issues
search
mttaggart
/
wtfbins
WTF are these binaries doing?! A list of benign applications that mimic malicious behavior.
MIT License
141
stars
10
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
[New WTFBin]: OpenVAS runs WMIExec
#54
mttaggart
opened
1 month ago
0
[New WTFBin]: WTFBIN Here
#53
ThureinOo
opened
3 months ago
0
[New WTFBin]: WTFBIN Here
#52
ThureinOo
opened
3 months ago
0
[New WTFBin]: Jetbrains IDE using WMI to query antivirus product
#51
ThureinOo
closed
3 months ago
2
[New WTFBin]: IBM Storage Insights Data Collector Runs Batch Script with WMIC Process Call Create
#50
mbabinski
closed
3 months ago
2
[New WTFBin]: WTFBIN Here
#49
0xDeadcell
closed
5 months ago
1
[New WTFBin]: code.exe spawn cmd.exe
#48
ThureinOo
closed
5 months ago
1
[New WTFBin]: Trojan.exe
#47
mvarian
closed
5 months ago
2
[New WTFBin]: Nutanix Guest Tools Runs Encoded Powershell Commands
#46
mbabinski
closed
9 months ago
1
[New WTFBin]: Cisco Jabber outputs system info to files
#45
Alex-Walston
closed
5 months ago
8
[New WTFBin]: SecurityHealthService.exe
#44
59e5aaf4
opened
1 year ago
0
[New WTFBin]: SenseIR Executes Encoded PowerShell
#43
adamcysec
closed
9 months ago
3
[New WTFBin]: WTFBIN Here
#42
alexvzd
closed
1 year ago
1
[New WTFBin]: gc_worker.exe
#41
rcegan
closed
1 year ago
1
[New WTFBin]: Guest user tries to login whenever a folder gets shared with "Everyone"
#40
ygil1234
closed
9 months ago
1
[New WTFBin]: iManage Document Protection
#39
cbecks2
closed
1 year ago
1
[New WTFBin]: Avast Antivirus attempts SSH connections to neighbor hosts
#38
mttaggart
closed
1 year ago
1
[New WTFBin]: TrendMicro HostedAgent.exe
#37
biffalo
closed
1 year ago
1
[New WTFBin]: AdobeUpdateService
#36
joshnck
opened
1 year ago
1
[New WTFBin]: microsoft.todos.systemtrayextension.exe
#35
redblueops
closed
1 year ago
1
Nextjs
#34
mttaggart
closed
1 year ago
0
[New WTFBin]: McAfee antivirus
#33
pspacek
closed
1 year ago
3
[New WTFBin]: ESET protection suite
#32
pspacek
closed
1 year ago
3
[New WTFBin]: SCS' PowerView.exe triggers PowerSploit's detection
#31
Purp1eW0lf
closed
1 year ago
2
[New WTFBin]: WTFBIN Here
#30
mthrfcknruckus
closed
1 year ago
3
[New WTFBin]: logmein.com
#29
joaociocca
closed
1 year ago
1
[New WTFBin]: ArcGIS deploys whoami.exe
#28
Purp1eW0lf
closed
1 year ago
1
[New WTFBin]: Android MobileWips App Makes DNS Query for google[.]com[.]onion
#27
mbabinski
closed
1 year ago
3
[New WTFBin]: Snow Inventory Agent (snowagent.exe) runs PowerShell which resembles shellcode
#26
lukejjh
closed
1 year ago
1
[New WTFBin]: PsExec v2.30
#25
umairqamar
closed
1 year ago
4
[New WTFBin]: SentinelOne
#24
Purp1eW0lf
closed
2 years ago
4
Rich text for WTFBin Descriptions
#23
mttaggart
closed
2 years ago
2
[New WTFBin]: Suspicious characters in command line arguments for Ivanti Endpoint Manager logging processes
#22
mbabinski
closed
2 years ago
1
[New WTFBin]: WTFBIN bdbicextractor.exe
#21
redblueops
closed
2 years ago
1
[New WTFBin]: WTFBIN Here
#20
dakinedakine99
closed
1 year ago
6
[GetPendingUpdates_vbs.CMD]: GetPendingUpdates_vbs.CMD from Solarwinds
#19
umairqamar
closed
1 year ago
2
Powershell_ise.exe
#18
dakkmaddy
closed
2 years ago
1
[New WTFBin]: AGMServive.exe LSASS read
#17
g1ng3rr00t
closed
2 years ago
1
[New WTFBin]: WTFBIN Here
#16
MATTANDERS0N
closed
2 years ago
1
[Update] Update Nimlang Binaries WTF Bin with this gem of a screenshot
#15
HuskyHacks
closed
2 years ago
1
[New WTFBin]: Silver Bullet Technology's Ranger runs a Bloodhound.exe
#14
Purp1eW0lf
closed
2 years ago
3
[DameWare Mini Control]: DameWare.exe
#13
tallcyberguy
opened
2 years ago
2
Cisco AnyConnect: Diagnose Connection Issues, WHOAMI as system
#12
no2aq
opened
2 years ago
1
[New WTFBin]: RingCentral.exe (Meeting platform)
#11
WidespreadPandemic
closed
2 years ago
2
Squirrel.exe: (MS Teams)
#10
SpikeRoche
closed
2 years ago
4
LogMeIn.exe (LogMeIn Product Suite)
#9
WidespreadPandemic
closed
2 years ago
2
Add common installation paths
#8
hRun
opened
2 years ago
0
[New WTFBin]: reader_sl.exe" launches "I run" for no damn reason
#7
59e5aaf4
closed
2 years ago
3
[New WTFBin]: Windows USB Link-local IP addresses (169.254.0.0/16) on the host PC
#6
knightwolfjk
closed
2 years ago
2
[New WTFBin]: Network Detective Data Collector
#5
Purp1eW0lf
closed
2 years ago
2
Next