File search engine

124.248.66.116 · buding2.zip

China · CT-HangZhou-IDC

Yara SUSP_XORed_MSDOS_Stub_Message From Florian Roth by Florian Roth

Download archived sample

The password is "infected"

SHA1: 6e0d6d40844a0789eabf443b201a02b6c8ef23a9
SHA256: ec175d3af130390984c2108b75151b5f85bdba11e951c4f17c57f5d13d1c2532
application/zip
7.92MB
2025-04-12 07:20:18 +0000 UTC

123.60.139.249 · DbSnap.exe

/windows-software/DbSnap/

China · Huawei Cloud Service data center

Yara SUSP_XORed_MSDOS_Stub_Message From Florian Roth by Florian Roth

SHA1: 9781ae026fd27d5317d4e24a44df57f3ffa01bba
SHA256: 97f63be0d59fc0183d0999441001034e1495d04933833a977836a40af6563e8e
application/octet-stream
140.70MB
2025-04-21 14:35:48 +0000 UTC

64.227.13.210 · imb123.zip

/

United States · DIGITALOCEAN-ASN

Yara SUSP_XORed_MSDOS_Stub_Message From Florian Roth by Florian Roth

Download archived sample

The password is "infected"

SHA1: 64d4f3d0bfc0a292e12df2dcac48eddd6b176448
SHA256: 9e56f93632d13691230d06b8b0c697ec7f87d5c8b33bd6950563984853bc202a
application/zip
2.11MB
2021-02-11 22:27:47 +0000 UTC

5.45.102.182 · virussign.com_20250613_LimitedFree.zip

/samples/virussign/

Germany · netcup GmbH

Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen

Yara Win32_PUA_Domaiq From ReversingLabs by ReversingLabs

Yara INDICATOR_EXE_Packed_SmartAssembly From AlienVault by ditekSHen

Yara Base64_encoded_Executable From Florian Roth by Florian Roth (Nextron Systems)

Yara Unspecified_Malware_Oct16_A From Florian Roth by Florian Roth (Nextron Systems)

Yara Cobaltbaltstrike_RAW_Payload_https_stager_x64 From Florian Roth by Avast Threat Intel Team

Yara SUSP_Imphash_Mar23_2 From Florian Roth by Arnim Rupp (https://github.com/ruppde)

Yara SUSP_XORed_MSDOS_Stub_Message From Florian Roth by Florian Roth

Download archived sample

The password is "infected"

SHA1: d4b000c83cccbd0d818a991f3b87343ecfee3d06
SHA256: bbbdbeb5d508149f6c9d853a340485442584063fd5a79398d800ddd874d4d913
application/zip
49.69MB
2025-06-13 16:05:26 +0000 UTC

5.45.102.182 · virussign.com_20250606_LimitedFree.zip

/samples/virussign/

Germany · netcup GmbH

Yara PUP_InstallRex_AntiFWb From Florian Roth by Florian Roth (Nextron Systems)

Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen

Yara SUSP_XORed_MSDOS_Stub_Message From Florian Roth by Florian Roth

Download archived sample

The password is "infected"

SHA1: bc61f144d2bc9bcf8e4473f0757de2d6a3d5b144
SHA256: 34751172d453bf9f66267b72dfec9710f89778ae9e243d46a5541503fdf735fa
application/zip
3.48MB
2025-06-06 16:05:14 +0000 UTC

5.45.102.182 · virussign.com_20250604_LimitedFree.zip

/samples/virussign/

Germany · netcup GmbH

Yara RAT_DarkComet From Florian Roth by Kevin Breen <kevin@techanarchy.net>

Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen

Yara Win32_PUA_Domaiq From ReversingLabs by ReversingLabs

Yara INDICATOR_EXE_Packed_ASPack From AlienVault by ditekSHen

Yara Disable_Defender From AbuseCH by iam-py-test

Yara PUP_InstallRex_AntiFWb From Florian Roth by Florian Roth (Nextron Systems)

Yara INDICATOR_EXE_Packed_MEW From AlienVault by ditekSHen

Yara SUSP_XORed_MSDOS_Stub_Message From Florian Roth by Florian Roth

Yara Unspecified_Malware_Oct16_A From Florian Roth by Florian Roth (Nextron Systems)

Yara SUSP_XORed_Mozilla From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

SHA1: 950f0e4dbe5a9cbf174d31b3f5ff07db48d51a88
SHA256: 71e046942745d9d24d63f72dd3afff31caece0371bc2e3234dd05451e708da8a
application/zip
46.55MB
2025-06-04 16:05:24 +0000 UTC

5.45.102.182 · virussign.com_20250603_LimitedFree.zip

/samples/virussign/

Germany · netcup GmbH

Yara SUSP_XORed_MSDOS_Stub_Message From Florian Roth by Florian Roth

Download archived sample

The password is "infected"

SHA1: 8af0a16b27911af9457b99738a6da96773733816
SHA256: b3d1a1ef469699875b8608a57b44ac373ac0c41a5d4329e90f301fc1e0c87e12
application/zip
17.34MB
2025-06-03 16:05:16 +0000 UTC

5.45.102.182 · virussign.com_20250602_LimitedFree.zip

/samples/virussign/

Germany · netcup GmbH

Yara Win32_PUA_Domaiq From ReversingLabs by ReversingLabs

Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen

Yara Unspecified_Malware_Oct16_A From Florian Roth by Florian Roth (Nextron Systems)

Yara INDICATOR_EXE_Packed_SimplePolyEngine From AlienVault by ditekSHen

Yara PUP_InstallRex_AntiFWb From Florian Roth by Florian Roth (Nextron Systems)

Yara SUSP_XORed_MSDOS_Stub_Message From Florian Roth by Florian Roth

Yara SUSP_Imphash_Mar23_2 From Florian Roth by Arnim Rupp (https://github.com/ruppde)

Yara INDICATOR_EXE_Packed_MPress From AlienVault by ditekSHen

Yara INDICATOR_EXE_Packed_SmartAssembly From AlienVault by ditekSHen

Download archived sample

The password is "infected"

SHA1: 00925122515312713ff5b182a92ecaa8fe340fa3
SHA256: 9ce8e9e1d506218a990ad50aa419df91c3ef51885d77bf451cb2360266ae9a98
application/zip
26.13MB
2025-06-02 16:05:22 +0000 UTC

5.45.102.182 · virussign.com_20250531_LimitedFree.zip

/samples/virussign/

Germany · netcup GmbH

Yara Win32_PUA_Domaiq From ReversingLabs by ReversingLabs

Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen

Yara SUSP_XORed_Mozilla From Florian Roth by Florian Roth (Nextron Systems)

Yara INDICATOR_EXE_Packed_Goliath From AlienVault by ditekSHen

Yara SUSP_XORed_MSDOS_Stub_Message From Florian Roth by Florian Roth

Yara PUP_InstallRex_AntiFWb From Florian Roth by Florian Roth (Nextron Systems)

Yara SUSP_Imphash_Mar23_2 From Florian Roth by Arnim Rupp (https://github.com/ruppde)

Yara Unspecified_Malware_Oct16_A From Florian Roth by Florian Roth (Nextron Systems)

Yara INDICATOR_EXE_Packed_MPress From AlienVault by ditekSHen

Download archived sample

The password is "infected"

SHA1: ab9808fa36eceb0c72e23553238110756851f06a
SHA256: ae53e9ebcdbb08b623346777007d34a69c40a904969067613b9d0456e8ffa8cd
application/zip
45.31MB
2025-05-31 16:05:23 +0000 UTC

5.45.102.182 · virussign.com_20250530_LimitedFree.zip

/samples/virussign/

Germany · netcup GmbH

Yara SUSP_XORed_MSDOS_Stub_Message From Florian Roth by Florian Roth

Yara Win32_PUA_Domaiq From ReversingLabs by ReversingLabs

Yara RAT_PoisonIvy From Florian Roth by Kevin Breen <kevin@techanarchy.net>

Yara Unspecified_Malware_Oct16_A From Florian Roth by Florian Roth (Nextron Systems)

Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen

Yara PUP_InstallRex_AntiFWb From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

SHA1: 477fca78e9a5103f59b55ec861863bebd6924b47
SHA256: b53ca1cd0e64316c2c09222d50cdd521b8dc2f0c60042a6ea197625026476c20
application/zip
22.83MB
2025-05-30 16:05:20 +0000 UTC

5.45.102.182 · virussign.com_20250527_LimitedFree.zip

/samples/virussign/

Germany · netcup GmbH

Yara SUSP_XORed_MSDOS_Stub_Message From Florian Roth by Florian Roth

Yara Win32_Buzus_Softpulse From Florian Roth by Florian Roth (Nextron Systems)

Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen

Yara INDICATOR_EXE_Packed_ASPack From AlienVault by ditekSHen

Yara SUSP_XORed_Mozilla From Florian Roth by Florian Roth (Nextron Systems)

Yara Unspecified_Malware_Oct16_A From Florian Roth by Florian Roth (Nextron Systems)

Yara Backdoor_Redosdru_Jun17 From Florian Roth by Florian Roth (Nextron Systems)

Yara SUSP_Imphash_Mar23_2 From Florian Roth by Arnim Rupp (https://github.com/ruppde)

Yara PUP_InstallRex_AntiFWb From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

SHA1: b62930dfaeb3d8cfb297fb2d7925acb153fe2d1c
SHA256: 7fba0e0aefa2f31943bbbb2bfbcb55fd8cb7f5b4eb10dffdc1bab57fef321808
application/zip
47.02MB
2025-05-27 16:05:24 +0000 UTC

5.45.102.182 · virussign.com_20250525_LimitedFree.zip

/samples/virussign/

Germany · netcup GmbH

Yara INDICATOR_EXE_Packed_MPress From AlienVault by ditekSHen

Yara INDICATOR_EXE_Packed_VMProtect From AlienVault by ditekSHen

Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen

Yara INDICATOR_EXE_Packed_ASPack From AlienVault by ditekSHen

Yara Unspecified_Malware_Oct16_A From Florian Roth by Florian Roth (Nextron Systems)

Yara INDICATOR_EXE_Packed_eXPressor From AlienVault by ditekSHen

Yara Disable_Defender From AbuseCH by iam-py-test

Yara APT_NK_Methodology_Artificial_UserAgent_IE_Win7 From Florian Roth by Steve Miller aka @stvemillertime

Yara Win32_PUA_Domaiq From ReversingLabs by ReversingLabs

Yara SUSP_XORed_MSDOS_Stub_Message From Florian Roth by Florian Roth

Download archived sample

The password is "infected"

SHA1: 8d77fcda74b48347c40fddc3d699665334e0e9f8
SHA256: 654179176a9af1a55c3b1edab9e2ba13966c471483dd568fba3b161e5c3e633e
application/zip
22.69MB
2025-05-25 16:05:23 +0000 UTC

185.128.59.25 · Communicator-6.2.0.exe

/communicator-6-2-0/

United Kingdom · Go Internet Ltd

Yara SUSP_XORed_MSDOS_Stub_Message From Florian Roth by Florian Roth

Download archived sample

The password is "infected"

SHA1: b5288e838edebec2d39581c77c7dd744201aff17
SHA256: c6d95034422f5799c72de2865e51494c420ae0a1550a6a1aa7e954637e7fe3cc
application/x-msdos-program
83.46MB
2020-12-01 14:02:18 +0000 UTC

187.53.50.175 · Photoshop CS6 Portable.zip

/Utilitarios/

Brazil · V tal

Yara SUSP_XORed_MSDOS_Stub_Message From Florian Roth by Florian Roth

SHA1: 3c6d33acc7b3c4ede6124b48cf5355b02e8bb97d
SHA256: 3d8b2193cfdd9dee6b992a778eaab3be48cd8393cd912a7aca6c51a4cd6e6179
application/zip
235.39MB
2024-02-12 14:47:34 +0000 UTC

47.254.196.158 · VTConsole_3.8.0.1_Standard_VT.exe

/pttUpgrade/console/VTConsole_Standard_VT/

Malaysia · Alibaba US Technology Co., Ltd.

Yara SUSP_XORed_MSDOS_Stub_Message From Florian Roth by Florian Roth

Download archived sample

The password is "infected"

SHA1: 38234b74c819ffbe2a0716a9d1a62581624292e8
SHA256: d2b1693bec3950cd1c39f78a572d5e46e3f4c98f1d3b99a4d1c2f2cdf5c13cc0
application/x-msdownload
43.97MB
2022-08-03 04:14:01 +0000 UTC

103.48.25.237 · SuperGranny3.exe

/data/Games/Super Granny 3 - Full PreCracked - Foxy Games/

Pakistan · NetSat Private Limited

Yara SUSP_XORed_MSDOS_Stub_Message From Florian Roth by Florian Roth

Download archived sample

The password is "infected"

SHA1: 9d9f8b3dc7b2248967efe887c685d47fd75be938
SHA256: bc8f433f1d5795108e8f6d6c9488e7d5c0141dd5e056c79b5bd7a3c83c6d8f64
application/octet-stream
26.54MB
2023-12-11 14:42:12 +0000 UTC

201.113.136.184 · Sistema ICOM modulo x86.exe

/soporte/

Mexico · UNINET

Yara SUSP_XORed_MSDOS_Stub_Message From Florian Roth by Florian Roth

SHA1: 48f9a4ff6404621f9b398033c1f7c99d73941571
SHA256: 502ef1bc9a835d6054c44892033f08c90a75365e59827ef542c68fbfb0cfff4b
application/x-msdownload
151.38MB
2024-11-01 23:19:36 +0000 UTC

201.113.136.184 · Sistema ICOM 4 Server.exe

/soporte/

Mexico · UNINET

Yara SUSP_XORed_MSDOS_Stub_Message From Florian Roth by Florian Roth

SHA1: eb89e3e559c5394a540e2b815a12d04f92f2bd38
SHA256: ffa2e0ccb8d31f924659724ec679b10b2518e75cf41eec925c396e04bc45c2b3
application/x-msdownload
301.64MB
2025-06-23 21:59:21 +0000 UTC

201.113.136.184 · icom_update_47493.zip

/ftp/

Mexico · UNINET

Yara SUSP_XORed_MSDOS_Stub_Message From Florian Roth by Florian Roth

Download archived sample

The password is "infected"

SHA1: 2ab48020eedafb9fc3a87fc63ce659b7e0bc04df
SHA256: 5180ebc3b9303c947accb949141529f16c95741cd80786c1c839ca86633d2efc
application/zip
6.82MB
2025-06-23 22:55:29 +0000 UTC

201.113.136.184 · icom_update_47492.zip

/ftp/

Mexico · UNINET

Yara SUSP_XORed_MSDOS_Stub_Message From Florian Roth by Florian Roth

Download archived sample

The password is "infected"

SHA1: 115afbe92386546b00849196bc25bba9e9c20df6
SHA256: 5b6786c13836adb55fa8d3bb8939adeb185b46ddfbea74a0b13b1204439a2521
application/zip
6.82MB
2025-06-23 22:35:41 +0000 UTC