP/network_smtp_dotNet YRP/keylogger YRP/win_hook YRP/vmdetect_misc YRP/Big_Numbers0 YRP/Big_Numbers3 YRP/CRC32_poly_Constant YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/Njrat YRP/UPX YRP/suspicious_packer_section
3e8e74d1eae290bdc15f21648c46eed660697cf1f40434442b00b7b05b8547c6	PE32	2022-03-11 07:01:50	User Submission	YRP/possible_includes_base64_packed_functions YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/NETexecutableMicrosoft [+] YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/Check_VBox_Guest_Additions YRP/Check_VBox_VideoDrivers YRP/Check_VmTools YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/disable_antivirus YRP/win_files_operation YRP/vmdetect_misc YRP/suspicious_packer_section
86dfcaef7029b83ff51b88cb8886bdfd16e12f61d85b8205ea4b4978f7f37c95	PE32	2022-03-09 23:01:27	User Submission	CuckooSandbox/vmdetect YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Misc_Suspicious_Strings YRP/vmdetect YRP/anti_dbg YRP/screenshot YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/vmdetect_misc YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library
e21670df59190d3739b19dd9e1d55d321c935ffa38796ddcb69dc85dbae3f4ad	PE32+	2022-03-09 16:47:18	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/RE_Tools YRP/Antivirus YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Misc_Suspicious_Strings YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antivm_virtualbox YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_tcp_socket YRP/network_dns YRP/win_files_operation YRP/vmdetect_misc YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/suspicious_packer_section
57b092a49d8e408c1dc6b5d15256291a0825fdc326d7559220b6631610580f46	PE32	2022-03-08 19:00:33	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/network_smtp_dotNet YRP/screenshot YRP/win_registry YRP/win_files_operation YRP/vmdetect_misc YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/DES_sbox YRP/with_sqlite
837a474947d80d86f1d35a59dbef26a14d184d015648b1e1d79937942a9eda44	PE32	2022-03-06 20:01:38	User Submission	CuckooSandbox/vmdetect YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional [+] YRP/Borland_Delphi_30_ YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/win_hook YRP/Delphi_CompareCall YRP/Delphi_Copy
9ec8f988ff41765b68c6a4d29d259fafb62e97ad2d3633c43fbe0ab0dd12518d	PE32	2022-03-05 00:10:03	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/Check_Qemu_Description YRP/Check_Qemu_DeviceMap YRP/Check_VBox_Description YRP/Check_VBox_DeviceMap YRP/Check_VBox_Guest_Additions YRP/Check_VBox_VideoDrivers YRP/Check_VMWare_DeviceMap YRP/Check_VmTools YRP/WMI_VM_Detect YRP/vmdetect_misc YRP/Big_Numbers1 YRP/Big_Numbers2 YRP/Big_Numbers3 YRP/Big_Numbers4 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32b_poly_Constant YRP/BLOWFISH_Constants YRP/MD5_Constants YRP/RC6_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/TEAN YRP/DES_sbox YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table
7419489a868b15e8391142ff161c6fce3a6ec16bd6882689fd63c6156e6a02db	PE32	2022-03-03 03:18:24	User Submission	CuckooSandbox/vmdetect YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/DebuggerException__SetConsoleCtrl YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/antisb_threatExpert YRP/disable_antivirus YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/MD5_Constants YRP/BASE64_table
6e1a26dfa802c7c824ea4672c756f5264182d73bfaeb2ad2bd19dd9382c920fb	PE32	2022-03-02 22:00:49	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/network_dns YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_hook YRP/vmdetect_misc YRP/Advapi_Hash_API YRP/BlackShades_4 YRP/CAP_HookExKeylogger FlorianRoth/Quasar_RAT_1 FlorianRoth/Quasar_RAT_2
8c14671aad9663d454e80c2a65f04431b80fb4faac65b4ac8ce9d696bb95e656	PE32	2022-03-02 03:14:14	User Submission	CuckooSandbox/vmdetect YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/win_registry YRP/win_files_operation YRP/vmdetect_misc YRP/MD5_Constants YRP/BASE64_table
2f686482508b30c567c3cc172f373992a00d2d9edc02032526120a293d0f7f1e	PE32	2022-02-28 03:07:57	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/HasDebugData YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/vmdetect_misc FlorianRoth/DragonFly_APT_Sep17_3
f5580e294d0b956d8abbd105a8c61853fb4bbe35be543d91d5ca300354804893	PE32	2022-02-27 03:29:14	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/HasDebugData YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/vmdetect_misc FlorianRoth/DragonFly_APT_Sep17_3
c33b16e12b88bc0e21a2bd7242941f1a84cd964ca2136c3f7fffddc60ba834a4	PE32	2022-02-26 23:00:28	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/RE_Tools YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/vmdetect_misc FlorianRoth/DragonFly_APT_Sep17_3
ea636271a6785a1ffcea45ad7e83b0b43be24d346bcc28a0f0e358e313d37687	PE32	2022-02-26 03:50:41	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/HasDebugData YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/vmdetect_misc FlorianRoth/DragonFly_APT_Sep17_3
afcfc229ccaddb4e7d9a0b3855839fdce59afd175137c0a7a5c4177e6505d60c	PE32+	2022-02-26 03:35:13	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsConsole [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/WMI_strings YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc
194991b0f7daf747731e34398320fe40f3801b615bbd8c2579c4955a38ed0331	PE32	2022-02-26 03:34:43	User Submission	CuckooSandbox/vmdetect YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/DebuggerException__SetConsoleCtrl YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/antisb_threatExpert YRP/disable_antivirus YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/MD5_Constants YRP/BASE64_table
5a867e72e3cf9aef5fca2829c4972296b5a22d4acbe31dbf5208aefc0252eead	PE32	2022-02-24 16:27:20	User Submission	CuckooSandbox/vmdetect YRP/Visual_Cpp_2005_DLL_Microsoft YRP/Visual_Cpp_2003_DLL_Microsoft YRP/IsPE32 [+] YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/HasModified_DOS_Message YRP/HasRichSignature YRP/powershell YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VirtualBox_Detection YRP/Misc_Suspicious_Strings YRP/DebuggerHiding__Active YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/network_udp_sock YRP/network_tcp_listen YRP/network_tcp_socket YRP/win_files_operation YRP/vmdetect_misc YRP/android_meterpreter YRP/Big_Numbers0 YRP/shylock YRP/Str_Win32_Winsock2_Library
080f12837e31a21f9decc69f193b77dacd983808c7880b49649a5f17f1ecd3e2	PE32	2022-02-24 15:06:46	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsConsole YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/Dropper_Strings YRP/Check_VBox_Guest_Additions YRP/Check_VBox_VideoDrivers YRP/Check_VmTools YRP/vmdetect_misc
9a0238cf203bc1923e1117e3808c34a9b0ccfc8d746ff50a930ed6656d74fec9	PE32	2022-02-24 12:30:03	User Submission	CuckooSandbox/vmdetect YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/HasModified_DOS_Message YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/vmdetect YRP/anti_dbg YRP/inject_thread YRP/create_service YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/vmdetect_misc YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API
923ff54ecf3f84c87d30b3c91ae29f42c1ee4d61d968ce7ff7f27faa093b16cc	PE32	2022-02-24 09:30:03	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsConsole YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/Dropper_Strings YRP/Check_VBox_Guest_Additions YRP/Check_VBox_VideoDrivers YRP/Check_VmTools YRP/vmdetect_misc
2b6b0c7339ede4d8081d5515f85e33c80d707e513d25072b537aa8f3fd4d6ffb	PE32+	2022-02-24 03:46:30	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/QtFrameWork YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/disable_antivirus YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/CRC32b_poly_Constant YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/suspicious_packer_section
2e6c64ea9cb0e4eff1334b645137c38d2a9459c6a059fb176437dad94c1fd803	PE32+	2022-02-24 03:13:51	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/disable_antivirus YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc
7236ed9f012387c785f469c79f1558e2711c14ab45e97f93795f8d7ac6805bd3	PE32+	2022-02-24 03:11:33	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/QtFrameWork YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/suspicious_packer_section
56f3ca698d6bea394d403b7cdc58df588d825ed932864ad55c34c6cd20c3e8fd	Dalvik	2022-02-23 21:32:32	User Submission	CuckooSandbox/embedded_pe CuckooSandbox/vmdetect YRP/domain YRP/IP [+] YRP/url YRP/contentis_base64 YRP/VirtualBox_Detection YRP/vmdetect YRP/android_meterpreter
007085c7015d2e5ee0aa5bfe33a3eb17147b25ff30d8c7d43b1cd486bf785da9	MS-DOS	2022-02-23 14:44:40	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay [+] YRP/HasDigitalSignature YRP/HasModified_DOS_Message YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VirtualBox_Detection YRP/anti_dbg YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/vmdetect_misc YRP/CRC32b_poly_Constant
ae5cb1e8cdf7c298ddcaec79334a954a8a34d98a58e3aa857c2f75373dcd08ec	PE32	2022-02-23 14:03:44	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsConsole YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/Dropper_Strings YRP/Check_VBox_Guest_Additions YRP/Check_VBox_VideoDrivers YRP/Check_VmTools YRP/vmdetect_misc
924b503c65ec75145b32cf76b0ddf008ed7f9e7cfd2c2eb4185a2cbb829a4a2e	MS-DOS	2022-02-23 09:23:51	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay [+] YRP/HasDigitalSignature YRP/HasModified_DOS_Message YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VirtualBox_Detection YRP/DebuggerCheck__QueryInfo YRP/anti_dbg YRP/inject_thread YRP/win_registry YRP/win_files_operation YRP/vmdetect_misc
ccec681be7ddecc8a09a3e418d0fead28688a2814c50b2726658d8762c58b9e2	PE32	2022-02-22 19:44:46	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/antisb_sandboxie YRP/antivm_vmware YRP/disable_dep YRP/inject_thread YRP/network_dropper YRP/network_tcp_socket YRP/escalate_priv YRP/keylogger YRP/sniff_audio YRP/cred_ff YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API
218897a49b086ffb193135caa46bbc28026faab889070820b638749f51d1e5eb	PE32	2022-02-22 13:00:39	User Submission	CuckooSandbox/vmdetect YRP/Visual_Cpp_2003_EXE_Microsoft YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Misc_Suspicious_Strings YRP/vmdetect YRP/network_tcp_listen YRP/screenshot YRP/win_registry YRP/win_files_operation YRP/vmdetect_misc YRP/android_meterpreter YRP/Str_Win32_Winsock2_Library YRP/suspicious_packer_section
c56792bea8ac5fbf893ae3df1be0c3c878a615db6b24fd5253e5cbbc2e3e1dd3	PE32	2022-02-21 20:15:50	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsDLL [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/System_Tools YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/DebuggerCheck__QueryInfo YRP/vmdetect YRP/anti_dbgtools YRP/antivm_virtualbox YRP/antivm_bios YRP/network_http YRP/network_dga YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/vmdetect_misc YRP/Advapi_Hash_API YRP/CRC32b_poly_Constant YRP/MD5_API YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
bd5bfb387b2a6ddae50569d3579859391826924cea61ec895854335911ed8e2b	PE32	2022-02-21 03:17:38	User Submission	CuckooSandbox/vmdetect YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/DebuggerException__SetConsoleCtrl YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/antisb_threatExpert YRP/disable_antivirus YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/MD5_Constants YRP/BASE64_table
2cee5fc50284f30fd8fc0fd78c703a02a5e4fde861cf73c95a95e51845efbf4d	HTML	2022-02-20 00:11:50	https://pastebin.com/rYsMt3vH	CuckooSandbox/embedded_pe YRP/domain YRP/IP YRP/url [+] YRP/contentis_base64 YRP/System_Tools YRP/VM_Generic_Detection YRP/VirtualBox_Detection YRP/Misc_Suspicious_Strings YRP/Check_VBox_Description YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers3
514d6dd120281bf303cad0b26288df55e719f4a5321884311dc43a10cfec1de6	HTML	2022-02-19 12:08:41	https://pastebin.com/rYsMt3vH	CuckooSandbox/embedded_pe YRP/domain YRP/IP YRP/url [+] YRP/contentis_base64 YRP/System_Tools YRP/VM_Generic_Detection YRP/VirtualBox_Detection YRP/Misc_Suspicious_Strings YRP/Check_VBox_Description YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers3
37b88a783a39c8217291509309c4154bd80cd1c7b581a41f2f4a0c6aca82f990	PE32	2022-02-19 06:39:34	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/VM_Generic_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbgtools YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/disable_antivirus YRP/inject_thread YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/cred_ff YRP/spreading_share YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/DarkComet_1 YRP/DarkComet_3 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet
d8cbd0df239989e75ff0a2465fe43c81ee244c50df2cf98b5af22e0e294f2b02	PE32	2022-02-18 08:00:29	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/HasDebugData YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/vmdetect_misc FlorianRoth/DragonFly_APT_Sep17_3
feadfb592e58fdd9db1de2bb384ef5031fc79d8bede991f5308b49145334e947	PE32	2022-02-18 07:27:40	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/borland_delphi YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/escalate_priv YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/Delphi_CompareCall YRP/Delphi_Copy
0f6dbbd33f333545a147c4b54c2d735a50005b139f60d6d9b8ccd3b40aa362d8	PE32	2022-02-18 04:57:15	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/D1S1Gv11betaD1N [+] YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/borland_delphi_dll YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/VM_Generic_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/Check_VBox_Description YRP/vmdetect YRP/anti_dbgtools YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/antivm_bios YRP/disable_antivirus YRP/inject_thread YRP/create_service YRP/network_udp_sock YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/sniff_audio YRP/cred_ff YRP/spreading_share YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/DarkComet_1 YRP/DarkComet_3 FlorianRoth/Typical_Malware_String_Transforms FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet
0cdb8b80e5b0ccd11a37ecb4b692839dd6d53c97d691025521b8afbc5cc696ba	PE32	2022-02-18 03:16:54	User Submission	CuckooSandbox/vmdetect YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/QtFrameWork YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/disable_antivirus YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/CRC32b_poly_Constant YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/suspicious_packer_section YRP/GenerateTLSClientHelloPacket_Test
4e6446a96b5441e746ee82cbebb26edf2f6a27f7f002bd49af677403368ec419	PE32	2022-02-18 03:14:16	User Submission	CuckooSandbox/vmdetect YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/DebuggerException__SetConsoleCtrl YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/antisb_threatExpert YRP/disable_antivirus YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/MD5_Constants YRP/BASE64_table
b315ad447078e9dbaad29b4d4652ee64371dc82ede0017444a6989320f56894d	PE32	2022-02-18 02:20:51	User Submission	CuckooSandbox/vmdetect YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Misc_Suspicious_Strings YRP/DebuggerException__SetConsoleCtrl YRP/vmdetect YRP/anti_dbg YRP/antivm_virtualbox YRP/antivm_vmware YRP/keylogger YRP/win_registry YRP/win_files_operation YRP/vmdetect_misc YRP/BLOWFISH_Constants YRP/BASE64_table YRP/VC8_Random YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Http_API YRP/suspicious_packer_section
5116c025903794c57640f12b9d8adb5ad349d3d429b3f4af02d5e99d30ec2da5	PE32	2022-02-18 02:14:52	User Submission	CuckooSandbox/vmdetect YRP/Borland YRP/D1S1Gv11betaD1N YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/borland_delphi YRP/borland_delphi_dll YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/VM_Generic_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbgtools YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/disable_antivirus YRP/inject_thread YRP/create_service YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/sniff_audio YRP/cred_ff YRP/spreading_share YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/DarkComet_1 YRP/DarkComet_3 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet
7bf61297da0ca37cb04713f82e668c580159f4f719060de88daffbe902a42bdf	PE32	2022-02-17 22:07:26	User Submission	CuckooSandbox/vmdetect YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional [+] YRP/Borland_Delphi_30_ YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/BobSoftMiniDelphiBoBBobSoft YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDigitalSignature YRP/borland_delphi YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Browsers YRP/VM_Generic_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/Check_Qemu_Description YRP/Check_Qemu_DeviceMap YRP/Check_VBox_Description YRP/Check_VBox_DeviceMap YRP/Check_VBox_VideoDrivers YRP/vmdetect YRP/antivm_vmware YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/FGint_FindPrimeGoodCurveAndPoint YRP/Delphi_CompareCall YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
1c289f9aeb483881a663bc4abdf127fcdd667d458de35990bcdca2008924fca2	PE32	2022-02-17 21:25:02	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsPacked YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
516291b27f4c244b3ff74d81dc4c7ba3cb56c7a660d202873ba53301bb426db9	PE32	2022-02-17 21:13:31	User Submission	CuckooSandbox/vmdetect YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature [+] YRP/maldoc_getEIP_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/vmdetect YRP/antivm_virtualbox YRP/disable_antivirus YRP/network_dropper YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/vmdetect_misc YRP/Advapi_Hash_API YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API
c3bb392786ee57c99e865ba075cd7ae31c9856c386728b544410f99fa8f86146	PE32	2022-02-17 12:58:57	User Submission	CuckooSandbox/vmdetect YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional [+] YRP/Borland_Delphi_30_ YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/BobSoftMiniDelphiBoBBobSoft YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDigitalSignature YRP/borland_delphi YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Browsers YRP/VM_Generic_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/Check_Qemu_Description YRP/Check_Qemu_DeviceMap YRP/Check_VBox_Description YRP/Check_VBox_DeviceMap YRP/Check_VBox_VideoDrivers YRP/vmdetect YRP/antivm_vmware YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/FGint_FindPrimeGoodCurveAndPoint YRP/Delphi_CompareCall YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
66e58ae7bc60cce88a3aa7a455c883d2f4c492254801fb6a186a292ae935754a	PE32	2022-02-17 12:45:42	User Submission	CuckooSandbox/vmdetect YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional [+] YRP/Borland_Delphi_30_ YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/System_Tools YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/keylogger YRP/win_registry YRP/win_files_operation YRP/Delphi_CompareCall YRP/Delphi_Copy
96db17cb0f187ca58c8108a444068cd4c51af74c8d9b058084f13db53d7541b4	PE32	2022-02-17 12:33:18	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Basic_v50v60 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 [+] YRP/Microsoft_Visual_Basic_v50_additional YRP/Microsoft_Visual_Basic_v50v60_additional YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasRichSignature YRP/IsSuspicious YRP/domain YRP/contentis_base64 YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/SEH__vba YRP/vmdetect YRP/anti_dbg YRP/antivm_virtualbox YRP/inject_thread YRP/win_registry YRP/win_files_operation YRP/Big_Numbers0 YRP/Delphi_CompareCall YRP/Delphi_Copy
f0701ecae15c65f23eecdab3a790827e02403c02e1f03f7ad1cfac1b3e27a8bd	PE32	2022-02-17 10:13:51	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/D1S1Gv11betaD1N [+] YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/borland_delphi_dll YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/VM_Generic_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbgtools YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/disable_antivirus YRP/inject_thread YRP/create_service YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/sniff_audio YRP/cred_ff YRP/spreading_share YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/DarkComet_1 YRP/DarkComet_3 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet
62ac72833b88e267da358a23c6360ab40eb403b74f33a60d340c64542d21b181	PE32	2022-02-17 09:59:44	User Submission	CuckooSandbox/vmdetect YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional [+] YRP/Borland_Delphi_30_ YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/BobSoftMiniDelphiBoBBobSoft YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDigitalSignature YRP/borland_delphi YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Browsers YRP/VM_Generic_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/Check_Qemu_Description YRP/Check_Qemu_DeviceMap YRP/Check_VBox_Description YRP/Check_VBox_DeviceMap YRP/Check_VBox_VideoDrivers YRP/vmdetect YRP/antivm_vmware YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/FGint_FindPrimeGoodCurveAndPoint YRP/Delphi_Random YRP/Delphi_CompareCall YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
061df43675030dad921664329f0dbea416efd69c46430cefb9080c35fbb863f3	PE32	2022-02-17 09:18:11	User Submission	CuckooSandbox/vmdetect YRP/AHTeam_EP_Protector_03_fake_PCGuard_403_415_FEUERRADER YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsPacked YRP/HasOverlay YRP/domain YRP/contentis_base64 YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/vmdetect YRP/anti_dbg YRP/antivm_virtualbox YRP/inject_thread YRP/win_registry YRP/win_files_operation
3a6be3abc429d773411dbbb20b89c915f96f62a936231880d473ae6d26c2a008	PE32	2022-02-17 06:22:22	User Submission	CuckooSandbox/vmdetect YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional [+] YRP/Borland_Delphi_30_ YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional YRP/Borland_Delphi_v60_v70 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/BobSoftMiniDelphiBoBBobSoft YRP/IsPE32 YRP/IsWindowsGUI YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/RE_Tools YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antivm_virtualbox YRP/screenshot YRP/keylogger YRP/spreading_file YRP/win_registry YRP/win_files_operation YRP/win_hook YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Delphi_DecodeDate
9faaeca2b98a8fa3948b3fe5fc6ecb6d328f42f5fe929b1653a7a49e5b0f9818	PE32+	2022-02-17 03:27:10	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/QtFrameWork YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/disable_antivirus YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/CRC32b_poly_Constant YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/suspicious_packer_section
468e7bf4683f3683ead964271f0ff17902c0458040689431d8d8e9ba40b121c0	PE32	2022-02-17 02:17:58	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/VM_Generic_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbgtools YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/disable_antivirus YRP/inject_thread YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/cred_ff YRP/spreading_share YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/DarkComet_1 YRP/DarkComet_3 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet
b501a88bc7ef59905977a817c10dea64640a2c7237c57882359e87795d88b720	PE32	2022-02-17 01:36:27	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Basic_v50v60 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 [+] YRP/Microsoft_Visual_Basic_v50_additional YRP/Microsoft_Visual_Basic_v50v60_additional YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/SEH__vba YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
a6c2de44816b18ee569ad1503ab02b8a23e79bcb1e5d41158ff3afce294f0b83	PE32	2022-02-17 00:20:42	User Submission	CuckooSandbox/vmdetect YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Misc_Suspicious_Strings YRP/DebuggerException__SetConsoleCtrl YRP/vmdetect YRP/anti_dbg YRP/antivm_virtualbox YRP/antivm_vmware YRP/keylogger YRP/win_registry YRP/win_files_operation YRP/vmdetect_misc YRP/BLOWFISH_Constants YRP/BASE64_table YRP/VC8_Random YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Http_API
20c8a6d277974d84fe3b55c13f3333215689aeb3732cb9a0749fbfe186bb6a56	PE32	2022-02-16 22:57:32	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsPacked YRP/borland_delphi YRP/domain YRP/contentis_base64 YRP/Browsers YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/DebuggerCheck__QueryInfo YRP/vmdetect YRP/anti_dbg YRP/antivm_virtualbox YRP/inject_thread YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Delphi_CompareCall YRP/Delphi_Copy
6fcfdae466a526d417a053205db10b19d858fe255f86283059f8f2fc970cb8ec	PE32	2022-02-16 20:28:32	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/VM_Generic_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/disable_antivirus YRP/inject_thread YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/cred_ff YRP/spreading_share YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/DarkComet_1
5d6a26411caf66eb5dded7beb8cbba5026264fc30830d26d848159c1c3b16e22	PE32	2022-02-16 19:37:35	User Submission	YRP/Microsoft_Visual_C_Basic_NET YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE [+] YRP/IsWindowsGUI YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/network_dns YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_hook YRP/vmdetect_misc YRP/Advapi_Hash_API YRP/BlackShades_4 YRP/CAP_HookExKeylogger FlorianRoth/Quasar_RAT_1 FlorianRoth/Quasar_RAT_2
be2cb75049def7afcbd979674225cd7eb62d88643bb08e5009167ac85fbab1ce	PE32	2022-02-16 12:27:17	User Submission	CuckooSandbox/vmdetect YRP/Petite_v22_Compresor_wwwun4seencompetite YRP/PEtite_v21 YRP/FSG_v110_Eng_dulekxt_Borland_Delphi_Borland_Cpp_additional [+] YRP/Petite_v21_2_additional YRP/Petite_v22_wwwun4seencompetite_additional YRP/PackerPetite_v22_Compresor_wwwun4seencompetite YRP/Petite_v22_wwwun4seencompetite YRP/PEtite_v21_additional YRP/Petite_v21_2_Hint_WIN_EP YRP/Petite_v21_2 YRP/PEtite_v21_Ian_Luck YRP/Borland YRP/Petite21 YRP/Petitev212 YRP/PEtitev21 YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/IsBeyondImageSize YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/Delphi_CompareCall YRP/Delphi_Copy
44e2edce834401b4f7f0ee70a2e643dff2331e57c11cac09ad07af509bcc981d	PE32	2022-02-16 05:10:48	User Submission	CuckooSandbox/vmdetect YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional [+] YRP/Borland_Delphi_30_ YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/BobSoftMiniDelphiBoBBobSoft YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDigitalSignature YRP/borland_delphi YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Browsers YRP/VM_Generic_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/Check_Qemu_Description YRP/Check_Qemu_DeviceMap YRP/Check_VBox_Description YRP/Check_VBox_DeviceMap YRP/Check_VBox_VideoDrivers YRP/vmdetect YRP/antivm_vmware YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/FGint_FindPrimeGoodCurveAndPoint YRP/Delphi_CompareCall YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
2595f5c96528f07e2b498720e49c765bb299937706f73e08765cdc68266ea573	PE32	2022-02-16 04:41:00	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsPacked YRP/borland_delphi YRP/domain YRP/contentis_base64 YRP/Browsers YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/DebuggerCheck__QueryInfo YRP/vmdetect YRP/anti_dbg YRP/antivm_virtualbox YRP/inject_thread YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Delphi_CompareCall YRP/Delphi_Copy
3d8b0765572e802582d7f7cf81999b0e050e70582ca0b86b0a145e2b383c8305	PE32+	2022-02-16 03:32:36	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/QtFrameWork YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/suspicious_packer_section
0cdf4c2e3f8d62fdfc923282a7acf1ac1ff0c80f0d987784e4804681ac8bb854	PE32	2022-02-16 03:00:55	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/domain YRP/IP YRP/contentis_base64 YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/disable_dep YRP/keylogger YRP/Big_Numbers1 YRP/Njrat YRP/njrat1 FlorianRoth/DragonFly_APT_Sep17_3 BAMFDetect/njrat
2fb327f002d91d2b6539cdc2e5133564b296d196186f8121d3363b270afb38c8	PE32	2022-02-16 00:38:07	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/VM_Generic_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_sandboxie YRP/antivm_virtualbox YRP/disable_antivirus YRP/inject_thread YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/cred_ff YRP/spreading_share YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/DarkComet_1
b1df775c79f1ba88a1875c31b1c3945f1d86bce4c25126879f3c9bb0e2a72c90	PE32	2022-02-15 21:34:49	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/domain YRP/IP YRP/contentis_base64 YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/disable_dep YRP/keylogger YRP/Big_Numbers1 YRP/Njrat YRP/njrat1 FlorianRoth/DragonFly_APT_Sep17_3 BAMFDetect/njrat
b0cb7c93c134c4ed2774401094536b19fe4ef6a99cfd9bd30a77a0411dc675f4	PE32	2022-02-15 19:46:55	User Submission	CuckooSandbox/vmdetect YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional [+] YRP/Borland_Delphi_30_ YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/BobSoftMiniDelphiBoBBobSoft YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasDigitalSignature YRP/borland_delphi YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Browsers YRP/VM_Generic_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/Check_Qemu_Description YRP/Check_Qemu_DeviceMap YRP/Check_VBox_Description YRP/Check_VBox_DeviceMap YRP/Check_VBox_VideoDrivers YRP/vmdetect YRP/antivm_vmware YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/Delphi_CompareCall YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
a77e8af286a1aba968d2e1eb530f31ceb01a3c85858f4004f52eaf87919f6e98	PE32	2022-02-14 06:54:52	User Submission	CuckooSandbox/vmdetect YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/NETexecutableMicrosoft [+] YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/Check_VBox_Guest_Additions YRP/Check_VBox_VideoDrivers YRP/Check_VmTools YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/win_files_operation YRP/vmdetect_misc YRP/suspicious_packer_section
3df4ff6d716d1cee128d1402ff080954b29e822570fddb008d98014cf6a7b3e1	ASCII	2022-02-14 00:34:47	User Submission	CuckooSandbox/vmdetect YRP/possible_includes_base64_packed_functions YRP/domain YRP/contentis_base64 [+] YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/vmdetect YRP/suspicious_packer_section
15758e91ed9bbead48c23b487dc945343532b898a6bb0639160850df4e8c4817	PE32	2022-02-13 16:01:04	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v4x YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Check_Dlls YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antisb_joesanbox YRP/antisb_anubis YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/antisb_cwsandbox YRP/antivm_virtualbox YRP/inject_thread YRP/dyndns YRP/cred_local YRP/cred_ff YRP/cred_ie7 YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/CyberGate FlorianRoth/RAT_CyberGate KevTheHermit/CyberGate BAMFDetect/CyberGate
1fde0ef192d704b3d46679be28cc76930036cb85f80b199e0ce9d86662d50ef3	PE32+	2022-02-13 03:01:54	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/QtFrameWork YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/disable_antivirus YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/CRC32b_poly_Constant YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/suspicious_packer_section
53aa4151c8226fb34ec33a22ba52fe2533b3ab5aa133247782b5f5ab9d60dbcf	PE32	2022-02-12 19:00:31	User Submission	YRP/possible_includes_base64_packed_functions YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/NETexecutableMicrosoft [+] YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasDebugData YRP/HasRichSignature YRP/powershell YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Antivirus YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/Check_VBox_Guest_Additions YRP/Check_VBox_VideoDrivers YRP/Check_VmTools YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/disable_antivirus YRP/screenshot YRP/win_files_operation YRP/vmdetect_misc YRP/Big_Numbers1 YRP/suspicious_packer_section
47bb9cef4ce1c7ed176a6001c981d173739cefe5cf4928ea542293b89f58ff5b	PE32	2022-02-12 03:14:18	User Submission	CuckooSandbox/vmdetect YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/DebuggerException__SetConsoleCtrl YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/antisb_threatExpert YRP/disable_antivirus YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/MD5_Constants YRP/BASE64_table
8e9c554fa5ffdbb5e47c96786ea3df24f8ffd2411216eedbe45acb7f5ff1ef27	PE32	2022-02-10 17:20:35	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/HasDebugData YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/Check_Dlls YRP/keylogger YRP/vmdetect_misc YRP/Big_Numbers1 FlorianRoth/Andromeda_MalBot_Jun_1A
9656906b48ccc4208a3ae519f91d2df56a60d9fb3ac8884f1c11bef1b3643ccd	PE32+	2022-02-09 03:11:17	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/QtFrameWork YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/disable_antivirus YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/CRC32b_poly_Constant YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/suspicious_packer_section
9ed684c16d180e8fad345ad752c38d982c4bd87852ce36bf22ba881b4d9521f2	PE32	2022-02-08 07:38:14	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings FlorianRoth/DragonFly_APT_Sep17_3
fef984d0cfaacd9e1685f796788009e017649a9485e7927a61968007f6e05bcd	PE32	2022-02-08 05:36:03	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/domain YRP/IP YRP/contentis_base64 YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/disable_dep YRP/keylogger YRP/Big_Numbers1 YRP/Njrat YRP/njrat1 FlorianRoth/DragonFly_APT_Sep17_3 BAMFDetect/njrat
b6be0eb33cdc7f4613b8cbcab90dacf59969b30099ac2783594ca9e4291566ac	PE32	2022-02-04 18:12:02	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_v40_v50 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/network_tcp_listen YRP/network_tcp_socket YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_files_operation YRP/vmdetect_misc YRP/Big_Numbers1 YRP/MD5_Constants YRP/Str_Win32_Winsock2_Library
d5f079fb049c650bee2274b47d4e762b7b519cb8eb604c30e54b6bcd5aadb7c6	PE32	2022-02-03 16:04:47	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/Check_Qemu_Description YRP/Check_Qemu_DeviceMap YRP/Check_VBox_Description YRP/Check_VBox_DeviceMap YRP/Check_VBox_Guest_Additions YRP/Check_VBox_VideoDrivers YRP/Check_VMWare_DeviceMap YRP/Check_VmTools YRP/WMI_VM_Detect YRP/network_tcp_listen YRP/win_files_operation YRP/vmdetect_misc YRP/Big_Numbers1 YRP/Big_Numbers2 YRP/Big_Numbers3 YRP/Big_Numbers4 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32b_poly_Constant YRP/BLOWFISH_Constants YRP/MD5_Constants YRP/RC6_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/TEAN YRP/DES_sbox YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table FlorianRoth/Quasar_RAT_1
7b35814be8376bdf8465e94ccb758b1cc378b055713dcd75be748e19b948a77a	PE32	2022-02-03 16:04:40	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsConsole YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/Dropper_Strings YRP/Check_VBox_Guest_Additions YRP/Check_VBox_VideoDrivers YRP/Check_VmTools YRP/vmdetect_misc
7763ee2c06901c059d8ac2cbe197b0624b9a0cefa8fa731b2af831ee6966739a	PE32+	2022-01-28 03:16:22	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/QtFrameWork YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/disable_antivirus YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/CRC32b_poly_Constant YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/suspicious_packer_section
52791ea2cf55eb5ea5334c1e45e9b60b18deb0cb6f1acf36d74502bf9de40115	PE32	2022-01-28 03:15:54	User Submission	CuckooSandbox/vmdetect YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/DebuggerException__SetConsoleCtrl YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/antisb_threatExpert YRP/disable_antivirus YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/MD5_Constants YRP/BASE64_table
8abad19b24dc958d9f3efe6588c41e10530941ed1b6ab690b94c44af15b85f92	PE32+	2022-01-28 03:00:57	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/QtFrameWork YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/disable_antivirus YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/CRC32b_poly_Constant YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/suspicious_packer_section
11513e7948c07f47ebc09a0c7a83a73d4ea766c7b262e5db284eefea03ea718d	PE32+	2022-01-24 16:50:20	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsConsole [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/VirtualBox_Detection YRP/DebuggerCheck__RemoteAPI YRP/vmdetect YRP/Check_Debugger YRP/anti_dbg YRP/antivm_virtualbox YRP/inject_thread YRP/win_files_operation YRP/vmdetect_misc FlorianRoth/DragonFly_APT_Sep17_3
5cfbeff8a33f79df7814b73cde273fd859ef8695488bca70e5b72918fed44632	PE32	2022-01-15 03:03:06	User Submission	CuckooSandbox/vmdetect YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/DebuggerException__SetConsoleCtrl YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/antisb_threatExpert YRP/disable_antivirus YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/MD5_Constants YRP/BASE64_table
b05b740309562ab6160cc3eb8ed2f0dd839d53c6c71f67bf40aeeb3f580eeb0a	PE32	2022-01-14 15:02:17	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/IsPacked YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/Dropper_Strings YRP/Check_VBox_Guest_Additions YRP/Check_VBox_VideoDrivers YRP/Check_VmTools YRP/disable_dep YRP/network_dns YRP/win_registry YRP/vmdetect_misc YRP/Nanocore_RAT_Gen_2 YRP/NanoCore FlorianRoth/RAT_NanoCore FlorianRoth/Nanocore_RAT_Gen_2 KevTheHermit/NanoCore BAMFDetect/NanoCore
9d62846d2589f314d9cd3f45a521eef246174b2b388462fb8bfecfb3847631fd	PE32	2022-01-12 16:02:08	User Submission	YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/Check_Qemu_Description YRP/Check_Qemu_DeviceMap YRP/Check_VBox_Description YRP/Check_VBox_DeviceMap YRP/Check_VBox_Guest_Additions YRP/Check_VBox_VideoDrivers YRP/Check_VMWare_DeviceMap YRP/Check_VmTools YRP/WMI_VM_Detect YRP/network_tcp_listen YRP/win_files_operation YRP/vmdetect_misc YRP/Big_Numbers1 YRP/Big_Numbers2 YRP/Big_Numbers3 YRP/Big_Numbers4 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32b_poly_Constant YRP/BLOWFISH_Constants YRP/MD5_Constants YRP/RC6_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/TEAN YRP/DES_sbox YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table FlorianRoth/Quasar_RAT_1
d26cea6912e11e87d9fa8782f69b01d38c4e8d40c9548341629b8281f9aa2ab0	PE32	2022-01-10 10:00:55	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/domain YRP/IP YRP/contentis_base64 YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/disable_dep YRP/keylogger YRP/Big_Numbers1 YRP/Njrat YRP/njrat1 FlorianRoth/DragonFly_APT_Sep17_3 BAMFDetect/njrat
061d0bf70bd333159f63aa7bf4f05d51c6056e634df5fc2368f376b54585b530	PE32	2022-01-06 17:00:13	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/domain YRP/IP YRP/contentis_base64 YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/disable_dep YRP/keylogger YRP/Big_Numbers1 YRP/Njrat YRP/njrat1 FlorianRoth/DragonFly_APT_Sep17_3 BAMFDetect/njrat
eb04b667e689cafae2c6057b63b489c77f8472d49a82fb2c10f561c67fb13b7b	PE32	2022-01-05 21:01:43	User Submission	YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/Check_Qemu_Description YRP/Check_Qemu_DeviceMap YRP/Check_VBox_Description YRP/Check_VBox_DeviceMap YRP/Check_VBox_Guest_Additions YRP/Check_VBox_VideoDrivers YRP/Check_VMWare_DeviceMap YRP/Check_VmTools YRP/WMI_VM_Detect YRP/network_tcp_listen YRP/win_files_operation YRP/vmdetect_misc YRP/Big_Numbers1 YRP/Big_Numbers2 YRP/Big_Numbers3 YRP/Big_Numbers4 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32b_poly_Constant YRP/BLOWFISH_Constants YRP/MD5_Constants YRP/RC6_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/TEAN YRP/DES_sbox YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table FlorianRoth/Quasar_RAT_1
e56bedd1e87902a99a32f20b082af4677606f8efa1bd1e5913ee0e9615980171	PE32+	2022-01-05 16:00:48	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsConsole [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Misc_Suspicious_Strings YRP/vmdetect YRP/anti_dbg YRP/vmdetect_misc FlorianRoth/DragonFly_APT_Sep17_3
a5b724d81201a0e45b3af7313440a47cdd67ff1843990109a7e25ecfaeee0256	PE32	2022-01-05 14:01:11	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/Check_Qemu_Description YRP/Check_Qemu_DeviceMap YRP/Check_VBox_Description YRP/Check_VBox_DeviceMap YRP/Check_VBox_Guest_Additions YRP/Check_VBox_VideoDrivers YRP/Check_VMWare_DeviceMap YRP/Check_VmTools YRP/WMI_VM_Detect YRP/network_tcp_listen YRP/win_files_operation YRP/vmdetect_misc YRP/Big_Numbers1 YRP/Big_Numbers2 YRP/Big_Numbers3 YRP/Big_Numbers4 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32b_poly_Constant YRP/BLOWFISH_Constants YRP/MD5_Constants YRP/RC6_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/TEAN YRP/DES_sbox YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table FlorianRoth/Quasar_RAT_1
51102f9bd99597f27a0fe951c3eb3f5e6282479c0025a6513bcfeb2fab30050d	PE32+	2021-12-30 03:08:06	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/QtFrameWork YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/disable_antivirus YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/CRC32b_poly_Constant YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/suspicious_packer_section
97445a651bd56279e64a3f4bf79e454205e00bc84c7b500b0e69e30a93e85075	PE32	2021-12-28 16:34:41	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/domain YRP/IP YRP/contentis_base64 YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/disable_dep YRP/keylogger YRP/Big_Numbers1 YRP/Njrat YRP/njrat1 FlorianRoth/DragonFly_APT_Sep17_3 BAMFDetect/njrat
d06072f959d895f2fc9a57f44bf6357596c5c3410e90dabe06b171161f37d690	PE32	2021-12-21 18:02:34	User Submission	YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/Check_Qemu_Description YRP/Check_Qemu_DeviceMap YRP/Check_VBox_Description YRP/Check_VBox_DeviceMap YRP/Check_VBox_Guest_Additions YRP/Check_VBox_VideoDrivers YRP/Check_VMWare_DeviceMap YRP/Check_VmTools YRP/WMI_VM_Detect YRP/network_tcp_listen YRP/win_files_operation YRP/vmdetect_misc YRP/Big_Numbers1 YRP/Big_Numbers2 YRP/Big_Numbers3 YRP/Big_Numbers4 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32b_poly_Constant YRP/BLOWFISH_Constants YRP/MD5_Constants YRP/RC6_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/TEAN YRP/DES_sbox YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table FlorianRoth/Quasar_RAT_1
6409d3f3daa33f1e7cef02f4481954d6618a595fdfed57541566bbf1605d7c62	PE32	2021-12-21 16:01:26	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/Check_Qemu_Description YRP/Check_Qemu_DeviceMap YRP/Check_VBox_Description YRP/Check_VBox_DeviceMap YRP/Check_VBox_Guest_Additions YRP/Check_VBox_VideoDrivers YRP/Check_VMWare_DeviceMap YRP/Check_VmTools YRP/WMI_VM_Detect YRP/network_tcp_listen YRP/win_files_operation YRP/vmdetect_misc YRP/Big_Numbers1 YRP/Big_Numbers2 YRP/Big_Numbers3 YRP/Big_Numbers4 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32b_poly_Constant YRP/BLOWFISH_Constants YRP/MD5_Constants YRP/RC6_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/TEAN YRP/DES_sbox YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table FlorianRoth/Quasar_RAT_1
8ee30990f1667454b11233eb08689204409010441b51faa83d335db65b2ece47	PE32	2021-12-20 10:03:41	User Submission	YRP/Microsoft_Visual_Basic_v50v60 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 YRP/Microsoft_Visual_Basic_v50_additional [+] YRP/Microsoft_Visual_Basic_v50v60_additional YRP/NETDLLMicrosoft YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Browsers YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/SEH__vba YRP/antisb_sandboxie YRP/antivm_vmware YRP/disable_dep YRP/inject_thread YRP/network_smtp_dotNet YRP/network_dropper YRP/network_tcp_socket YRP/escalate_priv YRP/keylogger YRP/sniff_audio YRP/cred_ff YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/CRC32_poly_Constant YRP/Njrat YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API

Recent Searches
yrp/virtualbox_detection
yrp/acprotectv135riscosoftwareincanticracksoftware
yrp/vmware_detection
yrp/escargot_01_final_ppmeat
yrp/vx_cih_version_12_ttit_win95cih_hint_win_ep
yrp/nullsoft_install_system_v20b4
yrp/ddostf
yrp/ipb_protect_013_017_forgot
yrp/shifu
yrp/mew_11_se_v12_northfoxhcc

Search

Recent Searches