| BH12323 | Executes a Base64-encoded string. | |
| BH13263 | Executes a Base32-encoded string. | |
| BH13264 | Executes a Base16-encoded string. | |
| BH13265 | Executes LZMA-compressed data. | |
| BH13266 | Executes BZip2-compressed data. | |
| BH13267 | Executes Zlib-compressed data. | |
| BH13268 | Executes GZip-compressed data. | |
| BH15101 | Probably obfuscated with AgileDotNet .NET obfuscator. | |
| BH15102 | Probably obfuscated with AsStrongAsF .NET obfuscator. | |
| BH15103 | Probably obfuscated with AtomicProtector .NET obfuscator. | |
| BH15104 | Probably obfuscated with Babel .NET obfuscator. | |
| BH15105 | Probably obfuscated with Beds-Protector .NET obfuscator. | |
| BH15106 | Probably obfuscated with Ben Mhenni Protect .NET obfuscator. | |
| BH15107 | Probably obfuscated with BitHelmet HVM .NET obfuscator. | |
| BH15108 | Probably obfuscated with CodeVeil .NET obfuscator. | |
| BH15109 | Probably obfuscated with CodeWall .NET obfuscator. | |
| BH15110 | Probably obfuscated with Confuser .NET obfuscator. | |
| BH15111 | Probably obfuscated with CryptoObfuscator .NET obfuscator. | |
| BH15112 | Probably obfuscated with DeepSeaObfuscator .NET obfuscator. | |
| BH15113 | Probably obfuscated with DNGuard HVM .NET obfuscator. | |
| BH15114 | Probably obfuscated with Dotfuscator .NET obfuscator. | |
| BH15115 | Probably obfuscated with DotNetGuard .NET obfuscator. | |
| BH15116 | Probably obfuscated with DotNetPatcher .NET obfuscator. | |
| BH15117 | Probably obfuscated with dotNetProtector .NET obfuscator. | |
| BH15118 | Probably obfuscated with DotNetSafer .NET obfuscator. | |
| BH15119 | Probably obfuscated with Eziriz's .NET Reactor obfuscator. | |
| BH15120 | Probably obfuscated with Fody .NET obfuscator. | |
| BH15121 | Probably obfuscated with Goldfuscator .NET obfuscator. | |
| BH15122 | Probably obfuscated with Goliath .NET obfuscator. | |
| BH15123 | Probably obfuscated with IntelliProtector .NET obfuscator. | |
| BH15124 | Probably obfuscated with Lime-Crypter .NET obfuscator. | |
| BH15125 | Probably obfuscated with MdCrypt .NET obfuscator. | |
| BH15126 | Probably obfuscated with ModPhuserEx .NET obfuscator. | |
| BH15127 | Probably obfuscated with NETGuard .NET obfuscator. | |
| BH15128 | Probably obfuscated with NineRays .NET obfuscator. | |
| BH15129 | Probably obfuscated with Obfuscator.NET 2009 obfuscator. | |
| BH15130 | Probably obfuscated with Orange Heap .NET obfuscator. | |
| BH15131 | Probably obfuscated with PandaObfuscator .NET obfuscator. | |
| BH15132 | Probably obfuscated with Phoenix Protector .NET obfuscator. | |
| BH15133 | Probably obfuscated with Skater .NET obfuscator. | |
| BH15134 | Probably obfuscated with SmartAssembly .NET obfuscator. | |
| BH15135 | Probably obfuscated with StrongVM .NET obfuscator. | |
| BH15136 | Probably obfuscated with VaporObfusactor .NET obfuscator. | |
| BH15137 | Probably obfuscated with Xenocode .NET obfuscator. | |
| BH15138 | Probably obfuscated with Yano .NET obfuscator. | |
| BH15139 | Probably obfuscated with Z00bfuscator .NET obfuscator. | |
| BH15140 | Probably packed with .netshrink packer. | |
| BH15141 | Probably packed with a .NET packer employing the RunPE technique. | |
| BH15142 | Probably packed with BoxedApp packer. | |
| BH15143 | Probably packed with ObfPacker .NET packer. | |
| BH15144 | Probably packed with Rustemsoft Guardship Protector. | |
| BH15145 | Encodes data using the Base64 algorithm. | |
| BH15147 | Encrypts data. | |
| BH15149 | Encrypts data using Advanced Encryption Standard (AES). | |
| BH15150 | Encrypts data using the Cryptographic Message Syntax (CMS). | |
| BH15154 | Decodes hex or base64-encoded streams. | |
| BH15157 | Decrypts data. | |
| BH15158 | Contains PowerShell script packed with PS2EXE. | |
| BH15169 | Contains Base16-encoded PE file. | |
| BH15179 | Base64 decodes files with certutil. | |
| BH15180 | Base64 encodes files with certutil. | |
| BH15182 | Contains potentially obfuscated code or data. | |
| BH15183 | Converts binary data to its string representation, commonly used in obfuscation. | |
| BH15186 | Decodes data using the Base64 algorithm. | |
| BH15188 | Decodes data using the Base32 algorithm. | |
| BH15195 | Encodes data using the uuencode algorithm. | |
| BH15196 | Decodes data using the uuencode algorithm. | |
| BH15197 | Compresses data using the RLE (Run-Length Encoding) algorithm. | |
| BH15198 | Decompresses data using the RLE (Run-Length Encoding) algorithm. | |
| BH15201 | Compresses data using the BZip2 algorithm. | |
| BH15202 | Decompresses data using the BZip2 algorithm. | |
| BH15203 | Compresses data using the GZip algorithm. | |
| BH15204 | Decompresses data using the GZip algorithm. | |
| BH15205 | Compresses data using the LZMA algorithm. | |
| BH15206 | Decompresses data using the LZMA algorithm. | |
| BH15207 | Compresses data using the Zlib algorithm. | |
| BH15208 | Decompresses data using the Zlib algorithm. | |
| BH15209 | Encrypts a password using the crypt() Unix password encryption function. | |
| BH15235 | Compresses or decompresses data using the Deflate algorithm. | |
| BH15236 | Compresses or decompresses data using the GZip algorithm. | |
| BH15251 | Decrypts data using Advanced Encryption Standard (AES). | |
| BH15252 | Encrypts data using ARIA cipher. | |
| BH15253 | Encrypts data using Blowfish cipher. | |
| BH15254 | Encrypts data using Camellia cipher. | |
| BH15255 | Encrypts data using CAST5 cipher. | |
| BH15256 | Encrypts data using ChaCha20 cipher. | |
| BH15257 | Encrypts data using Data Encryption Standard (DES). | |
| BH15258 | Encrypts data using RC2 cipher. | |
| BH15259 | Encrypts data using RC4 cipher. | |
| BH15260 | Encrypts data using SEED cipher. | |
| BH15261 | Encrypts data using SM4 cipher. | |
| BH15262 | Decrypts data using ARIA cipher. | |
| BH15263 | Decrypts data using Blowfish cipher. | |
| BH15264 | Decrypts data using Camellia cipher. | |
| BH15265 | Decrypts data using CAST5 cipher. | |
| BH15266 | Decrypts data using ChaCha20 cipher. | |
| BH15267 | Decrypts data using Data Encryption Standard (DES). | |
| BH15268 | Decrypts data using RC2 cipher. | |
| BH15269 | Decrypts data using the RC4 cipher. | |
| BH15270 | Decrypts data using SM4 cipher. | |
| BH15271 | Decrypts data using SEED cipher. | |
| BH15272 | Uses the Scrpyt key derivation function. | |
| BH15275 | Generates a cryptographic key. | |
| BH15276 | Generates a new asymmetric key pair of the given type. | |
| BH15277 | Uses HKDF key derivation function. | |
| BH15278 | Uses PBKDF2 key derivation function. | |
| BH15279 | Decrypts data using RSA with a given private key. | |
| BH15280 | Encrypts data using RSA with a given private key. | |
| BH15281 | Decrypts data using RSA with a given public key. | |
| BH15282 | Encrypts data using RSA with a given public key. | |
| BH15284 | Compresses data using the Brotli algorithm. | |
| BH15285 | Decompresses data using the Brotli algorithm. | |
| BH15294 | Encrypts data using RC5 cipher. | |
| BH15295 | Decrypts data using RC5 cipher. | |
| BH15296 | Encrypts data using International Data Encryption Algorithm (IDEA). | |
| BH15297 | Decrypts data using International Data Encryption Algorithm (IDEA). | |
| BH15300 | Creates a cryptographic hash of data. | |
| BH15303 | Generates a new RSA key pair. | |
| BH15304 | Encrypts a PEM block. | |
| BH15305 | Decrypts a PEM block. | |
| BH15306 | Decompresses data using the Inflate algorithm. | |
| BH15307 | Decrypts data using the Cryptographic Message Syntax (CMS). | |
| BH15308 | Decrypts data using the Windows Cryptography API. | |
| BH15309 | Decodes and decrypts data using the Windows Cryptography API. | |
| BH15310 | Compresses data using the LZW algorithm. | |
| BH15311 | Decompresses data using the LZW algorithm. | |
| BH15312 | Encodes/decodes data using ROT13. | |
| BH15317 | Encrypts data using Fernet. | |
| BH15318 | Decrypts data using Fernet. | |
| BH20119 | Uses a Nishang command to decode a Base64 string to a readable string. | |
| BH20120 | Uses a Nishang command to decode data encoded by the Nishang Invoke-Encode function. | |
| BH20130 | Uses a Nishang command to encode and compress plain data. | |
| BH20131 | Uses a Nishang command to encode/decode string to ROT13. | |
| BH20170 | Uses PowerSploit/Empire command to compress, Base64 encode, and generate command-line output for a PowerShell payload script. | |
| BH20171 | Uses PowerSploit/Empire command to compress, Base64 encode, and output generated code to load a managed DLL in memory. | |
| BH20313 | Uses PowerSploit/Empire command to strip comments and extra whitespace from a script. | |
| BH20328 | Uses Invoke-Obfuscation framework commands to obfuscate PowerShell scripts and commands. | |
