MalShare

SHA256 Hash	File type	Added	Source	Yara Hits
f8387a0763ef2d274be88e12a555d5ecd5cec3740781f42e266fbf1f414da107	PE32+	2021-12-16 04:53:24	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsConsole YRP/HasOverlay [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/anti_dbg YRP/create_service YRP/win_registry YRP/win_files_operation YRP/BASE64_table
1a29224b301b9319868504d60570d906e104fdbdaebea43ba46912265a559d64	PE32+	2021-12-16 04:05:15	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsConsole YRP/HasOverlay [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/DebuggerHiding__Active YRP/DebuggerException__SetConsoleCtrl YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/antisb_threatExpert YRP/create_service YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/BASE64_table
fbe6c6b265ab4c53731e89b446aaae40e7436be29e9c2ece2e46228b71fa1148	PE32	2021-12-16 03:19:31	User Submission	YRP/ASProtect_v132 YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/DebuggerException__SetConsoleCtrl YRP/anti_dbg YRP/create_service YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers1 YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/DES_sbox YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table
6e4fa6d2164a03070a2653d4cac479bce150246f6ca72246d8d9c4a366816021	PE32	2021-12-16 03:17:42	User Submission	YRP/ASProtect_v132 YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/WMI_strings YRP/DebuggerException__SetConsoleCtrl YRP/anti_dbg YRP/disable_dep YRP/create_service YRP/screenshot YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers1 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/DES_sbox YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table
4510ab8bf60fd5355d7e8c13b28f09f1069c30524b612bdffeaa495684d1565c	PE32	2021-12-15 04:02:00	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsConsole [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/DebuggerCheck__QueryInfo YRP/DebuggerHiding__Thread YRP/SEH__vectored YRP/anti_dbg YRP/inject_thread YRP/create_service YRP/network_tcp_socket YRP/network_dns YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Advapi_Hash_API YRP/CRC32b_poly_Constant YRP/Str_Win32_Winsock2_Library
1348f685ab92fd1ec16bf6ed4537ce01123733abaed7af54d2652fe102c57560	PE32	2021-12-15 03:35:08	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasDebugData YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/create_service YRP/Big_Numbers3 YRP/MD5_Constants YRP/Str_Win32_Wininet_Library
5a46e631dfe01613fc7f8940c46af6f93a45dfe5a23078e82ee1cf9431872c65	PE32+	2021-12-15 03:33:41	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsConsole YRP/HasOverlay [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Antivirus YRP/WMI_strings YRP/anti_dbg YRP/create_service YRP/network_dropper YRP/win_registry YRP/win_token YRP/win_files_operation YRP/SHA512_Constants YRP/BASE64_table YRP/Str_Win32_Http_API
0d64bfe1a5e515d9b2fcf7e85f95d7de7c6ee4fc8212359649f4d55acba20d11	PE32	2021-12-13 18:05:02	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
d0a8468dfbafda6ac1a013bd391f81c806f59ce4af63dc1875c4362a4e5ae1d4	PE32	2021-12-13 18:04:37	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/ThreadControl__Context YRP/disable_antivirus YRP/inject_thread YRP/hijack_network YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/MD5_Constants YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/DarkComet_1 YRP/DarkComet_3 YRP/DarkComet_4 FlorianRoth/RAT_DarkComet KevTheHermit/DarkComet BAMFDetect/DarkComet
9bc2c6936ff0bc91ac1bc2fb9435d3ae322d257f5d32870df1d0a9d58c4b1795	PE32	2021-12-13 03:31:43	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/maldoc_OLE_file_magic_number YRP/System_Tools YRP/Dropper_Strings YRP/anti_dbg YRP/disable_antivirus YRP/create_service YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/android_meterpreter YRP/CRC32_poly_Constant YRP/CRC32_table YRP/BLOWFISH_Constants YRP/MD5_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/suspicious_packer_section
1ff3646acc7766f3522eb4366c5f6717540e40bf56d5b3564420134d934a0a28	PE32+	2021-12-12 03:41:24	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsConsole YRP/HasOverlay [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/anti_dbg YRP/create_service YRP/win_files_operation
13236d0000cbf71bae85b8d4a5e9efba8f32e3dc87ea1ba27b53aca3ac62a05a	PE32	2021-12-12 03:15:19	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Antivirus YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/create_service YRP/escalate_priv YRP/screenshot YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation
096db689160a86e140e4f797ee347975557753211e1e5fcb6ff3ae6ada49bdbc	PE32+	2021-12-11 03:58:02	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Dropper_Strings YRP/WMI_strings YRP/DebuggerCheck__GlobalFlags YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/SEH__vectored YRP/Check_Debugger YRP/DebuggerCheck__MemoryWorkingSet YRP/anti_dbg YRP/create_service YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/android_meterpreter YRP/Big_Numbers1 YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/Str_Win32_Http_API
c5cb247df85bf9c29f03516ef376e4b9a806e13a38a17802800df6f5510b7b6d	PE32+	2021-12-10 03:23:42	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/create_service YRP/escalate_priv YRP/migrate_apc YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/android_meterpreter YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/MD5_Constants YRP/BASE64_table YRP/Str_Win32_Http_API
432b808ee14f044a11535e04dab579b29a15b99dcc077d0f0051b6d8247f85b2	PE32	2021-12-10 03:22:55	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/QtFrameWork YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/antisb_threatExpert YRP/create_service YRP/network_tcp_listen YRP/network_tcp_socket YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_token YRP/android_meterpreter YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Internet_API
a9dff3f3604810f48756dd9c12fa4505ff004e09f3bbfdd95c2f970f5730ae02	PE32	2021-12-10 03:22:12	User Submission	YRP/possible_includes_base64_packed_functions YRP/IsPE32 YRP/IsConsole YRP/domain [+] YRP/IP YRP/url YRP/contentis_base64 YRP/DebuggerCheck__QueryInfo YRP/DebuggerException__ConsoleCtrl YRP/DebuggerException__SetConsoleCtrl YRP/SEH__vectored YRP/disable_dep YRP/inject_thread YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/network_dga YRP/escalate_priv YRP/screenshot YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/android_meterpreter YRP/Big_Numbers1 YRP/Big_Numbers2 YRP/Big_Numbers3 YRP/CRC32_poly_Constant YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library
751b4a8d569b7b7f67023e5a7d5c628ba187c950088bf2794bf2391f4cc24b9b	PE32	2021-12-10 03:21:52	User Submission	YRP/possible_includes_base64_packed_functions YRP/IsPE32 YRP/IsConsole YRP/domain [+] YRP/IP YRP/url YRP/contentis_base64 YRP/DebuggerCheck__QueryInfo YRP/DebuggerException__ConsoleCtrl YRP/DebuggerException__SetConsoleCtrl YRP/SEH__vectored YRP/disable_dep YRP/inject_thread YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/network_dga YRP/escalate_priv YRP/screenshot YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/android_meterpreter YRP/Big_Numbers1 YRP/Big_Numbers2 YRP/Big_Numbers3 YRP/CRC32_poly_Constant YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library
de0914120d6666e7e099fb6408a2b24758314f4286668f8365b9025af1ba0863	PE32	2021-12-10 03:20:42	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/QtFrameWork YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/anti_dbg YRP/antisb_threatExpert YRP/create_service YRP/network_tcp_socket YRP/escalate_priv YRP/win_token YRP/android_meterpreter YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library
7cc3cf4c4962156620a0390c4de34df1aed49e07dc572fb84123524a4d6ca766	PE32	2021-12-09 03:36:21	User Submission	YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/BobSoftMiniDelphiBoBBobSoft YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDigitalSignature YRP/borland_delphi YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Antivirus YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/create_service YRP/network_ssl YRP/screenshot YRP/win_files_operation YRP/Big_Numbers1 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table YRP/DCP_RIJNDAEL_Init YRP/GenerateTLSClientHelloPacket_Test
2f053ee78855bff04d7a2903e7d5e59f549dcf8826819614ebf5cc8d26552ac5	PE32+	2021-12-09 03:22:22	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/create_service YRP/migrate_apc YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/android_meterpreter YRP/Big_Numbers1 YRP/MD5_Constants YRP/BASE64_table YRP/Str_Win32_Http_API
810d99e1692f798c912f361323f64af0edbcb094df7f806425302a938e350435	PE32+	2021-12-09 03:08:32	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/DebuggerCheck__QueryInfo YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/inject_thread YRP/create_service YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/GlassesCode YRP/Glasses YRP/suspicious_packer_section
8301eb76d5045c33f9792026c9ae6242468d455029987cbdbda2e41ddc2e6574	PE32+	2021-12-08 03:25:32	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsConsole YRP/HasOverlay [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/DebuggerException__ConsoleCtrl YRP/DebuggerException__SetConsoleCtrl YRP/anti_dbg YRP/create_service YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation
7e320c70a70dfbecd8e9020e8abc7562f245bb4cca301fcd3c683619b60477c6	PE32+	2021-12-07 14:50:18	User Submission	YRP/possible_includes_base64_packed_functions YRP/IsPE64 YRP/IsDLL YRP/IsWindowsGUI [+] YRP/FASM YRP/domain YRP/contentis_base64 YRP/DebuggerCheck__GlobalFlags YRP/DebuggerCheck__QueryInfo YRP/DebuggerHiding__Thread YRP/DebuggerHiding__Active YRP/DebuggerException__ConsoleCtrl YRP/DebuggerException__SetConsoleCtrl YRP/ThreadControl__Context YRP/SEH__vba YRP/SEH__vectored YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/disable_dep YRP/inject_thread YRP/create_service YRP/network_tcp_listen YRP/network_http YRP/network_dropper YRP/network_ftp YRP/network_dga YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/cred_local YRP/migrate_apc YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/Crypt32_CryptBinaryToString_API YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/suspicious_packer_section
9349ba83bd54724c3914a1b9c0c64fa39f92c5a72678f9d18c54f29b1f824b5b	PE32+	2021-12-07 03:19:35	User Submission	YRP/Microsoft_Visual_Cpp_V80_Debug YRP/Microsoft_Visual_Cpp_80_Debug_ YRP/Microsoft_Visual_Cpp_80_Debug YRP/IsPE64 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/DebuggerException__SetConsoleCtrl YRP/anti_dbg YRP/create_service YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation
215799da73687f2cf91e2a6e6d859cab0de29bde41edb17b6791eea61716c0ff	PE32	2021-12-07 03:17:16	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/maldoc_OLE_file_magic_number YRP/System_Tools YRP/Dropper_Strings YRP/anti_dbg YRP/disable_antivirus YRP/create_service YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/android_meterpreter YRP/CRC32_poly_Constant YRP/CRC32_table YRP/BLOWFISH_Constants YRP/MD5_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/suspicious_packer_section
5092b2672b4cb87a8dd1c2e6047b487b95995ad8ed5e9fc217f46b8bfb1b8c01	PE32	2021-12-06 15:01:14	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/powershell YRP/maldoc_find_kernel32_base_method_1 [+] YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/ThreadControl__Context YRP/anti_dbg YRP/inject_thread YRP/create_service YRP/network_http YRP/network_dns YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Prime_Constants_long YRP/RijnDael_AES YRP/BASE64_table YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API FlorianRoth/PowerShell_Susp_Parameter_Combo FlorianRoth/WiltedTulip_ReflectiveLoader FlorianRoth/ReflectiveLoader FlorianRoth/Beacon_K5om
25ce69862f5273061ded3b54861d7550e9c079be769a10e637564ab4a73319be	PE32+	2021-12-05 03:28:21	User Submission	YRP/IsPE64 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData [+] YRP/ImportTableIsBad YRP/powershell YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/create_service YRP/escalate_priv YRP/win_token YRP/CRC32_poly_Constant
e5f6e8d842997b009c391ad8d2aa06d0a4b5f711abce7842282f3cc85b9f1297	PE32+	2021-12-04 03:28:02	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/WMI_strings YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/create_service YRP/win_mutex YRP/win_files_operation
b81a84c8eb5eb2890df1c6a42cc61f06c6cf0df1f9613bfe444a849bfdc6246a	PE32+	2021-12-04 03:23:01	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsConsole YRP/HasOverlay [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/DebuggerHiding__Active YRP/DebuggerException__SetConsoleCtrl YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/antisb_threatExpert YRP/create_service YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/BASE64_table
5482f0720b63c3e9c9b8ef7b4a86a930e66a45bbac060218968adc3461a746a2	PE32	2021-12-04 03:19:07	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsConsole YRP/HasOverlay YRP/HasDebugData YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/create_service
b61fe6824a5590e004fb2a2578de97c8000f1279ee550f49f0eabbe8c57aef65	PE32+	2021-12-04 03:02:18	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI YRP/HasRichSignature [+] YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/create_service YRP/network_http YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/android_meterpreter YRP/CRC32_poly_Constant YRP/CRC32_table YRP/CRC32b_poly_Constant YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
2437a27c97ead17c66e3b7dadf63330d923818ebfd61fb49ba17310d14c505aa	PE32+	2021-12-03 04:20:34	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsConsole YRP/HasOverlay [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/anti_dbg YRP/create_service YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/Big_Numbers1 YRP/MD5_Constants
280d26230e4568694f7219807b6bb581cc915265365a615a7ee0d2f3c4a4fed6	PE32+	2021-12-03 04:19:13	User Submission	YRP/IsPE64 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Antivirus YRP/VMWare_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/anti_dbg YRP/create_service YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers1 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/BASE64_table YRP/SharedStrings
65f823a1040d5185e00a9a7626d992e6c823fd1ca27a4dd2e5896f470e4c63c2	PE32+	2021-12-03 04:11:01	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/anti_dbg YRP/create_service YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/Big_Numbers1 YRP/MD5_Constants
b3cb827e9f18a962edbd91625d012e350d9cb41fc36d343150ed97e6dd2e42b4	PE32	2021-12-03 04:08:51	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Dropper_Strings YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/create_service YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/MD5_Constants
8772cb79e95fa5489b8670a03b44b6a4255730a6808b61db121cd395ee7b2ac8	PE32+	2021-12-03 04:03:12	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsConsole YRP/HasOverlay [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Antivirus YRP/WMI_strings YRP/anti_dbg YRP/create_service YRP/network_dropper YRP/win_registry YRP/win_token YRP/win_files_operation YRP/SHA512_Constants YRP/BASE64_table YRP/Str_Win32_Http_API
488fee7b18294eb8feaa03be4724695744f0102c6c43c34f0f649b1394152db3	PE32	2021-12-03 04:02:44	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasDebugData YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/create_service YRP/Big_Numbers3 YRP/MD5_Constants YRP/Str_Win32_Wininet_Library
6fd05e9e1c45a96a73ca7341afcf1eea42a4806a309637b339a543c3d8cbaa16	PE32+	2021-12-03 03:04:42	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsConsole YRP/HasOverlay [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/anti_dbg YRP/create_service YRP/win_registry YRP/win_files_operation YRP/BASE64_table
90d67f109ff6992f8021852a647447cbc68a2c6f1271d966eb8675b5de7636ed	PE32+	2021-12-02 04:00:15	User Submission	YRP/IsPE64 YRP/IsConsole YRP/domain YRP/IP [+] YRP/url YRP/contentis_base64 YRP/DebuggerCheck__QueryInfo YRP/DebuggerException__ConsoleCtrl YRP/DebuggerException__SetConsoleCtrl YRP/ThreadControl__Context YRP/SEH__vectored YRP/disable_dep YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/android_meterpreter YRP/Big_Numbers3 YRP/Str_Win32_Winsock2_Library
5320205243f7404452194105bd620646cb032eae14ef6772fbdb8abd1c515bab	PE32+	2021-12-02 03:41:02	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Antivirus YRP/VMWare_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/anti_dbg YRP/create_service YRP/network_udp_sock YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/network_dga YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/android_meterpreter YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/MD5_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
4c822143156c0548798c0124d7a2d29fc69962f925921dbc129bccf1daa47b1a	PE32	2021-12-02 03:27:14	User Submission	YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDigitalSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/create_service YRP/android_meterpreter YRP/Big_Numbers1 YRP/Str_Win32_Internet_API
4c56659d415a8c612c9b75f8ca8933100cef5e623c26078436259fce28b174a4	PE32+	2021-12-02 03:23:04	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsConsole YRP/HasOverlay [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/DebuggerCheck__QueryInfo YRP/anti_dbg YRP/create_service YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers1 YRP/MD5_Constants
b0f7285ceebfe20ad2b2d1a140fb080b51e9e82a0827a7a76ac9a96fdc1af070	PE32	2021-12-02 03:09:11	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsConsole [+] YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/DebuggerException__SetConsoleCtrl YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/create_service YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/DES_Long YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table YRP/Str_Win32_Http_API YRP/with_sqlite YRP/GenerateTLSClientHelloPacket_Test
ef8a25e275677a96243ad06bbe105fc90051a9c86ae1ae490e197e0f1a4938d1	PE32	2021-12-02 03:08:55	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsConsole [+] YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/DebuggerException__SetConsoleCtrl YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/hijack_network YRP/create_service YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/DES_Long YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API YRP/with_sqlite YRP/GenerateTLSClientHelloPacket_Test
75ce30978c30d32aaebb10868442ab658afa09908c128e778b1b3657bbd2aee6	PE32	2021-12-02 03:08:38	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsConsole [+] YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/DebuggerException__SetConsoleCtrl YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/hijack_network YRP/create_service YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/DES_Long YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API YRP/with_sqlite YRP/GenerateTLSClientHelloPacket_Test
dfe8cc40497f5c8b95951b6aeee134d81544c762755162a5b5a6e903c354b841	PE32	2021-12-02 03:04:00	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData [+] YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/DebuggerException__SetConsoleCtrl YRP/anti_dbg YRP/create_service YRP/win_registry YRP/win_files_operation
1c154ae3622e5784f90ea9aaf671ca1a2fb0cf684ddf3485253afe475d3b5c96	PE32	2021-12-01 03:27:24	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsConsole [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/DebuggerCheck__QueryInfo YRP/DebuggerHiding__Thread YRP/SEH__vectored YRP/anti_dbg YRP/inject_thread YRP/create_service YRP/network_tcp_socket YRP/network_dns YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Advapi_Hash_API YRP/CRC32b_poly_Constant YRP/Str_Win32_Winsock2_Library
dd33300434fe9d019b37b8b9f0d98d27dced091c08847d33b1dcb85eb2595cf2	PE32+	2021-12-01 03:00:49	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsConsole YRP/HasOverlay [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/anti_dbg YRP/create_service YRP/win_registry YRP/win_files_operation YRP/BASE64_table
2e5ad90c9b2149527514cbc7ea991946e9aaaf8c5ba0df8ba6b6a558abb4a34c	PE32	2021-11-30 03:12:22	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/borland_delphi YRP/with_images YRP/with_urls YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/antisb_threatExpert YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_tcp_socket YRP/network_dns YRP/network_ssl YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/BLOWFISH_Constants YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/FGint_FindPrimeGoodCurveAndPoint YRP/BASE64_table YRP/Delphi_Random YRP/Delphi_FormShow YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/GenerateTLSClientHelloPacket_Test
bcce83a13227277ceeba1c73d7b4b75bdec076e9b618c83a18f2379cbdb9f8eb	PE32+	2021-11-28 03:34:00	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsConsole YRP/HasOverlay [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/DebuggerException__ConsoleCtrl YRP/DebuggerException__SetConsoleCtrl YRP/anti_dbg YRP/create_service YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation
3920c6520a6d4690aab0fa2a9890abfa39b34c32fa9334e2eaa82abbe076e71e	PE32	2021-11-26 03:49:20	User Submission	YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/Misc_Suspicious_Strings YRP/SEH__vba YRP/anti_dbg YRP/disable_dep YRP/inject_thread YRP/create_service YRP/screenshot YRP/keylogger YRP/rat_webcam YRP/win_token YRP/win_files_operation YRP/Big_Numbers4 YRP/Advapi_Hash_API YRP/CRC32_poly_Constant
1c4a90babac0addfbe67addc981aec18facebd41c3ac46b65937743e51dd01eb	PE32	2021-11-26 03:24:13	User Submission	YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/create_service YRP/keylogger YRP/win_files_operation YRP/Big_Numbers3 YRP/MD5_Constants YRP/Str_Win32_Internet_API
0fbbdc9ff7f6733d22f683603804b796d196e9ea16aa5136fe3373777c575428	PE32	2021-11-26 03:23:30	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET [+] YRP/Microsoft_Visual_Studio_NET_additional YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDigitalSignature YRP/powershell YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/vmdetect YRP/create_service YRP/escalate_priv YRP/win_token
26cf3d3261b5bd81889b523cf3efb6304b901e1511660f34c4fedaa0175613aa	PE32	2021-11-26 03:21:32	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsConsole [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/DebuggerCheck__QueryInfo YRP/DebuggerHiding__Thread YRP/SEH__vectored YRP/anti_dbg YRP/inject_thread YRP/create_service YRP/network_tcp_socket YRP/network_dns YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Advapi_Hash_API YRP/CRC32b_poly_Constant YRP/Str_Win32_Winsock2_Library
6e425b84d9c438d253907f20149dde0bbfda6a5e537dc470a6b8aeabff2c4707	PE32	2021-11-25 09:00:40	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Browsers YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/inject_thread YRP/create_service YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/APT_WIN_Gh0st_ver YRP/gh0st FlorianRoth/GhostDragon_Gh0stRAT
2977578e13526f6da1dc3b526ebb82fa8dc97b5c85888a654c57bc904ded721e	PE32	2021-11-25 03:01:54	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/anti_dbg YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_tcp_socket YRP/escalate_priv YRP/screenshot YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32c_poly_Constant YRP/CRC32_poly_Constant YRP/CRC32_table YRP/CRC32b_poly_Constant YRP/CRC16_table YRP/BLOWFISH_Constants YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/WHIRLPOOL_Constants YRP/DES_Long YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API YRP/suspicious_packer_section
c47373db6bf47fb568612f314f8d27b99d6bf69b8b695a3ae853821167255c84	PE32	2021-11-24 22:01:54	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/HasModified_DOS_Message YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/create_service YRP/network_dropper YRP/escalate_priv YRP/screenshot YRP/rat_webcam YRP/win_registry YRP/win_token YRP/win_files_operation YRP/android_meterpreter YRP/CRC32_poly_Constant YRP/CRC32_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/nAspyUpdateStrings YRP/nAspyUpdate YRP/apt_c16_win_memory_pcclient YRP/IronTiger_NBDDos_Gh0stvariant_dropper FlorianRoth/CN_Honker_T00ls_Lpk_Sethc_v4_LPK
465d3aac3ca4daa9ad4de04fcb999f358396efd7abceed9701c9c28c23c126db	PE32	2021-11-24 21:00:40	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/borland_delphi YRP/domain YRP/IP YRP/contentis_base64 YRP/Browsers YRP/Dropper_Strings YRP/ThreadControl__Context YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/inject_thread YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/sniff_audio YRP/spreading_share YRP/rat_webcam YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Big_Numbers1 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/Delphi_Random YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Delphi_DecodeDate YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
47dbb2594cd5eb7015ef08b7fb803cd5adc1a1fbe4849dc847c0940f1ccace35	PE32+	2021-11-24 16:02:06	User Submission	YRP/possible_includes_base64_packed_functions YRP/IsPE64 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDigitalSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/DebuggerCheck__QueryInfo YRP/DebuggerException__ConsoleCtrl YRP/DebuggerException__SetConsoleCtrl YRP/ThreadControl__Context YRP/SEH__vectored YRP/disable_dep YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/android_meterpreter YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library
bb9fee930d076b583f43f9da44c2847ad8627c0b21349e4add1028f9f0fe81a2	PE32	2021-11-24 03:42:58	User Submission	CuckooSandbox/vmdetect YRP/Visual_Cpp_2005_Release_Microsoft YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 [+] YRP/IsPE32 YRP/IsConsole YRP/HasOverlay YRP/HasDigitalSignature YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerException__SetConsoleCtrl YRP/vmdetect YRP/anti_dbg YRP/create_service YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/network_ssl YRP/Str_Win32_Winsock2_Library
d45a94f94e329882706c7c0a2afd017898a54f0c00defdf3124d9b0d90f8e3ac	PE32+	2021-11-24 03:37:48	User Submission	CuckooSandbox/vmdetect YRP/IsPE64 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDigitalSignature YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/DebuggerHiding__Thread YRP/DebuggerException__SetConsoleCtrl YRP/vmdetect YRP/anti_dbg YRP/create_service YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_http YRP/network_tcp_socket YRP/network_dns YRP/network_dga YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/android_meterpreter YRP/Big_Numbers0 YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
4df4e9e0cf089603a0abc35c4ce24428dbe608330cbfaa1327f9dfb55be7cead	PE32	2021-11-24 03:32:34	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/contentis_base64 YRP/anti_dbg YRP/create_service YRP/win_mutex YRP/win_files_operation
8db23d347e4300dc5bffef8c031e17ac552b6c82714f87b1597fd9e026420ade	PE32+	2021-11-24 03:22:12	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI YRP/HasRichSignature [+] YRP/domain YRP/IP YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/create_service YRP/network_http YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/android_meterpreter YRP/CRC32_poly_Constant YRP/CRC32_table YRP/CRC32b_poly_Constant YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
80f1a2809e273b2fcdcf1d056504dfb61a0aa7916925dbd80bf7e467d62ae942	PE32	2021-11-23 03:10:49	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/borland_delphi YRP/with_images YRP/with_urls YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/antisb_threatExpert YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_tcp_socket YRP/network_dns YRP/network_ssl YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/BLOWFISH_Constants YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/FGint_FindPrimeGoodCurveAndPoint YRP/BASE64_table YRP/Delphi_Random YRP/Delphi_FormShow YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/GenerateTLSClientHelloPacket_Test
9cd69a95c1db0d92d5e8a1474cba0f7764f7278c76a8b7a879d5c6ccbf997f7b	PE32	2021-11-22 03:47:10	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/create_service YRP/network_http YRP/escalate_priv YRP/screenshot YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/android_meterpreter YRP/Big_Numbers1 YRP/MD5_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/with_sqlite
432f0505f9a4ac9aaca3c9c63937aeb2914577a8a669cd71aca2e5fb44504dc7	PE32	2021-11-22 03:44:05	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/create_service YRP/network_http YRP/escalate_priv YRP/screenshot YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/android_meterpreter YRP/Big_Numbers1 YRP/MD5_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/with_sqlite
77e7be6d0f7808eb9f370f1e7c1e845c22c839502c860440773c5d0e11853ba3	PE32	2021-11-22 03:28:00	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsConsole [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/DebuggerCheck__QueryInfo YRP/DebuggerHiding__Thread YRP/SEH__vectored YRP/anti_dbg YRP/inject_thread YRP/create_service YRP/network_tcp_socket YRP/network_dns YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Advapi_Hash_API YRP/CRC32b_poly_Constant YRP/Str_Win32_Winsock2_Library
795eaa68705bc7de86df67b899d98c9bf359e5173ed3a1544f1a721a0316fca6	PE32	2021-11-21 11:00:45	User Submission	YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+] YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Armadillo_v171_additional YRP/Armadillo_v4x YRP/Microsoft_Visual_Cpp YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay YRP/HasDigitalSignature YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/VM_Generic_Detection YRP/Dropper_Strings YRP/anti_dbg YRP/create_service YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/win_hook YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API
ac08b48047dfbb2065228a6ce16a25d0b37c068330fc89c67f8daff18b6770dc	PE32	2021-11-20 03:52:52	User Submission	YRP/ASProtect_v132 YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/WMI_strings YRP/DebuggerException__SetConsoleCtrl YRP/anti_dbg YRP/disable_dep YRP/create_service YRP/screenshot YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/DES_sbox YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table
35098ce8cb9aa33007404df60e76c40050639665da6d6fc3ca12a560ddab2f65	PE32	2021-11-20 03:08:31	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/create_service YRP/network_http YRP/escalate_priv YRP/screenshot YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/android_meterpreter YRP/Big_Numbers1 YRP/MD5_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/with_sqlite
993a2cce0450b270f1106f3d603ad2dc5ea6476bfa5471e5a5a60897d032e994	PE32	2021-11-19 03:58:54	User Submission	YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/Misc_Suspicious_Strings YRP/SEH__vba YRP/anti_dbg YRP/disable_dep YRP/inject_thread YRP/create_service YRP/screenshot YRP/keylogger YRP/rat_webcam YRP/win_token YRP/win_files_operation YRP/Big_Numbers4 YRP/Advapi_Hash_API YRP/CRC32_poly_Constant
5412ed6ceb1423b996b8b691ebbf0fc34ab026cb7bc3912989807e3dbe2efeff	PE32+	2021-11-19 03:58:27	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/create_service YRP/screenshot YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/BASE64_table
1185642fd18024401573a3a1ae0183eda1818469951779a1b894298876881b40	PE32	2021-11-19 03:51:04	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/create_service YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers1
981aec8ee015e8ad369a6b3702a74a78209d5255ee4e59c7011493ea33a01685	PE32+	2021-11-19 03:50:57	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/create_service YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers1
ffc4a6fd7d71d260f150a339ba72926043eeb402cb44fe092b29ad04367c662b	PE32	2021-11-19 03:45:03	User Submission	YRP/ASProtect_v132 YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/WMI_strings YRP/DebuggerException__SetConsoleCtrl YRP/anti_dbg YRP/disable_dep YRP/create_service YRP/screenshot YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/DES_sbox YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table
08369f231cf26163be9184068385ad8ec6096103c6daa11a237d40444f3c35a8	PE32	2021-11-19 03:30:32	User Submission	YRP/ASProtect_v132 YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/WMI_strings YRP/DebuggerException__SetConsoleCtrl YRP/anti_dbg YRP/disable_dep YRP/create_service YRP/screenshot YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/DES_sbox YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table
27047c0a716c9a8a1335c13cac940d9bc557d083ac7f059abd26d1906be077f6	PE32+	2021-11-19 03:19:53	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/WMI_strings YRP/anti_dbg YRP/create_service YRP/win_mutex YRP/win_files_operation
4c7eb9c49fcde993643aafe327258a8592960d2d96957f88b4409894a0fd622a	PE32+	2021-11-19 03:04:53	User Submission	YRP/Microsoft_Visual_Cpp_80 YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/create_service YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/Advapi_Hash_API YRP/MD5_Constants YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Http_API YRP/with_sqlite
52974aacd79a5776acafd0dc85b4e81993168d176ce7c8027b04e629e8455593	PE32	2021-11-18 03:53:53	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsConsole [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/QtFrameWork YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/anti_dbg YRP/antisb_threatExpert YRP/create_service YRP/network_tcp_socket YRP/network_ssl YRP/escalate_priv YRP/win_mutex YRP/win_token YRP/android_meterpreter YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library
9b3b9f63670d7e676ba623aaf02fd1dc6a9789aff05abd7100417c1aecbbda0f	PE32	2021-11-16 03:26:48	User Submission	YRP/ASProtect_v132 YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/DebuggerException__SetConsoleCtrl YRP/anti_dbg YRP/create_service YRP/win_registry YRP/win_token YRP/win_files_operation YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/DES_sbox YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table
12b2747dec6d4ca6aee8adb249fc7897eaeb289d49558c84c6e8d9d3e0d92135	PE32	2021-11-16 03:23:51	User Submission	YRP/ASProtect_v132 YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/WMI_strings YRP/DebuggerException__SetConsoleCtrl YRP/anti_dbg YRP/disable_dep YRP/create_service YRP/screenshot YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/CRC32_poly_Constant YRP/CRC32_table YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/DES_sbox YRP/RijnDael_AES YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table
e1a7ddbf735d5c1cb9097d7614840c00e5c4d5107fa687c0ab2a2ec8948ef84e	PE32	2021-11-15 12:00:21	User Submission	YRP/possible_includes_base64_packed_functions YRP/IsPE32 YRP/IsWindowsGUI YRP/domain [+] YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/DebuggerCheck__QueryInfo YRP/DebuggerException__ConsoleCtrl YRP/DebuggerException__SetConsoleCtrl YRP/ThreadControl__Context YRP/SEH__vectored YRP/disable_dep YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/android_meterpreter YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library
fe155c862c94012105669103085449f2df7fdeff494b6f9a2ffdc12039fafcfa	PE32	2021-11-15 03:43:18	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasDebugData YRP/HasRichSignature YRP/borland_delphi_dll YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Dropper_Strings YRP/Obfuscated_Strings YRP/Misc_Suspicious_Strings YRP/Check_Wine YRP/anti_dbg YRP/create_service YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/CRC32b_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/RijnDael_AES YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/VC8_Random YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
8c5fa5d71fb655780e6165e2706c8e2c1521b5c101939fa9fb81df7fee685aca	PE32	2021-11-15 03:35:18	User Submission	YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_v40_v50 [+] YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/anti_dbg YRP/create_service YRP/check_patchlevel YRP/win_mutex YRP/win_registry YRP/win_files_operation
3752044b46dc255b8c9fcdef90a197f10c0cf4f86b54deb9987b7017b3c4458e	PE32	2021-11-14 03:44:14	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/create_service YRP/network_http YRP/escalate_priv YRP/screenshot YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/android_meterpreter YRP/Big_Numbers1 YRP/MD5_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/with_sqlite
7a33c54a2861930a907bf2a373c9420bdd8803450c6107a4633ee87108da927a	PE32	2021-11-14 03:44:04	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/create_service YRP/network_http YRP/escalate_priv YRP/screenshot YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/android_meterpreter YRP/Big_Numbers1 YRP/MD5_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/with_sqlite
5f12cb7b6310bb8006b239fbb08a5aaa933376f8acd20a74c4a795659f36c9a2	PE32+	2021-11-14 03:41:35	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/anti_dbg YRP/antisb_threatExpert YRP/inject_thread YRP/create_service YRP/network_http YRP/network_ftp YRP/network_dga YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
eb895ffc89fcbc45e69a5b51a5125040e95c03aa8fb32039c2fce5af6298b6b5	PE32	2021-11-14 03:41:10	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/anti_dbg YRP/antisb_threatExpert YRP/inject_thread YRP/create_service YRP/network_http YRP/network_ftp YRP/network_dga YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_token YRP/win_files_operation YRP/Big_Numbers1 YRP/Big_Numbers3 YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/GenerateTLSClientHelloPacket_Test
cb973f85259da3deac547df4b298f22e2166d57c30520f0d444c3342820c5362	PE32+	2021-11-14 03:31:49	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsConsole YRP/HasOverlay [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/DebuggerException__ConsoleCtrl YRP/DebuggerException__SetConsoleCtrl YRP/anti_dbg YRP/create_service YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation
fe848f151571780981d8971dcf22097dbce7c601782555919ac3fb5291dba254	PE32	2021-11-14 03:14:00	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Dropper_Strings YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/create_service YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/MD5_Constants
a7dd1aca7300ee5351a4dff33f8fdf7421123a3866bb52cf9c9480eff9607fbd	PE32+	2021-11-13 04:09:21	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/WMI_strings YRP/anti_dbg YRP/create_service YRP/win_mutex YRP/win_files_operation
bcf3fd3f58963a097060037e88f55b2af956b60b148f576399f3d49b212b69e2	PE32	2021-11-12 21:00:28	User Submission	YRP/Visual_Cpp_2005_Release_Microsoft YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/create_service YRP/network_http YRP/escalate_priv YRP/screenshot YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/android_meterpreter YRP/Big_Numbers0 YRP/Big_Numbers1 YRP/Big_Numbers2 YRP/Big_Numbers4 YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/suspicious_packer_section
844a99390a260c614e7b589f960d06f51876f464d3161ff80810e897390210db	PE32+	2021-11-12 03:10:50	User Submission	YRP/IsPE64 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData [+] YRP/ImportTableIsBad YRP/powershell YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/create_service YRP/escalate_priv YRP/win_token YRP/CRC32_poly_Constant
08be193206043dcaaf4e0586064f35f2f7060bb4720cab283b0bf99a793d8fb6	PE32	2021-11-11 03:58:55	User Submission	CuckooSandbox/vmdetect YRP/Visual_Cpp_2005_Release_Microsoft YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 [+] YRP/IsPE32 YRP/IsConsole YRP/HasOverlay YRP/HasDigitalSignature YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/DebuggerException__SetConsoleCtrl YRP/vmdetect YRP/anti_dbg YRP/create_service YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/network_ssl YRP/Str_Win32_Winsock2_Library
e2e22abceb49dba15b3f2dd33af02e8ad2cc8c21ec5bdb212ae59bbb34c1b1fc	PE32+	2021-11-11 03:58:22	User Submission	YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/create_service YRP/escalate_priv YRP/migrate_apc YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/android_meterpreter YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/MD5_Constants YRP/BASE64_table YRP/Str_Win32_Http_API
ddae94b15d0755172a7dc7088b491a1e13fabc4bd0875baf751b241b14391a5b	PE32	2021-11-11 03:57:10	User Submission	YRP/Borland_Delphi_40_additional YRP/Borland_Delphi_30 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi [+] YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/IsPE32 YRP/IsConsole YRP/HasOverlay YRP/borland_delphi YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__PEB YRP/DebuggerCheck__QueryInfo YRP/create_service YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/keylogger YRP/migrate_apc YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/android_meterpreter YRP/Big_Numbers1 YRP/Big_Numbers4 YRP/Prime_Constants_long YRP/BLOWFISH_Constants YRP/MD5_Constants YRP/FGint_ECPointDestroy YRP/LockBox_RsaEncryptFile YRP/LockBox_DecryptRsaEx YRP/LockBox_EncryptRsaEx YRP/LockBox_TlbRsaKey YRP/BASE64_table YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library
4a4d47412ebea49656dc062a9cdd995cde77ec3afbe8342c59ee76282ad3b2d7	PE32	2021-11-11 03:56:54	User Submission	YRP/Borland_Delphi_40_additional YRP/Borland_Delphi_30 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi [+] YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ YRP/Borland_Delphi_Setup_Module YRP/Borland_Delphi_40 YRP/Borland_Delphi_v40_v50 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/Borland YRP/IsPE32 YRP/IsConsole YRP/HasOverlay YRP/borland_delphi YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__PEB YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/create_service YRP/network_udp_sock YRP/network_tcp_listen YRP/network_tcp_socket YRP/network_dns YRP/screenshot YRP/keylogger YRP/migrate_apc YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/win_hook YRP/android_meterpreter YRP/Big_Numbers1 YRP/Big_Numbers4 YRP/Prime_Constants_long YRP/BLOWFISH_Constants YRP/MD5_Constants YRP/FGint_ECPointDestroy YRP/LockBox_RsaEncryptFile YRP/LockBox_DecryptRsaEx YRP/LockBox_EncryptRsaEx YRP/LockBox_TlbRsaKey YRP/BASE64_table YRP/Delphi_FormShow YRP/Delphi_CompareCall YRP/Delphi_Copy YRP/Delphi_StrToInt YRP/Str_Win32_Winsock2_Library YRP/with_sqlite
ada953415e6c4694f36d149be139d810debcb5d4810b6af854c16c1a3611512c	PE32	2021-11-11 03:08:37	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/create_service YRP/network_http YRP/escalate_priv YRP/screenshot YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/android_meterpreter YRP/Big_Numbers1 YRP/MD5_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/with_sqlite
78a87f210ca406fd3e5c455a57ff5606b04570364fa8098a1d9df751b4bb9690	PE32	2021-11-11 03:03:46	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Dropper_Strings YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/create_service YRP/network_http YRP/escalate_priv YRP/screenshot YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/android_meterpreter YRP/Big_Numbers1 YRP/MD5_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API YRP/with_sqlite
32935f5b67504ad0b29399d60b1eefb5a550699ae2c19de4eedb8fb5a2ba3bfa	PE32+	2021-11-11 03:02:20	User Submission	YRP/Microsoft_Visual_Cpp_V80_Debug YRP/Microsoft_Visual_Cpp_80_Debug_ YRP/Microsoft_Visual_Cpp_80_Debug YRP/IsPE64 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/System_Tools YRP/DebuggerException__SetConsoleCtrl YRP/anti_dbg YRP/create_service YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation

Recent Searches
yrp/create_service
yrp/tean
yrp/possible_includes_base64_packed_functions
yrp/aspack_chinese
yrp/regex_pos
yrp/blazingtools
yrp/kbyspacker028betashoooo
yrp/lightweightbackdoor5
yrp/lightweightbackdoor2
yrp/misc_pos

Search

Recent Searches