File Search Engine
  • Search
  • Syntax
  • Fields
  • API
  • 5.45.102.182 · virussign.com_20251102_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara SUSP_XORed_MSDOS_Stub_Message From Florian Roth by Florian Roth
    Yara HKTL_CobaltStrike_Beacon_Strings From Florian Roth by Elastic
    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Download archived sample
    The password is "infected"

    SHA1: d2e1c771adcf70615fd13274e073a8becde83633
    SHA256: 7067847d3fffbae11853f7953c0820ea23c9ac981fa9d6b41c366da181ab4175
    application/zip
    21.10MB
    2025-11-02 16:05:21 +0000 UTC

  • 5.45.102.182 · virussign.com_20251101_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara INDICATOR_EXE_Packed_MEW From AlienVault by ditekSHen
    Yara HKTL_CobaltStrike_Beacon_Strings From Florian Roth by Elastic
    Yara PUP_InstallRex_AntiFWb From Florian Roth by Florian Roth (Nextron Systems)
    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Yara INDICATOR_EXE_Packed_MPress From AlienVault by ditekSHen
    Download archived sample
    The password is "infected"

    SHA1: e79a02d74ef688714c3e68b5dd4d919ae368626b
    SHA256: d104b0f495242e9dcca6d3b2a4edfdb616b6597e9f6e693d2e271243c70cfd4c
    application/zip
    22.80MB
    2025-11-01 16:05:22 +0000 UTC

  • 5.45.102.182 · virussign.com_20251031_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara HKTL_CobaltStrike_Beacon_Strings From Florian Roth by Elastic
    Yara Suspicious_PowerShell_WebDownload_1 From Florian Roth by Florian Roth (Nextron Systems)
    Yara INDICATOR_EXE_Packed_MPress From AlienVault by ditekSHen
    Download archived sample
    The password is "infected"

    SHA1: 8bab5c6904bfca8d3685b74d9ff01a4271421c35
    SHA256: 95dd41e6d50bd80a824755090902c2b7ec8cf375ba9be2b54655435df0927ba9
    application/zip
    21.46MB
    2025-10-31 16:05:20 +0000 UTC

  • 5.45.102.182 · virussign.com_20251030_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara Disable_Defender From AbuseCH by iam-py-test
    Yara HKTL_CobaltStrike_Beacon_Strings From Florian Roth by Elastic
    Download archived sample
    The password is "infected"

    SHA1: 3294215e1e04406670c4bb9b87988cfffe54c6d3
    SHA256: a2f1b4eb85ed3a2e7bddb31e7c11dcb569f6416211bd26753e339b377de0d4e0
    application/zip
    12.01MB
    2025-10-30 16:05:17 +0000 UTC

  • 5.45.102.182 · virussign.com_20251029_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Yara HKTL_CobaltStrike_Beacon_Strings From Florian Roth by Elastic
    Download archived sample
    The password is "infected"

    SHA1: f1626f6fdd88b1ace984cf7efe638452eb439c8c
    SHA256: 232a55cfa7974629407212841bb0336c8accb1d33d43fb90b9004604e2d1df54
    application/zip
    5.38MB
    2025-10-29 16:05:17 +0000 UTC

  • 5.45.102.182 · virussign.com_20251028_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Yara Disable_Defender From AbuseCH by iam-py-test
    Yara INDICATOR_EXE_Packed_MPress From AlienVault by ditekSHen
    Yara HKTL_CobaltStrike_Beacon_Strings From Florian Roth by Elastic
    Yara INDICATOR_EXE_Packed_Themida From AlienVault by ditekSHen
    Download archived sample
    The password is "infected"

    SHA1: 0e6050cc0bd7af3a193a4984ad865aeaa11fe68c
    SHA256: 27ca6e938ba179fd8931b05ad4113b4646ab085b325f3012e98f9b425093df58
    application/zip
    17.72MB
    2025-10-28 16:05:18 +0000 UTC

  • 5.45.102.182 · virussign.com_20251027_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara SUSP_Imphash_Mar23_2 From Florian Roth by Arnim Rupp (https://github.com/ruppde)
    Yara HKTL_CobaltStrike_Beacon_Strings From Florian Roth by Elastic
    Yara Disable_Defender From AbuseCH by iam-py-test
    Download archived sample
    The password is "infected"

    SHA1: 6577a305bbd95c793a597e18600b6cba2406fa6b
    SHA256: d3fe38ffd83912f4351f96bb1ff249f4cceb40bb7e5b06c6c9ba112045c37373
    application/zip
    14.68MB
    2025-10-27 16:05:18 +0000 UTC

  • 5.45.102.182 · virussign.com_20251026_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Yara HKTL_CobaltStrike_Beacon_Strings From Florian Roth by Elastic
    Download archived sample
    The password is "infected"

    SHA1: 03f6bd6dab400850c823957e677c18f686ec63d5
    SHA256: 6548b29aa3efc39baa9404901eb7511827325120b9059550164fafbd1b61e3bc
    application/zip
    18.06MB
    2025-10-26 16:05:19 +0000 UTC

  • 5.45.102.182 · virussign.com_20251025_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara HKTL_CobaltStrike_Beacon_Strings From Florian Roth by Elastic
    Download archived sample
    The password is "infected"

    SHA1: b0697856975d97bf56662d1b61591015e1d5ff89
    SHA256: c91376fe9ac588f023265dab9b06b6fdac222b1c30cdf9612d6b5f3cc64049c8
    application/zip
    15.55MB
    2025-10-25 16:05:18 +0000 UTC

  • 5.45.102.182 · virussign.com_20251024_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara HKTL_CobaltStrike_Beacon_Strings From Florian Roth by Elastic
    Yara INDICATOR_EXE_Packed_VMProtect From AlienVault by ditekSHen
    Download archived sample
    The password is "infected"

    SHA1: 66bb58f69824580cdfa36d0a332c12d15fba8e53
    SHA256: 137104d8a900be47fa91ec6a19b624374940e9904ea9e65066ad9ea5a3568e5e
    application/zip
    16.89MB
    2025-10-24 16:05:18 +0000 UTC

  • 5.45.102.182 · virussign.com_20251023_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara HKTL_CobaltStrike_Beacon_Strings From Florian Roth by Elastic
    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Yara Disable_Defender From AbuseCH by iam-py-test
    Download archived sample
    The password is "infected"

    SHA1: a879d61559c6d2e9ba678ac5e2ada84b1d2b1c61
    SHA256: da70913263649d6d313f65a7bdf9634444da0504d0b4cc0e0eefe38114d81967
    application/zip
    24.39MB
    2025-10-23 16:05:23 +0000 UTC

  • 5.45.102.182 · virussign.com_20251022_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    SHA1: 5ae96a62abe0388f4b9df1ce4c0190d4d62b2d29
    SHA256: efab14f5401ca54739c95a8ce20c0df0e0b56f54ee65c883fbcc78a409059449
    application/zip
    2.28MB
    2025-10-22 16:05:16 +0000 UTC

  • 5.45.102.182 · virussign.com_20251021_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara HKTL_CobaltStrike_Beacon_Strings From Florian Roth by Elastic
    Yara SUSP_XORed_MSDOS_Stub_Message From Florian Roth by Florian Roth
    Yara SUSP_Imphash_Mar23_2 From Florian Roth by Arnim Rupp (https://github.com/ruppde)
    Yara Disable_Defender From AbuseCH by iam-py-test
    Yara INDICATOR_EXE_Packed_MPress From AlienVault by ditekSHen
    Download archived sample
    The password is "infected"

    SHA1: 250ad21f0384a2631c8a10571c69f61ce82a786a
    SHA256: 837d6996452422932a9df339fae12e3672167ed0c922612d7b1dbe2136976dff
    application/zip
    14.75MB
    2025-10-21 16:05:19 +0000 UTC

  • 5.45.102.182 · virussign.com_20251020_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara HKTL_CobaltStrike_Beacon_Strings From Florian Roth by Elastic
    Yara RAT_DarkComet From Florian Roth by Kevin Breen <kevin@techanarchy.net>
    Yara SUSP_XORed_MSDOS_Stub_Message From Florian Roth by Florian Roth
    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Download archived sample
    The password is "infected"

    SHA1: 5aac463e2b17ed57f8358f80402c29f1e5f90fab
    SHA256: 3932956109225d4eab0e604be8c4721ea39184433a4047beafe4a6dc30963969
    application/zip
    9.56MB
    2025-10-20 16:05:19 +0000 UTC

  • 5.45.102.182 · virussign.com_20251019_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara INDICATOR_EXE_Packed_MEW From AlienVault by ditekSHen
    Yara HKTL_CobaltStrike_Beacon_Strings From Florian Roth by Elastic
    Yara Disable_Defender From AbuseCH by iam-py-test
    Yara INDICATOR_EXE_Packed_VMProtect From AlienVault by ditekSHen
    Yara Unspecified_Malware_Oct16_A From Florian Roth by Florian Roth (Nextron Systems)
    Yara Win32_PUA_Domaiq From ReversingLabs by ReversingLabs
    Download archived sample
    The password is "infected"

    SHA1: 855569b292f6b5c7b59af0c2a0c56d9e9e5a05e7
    SHA256: bb3bdca23fd1873d577f03632a17a8f901c43ad11c1478d7280ec75c8ae1dfbf
    application/zip
    34.90MB
    2025-10-19 16:05:23 +0000 UTC

  • 5.45.102.182 · virussign.com_20251018_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara INDICATOR_EXE_Packed_VMProtect From AlienVault by ditekSHen
    Yara Win32_Ransomware_Ryuk From ReversingLabs by ReversingLabs
    Download archived sample
    The password is "infected"

    SHA1: 3e86f40d9052b3af89ec185cd5ae748f981a429c
    SHA256: ffa6efc8d484887b5ca4fc2885778397c10af4f0aa702968199b9a669fcef8cf
    application/zip
    8.47MB
    2025-10-18 16:05:28 +0000 UTC

  • 5.45.102.182 · virussign.com_20251017_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara HKTL_CobaltStrike_Beacon_Strings From Florian Roth by Elastic
    Yara SUSP_Imphash_Mar23_2 From Florian Roth by Arnim Rupp (https://github.com/ruppde)
    Yara Disable_Defender From AbuseCH by iam-py-test
    Download archived sample
    The password is "infected"

    SHA1: 7d0036b88b0f962ca6cb03057f85e225935aff69
    SHA256: 370b2635ac2554265be3fa56f8a4b63fa1344f991f1bfecd0536799ef07f4f8f
    application/zip
    10.79MB
    2025-10-17 16:05:20 +0000 UTC

  • 5.45.102.182 · virussign.com_20251011_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara Win32_Ransomware_Ryuk From ReversingLabs by ReversingLabs
    Yara Disable_Defender From AbuseCH by iam-py-test
    Download archived sample
    The password is "infected"

    SHA1: 4c09e00477f9af6113bafcf968ecaa78bcd44233
    SHA256: bb2681aea713e177cc846909f2b76e54511f9017af90544b6caf39476423094d
    application/zip
    9.91MB
    2025-10-11 16:05:17 +0000 UTC

  • 5.45.102.182 · virussign.com_20251010_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara Disable_Defender From AbuseCH by iam-py-test
    Yara Base64_encoded_Executable From Florian Roth by Florian Roth (Nextron Systems)
    Download archived sample
    The password is "infected"

    SHA1: e1de4cd4515691fd2cb38b4a13efc0a611b36e44
    SHA256: 9db48aac0f1809f475573d62e2b3d80a31e435ad2606840e4c5455105a35a88d
    application/zip
    10.88MB
    2025-10-10 16:05:21 +0000 UTC

  • 5.45.102.182 · virussign.com_20251009_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara detect_Redline_Stealer From AbuseCH by Varp0s
    Download archived sample
    The password is "infected"

    SHA1: f7dc5b0e5a7e2971dd8074a2e7f5e76d3abba1e7
    SHA256: 47b285f8f6f2b92c76fe71d87b7f71291826e6cfe01517e199642cc0259453d9
    application/zip
    6.08MB
    2025-10-09 16:05:15 +0000 UTC