MalShare

SHA256 Hash	File type	Added	Source	Yara Hits
e7dc967e475e7ad8d789385c2fead7e4301139d56e6b28c5b537a95e15e6c5b0	PE32+	2022-03-19 03:08:53	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/QtFrameWork YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/disable_antivirus YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/CRC32b_poly_Constant YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/suspicious_packer_section
6029310db6143242b0f1146267b8758686aae07aa21aeb48f44cad3ead8c67b2	PE32+	2022-03-12 03:01:41	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/QtFrameWork YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/disable_antivirus YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/CRC32b_poly_Constant YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/suspicious_packer_section
d42ae9509a110e4c8316bb71949c14a908f38277cbf6b4d2a216ba173aa24e55	PE32	2022-03-11 20:04:32	User Submission	CuckooSandbox/embedded_macho YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET [+] YRP/Microsoft_Visual_Studio_NET_additional YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/IsPacked YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/RE_Tools YRP/Antivirus YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/Base64d_PE YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__RemoteAPI YRP/anti_dbg YRP/network_smtp_dotNet YRP/keylogger YRP/win_hook YRP/vmdetect_misc YRP/Big_Numbers0 YRP/Big_Numbers3 YRP/CRC32_poly_Constant YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/Njrat YRP/UPX YRP/suspicious_packer_section
3e8e74d1eae290bdc15f21648c46eed660697cf1f40434442b00b7b05b8547c6	PE32	2022-03-11 07:01:50	User Submission	YRP/possible_includes_base64_packed_functions YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/NETexecutableMicrosoft [+] YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/Check_VBox_Guest_Additions YRP/Check_VBox_VideoDrivers YRP/Check_VmTools YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/disable_antivirus YRP/win_files_operation YRP/vmdetect_misc YRP/suspicious_packer_section
86dfcaef7029b83ff51b88cb8886bdfd16e12f61d85b8205ea4b4978f7f37c95	PE32	2022-03-09 23:01:27	User Submission	CuckooSandbox/vmdetect YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Misc_Suspicious_Strings YRP/vmdetect YRP/anti_dbg YRP/screenshot YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/vmdetect_misc YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library
e21670df59190d3739b19dd9e1d55d321c935ffa38796ddcb69dc85dbae3f4ad	PE32+	2022-03-09 16:47:18	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/RE_Tools YRP/Antivirus YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Misc_Suspicious_Strings YRP/vmdetect YRP/anti_dbg YRP/anti_dbgtools YRP/antivm_virtualbox YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_tcp_socket YRP/network_dns YRP/win_files_operation YRP/vmdetect_misc YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/suspicious_packer_section
57b092a49d8e408c1dc6b5d15256291a0825fdc326d7559220b6631610580f46	PE32	2022-03-08 19:00:33	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/network_smtp_dotNet YRP/screenshot YRP/win_registry YRP/win_files_operation YRP/vmdetect_misc YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/DES_sbox YRP/with_sqlite
9ec8f988ff41765b68c6a4d29d259fafb62e97ad2d3633c43fbe0ab0dd12518d	PE32	2022-03-05 00:10:03	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/Check_Qemu_Description YRP/Check_Qemu_DeviceMap YRP/Check_VBox_Description YRP/Check_VBox_DeviceMap YRP/Check_VBox_Guest_Additions YRP/Check_VBox_VideoDrivers YRP/Check_VMWare_DeviceMap YRP/Check_VmTools YRP/WMI_VM_Detect YRP/vmdetect_misc YRP/Big_Numbers1 YRP/Big_Numbers2 YRP/Big_Numbers3 YRP/Big_Numbers4 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32b_poly_Constant YRP/BLOWFISH_Constants YRP/MD5_Constants YRP/RC6_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/TEAN YRP/DES_sbox YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table
7419489a868b15e8391142ff161c6fce3a6ec16bd6882689fd63c6156e6a02db	PE32	2022-03-03 03:18:24	User Submission	CuckooSandbox/vmdetect YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/DebuggerException__SetConsoleCtrl YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/antisb_threatExpert YRP/disable_antivirus YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/MD5_Constants YRP/BASE64_table
6e1a26dfa802c7c824ea4672c756f5264182d73bfaeb2ad2bd19dd9382c920fb	PE32	2022-03-02 22:00:49	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/network_dns YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_hook YRP/vmdetect_misc YRP/Advapi_Hash_API YRP/BlackShades_4 YRP/CAP_HookExKeylogger FlorianRoth/Quasar_RAT_1 FlorianRoth/Quasar_RAT_2
8c14671aad9663d454e80c2a65f04431b80fb4faac65b4ac8ce9d696bb95e656	PE32	2022-03-02 03:14:14	User Submission	CuckooSandbox/vmdetect YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/win_registry YRP/win_files_operation YRP/vmdetect_misc YRP/MD5_Constants YRP/BASE64_table
2f686482508b30c567c3cc172f373992a00d2d9edc02032526120a293d0f7f1e	PE32	2022-02-28 03:07:57	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/HasDebugData YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/vmdetect_misc FlorianRoth/DragonFly_APT_Sep17_3
f5580e294d0b956d8abbd105a8c61853fb4bbe35be543d91d5ca300354804893	PE32	2022-02-27 03:29:14	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/HasDebugData YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/vmdetect_misc FlorianRoth/DragonFly_APT_Sep17_3
c33b16e12b88bc0e21a2bd7242941f1a84cd964ca2136c3f7fffddc60ba834a4	PE32	2022-02-26 23:00:28	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/RE_Tools YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/vmdetect_misc FlorianRoth/DragonFly_APT_Sep17_3
ea636271a6785a1ffcea45ad7e83b0b43be24d346bcc28a0f0e358e313d37687	PE32	2022-02-26 03:50:41	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/HasDebugData YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/vmdetect_misc FlorianRoth/DragonFly_APT_Sep17_3
afcfc229ccaddb4e7d9a0b3855839fdce59afd175137c0a7a5c4177e6505d60c	PE32+	2022-02-26 03:35:13	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsConsole [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/WMI_strings YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc
194991b0f7daf747731e34398320fe40f3801b615bbd8c2579c4955a38ed0331	PE32	2022-02-26 03:34:43	User Submission	CuckooSandbox/vmdetect YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/DebuggerException__SetConsoleCtrl YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/antisb_threatExpert YRP/disable_antivirus YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/MD5_Constants YRP/BASE64_table
5a867e72e3cf9aef5fca2829c4972296b5a22d4acbe31dbf5208aefc0252eead	PE32	2022-02-24 16:27:20	User Submission	CuckooSandbox/vmdetect YRP/Visual_Cpp_2005_DLL_Microsoft YRP/Visual_Cpp_2003_DLL_Microsoft YRP/IsPE32 [+] YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/HasModified_DOS_Message YRP/HasRichSignature YRP/powershell YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VirtualBox_Detection YRP/Misc_Suspicious_Strings YRP/DebuggerHiding__Active YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/network_udp_sock YRP/network_tcp_listen YRP/network_tcp_socket YRP/win_files_operation YRP/vmdetect_misc YRP/android_meterpreter YRP/Big_Numbers0 YRP/shylock YRP/Str_Win32_Winsock2_Library
080f12837e31a21f9decc69f193b77dacd983808c7880b49649a5f17f1ecd3e2	PE32	2022-02-24 15:06:46	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsConsole YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/Dropper_Strings YRP/Check_VBox_Guest_Additions YRP/Check_VBox_VideoDrivers YRP/Check_VmTools YRP/vmdetect_misc
9a0238cf203bc1923e1117e3808c34a9b0ccfc8d746ff50a930ed6656d74fec9	PE32	2022-02-24 12:30:03	User Submission	CuckooSandbox/vmdetect YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/HasModified_DOS_Message YRP/HasRichSignature YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/vmdetect YRP/anti_dbg YRP/inject_thread YRP/create_service YRP/network_http YRP/network_dropper YRP/network_tcp_socket YRP/escalate_priv YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_token YRP/win_private_profile YRP/win_files_operation YRP/vmdetect_misc YRP/VC8_Random YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API
574f596bea176fed2f4595f02022b44a50d100cffcde2bd6f3ec5ef0e8e695dc	PE32	2022-02-24 09:56:33	User Submission	YRP/MingWin32_GCC_V3X YRP/MingWin32_GCC_3x YRP/MingWin32_v_h_additional YRP/MinGW_GCC_3x_additional [+] YRP/MinGW_GCC_3x YRP/MingWin32_GCC_3x_additional YRP/MingWin32_v_h YRP/MingWin32_v YRP/MinGWGCC3x YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/MinGW_1 YRP/domain YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/Dropper_Strings YRP/anti_dbg YRP/win_registry YRP/win_files_operation YRP/vmdetect_misc
923ff54ecf3f84c87d30b3c91ae29f42c1ee4d61d968ce7ff7f27faa093b16cc	PE32	2022-02-24 09:30:03	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsConsole YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/Dropper_Strings YRP/Check_VBox_Guest_Additions YRP/Check_VBox_VideoDrivers YRP/Check_VmTools YRP/vmdetect_misc
11e75139ac9e099101cb3df3e63bb1c18ff84587878e0e8e97eb532a0817d6de	MS-DOS	2022-02-24 07:30:22	User Submission	CuckooSandbox/vmdetect YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasModified_DOS_Message YRP/powershell YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/VMWare_Detection YRP/DebuggerException__SetConsoleCtrl YRP/vmdetect YRP/anti_dbg YRP/network_tcp_socket YRP/escalate_priv YRP/screenshot YRP/win_registry YRP/win_token YRP/win_files_operation YRP/win_hook YRP/vmdetect_misc YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/Str_Win32_Winsock2_Library
2b6b0c7339ede4d8081d5515f85e33c80d707e513d25072b537aa8f3fd4d6ffb	PE32+	2022-02-24 03:46:30	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/QtFrameWork YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/disable_antivirus YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/CRC32b_poly_Constant YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/suspicious_packer_section
2e6c64ea9cb0e4eff1334b645137c38d2a9459c6a059fb176437dad94c1fd803	PE32+	2022-02-24 03:13:51	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/disable_antivirus YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc
7236ed9f012387c785f469c79f1558e2711c14ab45e97f93795f8d7ac6805bd3	PE32+	2022-02-24 03:11:33	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/QtFrameWork YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/suspicious_packer_section
007085c7015d2e5ee0aa5bfe33a3eb17147b25ff30d8c7d43b1cd486bf785da9	MS-DOS	2022-02-23 14:44:40	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay [+] YRP/HasDigitalSignature YRP/HasModified_DOS_Message YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VirtualBox_Detection YRP/anti_dbg YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/vmdetect_misc YRP/CRC32b_poly_Constant
ae5cb1e8cdf7c298ddcaec79334a954a8a34d98a58e3aa857c2f75373dcd08ec	PE32	2022-02-23 14:03:44	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsConsole YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/Dropper_Strings YRP/Check_VBox_Guest_Additions YRP/Check_VBox_VideoDrivers YRP/Check_VmTools YRP/vmdetect_misc
924b503c65ec75145b32cf76b0ddf008ed7f9e7cfd2c2eb4185a2cbb829a4a2e	MS-DOS	2022-02-23 09:23:51	User Submission	YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasOverlay [+] YRP/HasDigitalSignature YRP/HasModified_DOS_Message YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VirtualBox_Detection YRP/DebuggerCheck__QueryInfo YRP/anti_dbg YRP/inject_thread YRP/win_registry YRP/win_files_operation YRP/vmdetect_misc
3474dfe7bae270982d624d2dd3b3d2778e4f8ef2fdc83892def001d36e628b8f	MS-DOS	2022-02-22 20:50:17	User Submission	CuckooSandbox/vmdetect YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasModified_DOS_Message YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/vmdetect YRP/anti_dbg YRP/hijack_network YRP/win_registry YRP/win_files_operation YRP/vmdetect_misc YRP/Advapi_Hash_API YRP/CRC32b_poly_Constant YRP/SHA512_Constants YRP/BASE64_table
634d84758d8d922bbfb0ad3c904c38fc7989f11503877acf02ad5dad3775df7a	PE32	2022-02-22 19:06:59	User Submission	YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasDebugData YRP/HasRichSignature YRP/powershell YRP/maldoc_find_kernel32_base_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Antivirus YRP/VMWare_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/network_http YRP/network_tcp_socket YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/Big_Numbers1 YRP/SHA512_Constants YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
218897a49b086ffb193135caa46bbc28026faab889070820b638749f51d1e5eb	PE32	2022-02-22 13:00:39	User Submission	CuckooSandbox/vmdetect YRP/Visual_Cpp_2003_EXE_Microsoft YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Misc_Suspicious_Strings YRP/vmdetect YRP/network_tcp_listen YRP/screenshot YRP/win_registry YRP/win_files_operation YRP/vmdetect_misc YRP/android_meterpreter YRP/Str_Win32_Winsock2_Library YRP/suspicious_packer_section
c56792bea8ac5fbf893ae3df1be0c3c878a615db6b24fd5253e5cbbc2e3e1dd3	PE32	2022-02-21 20:15:50	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsDLL [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/maldoc_find_kernel32_base_method_1 YRP/maldoc_getEIP_method_1 YRP/domain YRP/contentis_base64 YRP/System_Tools YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/DebuggerCheck__QueryInfo YRP/vmdetect YRP/anti_dbgtools YRP/antivm_virtualbox YRP/antivm_bios YRP/network_http YRP/network_dga YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/vmdetect_misc YRP/Advapi_Hash_API YRP/CRC32b_poly_Constant YRP/MD5_API YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API YRP/Str_Win32_Http_API
f3bdf593cdebfc74cc4608d10d9961e289972227c3be0268e595e8f0e2e5c754	PE32	2022-02-21 11:02:11	User Submission	CuckooSandbox/vmdetect YRP/MingWin32_GCC_3x YRP/MingWin32_v_h_additional YRP/MinGW_GCC_3x_additional [+] YRP/MinGW_GCC_3x YRP/MingWin32_GCC_3x_additional YRP/MingWin32_v_h YRP/MingWin32_v YRP/UPXv20MarkusLaszloReiser YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser YRP/MinGWGCC3x YRP/UPX20030XMarkusOberhumerLaszloMolnarJohnReiser YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasModified_DOS_Message YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/Qemu_Detection YRP/Misc_Suspicious_Strings YRP/vmdetect YRP/anti_dbg YRP/network_udp_sock YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library
bd5bfb387b2a6ddae50569d3579859391826924cea61ec895854335911ed8e2b	PE32	2022-02-21 03:17:38	User Submission	CuckooSandbox/vmdetect YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/DebuggerException__SetConsoleCtrl YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/antisb_threatExpert YRP/disable_antivirus YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/MD5_Constants YRP/BASE64_table
d8cbd0df239989e75ff0a2465fe43c81ee244c50df2cf98b5af22e0e294f2b02	PE32	2022-02-18 08:00:29	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/HasDebugData YRP/domain YRP/IP YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/vmdetect_misc FlorianRoth/DragonFly_APT_Sep17_3
52fda2b7ddb3ffa3420a78fd134c37f2403b69bd15cb80d19290ec8a1421630c	PE32	2022-02-18 07:51:17	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI [+] YRP/IsPacked YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/Obfuscated_Strings YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/vmdetect YRP/Check_Debugger YRP/anti_dbg YRP/antisb_sandboxie YRP/win_registry YRP/vmdetect_misc
0cdb8b80e5b0ccd11a37ecb4b692839dd6d53c97d691025521b8afbc5cc696ba	PE32	2022-02-18 03:16:54	User Submission	CuckooSandbox/vmdetect YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/QtFrameWork YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/disable_antivirus YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/CRC32b_poly_Constant YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/suspicious_packer_section YRP/GenerateTLSClientHelloPacket_Test
4e6446a96b5441e746ee82cbebb26edf2f6a27f7f002bd49af677403368ec419	PE32	2022-02-18 03:14:16	User Submission	CuckooSandbox/vmdetect YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/DebuggerException__SetConsoleCtrl YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/antisb_threatExpert YRP/disable_antivirus YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/MD5_Constants YRP/BASE64_table
b315ad447078e9dbaad29b4d4652ee64371dc82ede0017444a6989320f56894d	PE32	2022-02-18 02:20:51	User Submission	CuckooSandbox/vmdetect YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Misc_Suspicious_Strings YRP/DebuggerException__SetConsoleCtrl YRP/vmdetect YRP/anti_dbg YRP/antivm_virtualbox YRP/antivm_vmware YRP/keylogger YRP/win_registry YRP/win_files_operation YRP/vmdetect_misc YRP/BLOWFISH_Constants YRP/BASE64_table YRP/VC8_Random YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Http_API YRP/suspicious_packer_section
516291b27f4c244b3ff74d81dc4c7ba3cb56c7a660d202873ba53301bb426db9	PE32	2022-02-17 21:13:31	User Submission	CuckooSandbox/vmdetect YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature [+] YRP/maldoc_getEIP_method_1 YRP/domain YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/vmdetect YRP/antivm_virtualbox YRP/disable_antivirus YRP/network_dropper YRP/win_mutex YRP/win_registry YRP/win_files_operation YRP/vmdetect_misc YRP/Advapi_Hash_API YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Internet_API
943180700d7a34c29084c60aa364f846da65ebd7e40ae70a2bfe9a5b8e15613c	PE32	2022-02-17 17:47:47	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_v40_v50 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsWindowsGUI YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/Obfuscated_Strings YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/Check_Dlls YRP/vmdetect YRP/Check_Debugger YRP/anti_dbg YRP/antisb_threatExpert YRP/antisb_sandboxie YRP/win_files_operation YRP/vmdetect_misc FlorianRoth/DragonFly_APT_Sep17_3
9faaeca2b98a8fa3948b3fe5fc6ecb6d328f42f5fe929b1653a7a49e5b0f9818	PE32+	2022-02-17 03:27:10	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/QtFrameWork YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/disable_antivirus YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/CRC32b_poly_Constant YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/suspicious_packer_section
a6c2de44816b18ee569ad1503ab02b8a23e79bcb1e5d41158ff3afce294f0b83	PE32	2022-02-17 00:20:42	User Submission	CuckooSandbox/vmdetect YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/VirtualPC_Detection YRP/VirtualBox_Detection YRP/Misc_Suspicious_Strings YRP/DebuggerException__SetConsoleCtrl YRP/vmdetect YRP/anti_dbg YRP/antivm_virtualbox YRP/antivm_vmware YRP/keylogger YRP/win_registry YRP/win_files_operation YRP/vmdetect_misc YRP/BLOWFISH_Constants YRP/BASE64_table YRP/VC8_Random YRP/Str_Win32_Wininet_Library YRP/Str_Win32_Http_API
5d6a26411caf66eb5dded7beb8cbba5026264fc30830d26d848159c1c3b16e22	PE32	2022-02-16 19:37:35	User Submission	YRP/Microsoft_Visual_C_Basic_NET YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE [+] YRP/IsWindowsGUI YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/anti_dbg YRP/network_dns YRP/screenshot YRP/keylogger YRP/win_mutex YRP/win_hook YRP/vmdetect_misc YRP/Advapi_Hash_API YRP/BlackShades_4 YRP/CAP_HookExKeylogger FlorianRoth/Quasar_RAT_1 FlorianRoth/Quasar_RAT_2
e92b2f405839b577d7317750967f851039649513c5b24611894f4665486e767b	PE32	2022-02-16 10:00:36	User Submission	CuckooSandbox/vmdetect YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 [+] YRP/IsWindowsGUI YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/Obfuscated_Strings YRP/DebuggerCheck__QueryInfo YRP/DebuggerCheck__RemoteAPI YRP/vmdetect YRP/Check_Debugger YRP/anti_dbg YRP/antisb_sandboxie YRP/win_registry YRP/win_files_operation YRP/vmdetect_misc YRP/BASE64_table
3d8b0765572e802582d7f7cf81999b0e050e70582ca0b86b0a145e2b383c8305	PE32+	2022-02-16 03:32:36	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/QtFrameWork YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/suspicious_packer_section
a77e8af286a1aba968d2e1eb530f31ceb01a3c85858f4004f52eaf87919f6e98	PE32	2022-02-14 06:54:52	User Submission	CuckooSandbox/vmdetect YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/NETexecutableMicrosoft [+] YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/Check_VBox_Guest_Additions YRP/Check_VBox_VideoDrivers YRP/Check_VmTools YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/win_files_operation YRP/vmdetect_misc YRP/suspicious_packer_section
1fde0ef192d704b3d46679be28cc76930036cb85f80b199e0ce9d86662d50ef3	PE32+	2022-02-13 03:01:54	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/QtFrameWork YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/disable_antivirus YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/CRC32b_poly_Constant YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/suspicious_packer_section
53aa4151c8226fb34ec33a22ba52fe2533b3ab5aa133247782b5f5ab9d60dbcf	PE32	2022-02-12 19:00:31	User Submission	YRP/possible_includes_base64_packed_functions YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/NETexecutableMicrosoft [+] YRP/IsPE32 YRP/IsWindowsGUI YRP/IsPacked YRP/HasDebugData YRP/HasRichSignature YRP/powershell YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/Antivirus YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/Check_VBox_Guest_Additions YRP/Check_VBox_VideoDrivers YRP/Check_VmTools YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/disable_antivirus YRP/screenshot YRP/win_files_operation YRP/vmdetect_misc YRP/Big_Numbers1 YRP/suspicious_packer_section
47bb9cef4ce1c7ed176a6001c981d173739cefe5cf4928ea542293b89f58ff5b	PE32	2022-02-12 03:14:18	User Submission	CuckooSandbox/vmdetect YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/DebuggerException__SetConsoleCtrl YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/antisb_threatExpert YRP/disable_antivirus YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/MD5_Constants YRP/BASE64_table
8e9c554fa5ffdbb5e47c96786ea3df24f8ffd2411216eedbe45acb7f5ff1ef27	PE32	2022-02-10 17:20:35	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/HasDebugData YRP/domain YRP/IP YRP/contentis_base64 YRP/System_Tools YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/Check_Dlls YRP/keylogger YRP/vmdetect_misc YRP/Big_Numbers1 FlorianRoth/Andromeda_MalBot_Jun_1A
9656906b48ccc4208a3ae519f91d2df56a60d9fb3ac8884f1c11bef1b3643ccd	PE32+	2022-02-09 03:11:17	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/QtFrameWork YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/disable_antivirus YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/CRC32b_poly_Constant YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/suspicious_packer_section
b6be0eb33cdc7f4613b8cbcab90dacf59969b30099ac2783594ca9e4291566ac	PE32	2022-02-04 18:12:02	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_v40_v50 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/network_tcp_listen YRP/network_tcp_socket YRP/screenshot YRP/keylogger YRP/win_registry YRP/win_files_operation YRP/vmdetect_misc YRP/Big_Numbers1 YRP/MD5_Constants YRP/Str_Win32_Winsock2_Library
d5f079fb049c650bee2274b47d4e762b7b519cb8eb604c30e54b6bcd5aadb7c6	PE32	2022-02-03 16:04:47	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/Check_Qemu_Description YRP/Check_Qemu_DeviceMap YRP/Check_VBox_Description YRP/Check_VBox_DeviceMap YRP/Check_VBox_Guest_Additions YRP/Check_VBox_VideoDrivers YRP/Check_VMWare_DeviceMap YRP/Check_VmTools YRP/WMI_VM_Detect YRP/network_tcp_listen YRP/win_files_operation YRP/vmdetect_misc YRP/Big_Numbers1 YRP/Big_Numbers2 YRP/Big_Numbers3 YRP/Big_Numbers4 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32b_poly_Constant YRP/BLOWFISH_Constants YRP/MD5_Constants YRP/RC6_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/TEAN YRP/DES_sbox YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table FlorianRoth/Quasar_RAT_1
7b35814be8376bdf8465e94ccb758b1cc378b055713dcd75be748e19b948a77a	PE32	2022-02-03 16:04:40	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsConsole YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/Dropper_Strings YRP/Check_VBox_Guest_Additions YRP/Check_VBox_VideoDrivers YRP/Check_VmTools YRP/vmdetect_misc
7763ee2c06901c059d8ac2cbe197b0624b9a0cefa8fa731b2af831ee6966739a	PE32+	2022-01-28 03:16:22	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/QtFrameWork YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/disable_antivirus YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/CRC32b_poly_Constant YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/suspicious_packer_section
52791ea2cf55eb5ea5334c1e45e9b60b18deb0cb6f1acf36d74502bf9de40115	PE32	2022-01-28 03:15:54	User Submission	CuckooSandbox/vmdetect YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/DebuggerException__SetConsoleCtrl YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/antisb_threatExpert YRP/disable_antivirus YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/MD5_Constants YRP/BASE64_table
8abad19b24dc958d9f3efe6588c41e10530941ed1b6ab690b94c44af15b85f92	PE32+	2022-01-28 03:00:57	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/QtFrameWork YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/disable_antivirus YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/CRC32b_poly_Constant YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/suspicious_packer_section
11513e7948c07f47ebc09a0c7a83a73d4ea766c7b262e5db284eefea03ea718d	PE32+	2022-01-24 16:50:20	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsConsole [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/VirtualBox_Detection YRP/DebuggerCheck__RemoteAPI YRP/vmdetect YRP/Check_Debugger YRP/anti_dbg YRP/antivm_virtualbox YRP/inject_thread YRP/win_files_operation YRP/vmdetect_misc FlorianRoth/DragonFly_APT_Sep17_3
5cfbeff8a33f79df7814b73cde273fd859ef8695488bca70e5b72918fed44632	PE32	2022-01-15 03:03:06	User Submission	CuckooSandbox/vmdetect YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/DebuggerException__SetConsoleCtrl YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/antisb_threatExpert YRP/disable_antivirus YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/MD5_Constants YRP/BASE64_table
b05b740309562ab6160cc3eb8ed2f0dd839d53c6c71f67bf40aeeb3f580eeb0a	PE32	2022-01-14 15:02:17	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/IsPacked YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/Dropper_Strings YRP/Check_VBox_Guest_Additions YRP/Check_VBox_VideoDrivers YRP/Check_VmTools YRP/disable_dep YRP/network_dns YRP/win_registry YRP/vmdetect_misc YRP/Nanocore_RAT_Gen_2 YRP/NanoCore FlorianRoth/RAT_NanoCore FlorianRoth/Nanocore_RAT_Gen_2 KevTheHermit/NanoCore BAMFDetect/NanoCore
9d62846d2589f314d9cd3f45a521eef246174b2b388462fb8bfecfb3847631fd	PE32	2022-01-12 16:02:08	User Submission	YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/Check_Qemu_Description YRP/Check_Qemu_DeviceMap YRP/Check_VBox_Description YRP/Check_VBox_DeviceMap YRP/Check_VBox_Guest_Additions YRP/Check_VBox_VideoDrivers YRP/Check_VMWare_DeviceMap YRP/Check_VmTools YRP/WMI_VM_Detect YRP/network_tcp_listen YRP/win_files_operation YRP/vmdetect_misc YRP/Big_Numbers1 YRP/Big_Numbers2 YRP/Big_Numbers3 YRP/Big_Numbers4 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32b_poly_Constant YRP/BLOWFISH_Constants YRP/MD5_Constants YRP/RC6_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/TEAN YRP/DES_sbox YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table FlorianRoth/Quasar_RAT_1
eb04b667e689cafae2c6057b63b489c77f8472d49a82fb2c10f561c67fb13b7b	PE32	2022-01-05 21:01:43	User Submission	YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/Check_Qemu_Description YRP/Check_Qemu_DeviceMap YRP/Check_VBox_Description YRP/Check_VBox_DeviceMap YRP/Check_VBox_Guest_Additions YRP/Check_VBox_VideoDrivers YRP/Check_VMWare_DeviceMap YRP/Check_VmTools YRP/WMI_VM_Detect YRP/network_tcp_listen YRP/win_files_operation YRP/vmdetect_misc YRP/Big_Numbers1 YRP/Big_Numbers2 YRP/Big_Numbers3 YRP/Big_Numbers4 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32b_poly_Constant YRP/BLOWFISH_Constants YRP/MD5_Constants YRP/RC6_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/TEAN YRP/DES_sbox YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table FlorianRoth/Quasar_RAT_1
e56bedd1e87902a99a32f20b082af4677606f8efa1bd1e5913ee0e9615980171	PE32+	2022-01-05 16:00:48	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsConsole [+] YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Misc_Suspicious_Strings YRP/vmdetect YRP/anti_dbg YRP/vmdetect_misc FlorianRoth/DragonFly_APT_Sep17_3
a5b724d81201a0e45b3af7313440a47cdd67ff1843990109a7e25ecfaeee0256	PE32	2022-01-05 14:01:11	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/Check_Qemu_Description YRP/Check_Qemu_DeviceMap YRP/Check_VBox_Description YRP/Check_VBox_DeviceMap YRP/Check_VBox_Guest_Additions YRP/Check_VBox_VideoDrivers YRP/Check_VMWare_DeviceMap YRP/Check_VmTools YRP/WMI_VM_Detect YRP/network_tcp_listen YRP/win_files_operation YRP/vmdetect_misc YRP/Big_Numbers1 YRP/Big_Numbers2 YRP/Big_Numbers3 YRP/Big_Numbers4 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32b_poly_Constant YRP/BLOWFISH_Constants YRP/MD5_Constants YRP/RC6_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/TEAN YRP/DES_sbox YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table FlorianRoth/Quasar_RAT_1
51102f9bd99597f27a0fe951c3eb3f5e6282479c0025a6513bcfeb2fab30050d	PE32+	2021-12-30 03:08:06	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/QtFrameWork YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/disable_antivirus YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/CRC32b_poly_Constant YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/suspicious_packer_section
d06072f959d895f2fc9a57f44bf6357596c5c3410e90dabe06b171161f37d690	PE32	2021-12-21 18:02:34	User Submission	YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/Check_Qemu_Description YRP/Check_Qemu_DeviceMap YRP/Check_VBox_Description YRP/Check_VBox_DeviceMap YRP/Check_VBox_Guest_Additions YRP/Check_VBox_VideoDrivers YRP/Check_VMWare_DeviceMap YRP/Check_VmTools YRP/WMI_VM_Detect YRP/network_tcp_listen YRP/win_files_operation YRP/vmdetect_misc YRP/Big_Numbers1 YRP/Big_Numbers2 YRP/Big_Numbers3 YRP/Big_Numbers4 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32b_poly_Constant YRP/BLOWFISH_Constants YRP/MD5_Constants YRP/RC6_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/TEAN YRP/DES_sbox YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table FlorianRoth/Quasar_RAT_1
6409d3f3daa33f1e7cef02f4481954d6618a595fdfed57541566bbf1605d7c62	PE32	2021-12-21 16:01:26	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/IsPE32 YRP/IsNET_EXE YRP/IsWindowsGUI YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/Sandboxie_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/Check_Qemu_Description YRP/Check_Qemu_DeviceMap YRP/Check_VBox_Description YRP/Check_VBox_DeviceMap YRP/Check_VBox_Guest_Additions YRP/Check_VBox_VideoDrivers YRP/Check_VMWare_DeviceMap YRP/Check_VmTools YRP/WMI_VM_Detect YRP/network_tcp_listen YRP/win_files_operation YRP/vmdetect_misc YRP/Big_Numbers1 YRP/Big_Numbers2 YRP/Big_Numbers3 YRP/Big_Numbers4 YRP/Big_Numbers5 YRP/Prime_Constants_long YRP/CRC32_poly_Constant YRP/CRC32b_poly_Constant YRP/BLOWFISH_Constants YRP/MD5_Constants YRP/RC6_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/SHA512_Constants YRP/TEAN YRP/DES_sbox YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table FlorianRoth/Quasar_RAT_1
7ccf9c71166df6cabd5dfbdbbb78a3e9bda721c43dd4f882765f86e6838e3b75	PE32	2021-12-14 18:05:32	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsConsole YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/Dropper_Strings YRP/Check_VBox_Guest_Additions YRP/Check_VBox_VideoDrivers YRP/Check_VmTools YRP/vmdetect_misc
ee77c05139a72dc3f1c86391c2bb0c16f198249ae4f099adf3f27ec3a7f0cf4b	PE32	2021-12-14 18:05:27	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsConsole YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/Dropper_Strings YRP/Check_VBox_Guest_Additions YRP/Check_VBox_VideoDrivers YRP/Check_VmTools YRP/vmdetect_misc
d934d04fccac52d6f8ddceaceb608f3bec116928a7c0a2552b57861d465e7e13	PE32	2021-12-12 14:43:11	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsConsole YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/Dropper_Strings YRP/Check_VBox_Guest_Additions YRP/Check_VBox_VideoDrivers YRP/Check_VmTools YRP/vmdetect_misc
2606973ad5fe27881087c79b3cbb4ab994a19f563a167c57658649fa475e2582	PE32	2021-12-12 03:24:26	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+] YRP/Borland_Delphi_v40_v50 YRP/Borland_Delphi_v30 YRP/Borland_Delphi_DLL YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/suspicious_packer_section
f3973c9ae60d39e97516a4801877f8f4e2a7831335a2ee1b61f5aff0e925de36	PE32	2021-12-10 10:07:16	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsConsole YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/Dropper_Strings YRP/Check_VBox_Guest_Additions YRP/Check_VBox_VideoDrivers YRP/Check_VmTools YRP/vmdetect_misc
bed264f4980266092f941dc6122343005e93da8f06324cab6408b8cdf497fa0e	PE32	2021-12-10 03:49:42	User Submission	CuckooSandbox/vmdetect YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/DebuggerException__SetConsoleCtrl YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/antisb_threatExpert YRP/disable_antivirus YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/MD5_Constants YRP/BASE64_table
3473291992532fb9a6c094149ba37ccf030220d8489fe31b4a070785a0ebd2fb	PE32	2021-12-09 03:01:34	User Submission	CuckooSandbox/embedded_macho CuckooSandbox/vmdetect YRP/Obsidium_v10061 YRP/VC8_Microsoft_Corporation [+] YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDigitalSignature YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/DebuggerException__SetConsoleCtrl YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/disable_antivirus YRP/escalate_priv YRP/screenshot YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/CRC32_poly_Constant YRP/CRC32b_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table
d882f16396b6ae7fd64ef26375ad64a03b621d1aeceaf0a23069fbef6455d568	ASCII	2021-12-07 03:18:48	User Submission	CuckooSandbox/embedded_win_api CuckooSandbox/vmdetect YRP/powershell YRP/domain [+] YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/vmdetect YRP/vmdetect_misc YRP/android_meterpreter
08bc2d1663b39b8981348ed0fcb02661d0daa201b6fdbf9e13e03aa01a79b6ee	PE32	2021-12-06 03:20:26	User Submission	CuckooSandbox/vmdetect YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/DebuggerException__SetConsoleCtrl YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/antisb_threatExpert YRP/disable_antivirus YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/MD5_Constants YRP/BASE64_table
dea3644461b60b7d2925994603a2609f7745a1a6e7d32ea0ca7c7a2d0ab4ac10	PE32	2021-12-05 03:23:52	User Submission	CuckooSandbox/vmdetect YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/QtFrameWork YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/disable_antivirus YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/CRC32b_poly_Constant YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/suspicious_packer_section YRP/GenerateTLSClientHelloPacket_Test
84a7b88f2e418962a0e6e79ffa972e693e0bacbadeea96a229302a9e3d68a0b7	PE32	2021-12-03 04:04:58	User Submission	CuckooSandbox/vmdetect YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/DebuggerException__SetConsoleCtrl YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/antisb_threatExpert YRP/disable_antivirus YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/MD5_Constants YRP/BASE64_table
ef87140e4f35268628b4b0018e855b315cdb227954c79da9856336b0507a988f	PE32+	2021-12-03 04:03:23	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/disable_antivirus YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc
4d8e1ae8d3be88ace89132a7a2226722e627c94bf9701bb037140a9027777430	PE32+	2021-12-02 03:40:06	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/QtFrameWork YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/disable_antivirus YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/CRC32b_poly_Constant YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/suspicious_packer_section
4a59ba91721dcd39f6a88ab1bc1563d8c437781729fe3b9883ffbee03080ec73	PE32	2021-12-02 03:34:26	User Submission	CuckooSandbox/embedded_macho CuckooSandbox/vmdetect YRP/Obsidium_v10061 YRP/VC8_Microsoft_Corporation [+] YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDigitalSignature YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/DebuggerException__SetConsoleCtrl YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/disable_antivirus YRP/escalate_priv YRP/screenshot YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/CRC32_poly_Constant YRP/CRC32b_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table
a1c3dadc49cf7b7e3f4d99cd73f851864cb46d5eb22a39275300a0ea4b3e792c	PE32	2021-12-01 03:05:10	User Submission	YRP/Microsoft_Visual_Basic_v50v60 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 YRP/Microsoft_Visual_Basic_v50_additional [+] YRP/Microsoft_Visual_Basic_v50v60_additional YRP/IsPE32 YRP/IsConsole YRP/HasOverlay YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/System_Tools YRP/Browsers YRP/Antivirus YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/Misc_Suspicious_Strings YRP/DebuggerCheck__QueryInfo YRP/DebuggerException__SetConsoleCtrl YRP/SEH__vba YRP/anti_dbg YRP/disable_dep YRP/network_tcp_listen YRP/network_dropper YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/keylogger YRP/spreading_share YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/Advapi_Hash_API YRP/Str_Win32_Winsock2_Library YRP/Str_Win32_Wininet_Library
b2c7aa4ca944e68737d9a4ba5d07902504fef7728df7e8aac79afc93e427992a	PE32	2021-11-28 18:01:40	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsConsole YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/Dropper_Strings YRP/Check_VBox_Guest_Additions YRP/Check_VBox_VideoDrivers YRP/Check_VmTools YRP/vmdetect_misc
047c524d26a132282d6740a5e0526d9db6a6a34ed016c85ac98d52d19d7e9edf	PE32	2021-11-28 03:54:25	User Submission	CuckooSandbox/vmdetect YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/DebuggerException__SetConsoleCtrl YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/antisb_threatExpert YRP/disable_antivirus YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/MD5_Constants YRP/BASE64_table
3acbe0fc139b34bc9a6b7f8a698bdd9e827c6f1d949fbcd0f908673aaff23e6a	PE32	2021-11-28 03:31:58	User Submission	CuckooSandbox/vmdetect YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/QtFrameWork YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/disable_antivirus YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/CRC32b_poly_Constant YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/suspicious_packer_section YRP/GenerateTLSClientHelloPacket_Test
4455f685be69a303faae2f577e8de89d714734fe2e4e3c906fb370bdde654063	PE32	2021-11-27 03:34:52	User Submission	CuckooSandbox/vmdetect YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/DebuggerException__SetConsoleCtrl YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/antisb_threatExpert YRP/disable_antivirus YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/MD5_Constants YRP/BASE64_table
99680eda762808de52e51591d5348bf62cde86e47764e611216e7efecccd85d9	PE32	2021-11-23 03:48:50	User Submission	CuckooSandbox/embedded_macho CuckooSandbox/vmdetect YRP/Obsidium_v10061 YRP/VC8_Microsoft_Corporation [+] YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDigitalSignature YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/DebuggerException__SetConsoleCtrl YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/disable_antivirus YRP/escalate_priv YRP/screenshot YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/CRC32_poly_Constant YRP/CRC32b_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table
51a1cf6ce89c1f1569cb176bf45b9553045dce32b457d57da97428c2158e6025	PE32	2021-11-22 03:49:24	User Submission	CuckooSandbox/vmdetect YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/DebuggerException__SetConsoleCtrl YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/antisb_threatExpert YRP/disable_antivirus YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/MD5_Constants YRP/BASE64_table
16e01e828b957d529d38c5cdbbc31dec22abf8cce9990017f905db1a9e4e2951	PE32	2021-11-21 03:40:25	User Submission	CuckooSandbox/vmdetect YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/QtFrameWork YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/disable_antivirus YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/CRC32b_poly_Constant YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/suspicious_packer_section YRP/GenerateTLSClientHelloPacket_Test
42f6590ad08fedd3fbf6fb1e3791cd1247770afc3b763389fb423a727f76f645	PE32+	2021-11-21 03:01:12	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsConsole [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasRichSignature YRP/domain YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/WMI_strings YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc
81382f624d85dd3329b9339d05eec397ab7473da45be46db05f421a50659559f	PE32+	2021-11-19 03:08:21	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/QtFrameWork YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/disable_antivirus YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/CRC32b_poly_Constant YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/suspicious_packer_section
791b46c7f4e527e8c57e9abd87a3ddaf5a193671f76c965dfd9447d6be0b0fe5	PE32	2021-11-18 03:08:58	User Submission	CuckooSandbox/vmdetect YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay [+] YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/QtFrameWork YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/network_tcp_listen YRP/network_smtp_raw YRP/network_tcp_socket YRP/network_dns YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/Big_Numbers1 YRP/Advapi_Hash_API YRP/CRC32_poly_Constant YRP/CRC32_table YRP/BASE64_table YRP/Str_Win32_Winsock2_Library YRP/suspicious_packer_section
bfae0b0fb410fcc0853f45b85116064f3922b5a1364ed54ae1fe07770c33b7e0	PE32+	2021-11-17 03:35:47	User Submission	CuckooSandbox/vmdetect YRP/Microsoft_Visual_Cpp_80_DLL YRP/IsPE64 YRP/IsWindowsGUI [+] YRP/HasOverlay YRP/HasDigitalSignature YRP/HasDebugData YRP/HasRichSignature YRP/QtFrameWork YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/WMI_strings YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/disable_antivirus YRP/escalate_priv YRP/win_mutex YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/Big_Numbers1 YRP/CRC32_poly_Constant YRP/CRC32_table YRP/CRC32b_poly_Constant YRP/MD5_Constants YRP/RIPEMD160_Constants YRP/SHA1_Constants
0119c01af24f2e8030f71ff2b033f6b35603665ec9cc54eaafd31936dc442dcb	PE32	2021-11-17 03:08:26	User Submission	CuckooSandbox/vmdetect YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/DebuggerException__SetConsoleCtrl YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/antisb_threatExpert YRP/disable_antivirus YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/MD5_Constants YRP/BASE64_table
787806ffe05d2c5e58b7deba51184902b47437d4d27d848c25dd50e6a4521d72	PE32	2021-11-13 03:05:25	User Submission	CuckooSandbox/vmdetect YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/DebuggerException__SetConsoleCtrl YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/antisb_threatExpert YRP/disable_antivirus YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/MD5_Constants YRP/BASE64_table
f842b4363b57a1b5385ce6d3301e463cce5dcb178b5091f22fb6fd9e99cd9ecb	PE32	2021-11-13 03:01:04	User Submission	CuckooSandbox/embedded_macho CuckooSandbox/vmdetect YRP/Obsidium_v10061 YRP/VC8_Microsoft_Corporation [+] YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI YRP/HasOverlay YRP/HasDigitalSignature YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/DebuggerException__SetConsoleCtrl YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/disable_antivirus YRP/escalate_priv YRP/screenshot YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/CRC32_poly_Constant YRP/CRC32b_poly_Constant YRP/RIPEMD160_Constants YRP/SHA1_Constants YRP/RijnDael_AES_CHAR YRP/RijnDael_AES_LONG YRP/BASE64_table
547f87c59c3c93397d3dfe2ce53bdaf9257958e5b793c0aa8ca10b12c4535dd8	PE32	2021-11-11 06:08:06	User Submission	YRP/Microsoft_Visual_Studio_NET YRP/Microsoft_Visual_C_v70_Basic_NET_additional YRP/Microsoft_Visual_C_Basic_NET YRP/Microsoft_Visual_Studio_NET_additional [+] YRP/Microsoft_Visual_C_v70_Basic_NET YRP/NET_executable_ YRP/NET_executable YRP/NETexecutableMicrosoft YRP/IsPE32 YRP/IsNET_EXE YRP/IsConsole YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VM_Generic_Detection YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Qemu_Detection YRP/Dropper_Strings YRP/Check_VBox_Guest_Additions YRP/Check_VBox_VideoDrivers YRP/Check_VmTools YRP/vmdetect_misc
99922016f830d4bb805f972544f94638f5bbe58418894dc57739d5672f49fd55	PE32	2021-11-11 04:09:15	User Submission	CuckooSandbox/vmdetect YRP/IsPE32 YRP/IsWindowsGUI YRP/HasDebugData [+] YRP/HasRichSignature YRP/domain YRP/IP YRP/url YRP/contentis_base64 YRP/VMWare_Detection YRP/VirtualBox_Detection YRP/Dropper_Strings YRP/DebuggerException__SetConsoleCtrl YRP/vmdetect YRP/Check_OutputDebugStringA_iat YRP/anti_dbg YRP/antisb_threatExpert YRP/disable_antivirus YRP/escalate_priv YRP/win_registry YRP/win_token YRP/win_files_operation YRP/vmdetect_misc YRP/MD5_Constants YRP/BASE64_table

Recent Searches
yrp/vmdetect_misc
yrp/aspack_v211c
yrp/visual_cpp_2005_release_microsoft
yrp/big_numbers5
yrp/telock_v099_te_tmd
yrp/orien_211_212_fisun_alexander
yrp/opcleaver_kagent
yrp/debuggerhiding__active
yrp/webshell_gfs_sh_r57shell_r57shell127_sniper_sa_xxx
yrp/irontiger_wmiexec

Search

Recent Searches