Dropped Files

Name 642c4f1bd3ff5114_eeintl.dll
Download Submit file
Filepath C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\EEINTL.DLL
Size 27.2MB
Processes 2848 (6252e9f1addf8d9b83f7777fdd29624e90b70c96dbf29645a913c7f9348a0c64.exe)
Type PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5 86d4a7fce70763f9a63a4514762ac016
SHA1 008bf7c269e7b86797e7294fc06f6f1686103678
SHA256 642c4f1bd3ff511478612c4a0009d87da0e6db91ab1f61ec52985592369b651d
CRC32 4BD37567
ssdeep None
Yara
  • PoetRat_Python - (no description)
  • Base64_encoded_Executable - Detects an base64 encoded executable (often embedded)
  • DebuggerException__ConsoleCtrl - (no description)
  • DebuggerException__SetConsoleCtrl - (no description)
  • SEH__vectored - (no description)
  • create_service - Create a windows service
  • network_udp_sock - Communications over UDP network
  • network_tcp_listen - Listen for incoming communication
  • network_tcp_socket - Communications over RAW socket
  • network_dns - Communications use DNS
VirusTotal Search for analysis
Name ff185ec81d19e900_dw20.exe
Download Submit file
Filepath C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE
Size 27.1MB
Processes 2848 (6252e9f1addf8d9b83f7777fdd29624e90b70c96dbf29645a913c7f9348a0c64.exe)
Type PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5 77f56e880f6477354cf908d184446caa
SHA1 1590cad3a3f2534251168cc550a4389fd63d02a9
SHA256 ff185ec81d19e9006e981a36ddd5a64d67f16e0fd2d1d936f85700a0c8c02a67
CRC32 644524FE
ssdeep None
Yara
  • PoetRat_Python - (no description)
  • Base64_encoded_Executable - Detects an base64 encoded executable (often embedded)
  • DebuggerException__ConsoleCtrl - (no description)
  • DebuggerException__SetConsoleCtrl - (no description)
  • SEH__vectored - (no description)
  • create_service - Create a windows service
  • network_udp_sock - Communications over UDP network
  • network_tcp_listen - Listen for incoming communication
  • network_tcp_socket - Communications over RAW socket
  • network_dns - Communications use DNS
VirusTotal Search for analysis
Cuckoo

We're processing your submission... This could take a few seconds.