File Search Engine
  • Search
  • Syntax
  • Fields
  • API
  • soft.its.kr.ua · Setup_ASTER211.exe

    /Aster v7 2.11/

    Ukraine · The private businessman Buryanov Konstantin Volodimirovich

    Yara PUP_InstallRex_AntiFWb From Florian Roth by Florian Roth (Nextron Systems)
    Download archived sample
    The password is "infected"

    SHA1: 2c03d43818bd013f2c87b888684a4f4026eff3e2
    SHA256: fe6311e0ccfc621cc230f03738bc8e29f09bc239a4ca9dd29949c363faed02f1
    application/x-msdownload
    20.01MB
    2021-12-08 12:25:14 +0000 UTC

  • server.cdahmedeh.net · dehavilland_dash_7_native_fsx_p3d.zip

    /

    Canada · BACOM

    Yara PUP_InstallRex_AntiFWb From Florian Roth by Florian Roth (Nextron Systems)
    Download archived sample
    The password is "infected"

    SHA1: 94d9d7a2f8c2c3bdfeeca4981c0e3918dd454b7c
    SHA256: 0b6ab0974af05b879bc6f4291c657821451c85bfcea2d1b1e46d2e9ff51af472
    application/zip
    93.68MB
    2025-02-04 19:11:19 +0000 UTC

  • allthethings.ddns.net · virussign.com_20250609_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara PUP_InstallRex_AntiFWb From Florian Roth by Florian Roth (Nextron Systems)
    Yara Win32_PUA_Domaiq From ReversingLabs by ReversingLabs
    Yara INDICATOR_EXE_DotNET_Encrypted From AlienVault by ditekSHen
    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Yara Win32_Buzus_Softpulse From Florian Roth by Florian Roth (Nextron Systems)
    Yara Unspecified_Malware_Oct16_A From Florian Roth by Florian Roth (Nextron Systems)
    Download archived sample
    The password is "infected"

    SHA1: 21121087f9edb9a652c1a7aa2cc46dae52537e27
    SHA256: e96b44e83cdf8e1344d46872eaa03f72ac0f2731e6e5490608b72c3c46d541ea
    application/zip
    51.15MB
    2025-06-09 16:05:27 +0000 UTC

  • allthethings.ddns.net · virussign.com_20250608_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Yara Win32_PUA_Domaiq From ReversingLabs by ReversingLabs
    Yara INDICATOR_EXE_Packed_VMProtect From AlienVault by ditekSHen
    Yara Hunting_Rule_ShikataGaNai From Florian Roth by Steven Miller
    Yara PUP_InstallRex_AntiFWb From Florian Roth by Florian Roth (Nextron Systems)
    Yara INDICATOR_EXE_Packed_ASPack From AlienVault by ditekSHen
    Yara SUSP_XORed_Mozilla From Florian Roth by Florian Roth (Nextron Systems)
    Yara Unspecified_Malware_Oct16_A From Florian Roth by Florian Roth (Nextron Systems)
    Yara INDICATOR_EXE_Packed_SimplePolyEngine From AlienVault by ditekSHen
    Download archived sample
    The password is "infected"

    SHA1: 65baa1fe641afc8e4f0b850a2c1c94a84a68776a
    SHA256: b23834d873f502af5d11f4e1291ed10a703de04d017a1aa70aed4149eea04c1f
    application/zip
    65.03MB
    2025-06-08 16:05:27 +0000 UTC

  • allthethings.ddns.net · virussign.com_20250606_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara PUP_InstallRex_AntiFWb From Florian Roth by Florian Roth (Nextron Systems)
    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Yara SUSP_XORed_MSDOS_Stub_Message From Florian Roth by Florian Roth
    Download archived sample
    The password is "infected"

    SHA1: bc61f144d2bc9bcf8e4473f0757de2d6a3d5b144
    SHA256: 34751172d453bf9f66267b72dfec9710f89778ae9e243d46a5541503fdf735fa
    application/zip
    3.48MB
    2025-06-06 16:05:14 +0000 UTC

  • allthethings.ddns.net · virussign.com_20250605_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Yara SUSP_XORed_Mozilla From Florian Roth by Florian Roth (Nextron Systems)
    Yara INDICATOR_EXE_Packed_MPress From AlienVault by ditekSHen
    Yara Typical_Malware_String_Transforms From Florian Roth by Florian Roth (Nextron Systems)
    Yara INDICATOR_EXE_Packed_ASPack From AlienVault by ditekSHen
    Yara Unspecified_Malware_Oct16_A From Florian Roth by Florian Roth (Nextron Systems)
    Yara Disable_Defender From AbuseCH by iam-py-test
    Yara PUP_InstallRex_AntiFWb From Florian Roth by Florian Roth (Nextron Systems)
    Download archived sample
    The password is "infected"

    SHA1: 4b32c974690387bcdcdc7a975e2ddbef1c28f556
    SHA256: 4fcc38c844693ffa99b2bc51508fb8b92224704c88d8734628f4c1159d77fc1a
    application/zip
    20.08MB
    2025-06-05 16:05:20 +0000 UTC

  • allthethings.ddns.net · virussign.com_20250629_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara INDICATOR_EXE_Packed_VMProtect From AlienVault by ditekSHen
    Yara PUP_InstallRex_AntiFWb From Florian Roth by Florian Roth (Nextron Systems)
    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Yara Win32_PUA_Domaiq From ReversingLabs by ReversingLabs
    Yara Disable_Defender From AbuseCH by iam-py-test
    Download archived sample
    The password is "infected"

    SHA1: 0edba82da3486453730532cf24b19764fcd672bd
    SHA256: 26254b6484ad617f2ef12326251f7d776a76746bc1396d0e345308ab8a107423
    application/zip
    13.99MB
    2025-06-29 16:05:18 +0000 UTC

  • allthethings.ddns.net · virussign.com_20250628_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara INDICATOR_EXE_DotNET_Encrypted From AlienVault by ditekSHen
    Yara INDICATOR_EXE_Packed_MPress From AlienVault by ditekSHen
    Yara Win32_PUA_Domaiq From ReversingLabs by ReversingLabs
    Yara PUP_InstallRex_AntiFWb From Florian Roth by Florian Roth (Nextron Systems)
    Yara INDICATOR_EXE_Packed_VMProtect From AlienVault by ditekSHen
    Yara Disable_Defender From AbuseCH by iam-py-test
    Yara Unspecified_Malware_Oct16_A From Florian Roth by Florian Roth (Nextron Systems)
    Download archived sample
    The password is "infected"

    SHA1: 69e1a244accdb3789d6cd65acbd6adb039a9d7b6
    SHA256: 5487bc534818df50e7e61c230108c6aa84f66912c3692fb11490e4136dcc1a78
    application/zip
    25.39MB
    2025-06-28 16:05:21 +0000 UTC

  • allthethings.ddns.net · virussign.com_20250626_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara Win32_PUA_Domaiq From ReversingLabs by ReversingLabs
    Yara INDICATOR_EXE_Packed_MPress From AlienVault by ditekSHen
    Yara PUP_InstallRex_AntiFWb From Florian Roth by Florian Roth (Nextron Systems)
    Download archived sample
    The password is "infected"

    SHA1: 1ac41f60e863feb1cc37fc98512883328529250b
    SHA256: 822ba4e0c235a640872faa259b6e1d0972de1b6f00edc0112baedad2ce1e65c9
    application/zip
    11.13MB
    2025-06-26 16:05:20 +0000 UTC

  • allthethings.ddns.net · virussign.com_20250604_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara RAT_DarkComet From Florian Roth by Kevin Breen <kevin@techanarchy.net>
    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Yara Win32_PUA_Domaiq From ReversingLabs by ReversingLabs
    Yara INDICATOR_EXE_Packed_ASPack From AlienVault by ditekSHen
    Yara Disable_Defender From AbuseCH by iam-py-test
    Yara PUP_InstallRex_AntiFWb From Florian Roth by Florian Roth (Nextron Systems)
    Yara INDICATOR_EXE_Packed_MEW From AlienVault by ditekSHen
    Yara SUSP_XORed_MSDOS_Stub_Message From Florian Roth by Florian Roth
    Yara Unspecified_Malware_Oct16_A From Florian Roth by Florian Roth (Nextron Systems)
    Yara SUSP_XORed_Mozilla From Florian Roth by Florian Roth (Nextron Systems)
    Download archived sample
    The password is "infected"

    SHA1: 950f0e4dbe5a9cbf174d31b3f5ff07db48d51a88
    SHA256: 71e046942745d9d24d63f72dd3afff31caece0371bc2e3234dd05451e708da8a
    application/zip
    46.55MB
    2025-06-04 16:05:24 +0000 UTC

  • allthethings.ddns.net · virussign.com_20250618_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Yara SUSP_XORed_Mozilla From Florian Roth by Florian Roth (Nextron Systems)
    Yara INDICATOR_EXE_Packed_ASPack From AlienVault by ditekSHen
    Yara INDICATOR_EXE_Packed_VMProtect From AlienVault by ditekSHen
    Yara Unspecified_Malware_Oct16_A From Florian Roth by Florian Roth (Nextron Systems)
    Yara PUP_InstallRex_AntiFWb From Florian Roth by Florian Roth (Nextron Systems)
    Download archived sample
    The password is "infected"

    SHA1: b621b3e06cb2cdea4636389e95c7e81771757186
    SHA256: 4260dea137937a04284941ca1ba41b16f78d531e28e77f0cfb5629f6e1c98c62
    application/zip
    25.79MB
    2025-06-18 16:05:21 +0000 UTC

  • allthethings.ddns.net · virussign.com_20250615_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara PUP_InstallRex_AntiFWb From Florian Roth by Florian Roth (Nextron Systems)
    Yara Unspecified_Malware_Oct16_A From Florian Roth by Florian Roth (Nextron Systems)
    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Download archived sample
    The password is "infected"

    SHA1: f2ee877c1f0640bb71f9e0bed29d00b29feecc6d
    SHA256: cd107c32870159ce75d38301e56ca63c6f17a9bc16893b8fc8c724184a07f021
    application/zip
    30.75MB
    2025-06-15 16:05:23 +0000 UTC

  • allthethings.ddns.net · virussign.com_20250602_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara Win32_PUA_Domaiq From ReversingLabs by ReversingLabs
    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Yara Unspecified_Malware_Oct16_A From Florian Roth by Florian Roth (Nextron Systems)
    Yara INDICATOR_EXE_Packed_SimplePolyEngine From AlienVault by ditekSHen
    Yara PUP_InstallRex_AntiFWb From Florian Roth by Florian Roth (Nextron Systems)
    Yara SUSP_XORed_MSDOS_Stub_Message From Florian Roth by Florian Roth
    Yara SUSP_Imphash_Mar23_2 From Florian Roth by Arnim Rupp (https://github.com/ruppde)
    Yara INDICATOR_EXE_Packed_MPress From AlienVault by ditekSHen
    Yara INDICATOR_EXE_Packed_SmartAssembly From AlienVault by ditekSHen
    Download archived sample
    The password is "infected"

    SHA1: 00925122515312713ff5b182a92ecaa8fe340fa3
    SHA256: 9ce8e9e1d506218a990ad50aa419df91c3ef51885d77bf451cb2360266ae9a98
    application/zip
    26.13MB
    2025-06-02 16:05:22 +0000 UTC

  • allthethings.ddns.net · virussign.com_20250614_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara PUP_InstallRex_AntiFWb From Florian Roth by Florian Roth (Nextron Systems)
    Yara Win32_PUA_Domaiq From ReversingLabs by ReversingLabs
    Yara Win32_Buzus_Softpulse From Florian Roth by Florian Roth (Nextron Systems)
    Yara Disable_Defender From AbuseCH by iam-py-test
    Download archived sample
    The password is "infected"

    SHA1: a39eb161e739e1a1ebe9b873a722adc91acfe2b0
    SHA256: ec4b357be386596c4efb77e752a0fb87bee429e5b2b29e58255109b0fe795856
    application/zip
    19.83MB
    2025-06-14 16:05:17 +0000 UTC

  • allthethings.ddns.net · virussign.com_20250601_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara Win32_PUA_Domaiq From ReversingLabs by ReversingLabs
    Yara PUP_InstallRex_AntiFWb From Florian Roth by Florian Roth (Nextron Systems)
    Yara INDICATOR_EXE_Packed_SmartAssembly From AlienVault by ditekSHen
    Yara SUSP_Imphash_Mar23_2 From Florian Roth by Arnim Rupp (https://github.com/ruppde)
    Yara Win32_Buzus_Softpulse From Florian Roth by Florian Roth (Nextron Systems)
    Yara INDICATOR_EXE_Packed_ASPack From AlienVault by ditekSHen
    Download archived sample
    The password is "infected"

    SHA1: b30463f7366bc65ee885f4e096ded9bc8387f530
    SHA256: 6c34f8640b82886092253910940c20c3d04df89536360a038b98ac4f325d739e
    application/zip
    41.46MB
    2025-06-01 16:05:23 +0000 UTC

  • allthethings.ddns.net · virussign.com_20250609_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara PUP_InstallRex_AntiFWb From Florian Roth by Florian Roth (Nextron Systems)
    Yara Win32_PUA_Domaiq From ReversingLabs by ReversingLabs
    Yara INDICATOR_EXE_DotNET_Encrypted From AlienVault by ditekSHen
    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Yara Win32_Buzus_Softpulse From Florian Roth by Florian Roth (Nextron Systems)
    Yara Unspecified_Malware_Oct16_A From Florian Roth by Florian Roth (Nextron Systems)
    Download archived sample
    The password is "infected"

    SHA1: 21121087f9edb9a652c1a7aa2cc46dae52537e27
    SHA256: e96b44e83cdf8e1344d46872eaa03f72ac0f2731e6e5490608b72c3c46d541ea
    application/zip
    51.15MB
    2025-06-09 16:05:27 +0000 UTC

  • allthethings.ddns.net · virussign.com_20250608_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Yara Win32_PUA_Domaiq From ReversingLabs by ReversingLabs
    Yara INDICATOR_EXE_Packed_VMProtect From AlienVault by ditekSHen
    Yara Hunting_Rule_ShikataGaNai From Florian Roth by Steven Miller
    Yara PUP_InstallRex_AntiFWb From Florian Roth by Florian Roth (Nextron Systems)
    Yara INDICATOR_EXE_Packed_ASPack From AlienVault by ditekSHen
    Yara SUSP_XORed_Mozilla From Florian Roth by Florian Roth (Nextron Systems)
    Yara Unspecified_Malware_Oct16_A From Florian Roth by Florian Roth (Nextron Systems)
    Yara INDICATOR_EXE_Packed_SimplePolyEngine From AlienVault by ditekSHen
    Download archived sample
    The password is "infected"

    SHA1: 65baa1fe641afc8e4f0b850a2c1c94a84a68776a
    SHA256: b23834d873f502af5d11f4e1291ed10a703de04d017a1aa70aed4149eea04c1f
    application/zip
    65.03MB
    2025-06-08 16:05:27 +0000 UTC

  • allthethings.ddns.net · virussign.com_20250606_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara PUP_InstallRex_AntiFWb From Florian Roth by Florian Roth (Nextron Systems)
    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Yara SUSP_XORed_MSDOS_Stub_Message From Florian Roth by Florian Roth
    Download archived sample
    The password is "infected"

    SHA1: bc61f144d2bc9bcf8e4473f0757de2d6a3d5b144
    SHA256: 34751172d453bf9f66267b72dfec9710f89778ae9e243d46a5541503fdf735fa
    application/zip
    3.48MB
    2025-06-06 16:05:14 +0000 UTC

  • allthethings.ddns.net · virussign.com_20250605_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Yara SUSP_XORed_Mozilla From Florian Roth by Florian Roth (Nextron Systems)
    Yara INDICATOR_EXE_Packed_MPress From AlienVault by ditekSHen
    Yara Typical_Malware_String_Transforms From Florian Roth by Florian Roth (Nextron Systems)
    Yara INDICATOR_EXE_Packed_ASPack From AlienVault by ditekSHen
    Yara Unspecified_Malware_Oct16_A From Florian Roth by Florian Roth (Nextron Systems)
    Yara Disable_Defender From AbuseCH by iam-py-test
    Yara PUP_InstallRex_AntiFWb From Florian Roth by Florian Roth (Nextron Systems)
    Download archived sample
    The password is "infected"

    SHA1: 4b32c974690387bcdcdc7a975e2ddbef1c28f556
    SHA256: 4fcc38c844693ffa99b2bc51508fb8b92224704c88d8734628f4c1159d77fc1a
    application/zip
    20.08MB
    2025-06-05 16:05:20 +0000 UTC

  • allthethings.ddns.net · virussign.com_20250604_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara RAT_DarkComet From Florian Roth by Kevin Breen <kevin@techanarchy.net>
    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Yara Win32_PUA_Domaiq From ReversingLabs by ReversingLabs
    Yara INDICATOR_EXE_Packed_ASPack From AlienVault by ditekSHen
    Yara Disable_Defender From AbuseCH by iam-py-test
    Yara PUP_InstallRex_AntiFWb From Florian Roth by Florian Roth (Nextron Systems)
    Yara INDICATOR_EXE_Packed_MEW From AlienVault by ditekSHen
    Yara SUSP_XORed_MSDOS_Stub_Message From Florian Roth by Florian Roth
    Yara Unspecified_Malware_Oct16_A From Florian Roth by Florian Roth (Nextron Systems)
    Yara SUSP_XORed_Mozilla From Florian Roth by Florian Roth (Nextron Systems)
    Download archived sample
    The password is "infected"

    SHA1: 950f0e4dbe5a9cbf174d31b3f5ff07db48d51a88
    SHA256: 71e046942745d9d24d63f72dd3afff31caece0371bc2e3234dd05451e708da8a
    application/zip
    46.55MB
    2025-06-04 16:05:24 +0000 UTC