474368

Total Analyses

61%

Shared Malware

257027

Unique Domains

Recent Analyses (see more)

Feb. 6, 2016, 12:12 p.m. b76d37b66a17bfbb3b91a7efff60a226
Feb. 6, 2016, 12:11 p.m. cc8e2392d2a711c347439aac19df3042
Feb. 6, 2016, 12:10 p.m. 39ecffaccd62aa5c93b5f511f15fe28b
Feb. 6, 2016, 11:58 a.m. 61212c9b00e5772999bdf6b8166ea818
Feb. 6, 2016, 11:55 a.m. 5f7167092d48912492f668d5bdb3799d
Feb. 6, 2016, 11:54 a.m. c309f6db9e570f63840c40783116c905
Feb. 6, 2016, 11:50 a.m. a27f7c8fb1706ae0858803614f33bd6b
Feb. 6, 2016, 11:46 a.m. c1d2437d9d6a48fca5d911cc57e7bab6
Feb. 6, 2016, 11:36 a.m. 69bc6afa9c4aa60e05afa6582adcb5f7
Feb. 6, 2016, 11:36 a.m. bfc4133a64a8a8a53c02f9d471c79c16

Recent Domains

helloguysqq.su
sowhatsupwithitff.com
win7_8d90f.dns04.com
mzo.dyndns.org
mylovem.myq-see.com
hellomenqq.su
whoisitff.com
sara2015.no-ip.org
kikuloko.ddns.net
dominadoddns.ddns.net

Public Tags

crypter ipkiller athena_http athena_irc kelihos Neurevt betabot pony phorpiex citadel gameover_zeus downloader karagny blackshades aryan_ircbot Boleto Jdjdjd smoke VI virus Fareit andromeda (2.6) Zeus_P2P darkcomet umbraloader andromeda(2.7) bitcoin PWS:Win32/Fareit.gen!C #betabot 1.3.4.5 0day exploit ring 0 CVE-2012-4792 CFR blackrev andromeda DOITYOUR netravler APT keyboy ipkiller2 Autoit Injector Sirefef Ransom Urausy ponyb xtreme_rat yoyoddos esupport.com gamarue Phishing Attachment Phishing Win32/Extats Spammer Win32/Nedsym.G DarkSouthKorea2 fakeav, rougeav fakeav Opera Software Breach bayrob kozy, trojan kozy Seinup rogueware notkazy iceix tor C:\WINDOWS\Flash\taskkill.exe Malicious Really? antivm ZeroAccess Ransomware ubnt.com Symmi Malware - Downloader zbot zeus Simda password stealer,minecraft #Alureon #ZeroAccess miner .NET Rogue Anti Virus! YoutubeMalvert $$_system32_21f9a9c4a2f8b514.cdf-ms FinSpy FinFisher Setup.exe irc Zaccess Frutas Dmitry Rassohin mario.php .ru hidden folders bitcoin miner Keylogger dnscalc MoneyPak FBI Zbot, BlackHole2 Adware KBM2 Verti Technology Group RocketFuel SaveValet AddLyrics NSIS JS Blacole kaspersky support_tool VBS PHP PCAP email Java CVE-2011-3544 CVE-2010-0840 DefaultTab Search Results KBM WebCake Hardware Paravirtualization VB Banker jRat RAT ares.http.botnet rxBot Nettraveler shylock dirtjumper_drive Caphaw infinity bot Medfos solar spam upatre ngrbot ZHELATIN Vertexnet cgrinder madness Athena HTTP Crilock CryptoLocker dirtjumper_drive2 Expiro Asprox Kuluoz VoiceMessage 10-23-13 Zeus Zbot fareit spynet VBS worm hesperbot ~$normal.dotm srmrt kz necurs Skype chapetti 2013-3918 PM4_MSN Lethic solarbot fastflux Treizt ZeroAccess Athena Yeteneksizsiniz Facebook Yetenek Sizsiniz, Facebook Yeteneksizsiniz litecoin zeroaccess, p2p zeroaccess p2p #yeteneksizsiniz Atrax neutrino darkddoser mptools linux_ddos linux ddos bot plasmaHTTP plasma_http #Asprox yamato samsung galaxy ace pvp.player cutwail khelios Cryptolocker Related asprox-related-but-maybe-not-initial-kuluoz GameOver Zeus Zeus, GameOver volatility silentbanker Qakbot Java Explots ferret zeus-p2p Cridex Java/CVE-2013-0422 Exploit Java/CVE-2011-3544 Exploit Java Exploits Alina spyeye Adpeak dexter pos backoored, cobalt, strike target FrontRange Solutions Agent umbra todo CVE-2006-2389 sdbot https://fuckav.ru/showthread.php?p=93825#post93825 #malware crypt service WalmartForm Advantage Trojan Gatak Worm suppobox Credential Steal Malware from russia Trojan Dorkbot malware asprox, kuluoz facebook malware malicious facebook extension browser malware report.creditcard report.exe Asprox stage2 Chewbacca Sneakernet Trojan Zeus GameOver UPX Mono/.Net .cpl Packed Evil PDF Java Exploit Jolly Roger Unconventional BinaryLangID .docm Pony Downloader may_be_not dropper not_Asprox 4chan cryptocurrency trojan Mcafee Files winlogionfire.exe court statement ID147-08.zip ltc miner cve-2012-4202 SGH CVE-2010-3333 CVE-2014-0496 CVE-2012-0158 #fatmal #fatura #zararli #subat2014 #fatmal Rebhip worm andormeda malwr_flo_vall ltc minner Windows Internet Explorer sifreli clickbot clickfraud extension installer Jolly Roger Stealer asprox-adfraud CITADEL 1.3.5.1 Dipverdle Valter SNS not-asprox 4shared bau_bhr facebook admin CVE-2014-0322 dirtjumper sykipot INC 800871 plugx index.html?e=sck zeus,iceix, zeus,iceix CVE-2014-1761 tracur dll Uroburos php,php shell shell stuxnet !Testen RTF-Dokument RTF:CVE-2010-3333 Ole:CVE-2012-0158 luud poko CyberGate Winlock DARKHAT RAT 1.0.3 Trojon IIS ISAPI CVE-2007-5659 CVE-2010-0188 CVE-2009-0927 CVE-2008-2992 hacktools Pdf:CVE-2014-0496 CVE-2013-3346 CVE-2013-2729 unwanted syrianmalware xtremerat ruskill careto mandiant apt1 chinese regedit ftp winpcap icmp http firewall russian autorun forensic smtp mouse Androemda Somoto Skywiper EraseMBR Palevo Conficker/Stuxnet Conficker/Duqu MandiantAPT1 hunter2 UNRECOM CVE-2010-2883 CVE-2014-1776 Chinese APT Internet Explorer JavaScript Trojan, Dirt Jumper version 5 fake av Zbot variant Zeus P2P BetterSurf hunter2 spam dropper malware test Rotbrow predator.txt sql injection InstallCore CVE-2014-0493 powershell outbrowse BitcoinMining ssologin.js spindest fax word ntdll.dll Windows 7 webplayer Mine AutoIt-GEN-RAT kippo honeypot MiniDuke Windows XP gif sso.jss POSHCODER fake_bill Soraya Telekom c2 backend Zeus GameOver Etumbot Flush flush IptabLes IptabLex CyrptoWall hubzu-app.min.js gif89 php zip Pandemiya fake flash chokas RTF OLE Steals Personal Info #CVE-2013-2729 Andromeda2.9 Andromeda 2.9 fake flash player zeusVM Havex hello suspicious ML - Referida WEKBY #SampleStinch Banking Trojan CosmicDuke (MiniDuke2) Gauss Duqu Duqu-Keylogger Miniduke Nemesis Gemina Miniduke,Nemesis,Gemina Nemesis Gemina smokeloader #dofoil-smokeloader-work_work_module #dofoil-smokeloader-work-module cryptowall kevin FLARE-ON C6 e php BrutPOS Pitty Tiger Campaign Troj/ReRol.A PittyTiger RAT Coin Stealer timba banker plimrost darkomet,apt darkomet bulshit ;) asprox-secondary-module Strategic Web Compromise dyreza Pushdo magnitude Sazoora.B Dyre dgameover Flashpack <A> Baill malware_tg sasser emotet banking spyware lllll IRC.Bot Havex_Fertger SOGU XSLCmd BACKOFF BlackPOS Korplug 14e8a9e1f213e241604fb09236d49b65 #hk my new photo SolarBot v1.1 Napolar Shockwave Exploit, Trojan Swfti Smoke Loader Dofoil Neverquest Viper Asprox_module spotflux DGAmeover Zeus 20141009_N 10/10/2014 zemot cryptowall-2.0 mkrul APT, Fexel Fexel vawtrak rerdom tordal hancitor Dyre_spam PDF/Exploit.CVE-2013-2729 CVE-2014-4114 OrcaRAT 1.doc Kaiten PUP Elknot Apple storm Bagle,storm Bagle sality alman waledac Carberp spybot dorkbot rogue antivirus dridex kegotip UFR Usteal Paycrypt MS Sysinternals Streuner vbs, visual basic script visual basic script acceso directo usb virus Useless "Virus" steam peexe assembly apt18 Operation Poisoned Handover @PhysicalDrive0 torrentlocker Vulncheck poweliks Clod Yakes tofsee cryptorbit neelabh rai gvim editor Trojan Krazy Trojan Malware Russian Origin Trojan Downloader Codex. goehringd Steam Stealer Downloaders Recieved by e-mail on 17.11.2014. hack SteamStealer matsnu Linux ELF DDOS Malware regin hc_spam crypto ransomware cryptolocker cycbot ransowmare cryptolocker Malware _dropper Dyzap dasd Sony GOP Hack Malware Sony hack trojan banker bladabindi hacktool inunx server Carta certificada malware emotet malware bladabindi tuscas Zeus P2P (Banking Trojan) Navigation Copyright (C) 2013 SIGNED FILES Trojan.Win32.Destover.d Trojan.Win32.Destover.a hacktool Exploit.RTF.CVE-2010-3333 (v) Exploit.RTF.CVE-2012-0158 (v) Exploit.RTF.CVE-2012-0158 (v) coinminer brother printer driver installation crypter application (riskware) linuz agent trojan macro adware besttoolbar BAT/TrojanDownloader.Agent.NGU trojan #malware #Dyreza asprox kuluoz VBS KRYPTIC spatet malware pua malware spatet andromeda / Win32/TrojanDownloader.Wauchos.A malware worm PUP.Optional.OneClickDownloader.A proxy changer malware trustezeb malware (cryptolocker) Win32.Wipall.A WIPER DESTOVER lswebbroker.exe toolbar perion MacDefender MacProtector adroid malware adware ibrite Tinba phase hancitor, hancitor.b fleercivet bolware banatrix Chanitor TorrentLocker RansomWare lockhunter joke_sample Braviax Anti-Debugging Kovter Subject: Signature Invoice torlocker MACRO MALWARE fgh cve-2014-6332 cc.php upatre downloader Banking Malware SteamTrade roxio retriver roxio retrieve Malware antiVM removed removed antiVM FileLock SoftonicDownloader, Softonic Softonic SoftonicDownloader powerliks SteamRipper hupigon XOR.DDOS Linux Malware Minecraft 1 2 sdfsdf df s sdfsdf df s d sdfsdf df s d sdf sdfsdf df s d sdf d sdfsdf df s d sdf ds BackDoorMSFC deathbycaptcha antigate FinFisher Dropper CBT-Locker CTB-Locker zegost tagtag TurlaCarbon Cobra Turla Worm Almanahe Worm (Rootkit) Sality cryptowall-3.0 browser-hijacker SpeedBit VideoAccelerator thanks Trojan.Anaki malware from spam mail Voice#7909661.zip no-replay@voice_global.co.uk Subject: Voice Message voice.exe ragebot botnet VirLock malware reveton INFOADMIN herpesnet Kronos 55555555555555 crucial.com - Rootkit NetWire CTBLOCKER DOWNLOADER CTB LOCKER T CRYPTOWALL 3.0 scr mail mediyes-Rootkit fynloski-RAT account_report0209.zip planeris.exe account_report0209.scr cloudflare_bypass Hmei7 steam_malware CTBLOCKER broban dos av Private Pri Uroburos 2013 32-Bit Dropper Uroburos 2006 32-Bit Dropper Uroburos 2010 32-Bit Dropper ComRAT TurlaCarbon.A COMpfun recslurp Torrent Locker RIPEMD RIPEMD-160 crack OnionDuke jone SignDetect.exe SignDetect CTB LOCKER DOWNLOADER USBFIX Geodo FileCoder cxcds ASDF njrat from contaigo adobe9 facebook virus gadis mabuk itpiz #LogPOS Steam Virus #PwnPOS Word 2003 XML firefox Self Deleting Dyre, Dyreza Babar EvilBunny Babar Dropper Casper Dropper Casper x86 Executable Payload Visualizar_Processo_MPF_000874732666213.cpl dll from torrent locker Brazil Malware Comprovante Fatura Exe Brazil Malware 3L1Q3r7o8n3F exe Malware Comprovante Fatura Exe Trojan Heur RP vm detection malware fake ccleaner onkods trapwot TORRENTLOCKER TURKEY prvnap bunitu redyms redirector MALWARE TROJAN BANKER Server.exe vmdetect Equation-Group EquationDrug W97M.Dropper.C Andromeda/Gamarue BadJoke TROJ_GEN.R047H01H813 troyan downloader W32/WinWrapper.Adware honeynet Mebromi BIOS rootkit jjj fortest<()='"> INV3487 Honeynet project forensic challenge 14 Banking Trojan Vawtrak Slave DHL Malware Iran Rosena phishing,denial_of_service denial of service Laziok sufod bot vote scam trade Downloader, macros Graftor Upatre / Hupigon TORRENLOCKER Bebloh badpdf may be okay teslacrypt Win32/Detplock Equation_FannyWorm Emotet_Version_2 Emotet_Version_3 RIG BleedingLife2 Invoice rasomware cryptoloker NYF ICMP/NX Sober HAVEX 64-bit inbudiana.com HVL-Rat cnc INV3572 dhl C Swift Credit Card-SPAM swift-cut.co.uk-Sample swift-Sample swift-spam-Sample Fiesta sulit woo Unknown Malware ruckguv CozyDuke chakravyuh Phasebot Definitely Something Here CTB encoder W97M/Downloader Teslalocker Cryptolocker new version 2015 Teslalocker Ramspmware Tor 2015 Teslalocker Ramsomware Tor 2015 no-malware MediaGet gh0st tesl Microsoft Word Intruder rms, rat, remote manipulator system pdf attachment Macromalware MHT Geodo_zip trojan.droper1 Cryptolocker-alphacrypt Geodo_pdf BotNet IRC - Palevo Family Kazy Backdoor Trojan trojan2 agent-anaq Rombertik CryptoLocker_BreakingBad2015 BreakingBad2015 cryptolocker varient correos ransomware correos, ransomware Worm:Win32/Goldrv.A Crypt0L0cker Cryptolocker2015MayBREAKINGBAD1BITCOINNEW.exe Bitcoin_1_BTC_SERVER_ACTIVATION Ransomware Breaking Bad 2015 Cryptolocker Rovnix.D Bifrost LostDoor Putty-info-St alphacrypt Breaking Bad Shizzle Infostealer Trojan.Gamarue FakeAntiVirus Advanced SystemCare cryptowall tesla Rovnix CDBurnerXP no OpenCandy Malware CDBurnerXP with OpenCandy Malware Breaking Bad ransomware Skatteverket Peter Winter HawkEye Keylogger herdprotect portable EMET 5.2 User Guide.pdf CipherQ rovnix-reactor marmoolak emilio di donato RAT-Intresting Rolog Worm dridex (invader) PUM Evoltin APT Winnti Lmaobox #Solar DUQU 2.0 csrss Duqu2 Rootkit #Dyre H-worm Browser Hijacker #Zeus Sofacy (APT28) - Downloader boulot MultiPlug Worm.Obfuscated CTP_LOCKER NitlovePOS spybanker downloader BAT cryptlocker pa CT_LOCKER CTB_LOCKER #ZeusVM #KINS #ZeusVM scipt kidi virus nohand pony-2.0 VeRoS_Dz #Gorynych drop pony and cryptowall QQPass Trojan-PSW.Win32.QQPass Trojan-PSW 盗号木马 Qqthief 勒索 敲竹杠 QQ粘虫 beebone SPYBANKER DOWNLOADER AND SPYBANKER DROPPED no-ip سشقب DINO Malware d3d9 contains REMOTE connection commands in strings Twux packer, themida themida packer HackingTeam HackingTeam-APT CVE-2015-5119 Flash Exploit save on Stealer-D Angler EK, Flash Exploit Angler EK BD2015_AUTRE Garry cox #Xylibox #CYBERCRiME WHQ #Goodware #Legit #Harmless PWS:HTML/Phish.GC Mal/Phish-A INV4034 уппа Sednit, которая также извес Ginas doc resume.doc mydoom CVE-2015-5123 HAMMERTOSS Game mal4-exec1 Rodecap Bunitu-Trojan Minidionis #H1N1 #H1N1 LDR sag festi Spearphishing cryptor Bad-BIOS Poison-Ivy-New шифровальщик Angel Beats VoodooHTTP skidware DiamonFox/Gorynych H1N1 UEFI Malicious File AlienSpy HFC Hash File Checker Creased installer StageFright 200 euro p2c, don't use this lol nvm its a 39 euro p2c oops turkojan torrentino malwr . com/analysis/NThlZjdmMzIzZDM2NDczNGFmZTIwZ Tesla crypt 2.0 teronezpz Stealer cryptowall30-exe telecom tim urlzone MD5 collision Csgolounge shareimg.pics prntscreen.pics SenseI fakeBSOD cryptowall30-doc Mac cw3-Feb not_PlugX Gootkit cw3-Mar cw3-Apr cw3-May cw3-Jun cw3-Jul cw3-Aug netwire RAT my first tag :) teslacrypt 2 legitimate Turla-Droper Slenfbot NewPoSThings SKID USE NETSUPPORT AS RAT cw3-Sep MultiHack.exe Pandora Safe VBE MALWARE maphack Prime World MapHack, Prime World, Nival BillGates AESDDoS XORDDoS TinySH IRCDDOS ShiFu obsolete malware Dridex_doc Briba mare neutrinobot energy-scam cw3-Oct perl reverse shell pantstealer.A cuniform.GEN:Z pantstealer.A, cuniform.GEN:Z cw3-Nov cryptowall40? cryptowall-4 Screensaver csgo scam test 1 test2 Downloader.Sapaviro Ramnit Trojan PSAS 5 cryptowall40-js cryptowall40-doc pax Excel phishing spear-phishing spear-phishing FAKE AV DROP ALL SHIT Bookworm Goodware Linux ransomware [Trojan.Win32.Crypt.cxd] jse File Name: XrqdCtbv.exe 301 darkcommet UofC phishing attempt #cryptdieyou orcamento Derkziel Office Builder v5 Fake corebot nymaim OZONE bob SEO Optimized PDF Modpos Modpos Malware Chimera weekend virus, maybe, crypter коммерческое_предложение Teslacrypt with extention vvv dUP cw3-Dec doc, macro Fun malwr botnet loader Malicious Spam WhatsApp <info@funerariasantamarina.es> Un telegrama oral breve se ha cobrado ctjb Dylan Moruga ks amk dennisvdm YTD Airy radamant cw3-Jan zanglerss Killdisk BlackEnergy Ransom32 BlackEnergy-XLS-Dropper Microsoft Excel MS-OGRAPH code execution (MS11-072 SanDisk UltraFit USB 3.0 errorz PP Delivered Vendor Submit Bartallex Trojan-Downloader GamesFlight Flight.exe HSBC Morphing dangerous penetrator MIME junk mayhem Adwind IOC mạnh dorifel Houdini (iniduoh) Houdini moker mokes Ransomware voorbeeld via vba

Last Comments

TeslaCrypt 3.0 sample. Apparently broken?
PinkSlipBot, Qbot, Qakbot
http://www.threatexpert.com/report.aspx?md5=66b8864b660eae1bfb9750b1b3e9b449
https://www.hybrid-analysis.com/sample/252e8809e713dc8b95916667b335375a9891209156b88f28dae18c844cb476a5?environmentId=1
Rakhni/Aura-like ransomware. Encryption algo is still unknown as per RakhniDecryptor. The malware itself is packed with regular UPX, decompressing it presents interesting strings such as the email and the C&C communication protocol. C&C seems to be unreachable at the moment.