TOOLS DISCLAIMER: A BIG WARNING!: I DON´T WILL TAKE ANY RESPONSABILITY FOR THE USE OF THESE PROGRAMS. IF A STUPID PERSON OR GROUP USE IT TO MAKE SOMETHING BAD OR MALWARE NOT IS MY FAULT. THESE TOOLS IS FOR PROTECT YOUR INFORMATION AND MORE THINGS IN THE FUTURE. REMEMBER IT! Yunpan Helper Tool - A little program maked in 2014 for crypt and decrypt (using AES) with ECDSA digital signature and hash checks. Support any type of file, but remember the limits of memory of the Java Virtual Machine. First read the readme in package for understand all, :) For suspicious people, the check in VirusTotal today. The password for the file is "Valthek" without quotes. MD5 HASH: fe408cd3b901775edc74e04425949dec SHA1 HASH: ac76bfff26bac7a5e4a6876fb84525031edb9e7b The simple POC to put a Yara file compiled with 2 detections. One is a normal detection for a dummy file, but the another is a full PE a little hidden. With this file compiled and the program that get the yara file and get the PE as normal and launch it, you get a execution from a "innocent" yara file. Included in the package goes the dummy.exe to try detect the first detection, the yara rule without compiling, the 2 PE in normal way (only show a MessageBox), the Yara rule compiled and the program to run with the argument to the Yara compiled file. The POC don´t check that is the correct one, it is only a simple POC. Improve if you think that it is interesting. Of course the POC left the file in disk, but a real problem here can be that the final file will be a shellcode or a PE that is run in memory instead left in the disk. SHA1 HASH: 145646be3740161effeb8888be08aec54e0a9884 SHA256 HASH: f3e772bbe9a80b29b5d09d19edfb99d4193a9574a31a3eef67c96a663ec13ee6 Password: Valthek As not all people understand that i try explain in my tweets and the video i maked a little PDF that explain that about the malicious detections in Yara files.