File Search Engine
  • Search
  • Syntax
  • Fields
  • API
  • 5.45.102.182 · virussign.com_20251019_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara INDICATOR_EXE_Packed_MEW From AlienVault by ditekSHen
    Yara HKTL_CobaltStrike_Beacon_Strings From Florian Roth by Elastic
    Yara Disable_Defender From AbuseCH by iam-py-test
    Yara INDICATOR_EXE_Packed_VMProtect From AlienVault by ditekSHen
    Yara Unspecified_Malware_Oct16_A From Florian Roth by Florian Roth (Nextron Systems)
    Yara Win32_PUA_Domaiq From ReversingLabs by ReversingLabs
    Download archived sample
    The password is "infected"

    SHA1: 855569b292f6b5c7b59af0c2a0c56d9e9e5a05e7
    SHA256: bb3bdca23fd1873d577f03632a17a8f901c43ad11c1478d7280ec75c8ae1dfbf
    application/zip
    34.90MB
    2025-10-19 16:05:23 +0000 UTC

  • 5.45.102.182 · virussign.com_20250929_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara SUSP_XORed_MSDOS_Stub_Message From Florian Roth by Florian Roth
    Yara Win32_PUA_Domaiq From ReversingLabs by ReversingLabs
    Yara INDICATOR_EXE_Packed_ASPack From AlienVault by ditekSHen
    Yara INDICATOR_EXE_Packed_MPress From AlienVault by ditekSHen
    Download archived sample
    The password is "infected"

    SHA1: 8a1eff85c14fe8556ff72a768be3e5b53eb627db
    SHA256: af0d40f9c208bbf2b018714d797ac67b6390ab3f5e1fceebdfc38d6992c9c9e0
    application/zip
    6.18MB
    2025-09-29 16:05:19 +0000 UTC

  • 5.45.102.182 · virussign.com_20250908_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara Win32_PUA_Domaiq From ReversingLabs by ReversingLabs
    Yara Win32_Ransomware_Ryuk From ReversingLabs by ReversingLabs
    Download archived sample
    The password is "infected"

    SHA1: 0d2233162f41cb296417828843295a80badd53d5
    SHA256: 5bdc042951ba89321b233176a4565ec7a81dee5f4dc6d3e61418393dabe918b8
    application/zip
    30.03MB
    2025-09-08 16:05:20 +0000 UTC

  • 5.45.102.182 · virussign.com_20250901_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara Win32_PUA_Domaiq From ReversingLabs by ReversingLabs
    Yara INDICATOR_EXE_Packed_MEW From AlienVault by ditekSHen
    Yara Suspicious_PowerShell_WebDownload_1 From Florian Roth by Florian Roth (Nextron Systems)
    Download archived sample
    The password is "infected"

    SHA1: b3b67213a6c299c2d559995b05657f878d4b0f18
    SHA256: 51eb13bbc3aa5396416374217d7649d0e958a6b228e58a8508c10f3068f35d31
    application/zip
    17.05MB
    2025-09-01 16:05:17 +0000 UTC

  • allthethings.ddns.net · virussign.com_20250610_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara INDICATOR_EXE_Packed_VMProtect From AlienVault by ditekSHen
    Yara Unspecified_Malware_Oct16_A From Florian Roth by Florian Roth (Nextron Systems)
    Yara Win32_PUA_Domaiq From ReversingLabs by ReversingLabs
    Yara Disable_Defender From AbuseCH by iam-py-test
    Yara Base64_encoded_Executable From Florian Roth by Florian Roth (Nextron Systems)
    Yara SUSP_XORed_Mozilla From Florian Roth by Florian Roth (Nextron Systems)
    Yara INDICATOR_EXE_Packed_ASPack From AlienVault by ditekSHen
    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Download archived sample
    The password is "infected"

    SHA1: 2364e048d2fc16b1cb22eb29bc2a485bb675af55
    SHA256: 73971a2062516be4850d4a708764a19a85794936f6d7e479d4d3ad887e84ca22
    application/zip
    60.84MB
    2025-06-10 16:05:27 +0000 UTC

  • allthethings.ddns.net · virussign.com_20250609_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara PUP_InstallRex_AntiFWb From Florian Roth by Florian Roth (Nextron Systems)
    Yara Win32_PUA_Domaiq From ReversingLabs by ReversingLabs
    Yara INDICATOR_EXE_DotNET_Encrypted From AlienVault by ditekSHen
    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Yara Win32_Buzus_Softpulse From Florian Roth by Florian Roth (Nextron Systems)
    Yara Unspecified_Malware_Oct16_A From Florian Roth by Florian Roth (Nextron Systems)
    Download archived sample
    The password is "infected"

    SHA1: 21121087f9edb9a652c1a7aa2cc46dae52537e27
    SHA256: e96b44e83cdf8e1344d46872eaa03f72ac0f2731e6e5490608b72c3c46d541ea
    application/zip
    51.15MB
    2025-06-09 16:05:27 +0000 UTC

  • allthethings.ddns.net · virussign.com_20250608_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Yara Win32_PUA_Domaiq From ReversingLabs by ReversingLabs
    Yara INDICATOR_EXE_Packed_VMProtect From AlienVault by ditekSHen
    Yara Hunting_Rule_ShikataGaNai From Florian Roth by Steven Miller
    Yara PUP_InstallRex_AntiFWb From Florian Roth by Florian Roth (Nextron Systems)
    Yara INDICATOR_EXE_Packed_ASPack From AlienVault by ditekSHen
    Yara SUSP_XORed_Mozilla From Florian Roth by Florian Roth (Nextron Systems)
    Yara Unspecified_Malware_Oct16_A From Florian Roth by Florian Roth (Nextron Systems)
    Yara INDICATOR_EXE_Packed_SimplePolyEngine From AlienVault by ditekSHen
    Download archived sample
    The password is "infected"

    SHA1: 65baa1fe641afc8e4f0b850a2c1c94a84a68776a
    SHA256: b23834d873f502af5d11f4e1291ed10a703de04d017a1aa70aed4149eea04c1f
    application/zip
    65.03MB
    2025-06-08 16:05:27 +0000 UTC

  • allthethings.ddns.net · virussign.com_20250629_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara INDICATOR_EXE_Packed_VMProtect From AlienVault by ditekSHen
    Yara PUP_InstallRex_AntiFWb From Florian Roth by Florian Roth (Nextron Systems)
    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Yara Win32_PUA_Domaiq From ReversingLabs by ReversingLabs
    Yara Disable_Defender From AbuseCH by iam-py-test
    Download archived sample
    The password is "infected"

    SHA1: 0edba82da3486453730532cf24b19764fcd672bd
    SHA256: 26254b6484ad617f2ef12326251f7d776a76746bc1396d0e345308ab8a107423
    application/zip
    13.99MB
    2025-06-29 16:05:18 +0000 UTC

  • allthethings.ddns.net · virussign.com_20250628_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara INDICATOR_EXE_DotNET_Encrypted From AlienVault by ditekSHen
    Yara INDICATOR_EXE_Packed_MPress From AlienVault by ditekSHen
    Yara Win32_PUA_Domaiq From ReversingLabs by ReversingLabs
    Yara PUP_InstallRex_AntiFWb From Florian Roth by Florian Roth (Nextron Systems)
    Yara INDICATOR_EXE_Packed_VMProtect From AlienVault by ditekSHen
    Yara Disable_Defender From AbuseCH by iam-py-test
    Yara Unspecified_Malware_Oct16_A From Florian Roth by Florian Roth (Nextron Systems)
    Download archived sample
    The password is "infected"

    SHA1: 69e1a244accdb3789d6cd65acbd6adb039a9d7b6
    SHA256: 5487bc534818df50e7e61c230108c6aa84f66912c3692fb11490e4136dcc1a78
    application/zip
    25.39MB
    2025-06-28 16:05:21 +0000 UTC

  • allthethings.ddns.net · virussign.com_20250626_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara Win32_PUA_Domaiq From ReversingLabs by ReversingLabs
    Yara INDICATOR_EXE_Packed_MPress From AlienVault by ditekSHen
    Yara PUP_InstallRex_AntiFWb From Florian Roth by Florian Roth (Nextron Systems)
    Download archived sample
    The password is "infected"

    SHA1: 1ac41f60e863feb1cc37fc98512883328529250b
    SHA256: 822ba4e0c235a640872faa259b6e1d0972de1b6f00edc0112baedad2ce1e65c9
    application/zip
    11.13MB
    2025-06-26 16:05:20 +0000 UTC

  • allthethings.ddns.net · virussign.com_20250625_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Yara INDICATOR_EXE_Packed_MPress From AlienVault by ditekSHen
    Yara Win32_PUA_Domaiq From ReversingLabs by ReversingLabs
    Yara Unspecified_Malware_Oct16_A From Florian Roth by Florian Roth (Nextron Systems)
    Yara INDICATOR_EXE_Packed_ASPack From AlienVault by ditekSHen
    Download archived sample
    The password is "infected"

    SHA1: afcff4ada8986a94d739028e69d90ba6d84bd87c
    SHA256: 231762a8eb53839539e13c5d0ee27cef12e90b23a483f1b9cabc902736e0b39a
    application/zip
    21.89MB
    2025-06-25 16:05:20 +0000 UTC

  • allthethings.ddns.net · virussign.com_20250624_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara Disable_Defender From AbuseCH by iam-py-test
    Yara INDICATOR_EXE_Packed_ASPack From AlienVault by ditekSHen
    Yara Unspecified_Malware_Oct16_A From Florian Roth by Florian Roth (Nextron Systems)
    Yara Win32_PUA_Domaiq From ReversingLabs by ReversingLabs
    Download archived sample
    The password is "infected"

    SHA1: 873142dd0446df8ec4ec4fd24d3c43b1af7b2e97
    SHA256: 8e571a9cfcaf8ab72cccbc06259c042bfe8d68b2cd68ef23d7c2109c67376e51
    application/zip
    12.90MB
    2025-06-24 16:05:18 +0000 UTC

  • allthethings.ddns.net · virussign.com_20250604_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara RAT_DarkComet From Florian Roth by Kevin Breen <kevin@techanarchy.net>
    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Yara Win32_PUA_Domaiq From ReversingLabs by ReversingLabs
    Yara INDICATOR_EXE_Packed_ASPack From AlienVault by ditekSHen
    Yara Disable_Defender From AbuseCH by iam-py-test
    Yara PUP_InstallRex_AntiFWb From Florian Roth by Florian Roth (Nextron Systems)
    Yara INDICATOR_EXE_Packed_MEW From AlienVault by ditekSHen
    Yara SUSP_XORed_MSDOS_Stub_Message From Florian Roth by Florian Roth
    Yara Unspecified_Malware_Oct16_A From Florian Roth by Florian Roth (Nextron Systems)
    Yara SUSP_XORed_Mozilla From Florian Roth by Florian Roth (Nextron Systems)
    Download archived sample
    The password is "infected"

    SHA1: 950f0e4dbe5a9cbf174d31b3f5ff07db48d51a88
    SHA256: 71e046942745d9d24d63f72dd3afff31caece0371bc2e3234dd05451e708da8a
    application/zip
    46.55MB
    2025-06-04 16:05:24 +0000 UTC

  • allthethings.ddns.net · virussign.com_20250622_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara Unspecified_Malware_Oct16_A From Florian Roth by Florian Roth (Nextron Systems)
    Yara Base64_encoded_Executable From Florian Roth by Florian Roth (Nextron Systems)
    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Yara Disable_Defender From AbuseCH by iam-py-test
    Yara Win32_PUA_Domaiq From ReversingLabs by ReversingLabs
    Download archived sample
    The password is "infected"

    SHA1: cba8563110a931272cbc1b8e2b270f00c3947ec8
    SHA256: 8e4573bf5edde1af77287103f566839d6728f58a8b33ade1cb482478486f0429
    application/zip
    26.59MB
    2025-06-22 16:05:22 +0000 UTC

  • allthethings.ddns.net · virussign.com_20250616_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara Win32_PUA_Domaiq From ReversingLabs by ReversingLabs
    Yara Unspecified_Malware_Oct16_A From Florian Roth by Florian Roth (Nextron Systems)
    Download archived sample
    The password is "infected"

    SHA1: 5e9f2dad8dab4308ae5b5dd47a380465151742b0
    SHA256: 4fa4272f108c858f92a5ecfcdf1122766bc96433285182a25cac491b48e21fa1
    application/zip
    26.50MB
    2025-06-16 16:05:19 +0000 UTC

  • allthethings.ddns.net · virussign.com_20250602_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara Win32_PUA_Domaiq From ReversingLabs by ReversingLabs
    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Yara Unspecified_Malware_Oct16_A From Florian Roth by Florian Roth (Nextron Systems)
    Yara INDICATOR_EXE_Packed_SimplePolyEngine From AlienVault by ditekSHen
    Yara PUP_InstallRex_AntiFWb From Florian Roth by Florian Roth (Nextron Systems)
    Yara SUSP_XORed_MSDOS_Stub_Message From Florian Roth by Florian Roth
    Yara SUSP_Imphash_Mar23_2 From Florian Roth by Arnim Rupp (https://github.com/ruppde)
    Yara INDICATOR_EXE_Packed_MPress From AlienVault by ditekSHen
    Yara INDICATOR_EXE_Packed_SmartAssembly From AlienVault by ditekSHen
    Download archived sample
    The password is "infected"

    SHA1: 00925122515312713ff5b182a92ecaa8fe340fa3
    SHA256: 9ce8e9e1d506218a990ad50aa419df91c3ef51885d77bf451cb2360266ae9a98
    application/zip
    26.13MB
    2025-06-02 16:05:22 +0000 UTC

  • allthethings.ddns.net · virussign.com_20250614_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara PUP_InstallRex_AntiFWb From Florian Roth by Florian Roth (Nextron Systems)
    Yara Win32_PUA_Domaiq From ReversingLabs by ReversingLabs
    Yara Win32_Buzus_Softpulse From Florian Roth by Florian Roth (Nextron Systems)
    Yara Disable_Defender From AbuseCH by iam-py-test
    Download archived sample
    The password is "infected"

    SHA1: a39eb161e739e1a1ebe9b873a722adc91acfe2b0
    SHA256: ec4b357be386596c4efb77e752a0fb87bee429e5b2b29e58255109b0fe795856
    application/zip
    19.83MB
    2025-06-14 16:05:17 +0000 UTC

  • allthethings.ddns.net · virussign.com_20250613_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Yara Win32_PUA_Domaiq From ReversingLabs by ReversingLabs
    Yara INDICATOR_EXE_Packed_SmartAssembly From AlienVault by ditekSHen
    Yara Base64_encoded_Executable From Florian Roth by Florian Roth (Nextron Systems)
    Yara Unspecified_Malware_Oct16_A From Florian Roth by Florian Roth (Nextron Systems)
    Yara Cobaltbaltstrike_RAW_Payload_https_stager_x64 From Florian Roth by Avast Threat Intel Team
    Yara SUSP_Imphash_Mar23_2 From Florian Roth by Arnim Rupp (https://github.com/ruppde)
    Yara SUSP_XORed_MSDOS_Stub_Message From Florian Roth by Florian Roth
    Download archived sample
    The password is "infected"

    SHA1: d4b000c83cccbd0d818a991f3b87343ecfee3d06
    SHA256: bbbdbeb5d508149f6c9d853a340485442584063fd5a79398d800ddd874d4d913
    application/zip
    49.69MB
    2025-06-13 16:05:26 +0000 UTC

  • allthethings.ddns.net · virussign.com_20250610_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara INDICATOR_EXE_Packed_VMProtect From AlienVault by ditekSHen
    Yara Unspecified_Malware_Oct16_A From Florian Roth by Florian Roth (Nextron Systems)
    Yara Win32_PUA_Domaiq From ReversingLabs by ReversingLabs
    Yara Disable_Defender From AbuseCH by iam-py-test
    Yara Base64_encoded_Executable From Florian Roth by Florian Roth (Nextron Systems)
    Yara SUSP_XORed_Mozilla From Florian Roth by Florian Roth (Nextron Systems)
    Yara INDICATOR_EXE_Packed_ASPack From AlienVault by ditekSHen
    Yara INDICATOR_EXE_Packed_UPolyX From AlienVault by ditekSHen
    Download archived sample
    The password is "infected"

    SHA1: 2364e048d2fc16b1cb22eb29bc2a485bb675af55
    SHA256: 73971a2062516be4850d4a708764a19a85794936f6d7e479d4d3ad887e84ca22
    application/zip
    60.84MB
    2025-06-10 16:05:27 +0000 UTC

  • allthethings.ddns.net · virussign.com_20250601_LimitedFree.zip

    /samples/virussign/

    Germany · netcup GmbH

    Yara Win32_PUA_Domaiq From ReversingLabs by ReversingLabs
    Yara PUP_InstallRex_AntiFWb From Florian Roth by Florian Roth (Nextron Systems)
    Yara INDICATOR_EXE_Packed_SmartAssembly From AlienVault by ditekSHen
    Yara SUSP_Imphash_Mar23_2 From Florian Roth by Arnim Rupp (https://github.com/ruppde)
    Yara Win32_Buzus_Softpulse From Florian Roth by Florian Roth (Nextron Systems)
    Yara INDICATOR_EXE_Packed_ASPack From AlienVault by ditekSHen
    Download archived sample
    The password is "infected"

    SHA1: b30463f7366bc65ee885f4e096ded9bc8387f530
    SHA256: 6c34f8640b82886092253910940c20c3d04df89536360a038b98ac4f325d739e
    application/zip
    41.46MB
    2025-06-01 16:05:23 +0000 UTC