| Name / Title | Added | Expires | Hits | Comments | Syntax | |
|---|---|---|---|---|---|---|
| _SYSTEM_MEMORY_USAGE_INFORMATION | Oct 11th, 2022 | Never | 1,237 | 0 | C | - |
| _SYSTEM_PERFORMANCE_INFORMATION | Oct 10th, 2022 | Never | 1,073 | 0 | C | - |
| BATTC.SYS!BatteryClassIoctl Kernel Memory Disclosure | Oct 23rd, 2021 | Never | 1,394 | 0 | C | - |
| nt!ObpCreateSymbolicLinkName Race Condition Write-Beyond-Boundary | Oct 14th, 2021 | Never | 9,005 | 0 | C | - |
| Reversed ObpCreateSymbolicLinkName | Oct 14th, 2021 | Never | 1,608 | 0 | C | - |
| iorate.sys DoS | May 30th, 2021 | Never | 2,144 | 0 | C | - |
| AllocAtHighestUserAddressBuffer | May 14th, 2021 | Never | 1,237 | 0 | C | - |
| Reversed nt!PiControlQueryConflictList | May 2nd, 2021 | Never | 1,692 | 0 | C | - |
| Generated Custom .LNK File | Oct 13th, 2016 | Never | 1,881 | 1 | VBScript | - |
| UNC Path Bug | Oct 10th, 2016 | Never | 574 | 0 | PowerShell | - |
| Bit9 Bug 0 | Sep 26th, 2016 | Never | 827 | 0 | C | - |
| Middle Eastern Attacks | May 18th, 2015 | Never | 766 | 0 | None | - |
| FindRefCLSIDs.py | May 3rd, 2015 | Never | 724 | 0 | Python | - |
| DumpRTFObjects.py | May 3rd, 2015 | Never | 630 | 0 | Python | - |
| CVE-2012-0158 Control Words | May 3rd, 2015 | Never | 862 | 0 | C | - |
| MagedDecrypter | May 3rd, 2015 | Never | 721 | 0 | Python | - |
| HexToFile.Py | Apr 27th, 2015 | Never | 650 | 0 | Python | - |
| Decode_njRat_3DES | Apr 25th, 2015 | Never | 677 | 0 | Python | - |
| Decoder For CyberGate XX-XX-XX-XX Resource | Apr 24th, 2015 | Never | 677 | 0 | Python | - |
| RunPE Embedded Executable Extractor | Apr 22nd, 2015 | Never | 802 | 0 | Python | - |
| Cyber Attack 6 njRat Source Code | Apr 18th, 2015 | Never | 984 | 0 | C# | - |
| Decode_njRat_GZipVersion | Apr 18th, 2015 | Never | 628 | 0 | Python | - |
| JS_Malicious_Invoice | Apr 18th, 2015 | Never | 830 | 0 | JavaScript | - |
| cIR1R2_Analytics | Apr 14th, 2015 | Never | 589 | 0 | XML | - |
| Flushupdate.com /etc/group | Apr 8th, 2015 | Never | 794 | 0 | C | - |
| Flushupdate.com /etc/hosts | Apr 8th, 2015 | Never | 907 | 0 | C | - |
| Flushupdate.com /etc/passwd | Apr 8th, 2015 | Never | 934 | 0 | C | - |
| advtravel.info | Apr 8th, 2015 | Never | 673 | 0 | C | - |
| WQL VirtualBox Detection | Apr 4th, 2015 | Never | 3,505 | 0 | VBScript | - |
| GetWriteWatch Trick | Jun 30th, 2014 | Never | 699 | 0 | C | - |
| PspProcessOpen | Nov 8th, 2013 | Never | 1,042 | 0 | C | - |
| INT 2E / Anti-Tracing Trick | Oct 24th, 2013 | Never | 1,106 | 0 | C | - |
| PspSetContext Nested Task EFlag Anti-Tracing Trick | Oct 19th, 2013 | Never | 1,134 | 0 | C | - |
| NtSystemDebugControl + KdPitchDebugger | Jul 3rd, 2013 | Never | 2,742 | 0 | C | - |
| KdUpdateTimeSlipEvent KernelDebugger Trick | Jul 2nd, 2013 | Never | 796 | 0 | C | - |
| NtGlobalFlag As Anti-Debug Trick | Jun 4th, 2013 | Never | 1,048 | 0 | C | - |
| PspSetContext Anti-Tracing Trick | May 9th, 2013 | Never | 964 | 0 | C | - |
| InstrumentationCallback Anti-Debug+Redirection | Apr 19th, 2013 | Never | 3,118 | 0 | C | - |
| Kernel VA Leak | Apr 18th, 2013 | Never | 1,006 | 0 | C | - |
| Anti-Resource Editing | Apr 3rd, 2013 | Never | 1,550 | 5 | None | - |
| Page_0x00000000 Anti-Tracing Trick | Mar 12th, 2013 | Never | 825 | 0 | C | - |
| 64-Bit ZwQueryObject (Detect Debuggers) | Feb 27th, 2013 | Never | 981 | 0 | C | - |
| Bypass Non-Killable Process | Feb 12th, 2013 | Never | 939 | 0 | C | - |
| ZwClose As Anti-Debug Trick | Feb 9th, 2013 | Never | 1,251 | 0 | C | - |
| ProcessIoPriority Bug (BSOD/Non-Killable Process) | Feb 6th, 2013 | Never | 2,888 | 0 | C | - |
| ThreadWow64Context | Feb 2nd, 2013 | Never | 639 | 0 | C | - |
| RaiseException(0x4000001f) Anti-Olly Trick | Jan 30th, 2013 | Never | 1,120 | 0 | C | - |
| Template Wow64Log.dll | Jan 25th, 2013 | Never | 1,156 | 0 | C | - |
| Injecting 64Bit Dll Into 32Bit Process | Jan 25th, 2013 | Never | 1,945 | 0 | C | - |
| Some Anti-Attaching Candidate Functions | Jan 25th, 2013 | Never | 815 | 0 | C | - |
| Kernel Bug #0 ThreadIOPriority | Jan 23rd, 2013 | Never | 1,228 | 0 | C | - |
| ProcessBasicInformation vs. New Flags | Jan 22nd, 2013 | Never | 904 | 0 | C | - |
| ProcessExecuteFlags | Jan 21st, 2013 | Never | 892 | 0 | None | - |
| LdrpIsImageSEHValidationCompatible | Jan 21st, 2013 | Never | 751 | 0 | None | - |
| ProcessInstrumentationCallback | Jan 20th, 2013 | Never | 894 | 0 | C | - |
| Wow64SharedInformation vs. Shellcode | Jan 19th, 2013 | Never | 867 | 0 | C | - |
| Enumerate Loaded Modules (64-bit) | Jan 19th, 2013 | Never | 470 | 0 | C | - |
| Get Main ThreadId Of A Process | Jan 19th, 2013 | Never | 635 | 0 | C | - |
| SystemFunction0035 | Jan 14th, 2013 | Never | 644 | 0 | C | - |
| Call64, Issue 64-bit System Calls | Jan 12th, 2013 | Never | 1,485 | 0 | C | - |
| Redirect Execution | Jan 6th, 2013 | Never | 850 | 0 | C | - |
| "Prefix+PUSHFD" Anti-Tracing Trick | Jan 4th, 2013 | Never | 767 | 0 | C | - |
| "REP: PUSHFD" Anti-Tracing Trick | Jan 4th, 2013 | Never | 737 | 0 | C | - |
| KERNEL: Creation of Thread Environment Block (TEB) | Dec 31st, 2012 | Never | 2,897 | 10 | None | - |
| Wow64-Specific Anti-Debug Trick | Dec 26th, 2012 | Never | 2,081 | 1 | C | - |
| Anti-ChildDebugging | Dec 16th, 2012 | Never | 875 | 0 | C | - |
| ZwQueryInformationThread(ThreadAmILastThread) | Dec 14th, 2012 | Never | 708 | 0 | C | - |
| ZwQueryInformationThread(ThreadLastSystemCall) | Dec 14th, 2012 | Never | 1,200 | 0 | C | - |
| ZwQueryInformationThread(ThreadTebInformation) | Dec 14th, 2012 | Never | 881 | 0 | C | - |
| SystemComPlusPackage | Dec 8th, 2012 | Never | 1,003 | 0 | C | - |
| SuppressDllMains --> SkipThreadAttach | Dec 7th, 2012 | Never | 1,272 | 0 | C | - |
| DebugActiveProcess(ParentProcessPid) Trick | Dec 2nd, 2012 | Never | 708 | 0 | C | - |
| DebuggerIs32Bit | Dec 1st, 2012 | Never | 812 | 0 | None | - |
| TEB.SuppressDebugMsg | Nov 22nd, 2012 | Never | 1,320 | 0 | C | - |
| OllyDbg v1.10 LoadDll.hFile Trick | Nov 21st, 2012 | Never | 685 | 0 | C | - |
| ZwCreateThreadEx/HiddenFromDebugger | Nov 21st, 2012 | Never | 3,043 | 0 | C | - |
| OllyDbg RaiseException Anti-Debug Trick | Nov 7th, 2012 | Never | 1,525 | 1 | C | - |
| VirtualBox HardDiskInfo Trick | Nov 5th, 2012 | Never | 535 | 0 | C | - |
| Reversed "BaseCreateStack" | Nov 5th, 2012 | Never | 966 | 0 | C | - |
| VirtualBox CPUID-SEP Trick | Nov 5th, 2012 | Never | 1,329 | 0 | C | - |
| Virtual PC 2007 DR7 Trick | Oct 29th, 2012 | Never | 1,153 | 9 | C | - |
| 32_Bit --> 64_bit PE Header | Oct 24th, 2012 | Never | 710 | 0 | C | - |
| SizeOfStackReserve As Anti-Attach Trick | Oct 24th, 2012 | Never | 1,842 | 0 | C | - |
| Trigger STATUS_GUARD_VIOLATION | Oct 22nd, 2012 | Never | 582 | 0 | C | - |
| VirtualBox VS. Hardware Breakpoints | Oct 21st, 2012 | Never | 666 | 0 | C | - |
| TEB As Anti-Memory Breakpoints | Oct 20th, 2012 | Never | 1,860 | 0 | C | - |
| Extract EntryPoint, ImageBase, And SizeOfImage | Oct 18th, 2012 | Never | 658 | 0 | C | - |
| VBoxSharedFolderFS | Oct 18th, 2012 | Never | 1,821 | 0 | C | - |
| ReadProcessMemory As Anti-Memory Breakpoints | Oct 18th, 2012 | Never | 2,227 | 0 | C | - |
| DebugActiveProcess(-1) | Oct 15th, 2012 | Never | 695 | 0 | C | - |
| Processors' Strings | Oct 14th, 2012 | Never | 563 | 0 | C | - |
| Resume Flag Support | Oct 14th, 2012 | Never | 474 | 0 | C | - |
| lpMinimumApplicationAddress & lpMaximumApplicationAddress | Oct 13th, 2012 | Never | 779 | 0 | C | - |
| VirtualPC CPUID TRICK | Oct 8th, 2012 | Never | 4,150 | 0 | C | - |
| Detect Hypervisor | Oct 8th, 2012 | Never | 6,051 | 0 | C | - |
| VirtualPC Reset Trick | Oct 8th, 2012 | Never | 2,995 | 0 | C | - |
| VirtualPC 0x0F 0x3F Combinations | Oct 8th, 2012 | Never | 2,159 | 0 | C | - |
| Detect VirtualPC (The "x0Fx3F" TRICK) | Oct 8th, 2012 | Never | 2,518 | 0 | C | - |
| Detect VirtualBox (Cadmus Mac Address TRICK) | Oct 7th, 2012 | Never | 3,723 | 0 | C | - |
