Name / Title | Added | Expires | Hits | Comments | Syntax | |
---|---|---|---|---|---|---|
_SYSTEM_MEMORY_USAGE_INFORMATION | Oct 11th, 2022 | Never | 972 | 0 | C | - |
_SYSTEM_PERFORMANCE_INFORMATION | Oct 10th, 2022 | Never | 939 | 0 | C | - |
BATTC.SYS!BatteryClassIoctl Kernel Memory Disclosure | Oct 23rd, 2021 | Never | 1,219 | 0 | C | - |
nt!ObpCreateSymbolicLinkName Race Condition Write-Beyond-Boundary | Oct 14th, 2021 | Never | 4,903 | 0 | C | - |
Reversed ObpCreateSymbolicLinkName | Oct 14th, 2021 | Never | 1,429 | 0 | C | - |
iorate.sys DoS | May 30th, 2021 | Never | 1,961 | 0 | C | - |
AllocAtHighestUserAddressBuffer | May 14th, 2021 | Never | 1,049 | 0 | C | - |
Reversed nt!PiControlQueryConflictList | May 2nd, 2021 | Never | 1,536 | 0 | C | - |
Generated Custom .LNK File | Oct 13th, 2016 | Never | 1,676 | 0 | VBScript | - |
UNC Path Bug | Oct 10th, 2016 | Never | 408 | 0 | PowerShell | - |
Bit9 Bug 0 | Sep 26th, 2016 | Never | 653 | 0 | C | - |
Middle Eastern Attacks | May 18th, 2015 | Never | 585 | 0 | None | - |
FindRefCLSIDs.py | May 3rd, 2015 | Never | 564 | 0 | Python | - |
DumpRTFObjects.py | May 3rd, 2015 | Never | 502 | 0 | Python | - |
CVE-2012-0158 Control Words | May 3rd, 2015 | Never | 728 | 0 | C | - |
MagedDecrypter | May 3rd, 2015 | Never | 575 | 0 | Python | - |
HexToFile.Py | Apr 27th, 2015 | Never | 513 | 0 | Python | - |
Decode_njRat_3DES | Apr 25th, 2015 | Never | 540 | 0 | Python | - |
Decoder For CyberGate XX-XX-XX-XX Resource | Apr 24th, 2015 | Never | 538 | 0 | Python | - |
RunPE Embedded Executable Extractor | Apr 22nd, 2015 | Never | 669 | 0 | Python | - |
Cyber Attack 6 njRat Source Code | Apr 18th, 2015 | Never | 831 | 0 | C# | - |
Decode_njRat_GZipVersion | Apr 18th, 2015 | Never | 505 | 0 | Python | - |
JS_Malicious_Invoice | Apr 18th, 2015 | Never | 704 | 0 | JavaScript | - |
cIR1R2_Analytics | Apr 14th, 2015 | Never | 468 | 0 | XML | - |
Flushupdate.com /etc/group | Apr 8th, 2015 | Never | 671 | 0 | C | - |
Flushupdate.com /etc/hosts | Apr 8th, 2015 | Never | 772 | 0 | C | - |
Flushupdate.com /etc/passwd | Apr 8th, 2015 | Never | 803 | 0 | C | - |
advtravel.info | Apr 8th, 2015 | Never | 557 | 0 | C | - |
WQL VirtualBox Detection | Apr 4th, 2015 | Never | 3,058 | 0 | VBScript | - |
GetWriteWatch Trick | Jun 30th, 2014 | Never | 595 | 0 | C | - |
PspProcessOpen | Nov 8th, 2013 | Never | 898 | 0 | C | - |
INT 2E / Anti-Tracing Trick | Oct 24th, 2013 | Never | 919 | 0 | C | - |
PspSetContext Nested Task EFlag Anti-Tracing Trick | Oct 19th, 2013 | Never | 955 | 0 | C | - |
NtSystemDebugControl + KdPitchDebugger | Jul 3rd, 2013 | Never | 2,456 | 0 | C | - |
KdUpdateTimeSlipEvent KernelDebugger Trick | Jul 2nd, 2013 | Never | 635 | 0 | C | - |
NtGlobalFlag As Anti-Debug Trick | Jun 4th, 2013 | Never | 895 | 0 | C | - |
PspSetContext Anti-Tracing Trick | May 9th, 2013 | Never | 815 | 0 | C | - |
InstrumentationCallback Anti-Debug+Redirection | Apr 19th, 2013 | Never | 2,765 | 0 | C | - |
Kernel VA Leak | Apr 18th, 2013 | Never | 859 | 0 | C | - |
Anti-Resource Editing | Apr 3rd, 2013 | Never | 1,235 | 0 | None | - |
Page_0x00000000 Anti-Tracing Trick | Mar 12th, 2013 | Never | 693 | 0 | C | - |
64-Bit ZwQueryObject (Detect Debuggers) | Feb 27th, 2013 | Never | 796 | 0 | C | - |
Bypass Non-Killable Process | Feb 12th, 2013 | Never | 791 | 0 | C | - |
ZwClose As Anti-Debug Trick | Feb 9th, 2013 | Never | 1,061 | 0 | C | - |
ProcessIoPriority Bug (BSOD/Non-Killable Process) | Feb 6th, 2013 | Never | 2,594 | 0 | C | - |
ThreadWow64Context | Feb 2nd, 2013 | Never | 507 | 0 | C | - |
RaiseException(0x4000001f) Anti-Olly Trick | Jan 30th, 2013 | Never | 901 | 0 | C | - |
Template Wow64Log.dll | Jan 25th, 2013 | Never | 928 | 0 | C | - |
Injecting 64Bit Dll Into 32Bit Process | Jan 25th, 2013 | Never | 1,700 | 0 | C | - |
Some Anti-Attaching Candidate Functions | Jan 25th, 2013 | Never | 671 | 0 | C | - |
Kernel Bug #0 ThreadIOPriority | Jan 23rd, 2013 | Never | 946 | 0 | C | - |
ProcessBasicInformation vs. New Flags | Jan 22nd, 2013 | Never | 760 | 0 | C | - |
ProcessExecuteFlags | Jan 21st, 2013 | Never | 715 | 0 | None | - |
LdrpIsImageSEHValidationCompatible | Jan 21st, 2013 | Never | 567 | 0 | None | - |
ProcessInstrumentationCallback | Jan 20th, 2013 | Never | 744 | 0 | C | - |
Wow64SharedInformation vs. Shellcode | Jan 19th, 2013 | Never | 718 | 0 | C | - |
Enumerate Loaded Modules (64-bit) | Jan 19th, 2013 | Never | 336 | 0 | C | - |
Get Main ThreadId Of A Process | Jan 19th, 2013 | Never | 467 | 0 | C | - |
SystemFunction0035 | Jan 14th, 2013 | Never | 475 | 0 | C | - |
Call64, Issue 64-bit System Calls | Jan 12th, 2013 | Never | 1,177 | 0 | C | - |
Redirect Execution | Jan 6th, 2013 | Never | 702 | 0 | C | - |
"Prefix+PUSHFD" Anti-Tracing Trick | Jan 4th, 2013 | Never | 632 | 0 | C | - |
"REP: PUSHFD" Anti-Tracing Trick | Jan 4th, 2013 | Never | 623 | 0 | C | - |
KERNEL: Creation of Thread Environment Block (TEB) | Dec 31st, 2012 | Never | 2,442 | 0 | None | - |
Wow64-Specific Anti-Debug Trick | Dec 26th, 2012 | Never | 1,777 | 0 | C | - |
Anti-ChildDebugging | Dec 16th, 2012 | Never | 728 | 0 | C | - |
ZwQueryInformationThread(ThreadAmILastThread) | Dec 14th, 2012 | Never | 519 | 0 | C | - |
ZwQueryInformationThread(ThreadLastSystemCall) | Dec 14th, 2012 | Never | 1,018 | 0 | C | - |
ZwQueryInformationThread(ThreadTebInformation) | Dec 14th, 2012 | Never | 697 | 0 | C | - |
SystemComPlusPackage | Dec 8th, 2012 | Never | 860 | 0 | C | - |
SuppressDllMains --> SkipThreadAttach | Dec 7th, 2012 | Never | 1,017 | 0 | C | - |
DebugActiveProcess(ParentProcessPid) Trick | Dec 2nd, 2012 | Never | 592 | 0 | C | - |
DebuggerIs32Bit | Dec 1st, 2012 | Never | 623 | 0 | None | - |
TEB.SuppressDebugMsg | Nov 22nd, 2012 | Never | 1,063 | 0 | C | - |
OllyDbg v1.10 LoadDll.hFile Trick | Nov 21st, 2012 | Never | 501 | 0 | C | - |
ZwCreateThreadEx/HiddenFromDebugger | Nov 21st, 2012 | Never | 2,662 | 0 | C | - |
OllyDbg RaiseException Anti-Debug Trick | Nov 7th, 2012 | Never | 1,275 | 0 | C | - |
VirtualBox HardDiskInfo Trick | Nov 5th, 2012 | Never | 395 | 0 | C | - |
Reversed "BaseCreateStack" | Nov 5th, 2012 | Never | 740 | 0 | C | - |
VirtualBox CPUID-SEP Trick | Nov 5th, 2012 | Never | 1,094 | 0 | C | - |
Virtual PC 2007 DR7 Trick | Oct 29th, 2012 | Never | 829 | 0 | C | - |
32_Bit --> 64_bit PE Header | Oct 24th, 2012 | Never | 541 | 0 | C | - |
SizeOfStackReserve As Anti-Attach Trick | Oct 24th, 2012 | Never | 1,577 | 0 | C | - |
Trigger STATUS_GUARD_VIOLATION | Oct 22nd, 2012 | Never | 449 | 0 | C | - |
VirtualBox VS. Hardware Breakpoints | Oct 21st, 2012 | Never | 516 | 0 | C | - |
TEB As Anti-Memory Breakpoints | Oct 20th, 2012 | Never | 1,572 | 0 | C | - |
Extract EntryPoint, ImageBase, And SizeOfImage | Oct 18th, 2012 | Never | 513 | 0 | C | - |
VBoxSharedFolderFS | Oct 18th, 2012 | Never | 1,523 | 0 | C | - |
ReadProcessMemory As Anti-Memory Breakpoints | Oct 18th, 2012 | Never | 1,910 | 0 | C | - |
DebugActiveProcess(-1) | Oct 15th, 2012 | Never | 542 | 0 | C | - |
Processors' Strings | Oct 14th, 2012 | Never | 373 | 0 | C | - |
Resume Flag Support | Oct 14th, 2012 | Never | 330 | 0 | C | - |
lpMinimumApplicationAddress & lpMaximumApplicationAddress | Oct 13th, 2012 | Never | 631 | 0 | C | - |
VirtualPC CPUID TRICK | Oct 8th, 2012 | Never | 3,769 | 0 | C | - |
Detect Hypervisor | Oct 8th, 2012 | Never | 5,705 | 0 | C | - |
VirtualPC Reset Trick | Oct 8th, 2012 | Never | 2,592 | 0 | C | - |
VirtualPC 0x0F 0x3F Combinations | Oct 8th, 2012 | Never | 1,912 | 0 | C | - |
Detect VirtualPC (The "x0Fx3F" TRICK) | Oct 8th, 2012 | Never | 2,171 | 0 | C | - |
Detect VirtualBox (Cadmus Mac Address TRICK) | Oct 7th, 2012 | Never | 3,396 | 0 | C | - |