SHA256 Hash File type Added Source Yara Hits
ELF 2017-10-16 03:20:43User Submission CuckooSandbox/shellcode CuckooSandbox/embedded_pe CuckooSandbox/embedded_win_api CuckooSandbox/vmdetect [+]
ELF 2017-10-16 03:33:40User Submission CuckooSandbox/shellcode CuckooSandbox/embedded_pe CuckooSandbox/embedded_win_api CuckooSandbox/vmdetect [+]
ELF 2017-10-16 03:37:29User Submission CuckooSandbox/shellcode CuckooSandbox/embedded_pe CuckooSandbox/embedded_win_api CuckooSandbox/vmdetect [+]
PE32 2018-02-24 07:29:49User Submission YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI YRP/IsBeyondImageSize [+]
ASCII 2018-03-07 05:24:44User Submission YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+]
UTF-8 2018-03-18 04:07:00User Submission CuckooSandbox/embedded_win_api CuckooSandbox/vmdetect YRP/domain YRP/url [+]
PE32+ 2018-05-24 02:58:05User Submission CuckooSandbox/vmdetect YRP/webshell_iMHaPFtp_2 YRP/webshell_caidao_shell_guo YRP/webshell_cihshell_fix [+]
DOS/MBR 2018-06-05 16:38:34User Submission CuckooSandbox/shellcode CuckooSandbox/embedded_pe CuckooSandbox/embedded_win_api CuckooSandbox/vmdetect [+]
ASCII 2018-06-08 17:10:06User Submission CuckooSandbox/embedded_win_api YRP/domain YRP/IP YRP/url [+]
ELF 2018-06-15 14:50:28http://167.99.215.155/mezywget YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url [+]
ELF 2018-06-15 14:50:37http://167.99.215.155/mezycron YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+]
ELF 2018-06-15 14:50:46http://167.99.215.155/mezyftp YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url [+]
ELF 2018-06-15 14:50:55http://167.99.215.155/mezypftp YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+]
ELF 2018-06-15 14:51:03http://167.99.215.155/mezysh YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+]
ELF 2018-06-15 14:51:11http://167.99.215.155/apache2 YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+]
ELF 2018-06-15 14:51:39http://167.99.215.155/mezytftp YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+]
ELF 2018-06-15 14:51:48http://167.99.215.155/mezybash YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+]
ELF 2018-06-15 14:51:57http://167.99.215.155/mezyopenssh YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+]
ELF 2018-06-15 14:52:05http://167.99.215.155/mezysshd YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+]
ELF 2018-06-15 14:52:14http://167.99.215.155/mezyntpd YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+]
UTF-8 2018-06-15 14:53:18http://www.jifowls-ffupdateloader.com/ffupdat... CuckooSandbox/vmdetect YRP/domain YRP/IP YRP/contentis_base64 [+]
UTF-8 2018-06-16 03:29:46http://www.jifowls-ffupdateloader.com/ffupdat... CuckooSandbox/vmdetect YRP/domain YRP/IP YRP/contentis_base64 [+]
Java 2018-06-23 12:44:12User Submission YRP/domain YRP/contentis_base64 YRP/network_dyndns YRP/suspicious_packer_section
data 2018-06-23 12:45:02User Submission YRP/domain YRP/contentis_base64 YRP/network_dyndns YRP/suspicious_packer_section
PE32 2018-09-05 10:40:17User Submission YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_60_70 YRP/Borland YRP/D1S1Gv11betaD1N [+]
Composite 2018-09-07 15:59:43User Submission YRP/powershell YRP/office_document_vba YRP/Contains_VBA_macro_code YRP/domain [+]
ELF 2018-10-13 15:33:27http://159.89.44.222/bins/oxy.sh4 YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+]
ELF 2018-10-13 15:34:00http://159.89.44.222/bins/oxy.m68k YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+]
ELF 2018-10-14 14:50:23http://107.174.26.61/bins/S.mips YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+]
ELF 2018-10-14 14:50:29http://107.174.26.61/bins/S.m68k YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+]
ELF 2018-10-14 14:51:51http://107.174.26.61/bins/Synix.ppc440 YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+]
ELF 2018-10-14 14:55:02http://107.174.26.61/bins/Synix.i586 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url [+]
ELF 2018-10-14 14:58:11http://107.174.26.61/bins/Synix.mips YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+]
ELF 2018-10-14 14:59:20http://107.174.26.61/bins/Synix.mpsl YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+]
PE32 2018-10-23 18:08:21http://99.248.235.4/Library//Turla/NeuronImpl... YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay [+]
ELF 2018-11-08 13:48:39http://159.203.96.141/syi686 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url [+]
ELF 2018-11-08 13:48:55http://159.203.96.141/syppc YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+]
ELF 2018-11-08 13:49:00http://159.203.96.141/sysh4 YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+]
ELF 2018-11-08 13:50:24http://159.203.96.141/syx86 YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+]
ELF 2018-11-08 13:50:35http://159.203.96.141/syi586 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url [+]
ELF 2018-11-08 13:51:08http://159.203.96.141/sya6 YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+]
ELF 2018-11-08 13:51:55http://159.203.96.141/sym68k YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+]
ELF 2018-11-08 13:52:07http://159.203.96.141/syml YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+]
ELF 2018-11-08 13:52:17http://159.203.96.141/sy2 YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+]
ELF 2018-11-16 11:36:33http://46.17.47.244/ntpd YRP/domain YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings [+]
ELF 2018-11-16 11:36:41http://46.17.47.244/sshd YRP/domain YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings [+]
PE32 2019-01-04 23:42:32User Submission YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+]
ASCII 2019-03-25 21:44:26User Submission CuckooSandbox/embedded_win_api YRP/domain YRP/url YRP/contentis_base64 [+]
PE32 2019-04-25 07:19:09http://moscow11.at/proxy/skapoland.chickenkil... YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+]
SQLite 2019-05-05 03:09:18User Submission YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+]
PE32 2019-06-03 16:19:43http://217.147.169.179/BfSjPENnRadf.exe YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+]
PE32 2019-06-08 17:41:42User Submission YRP/Armadillo_v1xx_v2xx_additional YRP/Microsoft_Visual_Cpp_v70_DLL YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Microsoft_Visual_Cpp_60_DLL_Debug [+]
UTF-8 2019-07-06 00:31:25User Submission YRP/domain YRP/url YRP/contentis_base64 YRP/network_dyndns [+]
ASCII 2019-07-06 00:31:31User Submission YRP/domain YRP/IP YRP/contentis_base64 YRP/Misc_Suspicious_Strings [+]
UTF-8 2019-07-07 06:17:59User Submission CuckooSandbox/embedded_pe YRP/domain YRP/IP YRP/url [+]
ASCII 2019-07-20 08:16:07User Submission YRP/domain YRP/IP YRP/contentis_base64 YRP/Misc_Suspicious_Strings [+]
UTF-8 2019-07-20 08:16:08User Submission YRP/domain YRP/url YRP/contentis_base64 YRP/network_dyndns [+]
PE32 2019-07-28 16:13:55User Submission YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 YRP/Borland YRP/ProtectSharewareV11eCompservCMS [+]
PE32 2019-07-28 16:14:09User Submission YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+]
PE32 2019-07-28 16:14:22User Submission YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+]
PE32 2019-07-28 16:15:19User Submission YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 YRP/Borland YRP/UPXv20MarkusLaszloReiser [+]
PE32 2019-07-28 16:15:24User Submission YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+]
UTF-8 2019-08-10 02:02:06User Submission YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+]
UTF-8 2019-09-10 01:17:18User Submission YRP/domain YRP/url YRP/contentis_base64 YRP/network_dyndns [+]
ASCII 2019-09-10 01:17:25User Submission YRP/domain YRP/IP YRP/contentis_base64 YRP/Misc_Suspicious_Strings [+]
UTF-8 2019-10-06 17:01:00User Submission CuckooSandbox/vmdetect YRP/possible_includes_base64_packed_functions YRP/domain YRP/IP [+]
UTF-8 2019-10-06 17:01:14User Submission YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+]
UTF-8 2019-10-06 17:01:18User Submission YRP/domain YRP/url YRP/contentis_base64 YRP/network_dyndns [+]
ASCII 2019-10-06 17:01:50User Submission YRP/domain YRP/IP YRP/contentis_base64 YRP/Misc_Suspicious_Strings [+]
data 2019-10-23 08:30:23User Submission CuckooSandbox/shellcode CuckooSandbox/embedded_win_api CuckooSandbox/vmdetect YRP/powershell [+]
data 2019-10-25 22:21:42User Submission CuckooSandbox/embedded_pe CuckooSandbox/embedded_win_api CuckooSandbox/vmdetect YRP/webshell_iMHaPFtp_2 [+]
ASCII 2019-10-25 22:22:25User Submission YRP/domain YRP/url YRP/contentis_base64 YRP/network_dyndns [+]
ASCII 2019-10-25 22:22:39User Submission CuckooSandbox/embedded_win_api YRP/domain YRP/IP YRP/url [+]
ASCII 2019-10-25 22:22:39User Submission CuckooSandbox/embedded_win_api YRP/domain YRP/IP YRP/url [+]
ASCII 2019-10-25 22:23:27User Submission CuckooSandbox/embedded_win_api CuckooSandbox/vmdetect YRP/domain YRP/IP [+]
ASCII 2019-10-26 14:40:47User Submission YRP/domain YRP/url YRP/contentis_base64 YRP/network_dyndns [+]
ASCII 2019-10-26 14:40:57User Submission CuckooSandbox/embedded_win_api YRP/domain YRP/IP YRP/url [+]
ASCII 2019-10-26 14:42:11User Submission YRP/domain YRP/url YRP/contentis_base64 YRP/network_dyndns [+]
ASCII 2019-10-26 15:00:37User Submission YRP/domain YRP/url YRP/contentis_base64 YRP/network_dyndns [+]
ASCII 2019-10-26 15:00:44User Submission CuckooSandbox/embedded_win_api YRP/domain YRP/IP YRP/url [+]
ASCII 2019-11-05 14:50:35User Submission CuckooSandbox/embedded_win_api CuckooSandbox/vmdetect YRP/possible_includes_base64_packed_functions YRP/powershell [+]
ASCII 2019-11-05 16:20:35User Submission YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+]
data 2019-11-06 22:00:55User Submission CuckooSandbox/embedded_pe CuckooSandbox/embedded_win_api CuckooSandbox/vmdetect YRP/Borland [+]
XML 2019-11-12 18:21:09User Submission CuckooSandbox/vmdetect YRP/powershell YRP/domain YRP/IP [+]
PE32 2019-11-24 12:14:50User Submission YRP/possible_includes_base64_packed_functions YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional [+]
PE32 2019-11-24 12:54:54User Submission YRP/UPX_v0896_v102_v105_v122_Delphi_stub_additional YRP/UPX_v0896_v102_v105_v122_Delphi_stub_Laszlo_Markus YRP/PackerUPX_CompresorGratuito_wwwupxsourceforgenet YRP/UPX_wwwupxsourceforgenet_additional [+]
ASCII 2020-01-11 03:18:00User Submission YRP/domain YRP/IP YRP/contentis_base64 YRP/Misc_Suspicious_Strings [+]
ASCII 2020-01-11 03:18:00User Submission YRP/possible_includes_base64_packed_functions YRP/domain YRP/IP YRP/url [+]
Public 2020-01-11 03:18:01User Submission YRP/domain YRP/url YRP/contentis_base64 YRP/network_dyndns [+]
PE32 2020-01-13 14:40:54User Submission YRP/Armadillo_v2xx_CopyMem_II_additional YRP/Microsoft_Visual_Cpp_70_MFC YRP/IsPE32 YRP/IsWindowsGUI [+]
PE32 2020-01-13 18:01:49User Submission CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/IsPE32 [+]
data 2020-01-13 18:42:39User Submission YRP/domain YRP/contentis_base64 YRP/network_dyndns
PE32 2020-01-13 21:15:27User Submission YRP/PackerUPX_CompresorGratuito_wwwupxsourceforgenet YRP/UPX_wwwupxsourceforgenet_additional YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h YRP/Netopsystems_FEAD_Optimizer_1 [+]
PE32 2020-01-15 09:41:36User Submission YRP/IsPE32 YRP/IsConsole YRP/domain YRP/IP [+]
PE32 2020-01-15 09:52:42User Submission YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+]
PE32 2020-01-15 11:12:23User Submission YRP/PeStubOEP_v1x YRP/PeStubOEP_v1x_additional YRP/PECompact_25x_Jeremy_Collake YRP/IsPE32 [+]
PE32 2020-01-15 11:12:58User Submission YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 [+]
PE32 2020-01-15 11:53:17User Submission YRP/PackerUPX_CompresorGratuito_wwwupxsourceforgenet YRP/UPX_wwwupxsourceforgenet_additional YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h YRP/UPX_290_LZMA [+]
PE32 2020-01-15 11:53:19User Submission YRP/LCC_Win32_v1x_additional YRP/Microsoft_Visual_Cpp_30_old_crap YRP/LCC_Win32_1x YRP/LCC_Win32_v1x [+]
PE32 2020-01-15 16:13:03User Submission CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland YRP/D1S1Gv11betaD1N [+]