23.0.mnolyk.exe.60000.0.unpack | JoeSecurity_Amadey_2 | Yara detected Amadey\'s stealer DLL | Joe Security | |
22.0.NewPlayer.exe.ff0000.0.unpack | JoeSecurity_Amadey_2 | Yara detected Amadey\'s stealer DLL | Joe Security | |
39.2.794C.exe.400000.0.raw.unpack | SUSP_XORed_URL_in_EXE | Detects an XORed URL in an executable | Florian Roth (Nextron Systems) | - 0xe23ea:$s1: http://
- 0x100498:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x100b28:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x100b4e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x10472e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x102626:$s2: \xE8\xF4\xF4\xF0\xF3\xBA\xAF\xAF
- 0xe23ea:$f1: http://
|
39.2.794C.exe.400000.0.raw.unpack | JoeSecurity_Djvu | Yara detected Djvu Ransomware | Joe Security | |
39.2.794C.exe.400000.0.raw.unpack | MALWARE_Win_STOP | Detects STOP ransomware | ditekSHen | - 0xffe88:$x1: C:\SystemID\PersonalID.txt
- 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC)
- 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\
- 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\
- 0x1002ec:$s1: " --AutoStart
- 0x100300:$s1: " --AutoStart
- 0x103f48:$s2: --ForNetRes
- 0x103f10:$s3: --Admin
- 0x104390:$s4: %username%
- 0x1044b4:$s5: ?pid=
- 0x1044c0:$s6: &first=true
- 0x1044d8:$s6: &first=false
- 0x1003f4:$s7: delself.bat
- 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
- 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
- 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
|
39.2.794C.exe.400000.0.raw.unpack | Windows_Ransomware_Stop_1e8d48ff | unknown | unknown | - 0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
- 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
|
31.2.BDC0.exe.400000.0.unpack | SUSP_XORed_URL_in_EXE | Detects an XORed URL in an executable | Florian Roth (Nextron Systems) | - 0xe0dea:$s1: http://
- 0xfee98:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0xff528:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0xff54e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x10312e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x101026:$s2: \xE8\xF4\xF4\xF0\xF3\xBA\xAF\xAF
- 0xe0dea:$f1: http://
|
31.2.BDC0.exe.400000.0.unpack | JoeSecurity_Djvu | Yara detected Djvu Ransomware | Joe Security | |
31.2.BDC0.exe.400000.0.unpack | MALWARE_Win_STOP | Detects STOP ransomware | ditekSHen | - 0xfe888:$x1: C:\SystemID\PersonalID.txt
- 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC)
- 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\
- 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\
- 0xfecec:$s1: " --AutoStart
- 0xfed00:$s1: " --AutoStart
- 0x102948:$s2: --ForNetRes
- 0x102910:$s3: --Admin
- 0x102d90:$s4: %username%
- 0x102eb4:$s5: ?pid=
- 0x102ec0:$s6: &first=true
- 0x102ed8:$s6: &first=false
- 0xfedf4:$s7: delself.bat
- 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
- 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
- 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
|
31.2.BDC0.exe.400000.0.unpack | Windows_Ransomware_Stop_1e8d48ff | unknown | unknown | - 0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
- 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
|
26.2.BDC0.exe.24715a0.1.raw.unpack | SUSP_XORed_URL_in_EXE | Detects an XORed URL in an executable | Florian Roth (Nextron Systems) | - 0xe0dea:$s1: http://
- 0xfee98:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0xff528:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0xff54e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x10312e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x101026:$s2: \xE8\xF4\xF4\xF0\xF3\xBA\xAF\xAF
- 0xe0dea:$f1: http://
|
26.2.BDC0.exe.24715a0.1.raw.unpack | JoeSecurity_Djvu | Yara detected Djvu Ransomware | Joe Security | |
26.2.BDC0.exe.24715a0.1.raw.unpack | MALWARE_Win_STOP | Detects STOP ransomware | ditekSHen | - 0xfe888:$x1: C:\SystemID\PersonalID.txt
- 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC)
- 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\
- 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\
- 0xfecec:$s1: " --AutoStart
- 0xfed00:$s1: " --AutoStart
- 0x102948:$s2: --ForNetRes
- 0x102910:$s3: --Admin
- 0x102d90:$s4: %username%
- 0x102eb4:$s5: ?pid=
- 0x102ec0:$s6: &first=true
- 0x102ed8:$s6: &first=false
- 0xfedf4:$s7: delself.bat
- 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
- 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
- 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
|
26.2.BDC0.exe.24715a0.1.raw.unpack | Windows_Ransomware_Stop_1e8d48ff | unknown | unknown | - 0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
- 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
|
17.2.BDC0.exe.400000.0.raw.unpack | SUSP_XORed_URL_in_EXE | Detects an XORed URL in an executable | Florian Roth (Nextron Systems) | - 0xe23ea:$s1: http://
- 0x100498:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x100b28:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x100b4e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x10472e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x102626:$s2: \xE8\xF4\xF4\xF0\xF3\xBA\xAF\xAF
- 0xe23ea:$f1: http://
|
17.2.BDC0.exe.400000.0.raw.unpack | JoeSecurity_Djvu | Yara detected Djvu Ransomware | Joe Security | |
17.2.BDC0.exe.400000.0.raw.unpack | MALWARE_Win_STOP | Detects STOP ransomware | ditekSHen | - 0xffe88:$x1: C:\SystemID\PersonalID.txt
- 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC)
- 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\
- 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\
- 0x1002ec:$s1: " --AutoStart
- 0x100300:$s1: " --AutoStart
- 0x103f48:$s2: --ForNetRes
- 0x103f10:$s3: --Admin
- 0x104390:$s4: %username%
- 0x1044b4:$s5: ?pid=
- 0x1044c0:$s6: &first=true
- 0x1044d8:$s6: &first=false
- 0x1003f4:$s7: delself.bat
- 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
- 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
- 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
|
17.2.BDC0.exe.400000.0.raw.unpack | Windows_Ransomware_Stop_1e8d48ff | unknown | unknown | - 0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
- 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
|
37.2.8DD2.exe.400000.0.raw.unpack | SUSP_XORed_URL_in_EXE | Detects an XORed URL in an executable | Florian Roth (Nextron Systems) | - 0xe23ea:$s1: http://
- 0x100498:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x100b28:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x100b4e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x10472e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x102626:$s2: \xE8\xF4\xF4\xF0\xF3\xBA\xAF\xAF
- 0xe23ea:$f1: http://
|
37.2.8DD2.exe.400000.0.raw.unpack | JoeSecurity_Djvu | Yara detected Djvu Ransomware | Joe Security | |
37.2.8DD2.exe.400000.0.raw.unpack | MALWARE_Win_STOP | Detects STOP ransomware | ditekSHen | - 0xffe88:$x1: C:\SystemID\PersonalID.txt
- 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC)
- 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\
- 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\
- 0x1002ec:$s1: " --AutoStart
- 0x100300:$s1: " --AutoStart
- 0x103f48:$s2: --ForNetRes
- 0x103f10:$s3: --Admin
- 0x104390:$s4: %username%
- 0x1044b4:$s5: ?pid=
- 0x1044c0:$s6: &first=true
- 0x1044d8:$s6: &first=false
- 0x1003f4:$s7: delself.bat
- 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
- 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
- 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
|
37.2.8DD2.exe.400000.0.raw.unpack | Windows_Ransomware_Stop_1e8d48ff | unknown | unknown | - 0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
- 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
|
20.2.223E.exe.42def90.1.unpack | JoeSecurity_Amadey_2 | Yara detected Amadey\'s stealer DLL | Joe Security | |
31.2.BDC0.exe.400000.0.raw.unpack | SUSP_XORed_URL_in_EXE | Detects an XORed URL in an executable | Florian Roth (Nextron Systems) | - 0xe23ea:$s1: http://
- 0x100498:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x100b28:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x100b4e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x10472e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x102626:$s2: \xE8\xF4\xF4\xF0\xF3\xBA\xAF\xAF
- 0xe23ea:$f1: http://
|
31.2.BDC0.exe.400000.0.raw.unpack | JoeSecurity_Djvu | Yara detected Djvu Ransomware | Joe Security | |
31.2.BDC0.exe.400000.0.raw.unpack | MALWARE_Win_STOP | Detects STOP ransomware | ditekSHen | - 0xffe88:$x1: C:\SystemID\PersonalID.txt
- 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC)
- 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\
- 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\
- 0x1002ec:$s1: " --AutoStart
- 0x100300:$s1: " --AutoStart
- 0x103f48:$s2: --ForNetRes
- 0x103f10:$s3: --Admin
- 0x104390:$s4: %username%
- 0x1044b4:$s5: ?pid=
- 0x1044c0:$s6: &first=true
- 0x1044d8:$s6: &first=false
- 0x1003f4:$s7: delself.bat
- 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
- 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
- 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
|
31.2.BDC0.exe.400000.0.raw.unpack | Windows_Ransomware_Stop_1e8d48ff | unknown | unknown | - 0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
- 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
|
36.2.794C.exe.24615a0.1.raw.unpack | SUSP_XORed_URL_in_EXE | Detects an XORed URL in an executable | Florian Roth (Nextron Systems) | - 0xe0dea:$s1: http://
- 0xfee98:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0xff528:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0xff54e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x10312e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x101026:$s2: \xE8\xF4\xF4\xF0\xF3\xBA\xAF\xAF
- 0xe0dea:$f1: http://
|
36.2.794C.exe.24615a0.1.raw.unpack | JoeSecurity_Djvu | Yara detected Djvu Ransomware | Joe Security | |
36.2.794C.exe.24615a0.1.raw.unpack | MALWARE_Win_STOP | Detects STOP ransomware | ditekSHen | - 0xfe888:$x1: C:\SystemID\PersonalID.txt
- 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC)
- 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\
- 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\
- 0xfecec:$s1: " --AutoStart
- 0xfed00:$s1: " --AutoStart
- 0x102948:$s2: --ForNetRes
- 0x102910:$s3: --Admin
- 0x102d90:$s4: %username%
- 0x102eb4:$s5: ?pid=
- 0x102ec0:$s6: &first=true
- 0x102ed8:$s6: &first=false
- 0xfedf4:$s7: delself.bat
- 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
- 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
- 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
|
36.2.794C.exe.24615a0.1.raw.unpack | Windows_Ransomware_Stop_1e8d48ff | unknown | unknown | - 0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
- 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
|
17.2.BDC0.exe.400000.0.unpack | SUSP_XORed_URL_in_EXE | Detects an XORed URL in an executable | Florian Roth (Nextron Systems) | - 0xe0dea:$s1: http://
- 0xfee98:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0xff528:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0xff54e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x10312e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x101026:$s2: \xE8\xF4\xF4\xF0\xF3\xBA\xAF\xAF
- 0xe0dea:$f1: http://
|
17.2.BDC0.exe.400000.0.unpack | JoeSecurity_Djvu | Yara detected Djvu Ransomware | Joe Security | |
17.2.BDC0.exe.400000.0.unpack | MALWARE_Win_STOP | Detects STOP ransomware | ditekSHen | - 0xfe888:$x1: C:\SystemID\PersonalID.txt
- 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC)
- 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\
- 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\
- 0xfecec:$s1: " --AutoStart
- 0xfed00:$s1: " --AutoStart
- 0x102948:$s2: --ForNetRes
- 0x102910:$s3: --Admin
- 0x102d90:$s4: %username%
- 0x102eb4:$s5: ?pid=
- 0x102ec0:$s6: &first=true
- 0x102ed8:$s6: &first=false
- 0xfedf4:$s7: delself.bat
- 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
- 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
- 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
|
17.2.BDC0.exe.400000.0.unpack | Windows_Ransomware_Stop_1e8d48ff | unknown | unknown | - 0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
- 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
|
26.2.BDC0.exe.24715a0.1.unpack | SUSP_XORed_URL_in_EXE | Detects an XORed URL in an executable | Florian Roth (Nextron Systems) | - 0xdf7ea:$s1: http://
- 0xfd898:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0xfdf28:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0xfdf4e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x101b2e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0xffa26:$s2: \xE8\xF4\xF4\xF0\xF3\xBA\xAF\xAF
- 0xdf7ea:$f1: http://
|
26.2.BDC0.exe.24715a0.1.unpack | JoeSecurity_Djvu | Yara detected Djvu Ransomware | Joe Security | |
26.2.BDC0.exe.24715a0.1.unpack | MALWARE_Win_STOP | Detects STOP ransomware | ditekSHen | - 0xfd288:$x1: C:\SystemID\PersonalID.txt
- 0xfd734:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC)
- 0xfd0f0:$x3: e:\doc\my work (c++)\_git\encryption\
- 0x102f28:$x3: E:\Doc\My work (C++)\_Git\Encryption\
- 0xfd6ec:$s1: " --AutoStart
- 0xfd700:$s1: " --AutoStart
- 0x101348:$s2: --ForNetRes
- 0x101310:$s3: --Admin
- 0x101790:$s4: %username%
- 0x1018b4:$s5: ?pid=
- 0x1018c0:$s6: &first=true
- 0x1018d8:$s6: &first=false
- 0xfd7f4:$s7: delself.bat
- 0x1017f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
- 0x101820:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
- 0x101848:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
|
26.2.BDC0.exe.24715a0.1.unpack | Windows_Ransomware_Stop_1e8d48ff | unknown | unknown | - 0x102f28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
- 0xc1ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
|
44.0.mnolyk.exe.60000.0.unpack | JoeSecurity_Amadey_2 | Yara detected Amadey\'s stealer DLL | Joe Security | |
18.2.BDC0.exe.24115a0.1.unpack | SUSP_XORed_URL_in_EXE | Detects an XORed URL in an executable | Florian Roth (Nextron Systems) | - 0xdf7ea:$s1: http://
- 0xfd898:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0xfdf28:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0xfdf4e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x101b2e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0xffa26:$s2: \xE8\xF4\xF4\xF0\xF3\xBA\xAF\xAF
- 0xdf7ea:$f1: http://
|
18.2.BDC0.exe.24115a0.1.unpack | JoeSecurity_Djvu | Yara detected Djvu Ransomware | Joe Security | |
18.2.BDC0.exe.24115a0.1.unpack | MALWARE_Win_STOP | Detects STOP ransomware | ditekSHen | - 0xfd288:$x1: C:\SystemID\PersonalID.txt
- 0xfd734:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC)
- 0xfd0f0:$x3: e:\doc\my work (c++)\_git\encryption\
- 0x102f28:$x3: E:\Doc\My work (C++)\_Git\Encryption\
- 0xfd6ec:$s1: " --AutoStart
- 0xfd700:$s1: " --AutoStart
- 0x101348:$s2: --ForNetRes
- 0x101310:$s3: --Admin
- 0x101790:$s4: %username%
- 0x1018b4:$s5: ?pid=
- 0x1018c0:$s6: &first=true
- 0x1018d8:$s6: &first=false
- 0xfd7f4:$s7: delself.bat
- 0x1017f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
- 0x101820:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
- 0x101848:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
|
18.2.BDC0.exe.24115a0.1.unpack | Windows_Ransomware_Stop_1e8d48ff | unknown | unknown | - 0x102f28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
- 0xc1ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
|
11.2.BDC0.exe.24815a0.1.unpack | SUSP_XORed_URL_in_EXE | Detects an XORed URL in an executable | Florian Roth (Nextron Systems) | - 0xdf7ea:$s1: http://
- 0xfd898:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0xfdf28:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0xfdf4e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x101b2e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0xffa26:$s2: \xE8\xF4\xF4\xF0\xF3\xBA\xAF\xAF
- 0xdf7ea:$f1: http://
|
11.2.BDC0.exe.24815a0.1.unpack | JoeSecurity_Djvu | Yara detected Djvu Ransomware | Joe Security | |
11.2.BDC0.exe.24815a0.1.unpack | MALWARE_Win_STOP | Detects STOP ransomware | ditekSHen | - 0xfd288:$x1: C:\SystemID\PersonalID.txt
- 0xfd734:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC)
- 0xfd0f0:$x3: e:\doc\my work (c++)\_git\encryption\
- 0x102f28:$x3: E:\Doc\My work (C++)\_Git\Encryption\
- 0xfd6ec:$s1: " --AutoStart
- 0xfd700:$s1: " --AutoStart
- 0x101348:$s2: --ForNetRes
- 0x101310:$s3: --Admin
- 0x101790:$s4: %username%
- 0x1018b4:$s5: ?pid=
- 0x1018c0:$s6: &first=true
- 0x1018d8:$s6: &first=false
- 0xfd7f4:$s7: delself.bat
- 0x1017f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
- 0x101820:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
- 0x101848:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
|
11.2.BDC0.exe.24815a0.1.unpack | Windows_Ransomware_Stop_1e8d48ff | unknown | unknown | - 0x102f28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
- 0xc1ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
|
42.2.build2.exe.22f15a0.1.unpack | JoeSecurity_Vidar_1 | Yara detected Vidar stealer | Joe Security | |
19.2.BDC0.exe.400000.0.raw.unpack | SUSP_XORed_URL_in_EXE | Detects an XORed URL in an executable | Florian Roth (Nextron Systems) | - 0xe23ea:$s1: http://
- 0x100498:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x100b28:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x100b4e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x10472e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x102626:$s2: \xE8\xF4\xF4\xF0\xF3\xBA\xAF\xAF
- 0xe23ea:$f1: http://
|
19.2.BDC0.exe.400000.0.raw.unpack | JoeSecurity_Djvu | Yara detected Djvu Ransomware | Joe Security | |
19.2.BDC0.exe.400000.0.raw.unpack | MALWARE_Win_STOP | Detects STOP ransomware | ditekSHen | - 0xffe88:$x1: C:\SystemID\PersonalID.txt
- 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC)
- 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\
- 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\
- 0x1002ec:$s1: " --AutoStart
- 0x100300:$s1: " --AutoStart
- 0x103f48:$s2: --ForNetRes
- 0x103f10:$s3: --Admin
- 0x104390:$s4: %username%
- 0x1044b4:$s5: ?pid=
- 0x1044c0:$s6: &first=true
- 0x1044d8:$s6: &first=false
- 0x1003f4:$s7: delself.bat
- 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
- 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
- 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
|
19.2.BDC0.exe.400000.0.raw.unpack | Windows_Ransomware_Stop_1e8d48ff | unknown | unknown | - 0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
- 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
|
42.2.build2.exe.22f15a0.1.raw.unpack | JoeSecurity_Vidar_1 | Yara detected Vidar stealer | Joe Security | |
6.2.BDC0.exe.400000.0.raw.unpack | SUSP_XORed_URL_in_EXE | Detects an XORed URL in an executable | Florian Roth (Nextron Systems) | - 0xe23ea:$s1: http://
- 0x100498:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x100b28:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x100b4e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x10472e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x102626:$s2: \xE8\xF4\xF4\xF0\xF3\xBA\xAF\xAF
- 0xe23ea:$f1: http://
|
6.2.BDC0.exe.400000.0.raw.unpack | JoeSecurity_Djvu | Yara detected Djvu Ransomware | Joe Security | |
6.2.BDC0.exe.400000.0.raw.unpack | MALWARE_Win_STOP | Detects STOP ransomware | ditekSHen | - 0xffe88:$x1: C:\SystemID\PersonalID.txt
- 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC)
- 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\
- 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\
- 0x1002ec:$s1: " --AutoStart
- 0x100300:$s1: " --AutoStart
- 0x103f48:$s2: --ForNetRes
- 0x103f10:$s3: --Admin
- 0x104390:$s4: %username%
- 0x1044b4:$s5: ?pid=
- 0x1044c0:$s6: &first=true
- 0x1044d8:$s6: &first=false
- 0x1003f4:$s7: delself.bat
- 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
- 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
- 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
|
6.2.BDC0.exe.400000.0.raw.unpack | Windows_Ransomware_Stop_1e8d48ff | unknown | unknown | - 0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
- 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
|
30.2.946D.exe.24b15a0.1.unpack | SUSP_XORed_URL_in_EXE | Detects an XORed URL in an executable | Florian Roth (Nextron Systems) | - 0xdf7ea:$s1: http://
- 0xfd898:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0xfdf28:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0xfdf4e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x101b2e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0xffa26:$s2: \xE8\xF4\xF4\xF0\xF3\xBA\xAF\xAF
- 0xdf7ea:$f1: http://
|
30.2.946D.exe.24b15a0.1.unpack | JoeSecurity_Djvu | Yara detected Djvu Ransomware | Joe Security | |
30.2.946D.exe.24b15a0.1.unpack | MALWARE_Win_STOP | Detects STOP ransomware | ditekSHen | - 0xfd288:$x1: C:\SystemID\PersonalID.txt
- 0xfd734:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC)
- 0xfd0f0:$x3: e:\doc\my work (c++)\_git\encryption\
- 0x102f28:$x3: E:\Doc\My work (C++)\_Git\Encryption\
- 0xfd6ec:$s1: " --AutoStart
- 0xfd700:$s1: " --AutoStart
- 0x101348:$s2: --ForNetRes
- 0x101310:$s3: --Admin
- 0x101790:$s4: %username%
- 0x1018b4:$s5: ?pid=
- 0x1018c0:$s6: &first=true
- 0x1018d8:$s6: &first=false
- 0xfd7f4:$s7: delself.bat
- 0x1017f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
- 0x101820:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
- 0x101848:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
|
30.2.946D.exe.24b15a0.1.unpack | Windows_Ransomware_Stop_1e8d48ff | unknown | unknown | - 0x102f28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
- 0xc1ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
|
32.2.946D.exe.400000.0.raw.unpack | SUSP_XORed_URL_in_EXE | Detects an XORed URL in an executable | Florian Roth (Nextron Systems) | - 0xe23ea:$s1: http://
- 0x100498:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x100b28:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x100b4e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x10472e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x102626:$s2: \xE8\xF4\xF4\xF0\xF3\xBA\xAF\xAF
- 0xe23ea:$f1: http://
|
32.2.946D.exe.400000.0.raw.unpack | JoeSecurity_Djvu | Yara detected Djvu Ransomware | Joe Security | |
32.2.946D.exe.400000.0.raw.unpack | MALWARE_Win_STOP | Detects STOP ransomware | ditekSHen | - 0xffe88:$x1: C:\SystemID\PersonalID.txt
- 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC)
- 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\
- 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\
- 0x1002ec:$s1: " --AutoStart
- 0x100300:$s1: " --AutoStart
- 0x103f48:$s2: --ForNetRes
- 0x103f10:$s3: --Admin
- 0x104390:$s4: %username%
- 0x1044b4:$s5: ?pid=
- 0x1044c0:$s6: &first=true
- 0x1044d8:$s6: &first=false
- 0x1003f4:$s7: delself.bat
- 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
- 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
- 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
|
32.2.946D.exe.400000.0.raw.unpack | Windows_Ransomware_Stop_1e8d48ff | unknown | unknown | - 0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
- 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
|
19.2.BDC0.exe.400000.0.unpack | SUSP_XORed_URL_in_EXE | Detects an XORed URL in an executable | Florian Roth (Nextron Systems) | - 0xe0dea:$s1: http://
- 0xfee98:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0xff528:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0xff54e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x10312e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x101026:$s2: \xE8\xF4\xF4\xF0\xF3\xBA\xAF\xAF
- 0xe0dea:$f1: http://
|
19.2.BDC0.exe.400000.0.unpack | JoeSecurity_Djvu | Yara detected Djvu Ransomware | Joe Security | |
19.2.BDC0.exe.400000.0.unpack | MALWARE_Win_STOP | Detects STOP ransomware | ditekSHen | - 0xfe888:$x1: C:\SystemID\PersonalID.txt
- 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC)
- 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\
- 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\
- 0xfecec:$s1: " --AutoStart
- 0xfed00:$s1: " --AutoStart
- 0x102948:$s2: --ForNetRes
- 0x102910:$s3: --Admin
- 0x102d90:$s4: %username%
- 0x102eb4:$s5: ?pid=
- 0x102ec0:$s6: &first=true
- 0x102ed8:$s6: &first=false
- 0xfedf4:$s7: delself.bat
- 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
- 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
- 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
|
19.2.BDC0.exe.400000.0.unpack | Windows_Ransomware_Stop_1e8d48ff | unknown | unknown | - 0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
- 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
|
11.2.BDC0.exe.24815a0.1.raw.unpack | SUSP_XORed_URL_in_EXE | Detects an XORed URL in an executable | Florian Roth (Nextron Systems) | - 0xe0dea:$s1: http://
- 0xfee98:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0xff528:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0xff54e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x10312e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x101026:$s2: \xE8\xF4\xF4\xF0\xF3\xBA\xAF\xAF
- 0xe0dea:$f1: http://
|
11.2.BDC0.exe.24815a0.1.raw.unpack | JoeSecurity_Djvu | Yara detected Djvu Ransomware | Joe Security | |
11.2.BDC0.exe.24815a0.1.raw.unpack | MALWARE_Win_STOP | Detects STOP ransomware | ditekSHen | - 0xfe888:$x1: C:\SystemID\PersonalID.txt
- 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC)
- 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\
- 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\
- 0xfecec:$s1: " --AutoStart
- 0xfed00:$s1: " --AutoStart
- 0x102948:$s2: --ForNetRes
- 0x102910:$s3: --Admin
- 0x102d90:$s4: %username%
- 0x102eb4:$s5: ?pid=
- 0x102ec0:$s6: &first=true
- 0x102ed8:$s6: &first=false
- 0xfedf4:$s7: delself.bat
- 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
- 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
- 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
|
11.2.BDC0.exe.24815a0.1.raw.unpack | Windows_Ransomware_Stop_1e8d48ff | unknown | unknown | - 0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
- 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
|
44.2.mnolyk.exe.60000.0.unpack | JoeSecurity_Amadey_2 | Yara detected Amadey\'s stealer DLL | Joe Security | |
18.2.BDC0.exe.24115a0.1.raw.unpack | SUSP_XORed_URL_in_EXE | Detects an XORed URL in an executable | Florian Roth (Nextron Systems) | - 0xe0dea:$s1: http://
- 0xfee98:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0xff528:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0xff54e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x10312e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x101026:$s2: \xE8\xF4\xF4\xF0\xF3\xBA\xAF\xAF
- 0xe0dea:$f1: http://
|
18.2.BDC0.exe.24115a0.1.raw.unpack | JoeSecurity_Djvu | Yara detected Djvu Ransomware | Joe Security | |
18.2.BDC0.exe.24115a0.1.raw.unpack | MALWARE_Win_STOP | Detects STOP ransomware | ditekSHen | - 0xfe888:$x1: C:\SystemID\PersonalID.txt
- 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC)
- 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\
- 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\
- 0xfecec:$s1: " --AutoStart
- 0xfed00:$s1: " --AutoStart
- 0x102948:$s2: --ForNetRes
- 0x102910:$s3: --Admin
- 0x102d90:$s4: %username%
- 0x102eb4:$s5: ?pid=
- 0x102ec0:$s6: &first=true
- 0x102ed8:$s6: &first=false
- 0xfedf4:$s7: delself.bat
- 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
- 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
- 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
|
18.2.BDC0.exe.24115a0.1.raw.unpack | Windows_Ransomware_Stop_1e8d48ff | unknown | unknown | - 0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
- 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
|
6.2.BDC0.exe.400000.0.unpack | SUSP_XORed_URL_in_EXE | Detects an XORed URL in an executable | Florian Roth (Nextron Systems) | - 0xe0dea:$s1: http://
- 0xfee98:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0xff528:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0xff54e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x10312e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x101026:$s2: \xE8\xF4\xF4\xF0\xF3\xBA\xAF\xAF
- 0xe0dea:$f1: http://
|
6.2.BDC0.exe.400000.0.unpack | JoeSecurity_Djvu | Yara detected Djvu Ransomware | Joe Security | |
6.2.BDC0.exe.400000.0.unpack | MALWARE_Win_STOP | Detects STOP ransomware | ditekSHen | - 0xfe888:$x1: C:\SystemID\PersonalID.txt
- 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC)
- 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\
- 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\
- 0xfecec:$s1: " --AutoStart
- 0xfed00:$s1: " --AutoStart
- 0x102948:$s2: --ForNetRes
- 0x102910:$s3: --Admin
- 0x102d90:$s4: %username%
- 0x102eb4:$s5: ?pid=
- 0x102ec0:$s6: &first=true
- 0x102ed8:$s6: &first=false
- 0xfedf4:$s7: delself.bat
- 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
- 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
- 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
|
6.2.BDC0.exe.400000.0.unpack | Windows_Ransomware_Stop_1e8d48ff | unknown | unknown | - 0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
- 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
|
22.2.NewPlayer.exe.ff0000.0.unpack | JoeSecurity_Amadey_2 | Yara detected Amadey\'s stealer DLL | Joe Security | |
5.2.BDC0.exe.25115a0.1.raw.unpack | SUSP_XORed_URL_in_EXE | Detects an XORed URL in an executable | Florian Roth (Nextron Systems) | - 0xe0dea:$s1: http://
- 0xfee98:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0xff528:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0xff54e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x10312e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x101026:$s2: \xE8\xF4\xF4\xF0\xF3\xBA\xAF\xAF
- 0xe0dea:$f1: http://
|
5.2.BDC0.exe.25115a0.1.raw.unpack | JoeSecurity_Djvu | Yara detected Djvu Ransomware | Joe Security | |
5.2.BDC0.exe.25115a0.1.raw.unpack | MALWARE_Win_STOP | Detects STOP ransomware | ditekSHen | - 0xfe888:$x1: C:\SystemID\PersonalID.txt
- 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC)
- 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\
- 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\
- 0xfecec:$s1: " --AutoStart
- 0xfed00:$s1: " --AutoStart
- 0x102948:$s2: --ForNetRes
- 0x102910:$s3: --Admin
- 0x102d90:$s4: %username%
- 0x102eb4:$s5: ?pid=
- 0x102ec0:$s6: &first=true
- 0x102ed8:$s6: &first=false
- 0xfedf4:$s7: delself.bat
- 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
- 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
- 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
|
5.2.BDC0.exe.25115a0.1.raw.unpack | Windows_Ransomware_Stop_1e8d48ff | unknown | unknown | - 0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
- 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
|
39.2.794C.exe.400000.0.unpack | SUSP_XORed_URL_in_EXE | Detects an XORed URL in an executable | Florian Roth (Nextron Systems) | - 0xe0dea:$s1: http://
- 0xfee98:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0xff528:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0xff54e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x10312e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x101026:$s2: \xE8\xF4\xF4\xF0\xF3\xBA\xAF\xAF
- 0xe0dea:$f1: http://
|
39.2.794C.exe.400000.0.unpack | JoeSecurity_Djvu | Yara detected Djvu Ransomware | Joe Security | |
39.2.794C.exe.400000.0.unpack | MALWARE_Win_STOP | Detects STOP ransomware | ditekSHen | - 0xfe888:$x1: C:\SystemID\PersonalID.txt
- 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC)
- 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\
- 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\
- 0xfecec:$s1: " --AutoStart
- 0xfed00:$s1: " --AutoStart
- 0x102948:$s2: --ForNetRes
- 0x102910:$s3: --Admin
- 0x102d90:$s4: %username%
- 0x102eb4:$s5: ?pid=
- 0x102ec0:$s6: &first=true
- 0x102ed8:$s6: &first=false
- 0xfedf4:$s7: delself.bat
- 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
- 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
- 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
|
39.2.794C.exe.400000.0.unpack | Windows_Ransomware_Stop_1e8d48ff | unknown | unknown | - 0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
- 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
|
33.2.8DD2.exe.25215a0.1.raw.unpack | SUSP_XORed_URL_in_EXE | Detects an XORed URL in an executable | Florian Roth (Nextron Systems) | - 0xe0dea:$s1: http://
- 0xfee98:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0xff528:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0xff54e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x10312e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x101026:$s2: \xE8\xF4\xF4\xF0\xF3\xBA\xAF\xAF
- 0xe0dea:$f1: http://
|
33.2.8DD2.exe.25215a0.1.raw.unpack | JoeSecurity_Djvu | Yara detected Djvu Ransomware | Joe Security | |
33.2.8DD2.exe.25215a0.1.raw.unpack | MALWARE_Win_STOP | Detects STOP ransomware | ditekSHen | - 0xfe888:$x1: C:\SystemID\PersonalID.txt
- 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC)
- 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\
- 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\
- 0xfecec:$s1: " --AutoStart
- 0xfed00:$s1: " --AutoStart
- 0x102948:$s2: --ForNetRes
- 0x102910:$s3: --Admin
- 0x102d90:$s4: %username%
- 0x102eb4:$s5: ?pid=
- 0x102ec0:$s6: &first=true
- 0x102ed8:$s6: &first=false
- 0xfedf4:$s7: delself.bat
- 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
- 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
- 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
|
33.2.8DD2.exe.25215a0.1.raw.unpack | Windows_Ransomware_Stop_1e8d48ff | unknown | unknown | - 0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
- 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
|
20.2.223E.exe.42def90.1.raw.unpack | JoeSecurity_Amadey_2 | Yara detected Amadey\'s stealer DLL | Joe Security | |
33.2.8DD2.exe.25215a0.1.unpack | SUSP_XORed_URL_in_EXE | Detects an XORed URL in an executable | Florian Roth (Nextron Systems) | - 0xdf7ea:$s1: http://
- 0xfd898:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0xfdf28:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0xfdf4e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x101b2e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0xffa26:$s2: \xE8\xF4\xF4\xF0\xF3\xBA\xAF\xAF
- 0xdf7ea:$f1: http://
|
33.2.8DD2.exe.25215a0.1.unpack | JoeSecurity_Djvu | Yara detected Djvu Ransomware | Joe Security | |
33.2.8DD2.exe.25215a0.1.unpack | MALWARE_Win_STOP | Detects STOP ransomware | ditekSHen | - 0xfd288:$x1: C:\SystemID\PersonalID.txt
- 0xfd734:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC)
- 0xfd0f0:$x3: e:\doc\my work (c++)\_git\encryption\
- 0x102f28:$x3: E:\Doc\My work (C++)\_Git\Encryption\
- 0xfd6ec:$s1: " --AutoStart
- 0xfd700:$s1: " --AutoStart
- 0x101348:$s2: --ForNetRes
- 0x101310:$s3: --Admin
- 0x101790:$s4: %username%
- 0x1018b4:$s5: ?pid=
- 0x1018c0:$s6: &first=true
- 0x1018d8:$s6: &first=false
- 0xfd7f4:$s7: delself.bat
- 0x1017f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
- 0x101820:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
- 0x101848:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
|
33.2.8DD2.exe.25215a0.1.unpack | Windows_Ransomware_Stop_1e8d48ff | unknown | unknown | - 0x102f28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
- 0xc1ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
|
37.2.8DD2.exe.400000.0.unpack | SUSP_XORed_URL_in_EXE | Detects an XORed URL in an executable | Florian Roth (Nextron Systems) | - 0xe0dea:$s1: http://
- 0xfee98:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0xff528:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0xff54e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x10312e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x101026:$s2: \xE8\xF4\xF4\xF0\xF3\xBA\xAF\xAF
- 0xe0dea:$f1: http://
|
37.2.8DD2.exe.400000.0.unpack | JoeSecurity_Djvu | Yara detected Djvu Ransomware | Joe Security | |
37.2.8DD2.exe.400000.0.unpack | MALWARE_Win_STOP | Detects STOP ransomware | ditekSHen | - 0xfe888:$x1: C:\SystemID\PersonalID.txt
- 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC)
- 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\
- 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\
- 0xfecec:$s1: " --AutoStart
- 0xfed00:$s1: " --AutoStart
- 0x102948:$s2: --ForNetRes
- 0x102910:$s3: --Admin
- 0x102d90:$s4: %username%
- 0x102eb4:$s5: ?pid=
- 0x102ec0:$s6: &first=true
- 0x102ed8:$s6: &first=false
- 0xfedf4:$s7: delself.bat
- 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
- 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
- 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
|
37.2.8DD2.exe.400000.0.unpack | Windows_Ransomware_Stop_1e8d48ff | unknown | unknown | - 0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
- 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
|
32.2.946D.exe.400000.0.unpack | SUSP_XORed_URL_in_EXE | Detects an XORed URL in an executable | Florian Roth (Nextron Systems) | - 0xe0dea:$s1: http://
- 0xfee98:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0xff528:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0xff54e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x10312e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x101026:$s2: \xE8\xF4\xF4\xF0\xF3\xBA\xAF\xAF
- 0xe0dea:$f1: http://
|
32.2.946D.exe.400000.0.unpack | JoeSecurity_Djvu | Yara detected Djvu Ransomware | Joe Security | |
32.2.946D.exe.400000.0.unpack | MALWARE_Win_STOP | Detects STOP ransomware | ditekSHen | - 0xfe888:$x1: C:\SystemID\PersonalID.txt
- 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC)
- 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\
- 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\
- 0xfecec:$s1: " --AutoStart
- 0xfed00:$s1: " --AutoStart
- 0x102948:$s2: --ForNetRes
- 0x102910:$s3: --Admin
- 0x102d90:$s4: %username%
- 0x102eb4:$s5: ?pid=
- 0x102ec0:$s6: &first=true
- 0x102ed8:$s6: &first=false
- 0xfedf4:$s7: delself.bat
- 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
- 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
- 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
|
32.2.946D.exe.400000.0.unpack | Windows_Ransomware_Stop_1e8d48ff | unknown | unknown | - 0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
- 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
|
36.2.794C.exe.24615a0.1.unpack | SUSP_XORed_URL_in_EXE | Detects an XORed URL in an executable | Florian Roth (Nextron Systems) | - 0xdf7ea:$s1: http://
- 0xfd898:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0xfdf28:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0xfdf4e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x101b2e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0xffa26:$s2: \xE8\xF4\xF4\xF0\xF3\xBA\xAF\xAF
- 0xdf7ea:$f1: http://
|
36.2.794C.exe.24615a0.1.unpack | JoeSecurity_Djvu | Yara detected Djvu Ransomware | Joe Security | |
36.2.794C.exe.24615a0.1.unpack | MALWARE_Win_STOP | Detects STOP ransomware | ditekSHen | - 0xfd288:$x1: C:\SystemID\PersonalID.txt
- 0xfd734:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC)
- 0xfd0f0:$x3: e:\doc\my work (c++)\_git\encryption\
- 0x102f28:$x3: E:\Doc\My work (C++)\_Git\Encryption\
- 0xfd6ec:$s1: " --AutoStart
- 0xfd700:$s1: " --AutoStart
- 0x101348:$s2: --ForNetRes
- 0x101310:$s3: --Admin
- 0x101790:$s4: %username%
- 0x1018b4:$s5: ?pid=
- 0x1018c0:$s6: &first=true
- 0x1018d8:$s6: &first=false
- 0xfd7f4:$s7: delself.bat
- 0x1017f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
- 0x101820:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
- 0x101848:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
|
36.2.794C.exe.24615a0.1.unpack | Windows_Ransomware_Stop_1e8d48ff | unknown | unknown | - 0x102f28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
- 0xc1ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
|
30.2.946D.exe.24b15a0.1.raw.unpack | SUSP_XORed_URL_in_EXE | Detects an XORed URL in an executable | Florian Roth (Nextron Systems) | - 0xe0dea:$s1: http://
- 0xfee98:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0xff528:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0xff54e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x10312e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x101026:$s2: \xE8\xF4\xF4\xF0\xF3\xBA\xAF\xAF
- 0xe0dea:$f1: http://
|
30.2.946D.exe.24b15a0.1.raw.unpack | JoeSecurity_Djvu | Yara detected Djvu Ransomware | Joe Security | |
30.2.946D.exe.24b15a0.1.raw.unpack | MALWARE_Win_STOP | Detects STOP ransomware | ditekSHen | - 0xfe888:$x1: C:\SystemID\PersonalID.txt
- 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC)
- 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\
- 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\
- 0xfecec:$s1: " --AutoStart
- 0xfed00:$s1: " --AutoStart
- 0x102948:$s2: --ForNetRes
- 0x102910:$s3: --Admin
- 0x102d90:$s4: %username%
- 0x102eb4:$s5: ?pid=
- 0x102ec0:$s6: &first=true
- 0x102ed8:$s6: &first=false
- 0xfedf4:$s7: delself.bat
- 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
- 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
- 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
|
30.2.946D.exe.24b15a0.1.raw.unpack | Windows_Ransomware_Stop_1e8d48ff | unknown | unknown | - 0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
- 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
|
5.2.BDC0.exe.25115a0.1.unpack | SUSP_XORed_URL_in_EXE | Detects an XORed URL in an executable | Florian Roth (Nextron Systems) | - 0xdf7ea:$s1: http://
- 0xfd898:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0xfdf28:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0xfdf4e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0x101b2e:$s1: \xE8\xF4\xF4\xF0\xBA\xAF\xAF
- 0xffa26:$s2: \xE8\xF4\xF4\xF0\xF3\xBA\xAF\xAF
- 0xdf7ea:$f1: http://
|
5.2.BDC0.exe.25115a0.1.unpack | JoeSecurity_Djvu | Yara detected Djvu Ransomware | Joe Security | |
5.2.BDC0.exe.25115a0.1.unpack | MALWARE_Win_STOP | Detects STOP ransomware | ditekSHen | - 0xfd288:$x1: C:\SystemID\PersonalID.txt
- 0xfd734:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC)
- 0xfd0f0:$x3: e:\doc\my work (c++)\_git\encryption\
- 0x102f28:$x3: E:\Doc\My work (C++)\_Git\Encryption\
- 0xfd6ec:$s1: " --AutoStart
- 0xfd700:$s1: " --AutoStart
- 0x101348:$s2: --ForNetRes
- 0x101310:$s3: --Admin
- 0x101790:$s4: %username%
- 0x1018b4:$s5: ?pid=
- 0x1018c0:$s6: &first=true
- 0x1018d8:$s6: &first=false
- 0xfd7f4:$s7: delself.bat
- 0x1017f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
- 0x101820:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
- 0x101848:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
|
5.2.BDC0.exe.25115a0.1.unpack | Windows_Ransomware_Stop_1e8d48ff | unknown | unknown | - 0x102f28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
- 0xc1ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
|
20.2.223E.exe.41b2f50.0.raw.unpack | JoeSecurity_Amadey_2 | Yara detected Amadey\'s stealer DLL | Joe Security | |
20.0.223E.exe.700000.0.unpack | MALWARE_Win_DLInjector04 | Detects downloader / injector | ditekSHen | - 0x4e2e9c:$s1: Runner
- 0x4e3001:$s3: RunOnStartup
- 0x4e2eb0:$a1: Antis
- 0x4e2edd:$a2: antiVM
- 0x4e2ee4:$a3: antiSandbox
- 0x4e2ef0:$a4: antiDebug
- 0x4e2efa:$a5: antiEmulator
- 0x4e2f07:$a6: enablePersistence
- 0x4e2f19:$a7: enableFakeError
- 0x4e302a:$a8: DetectVirtualMachine
- 0x4e304f:$a9: DetectSandboxie
- 0x4e307a:$a10: DetectDebugger
- 0x4e3089:$a11: CheckEmulator
|
Click to see the 118 entries |