File Search Engine
  • Search
  • Syntax
  • Fields
  • API
  • 5.45.102.182 · virussign.com_20251019_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara INDICATOR_EXE_Packed_MEW From AlienVault by ditekSHen
    Yara HKTL_CobaltStrike_Beacon_Strings From Florian Roth by Elastic
    Yara Disable_Defender From AbuseCH by iam-py-test
    Yara INDICATOR_EXE_Packed_VMProtect From AlienVault by ditekSHen
    Yara Unspecified_Malware_Oct16_A From Florian Roth by Florian Roth (Nextron Systems)
    Yara Win32_PUA_Domaiq From ReversingLabs by ReversingLabs
    Download archived sample
    The password is "infected"

    SHA1: 855569b292f6b5c7b59af0c2a0c56d9e9e5a05e7
    SHA256: bb3bdca23fd1873d577f03632a17a8f901c43ad11c1478d7280ec75c8ae1dfbf
    application/zip
    34.90MB
    2025-10-19 16:05:23 +0000 UTC

  • 5.45.102.182 · virussign.com_20250909_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara Unspecified_Malware_Oct16_A From Florian Roth by Florian Roth (Nextron Systems)
    Yara SUSP_XORed_Mozilla From Florian Roth by Florian Roth (Nextron Systems)
    Yara Base64_encoded_Executable From Florian Roth by Florian Roth (Nextron Systems)
    Download archived sample
    The password is "infected"

    SHA1: 219025b650bc309de34eb4b0bee537d5998261e1
    SHA256: f34cbc7b4984f055fcb1c396abb5cb9da64e0515a5e1a3db11054c6a0510f572
    application/zip
    20.05MB
    2025-09-09 16:05:18 +0000 UTC

  • allthethings.ddns.net · virussign.com_20250611_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara Unspecified_Malware_Oct16_A From Florian Roth by Florian Roth (Nextron Systems)
    Yara INDICATOR_EXE_Packed_MPress From AlienVault by ditekSHen
    Yara SUSP_XORed_Mozilla From Florian Roth by Florian Roth (Nextron Systems)
    Yara SUSP_Imphash_Mar23_2 From Florian Roth by Arnim Rupp (https://github.com/ruppde)
    Yara INDICATOR_EXE_Packed_ASPack From AlienVault by ditekSHen
    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Download archived sample
    The password is "infected"

    SHA1: c8dd02528aaa4f2b2489e053b95acf7703b77a50
    SHA256: 022613a0e2838dc693feed2ee2d7bcb2f8d0033a36f615f499cfc0396efcc959
    application/zip
    39.71MB
    2025-06-11 16:05:27 +0000 UTC

  • allthethings.ddns.net · virussign.com_20250610_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara INDICATOR_EXE_Packed_VMProtect From AlienVault by ditekSHen
    Yara Unspecified_Malware_Oct16_A From Florian Roth by Florian Roth (Nextron Systems)
    Yara Win32_PUA_Domaiq From ReversingLabs by ReversingLabs
    Yara Disable_Defender From AbuseCH by iam-py-test
    Yara Base64_encoded_Executable From Florian Roth by Florian Roth (Nextron Systems)
    Yara SUSP_XORed_Mozilla From Florian Roth by Florian Roth (Nextron Systems)
    Yara INDICATOR_EXE_Packed_ASPack From AlienVault by ditekSHen
    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Download archived sample
    The password is "infected"

    SHA1: 2364e048d2fc16b1cb22eb29bc2a485bb675af55
    SHA256: 73971a2062516be4850d4a708764a19a85794936f6d7e479d4d3ad887e84ca22
    application/zip
    60.84MB
    2025-06-10 16:05:27 +0000 UTC

  • allthethings.ddns.net · virussign.com_20250609_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara PUP_InstallRex_AntiFWb From Florian Roth by Florian Roth (Nextron Systems)
    Yara Win32_PUA_Domaiq From ReversingLabs by ReversingLabs
    Yara INDICATOR_EXE_DotNET_Encrypted From AlienVault by ditekSHen
    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Yara Win32_Buzus_Softpulse From Florian Roth by Florian Roth (Nextron Systems)
    Yara Unspecified_Malware_Oct16_A From Florian Roth by Florian Roth (Nextron Systems)
    Download archived sample
    The password is "infected"

    SHA1: 21121087f9edb9a652c1a7aa2cc46dae52537e27
    SHA256: e96b44e83cdf8e1344d46872eaa03f72ac0f2731e6e5490608b72c3c46d541ea
    application/zip
    51.15MB
    2025-06-09 16:05:27 +0000 UTC

  • allthethings.ddns.net · virussign.com_20250608_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Yara Win32_PUA_Domaiq From ReversingLabs by ReversingLabs
    Yara INDICATOR_EXE_Packed_VMProtect From AlienVault by ditekSHen
    Yara Hunting_Rule_ShikataGaNai From Florian Roth by Steven Miller
    Yara PUP_InstallRex_AntiFWb From Florian Roth by Florian Roth (Nextron Systems)
    Yara INDICATOR_EXE_Packed_ASPack From AlienVault by ditekSHen
    Yara SUSP_XORed_Mozilla From Florian Roth by Florian Roth (Nextron Systems)
    Yara Unspecified_Malware_Oct16_A From Florian Roth by Florian Roth (Nextron Systems)
    Yara INDICATOR_EXE_Packed_SimplePolyEngine From AlienVault by ditekSHen
    Download archived sample
    The password is "infected"

    SHA1: 65baa1fe641afc8e4f0b850a2c1c94a84a68776a
    SHA256: b23834d873f502af5d11f4e1291ed10a703de04d017a1aa70aed4149eea04c1f
    application/zip
    65.03MB
    2025-06-08 16:05:27 +0000 UTC

  • allthethings.ddns.net · virussign.com_20250605_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Yara SUSP_XORed_Mozilla From Florian Roth by Florian Roth (Nextron Systems)
    Yara INDICATOR_EXE_Packed_MPress From AlienVault by ditekSHen
    Yara Typical_Malware_String_Transforms From Florian Roth by Florian Roth (Nextron Systems)
    Yara INDICATOR_EXE_Packed_ASPack From AlienVault by ditekSHen
    Yara Unspecified_Malware_Oct16_A From Florian Roth by Florian Roth (Nextron Systems)
    Yara Disable_Defender From AbuseCH by iam-py-test
    Yara PUP_InstallRex_AntiFWb From Florian Roth by Florian Roth (Nextron Systems)
    Download archived sample
    The password is "infected"

    SHA1: 4b32c974690387bcdcdc7a975e2ddbef1c28f556
    SHA256: 4fcc38c844693ffa99b2bc51508fb8b92224704c88d8734628f4c1159d77fc1a
    application/zip
    20.08MB
    2025-06-05 16:05:20 +0000 UTC

  • allthethings.ddns.net · virussign.com_20250628_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara INDICATOR_EXE_DotNET_Encrypted From AlienVault by ditekSHen
    Yara INDICATOR_EXE_Packed_MPress From AlienVault by ditekSHen
    Yara Win32_PUA_Domaiq From ReversingLabs by ReversingLabs
    Yara PUP_InstallRex_AntiFWb From Florian Roth by Florian Roth (Nextron Systems)
    Yara INDICATOR_EXE_Packed_VMProtect From AlienVault by ditekSHen
    Yara Disable_Defender From AbuseCH by iam-py-test
    Yara Unspecified_Malware_Oct16_A From Florian Roth by Florian Roth (Nextron Systems)
    Download archived sample
    The password is "infected"

    SHA1: 69e1a244accdb3789d6cd65acbd6adb039a9d7b6
    SHA256: 5487bc534818df50e7e61c230108c6aa84f66912c3692fb11490e4136dcc1a78
    application/zip
    25.39MB
    2025-06-28 16:05:21 +0000 UTC

  • allthethings.ddns.net · virussign.com_20250625_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Yara INDICATOR_EXE_Packed_MPress From AlienVault by ditekSHen
    Yara Win32_PUA_Domaiq From ReversingLabs by ReversingLabs
    Yara Unspecified_Malware_Oct16_A From Florian Roth by Florian Roth (Nextron Systems)
    Yara INDICATOR_EXE_Packed_ASPack From AlienVault by ditekSHen
    Download archived sample
    The password is "infected"

    SHA1: afcff4ada8986a94d739028e69d90ba6d84bd87c
    SHA256: 231762a8eb53839539e13c5d0ee27cef12e90b23a483f1b9cabc902736e0b39a
    application/zip
    21.89MB
    2025-06-25 16:05:20 +0000 UTC

  • allthethings.ddns.net · virussign.com_20250624_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara Disable_Defender From AbuseCH by iam-py-test
    Yara INDICATOR_EXE_Packed_ASPack From AlienVault by ditekSHen
    Yara Unspecified_Malware_Oct16_A From Florian Roth by Florian Roth (Nextron Systems)
    Yara Win32_PUA_Domaiq From ReversingLabs by ReversingLabs
    Download archived sample
    The password is "infected"

    SHA1: 873142dd0446df8ec4ec4fd24d3c43b1af7b2e97
    SHA256: 8e571a9cfcaf8ab72cccbc06259c042bfe8d68b2cd68ef23d7c2109c67376e51
    application/zip
    12.90MB
    2025-06-24 16:05:18 +0000 UTC

  • allthethings.ddns.net · virussign.com_20250604_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara RAT_DarkComet From Florian Roth by Kevin Breen <kevin@techanarchy.net>
    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Yara Win32_PUA_Domaiq From ReversingLabs by ReversingLabs
    Yara INDICATOR_EXE_Packed_ASPack From AlienVault by ditekSHen
    Yara Disable_Defender From AbuseCH by iam-py-test
    Yara PUP_InstallRex_AntiFWb From Florian Roth by Florian Roth (Nextron Systems)
    Yara INDICATOR_EXE_Packed_MEW From AlienVault by ditekSHen
    Yara SUSP_XORed_MSDOS_Stub_Message From Florian Roth by Florian Roth
    Yara Unspecified_Malware_Oct16_A From Florian Roth by Florian Roth (Nextron Systems)
    Yara SUSP_XORed_Mozilla From Florian Roth by Florian Roth (Nextron Systems)
    Download archived sample
    The password is "infected"

    SHA1: 950f0e4dbe5a9cbf174d31b3f5ff07db48d51a88
    SHA256: 71e046942745d9d24d63f72dd3afff31caece0371bc2e3234dd05451e708da8a
    application/zip
    46.55MB
    2025-06-04 16:05:24 +0000 UTC

  • allthethings.ddns.net · virussign.com_20250622_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara Unspecified_Malware_Oct16_A From Florian Roth by Florian Roth (Nextron Systems)
    Yara Base64_encoded_Executable From Florian Roth by Florian Roth (Nextron Systems)
    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Yara Disable_Defender From AbuseCH by iam-py-test
    Yara Win32_PUA_Domaiq From ReversingLabs by ReversingLabs
    Download archived sample
    The password is "infected"

    SHA1: cba8563110a931272cbc1b8e2b270f00c3947ec8
    SHA256: 8e4573bf5edde1af77287103f566839d6728f58a8b33ade1cb482478486f0429
    application/zip
    26.59MB
    2025-06-22 16:05:22 +0000 UTC

  • allthethings.ddns.net · virussign.com_20250618_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Yara SUSP_XORed_Mozilla From Florian Roth by Florian Roth (Nextron Systems)
    Yara INDICATOR_EXE_Packed_ASPack From AlienVault by ditekSHen
    Yara INDICATOR_EXE_Packed_VMProtect From AlienVault by ditekSHen
    Yara Unspecified_Malware_Oct16_A From Florian Roth by Florian Roth (Nextron Systems)
    Yara PUP_InstallRex_AntiFWb From Florian Roth by Florian Roth (Nextron Systems)
    Download archived sample
    The password is "infected"

    SHA1: b621b3e06cb2cdea4636389e95c7e81771757186
    SHA256: 4260dea137937a04284941ca1ba41b16f78d531e28e77f0cfb5629f6e1c98c62
    application/zip
    25.79MB
    2025-06-18 16:05:21 +0000 UTC

  • allthethings.ddns.net · virussign.com_20250616_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara Win32_PUA_Domaiq From ReversingLabs by ReversingLabs
    Yara Unspecified_Malware_Oct16_A From Florian Roth by Florian Roth (Nextron Systems)
    Download archived sample
    The password is "infected"

    SHA1: 5e9f2dad8dab4308ae5b5dd47a380465151742b0
    SHA256: 4fa4272f108c858f92a5ecfcdf1122766bc96433285182a25cac491b48e21fa1
    application/zip
    26.50MB
    2025-06-16 16:05:19 +0000 UTC

  • allthethings.ddns.net · virussign.com_20250615_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara PUP_InstallRex_AntiFWb From Florian Roth by Florian Roth (Nextron Systems)
    Yara Unspecified_Malware_Oct16_A From Florian Roth by Florian Roth (Nextron Systems)
    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Download archived sample
    The password is "infected"

    SHA1: f2ee877c1f0640bb71f9e0bed29d00b29feecc6d
    SHA256: cd107c32870159ce75d38301e56ca63c6f17a9bc16893b8fc8c724184a07f021
    application/zip
    30.75MB
    2025-06-15 16:05:23 +0000 UTC

  • allthethings.ddns.net · virussign.com_20250602_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara Win32_PUA_Domaiq From ReversingLabs by ReversingLabs
    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Yara Unspecified_Malware_Oct16_A From Florian Roth by Florian Roth (Nextron Systems)
    Yara INDICATOR_EXE_Packed_SimplePolyEngine From AlienVault by ditekSHen
    Yara PUP_InstallRex_AntiFWb From Florian Roth by Florian Roth (Nextron Systems)
    Yara SUSP_XORed_MSDOS_Stub_Message From Florian Roth by Florian Roth
    Yara SUSP_Imphash_Mar23_2 From Florian Roth by Arnim Rupp (https://github.com/ruppde)
    Yara INDICATOR_EXE_Packed_MPress From AlienVault by ditekSHen
    Yara INDICATOR_EXE_Packed_SmartAssembly From AlienVault by ditekSHen
    Download archived sample
    The password is "infected"

    SHA1: 00925122515312713ff5b182a92ecaa8fe340fa3
    SHA256: 9ce8e9e1d506218a990ad50aa419df91c3ef51885d77bf451cb2360266ae9a98
    application/zip
    26.13MB
    2025-06-02 16:05:22 +0000 UTC

  • allthethings.ddns.net · virussign.com_20250613_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Yara Win32_PUA_Domaiq From ReversingLabs by ReversingLabs
    Yara INDICATOR_EXE_Packed_SmartAssembly From AlienVault by ditekSHen
    Yara Base64_encoded_Executable From Florian Roth by Florian Roth (Nextron Systems)
    Yara Unspecified_Malware_Oct16_A From Florian Roth by Florian Roth (Nextron Systems)
    Yara Cobaltbaltstrike_RAW_Payload_https_stager_x64 From Florian Roth by Avast Threat Intel Team
    Yara SUSP_Imphash_Mar23_2 From Florian Roth by Arnim Rupp (https://github.com/ruppde)
    Yara SUSP_XORed_MSDOS_Stub_Message From Florian Roth by Florian Roth
    Download archived sample
    The password is "infected"

    SHA1: d4b000c83cccbd0d818a991f3b87343ecfee3d06
    SHA256: bbbdbeb5d508149f6c9d853a340485442584063fd5a79398d800ddd874d4d913
    application/zip
    49.69MB
    2025-06-13 16:05:26 +0000 UTC

  • allthethings.ddns.net · virussign.com_20250611_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara Unspecified_Malware_Oct16_A From Florian Roth by Florian Roth (Nextron Systems)
    Yara INDICATOR_EXE_Packed_MPress From AlienVault by ditekSHen
    Yara SUSP_XORed_Mozilla From Florian Roth by Florian Roth (Nextron Systems)
    Yara SUSP_Imphash_Mar23_2 From Florian Roth by Arnim Rupp (https://github.com/ruppde)
    Yara INDICATOR_EXE_Packed_ASPack From AlienVault by ditekSHen
    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Download archived sample
    The password is "infected"

    SHA1: c8dd02528aaa4f2b2489e053b95acf7703b77a50
    SHA256: 022613a0e2838dc693feed2ee2d7bcb2f8d0033a36f615f499cfc0396efcc959
    application/zip
    39.71MB
    2025-06-11 16:05:27 +0000 UTC

  • allthethings.ddns.net · virussign.com_20250610_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara INDICATOR_EXE_Packed_VMProtect From AlienVault by ditekSHen
    Yara Unspecified_Malware_Oct16_A From Florian Roth by Florian Roth (Nextron Systems)
    Yara Win32_PUA_Domaiq From ReversingLabs by ReversingLabs
    Yara Disable_Defender From AbuseCH by iam-py-test
    Yara Base64_encoded_Executable From Florian Roth by Florian Roth (Nextron Systems)
    Yara SUSP_XORed_Mozilla From Florian Roth by Florian Roth (Nextron Systems)
    Yara INDICATOR_EXE_Packed_ASPack From AlienVault by ditekSHen
    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Download archived sample
    The password is "infected"

    SHA1: 2364e048d2fc16b1cb22eb29bc2a485bb675af55
    SHA256: 73971a2062516be4850d4a708764a19a85794936f6d7e479d4d3ad887e84ca22
    application/zip
    60.84MB
    2025-06-10 16:05:27 +0000 UTC

  • allthethings.ddns.net · virussign.com_20250609_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara PUP_InstallRex_AntiFWb From Florian Roth by Florian Roth (Nextron Systems)
    Yara Win32_PUA_Domaiq From ReversingLabs by ReversingLabs
    Yara INDICATOR_EXE_DotNET_Encrypted From AlienVault by ditekSHen
    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Yara Win32_Buzus_Softpulse From Florian Roth by Florian Roth (Nextron Systems)
    Yara Unspecified_Malware_Oct16_A From Florian Roth by Florian Roth (Nextron Systems)
    Download archived sample
    The password is "infected"

    SHA1: 21121087f9edb9a652c1a7aa2cc46dae52537e27
    SHA256: e96b44e83cdf8e1344d46872eaa03f72ac0f2731e6e5490608b72c3c46d541ea
    application/zip
    51.15MB
    2025-06-09 16:05:27 +0000 UTC