Cuckoo Sandbox

Name	1e962f488655c5e5_eeintl.dll Download Submit file
Filepath	C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\EEINTL.DLL
Size	27.8MB
Processes	668 (642c4f1bd3ff5114_eeintl.dll)
Type	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5	`7936d564b9fedc6575f62f2c687baeae`
SHA1	`81c8e22b7a27b4bba4ef666ce37eedb4c1c35abc`
SHA256	`1e962f488655c5e536898a98a22b7bb254b916d5aaa1ff18ba729c1501053f09`
CRC32	`1D8C07B1`
ssdeep	`None`
Yara	PoetRat_Python - (no description) Base64_encoded_Executable - Detects an base64 encoded executable (often embedded) DebuggerException__ConsoleCtrl - (no description) DebuggerException__SetConsoleCtrl - (no description) SEH__vectored - (no description) create_service - Create a windows service network_udp_sock - Communications over UDP network network_tcp_listen - Listen for incoming communication network_tcp_socket - Communications over RAW socket network_dns - Communications use DNS
VirusTotal	Search for analysis

Name	2901a4a1374cc92c_dw20.exe Download Submit file
Filepath	C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE
Size	27.9MB
Processes	668 (642c4f1bd3ff5114_eeintl.dll)
Type	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5	`3fdaabb41460692783ecbc9eb18859d8`
SHA1	`c8e973d690b4a24560c02f497df4bef6ac961df0`
SHA256	`2901a4a1374cc92c92cfb949adfb41d41d730c876472dc040b9e30bc5433979f`
CRC32	`F747EDD5`
ssdeep	`None`
Yara	PoetRat_Python - (no description) Base64_encoded_Executable - Detects an base64 encoded executable (often embedded) DebuggerException__ConsoleCtrl - (no description) DebuggerException__SetConsoleCtrl - (no description) SEH__vectored - (no description) create_service - Create a windows service network_udp_sock - Communications over UDP network network_tcp_listen - Listen for incoming communication network_tcp_socket - Communications over RAW socket network_dns - Communications use DNS
VirusTotal	Search for analysis

Dropped Files