Sample details: 752af597e6d9fd70396accc0b9013dbe --

Hashes
MD5: 752af597e6d9fd70396accc0b9013dbe
SHA1: 5e1f56c1e57fbff96d4999db1fd6dd0f7d8221df
SHA256: 9412a66bc81f51a1fa916ac47c77e02ac1a7c9dff543233ed70aa265ef6a1e76
SSDEEP: 3072:LWJE+I/l81jT8jO3HTVNZHz4fz6SQgR/IU5+4JrJjE9:LqEl98RTMOXRNp0LhQgVh+cJM
Details
File Type: PE32
Yara Hits
YRP/Armadillo_v1xx_v2xx_additional | YRP/Microsoft_Visual_Cpp_60_DLL_additional | YRP/Microsoft_Visual_Cpp_v70_DLL | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Microsoft_Visual_Cpp_60_DLL_Debug | YRP/Armadillo_v1xx_v2xx | YRP/Microsoft_Visual_Cpp_v60_DLL | YRP/Microsoft_Visual_Cpp_60_DLL | YRP/Microsoft_Visual_Cpp_60 | YRP/Armadillov1xxv2xx | YRP/IsPE32 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/win_mutex | YRP/win_registry | YRP/win_token | YRP/win_private_profile | YRP/win_files_operation | YRP/win_hook | YRP/CRC32_poly_Constant | YRP/CRC32_table | YRP/Str_Win32_Winsock2_Library | YRP/apt_equation_equationlaser_runtimeclasses | YRP/Equation_Kaspersky_EquationLaserInstaller | FlorianRoth/apt_equation_equationlaser_runtimeclasses | FlorianRoth/Equation_Kaspersky_EquationLaserInstaller |
Source
http://94.130.104.170/EquationLaser_752AF597E6D9FD70396ACCC0B9013DBE
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
Shared
@.reloc
"ur8^@t
VD9NHt	
VH9NLt	
FX9N\t	
V\9N`t
F4;FXv
HHtAHt
Gf;~@r
f;G@s.
@9Ht<Ht%Ht
VQVVVVh
YHYt&Hu
Ht}Huz
F0QPVh^0
+9~0u&
@@NNIu
PSShf7
P9:QTt
P9:QTt
\tWHt4
4t"Huo
QQSUVW
F4tYSS
^$9^@u
_^][YY
SVWj X
t4WWWj
SFSFVP
@S@UPhP
t0WVVVj
HVHWtQ
LWVVVV
SVWjI3
PSSSSh
PSSSSh
D$ SPh
SPj1VWVhH%"
SPj1VW
!!!!!!!
!!!!!!!!!!!!!
 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
RQPQPQP
RQPQPQP
QQSVW3
w\<@uGV
QSUVWh
_^]v3h
t$ Wh0
|$,QWh8
SUVWPj
uAPPj	P
T$(QPR
T$4QWR
T$0CQR
Clt*9k`t%9kdt 9kht
Cpu	^]
F|_^]3
V0t.;F
v/;F8t
D$(_^]
PSSSSSSVS
9EHYu"
PQQQQQQ
WS2_32.dll
GetTickCount
lstrcpyA
lstrlenA
lstrcmpA
GetLastError
SetThreadPriority
GetCurrentThread
CloseHandle
DeviceIoControl
SleepEx
ResumeThread
TerminateThread
WaitForMultipleObjects
GetVersion
ReleaseSemaphore
InterlockedDecrement
InterlockedIncrement
CreateFileA
GetVersionExA
SetErrorMode
FreeLibrary
GetProcAddress
LoadLibraryA
CreateMutexA
GetSystemTimeAsFileTime
lstrcatA
GetComputerNameA
CreateSemaphoreA
GetCurrentProcess
MultiByteToWideChar
WaitForSingleObject
GetSystemTime
CreateMailslotA
WriteFile
ReadFile
GetMailslotInfo
UnmapViewOfFile
lstrcmpiA
MapViewOfFile
CreateFileMappingA
HeapAlloc
GetProcessHeap
lstrcpynA
GetFileSize
HeapFree
SetEvent
CreateEventA
FreeLibraryAndExitThread
GlobalAlloc
GetWindowsDirectoryA
FindClose
FileTimeToDosDateTime
FileTimeToLocalFileTime
FindFirstFileA
FindNextFileA
GetSystemDirectoryA
CopyFileA
DeleteFileA
SetFileTime
LocalFree
LocalAlloc
SetFileAttributesA
GetFileTime
GetFileAttributesA
FindCloseChangeNotification
FindNextChangeNotification
RemoveDirectoryA
FindFirstChangeNotificationA
CreateDirectoryA
GetModuleHandleA
WideCharToMultiByte
GetLocalTime
GetDriveTypeA
GetVolumeInformationA
ResetEvent
WaitForSingleObjectEx
SetFilePointer
LocalReAlloc
GetCurrentProcessId
GetCurrentThreadId
InterlockedExchange
lstrcpyW
lstrlenW
lstrcmpW
LoadLibraryW
GetDiskFreeSpaceA
GetLogicalDriveStringsA
OpenProcess
GetTempPathA
LocalFileTimeToFileTime
DosDateTimeToFileTime
FindFirstFileW
CopyFileW
CreateDirectoryW
CreateFileW
DeleteFileW
RemoveDirectoryW
CreateProcessA
CreateProcessW
GetStartupInfoA
GetStartupInfoW
MoveFileA
MoveFileW
WritePrivateProfileStringA
MoveFileExA
MoveFileExW
GetFileAttributesW
SetFileAttributesW
FindNextFileW
CompareFileTime
GetCurrentDirectoryA
GetCurrentDirectoryW
SetCurrentDirectoryA
SetCurrentDirectoryW
KERNEL32.dll
ExitWindowsEx
wsprintfA
EnumWindows
GetWindowTextA
GetWindowThreadProcessId
CallNextHookEx
CloseDesktop
CloseWindowStation
SetThreadDesktop
OpenDesktopA
SetProcessWindowStation
OpenWindowStationA
GetThreadDesktop
GetProcessWindowStation
UnhookWindowsHookEx
SetWindowsHookExA
MessageBoxA
CharUpperA
CharUpperW
USER32.dll
CloseServiceHandle
OpenSCManagerA
RegCloseKey
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegNotifyChangeKeyValue
GetUserNameA
ImpersonateLoggedOnUser
OpenProcessToken
LogonUserA
RevertToSelf
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegQueryInfoKeyA
RegQueryInfoKeyW
RegEnumKeyExA
RegEnumKeyExW
RegEnumValueA
RegEnumValueW
ADVAPI32.dll
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
VERSION.dll
memcpy
??2@YAPAXI@Z
??3@YAXPAX@Z
memset
_except_handler3
_beginthreadex
_endthreadex
memcmp
memmove
wcscmp
strstr
malloc
strcat
realloc
strlen
strcpy
isdigit
sprintf
strcmp
_strupr
wcslen
wcsstr
MSVCRT.dll
__dllonexit
_onexit
_initterm
_adjust_fdiv
_stricmp
lsasrv32.dll
?a73957838_2@@YAXXZ
?a84884@@YAXXZ
?b823838_9839@@YAXXZ
?e747383_94@@YAXXZ
?e83834@@YAXXZ
?e929348_827@@YAXXZ
@-fx!d
=rF}Yu7n:?
0UFP\z
Bn8,>L|
gHBb#q:-4}
\\%s\mailslot\%s
Qkkbal
-0123456789abcdef`
VIEWERS
COMMAND
%s\%03x
%d-%d-%d %d:%d:%d Z
Process32Next
Process32First
CreateToolhelp32Snapshot
KERNEL32.DLL
%s %02x %s
Failed to get Windows version
Rename
\WININIT.INI
0:0H0T0d0v0
2&2,2:2K2U2c2
3&4A4V4
6<6b6m6
6(767=7
9*92989X9
=$>*>;>C>R>^>g>s>
3,4B4K4X4_4k4
535Y5v5
:$:K:P:
:+;O;l;
=*=/=R=Y=c=t=
=	>$>h>
?'?4?x?
/0@0L0T0d0i0
0[1b1t1
2#2)202O2q2
3&31373>3]3
4<4G4M4T4s4
61686f6u6~6
7&7,737<7B7M7S7l7q7
9'9F9o9u9
<A<G<x<
=8=Q=r=
060L0t0
2)252I2Z2k2
3&3@3Z3
454N4j4{4
5+5=5D5l5
8+8H8h8
8 949_9u9
<A>Z>g>
?+?7?G?S?c?o?
141P1e1p1
2&282V2^2n2w2
3(30363[3
4Z4c4w4|4
5#565=5a5g5r5
6.656<6\6h6s6
7,717;7I7S7Z7d7r7y7
2 2E2z2
2)3E3{3
5-5<5`5y5
6'606:6H6
94:::E:
:*;6;R;Z;c;
<.===C=L=
=&>J>S>|>
?7?@?Q?
424;4D4
757f7v7
<D<J<Z<d<k<
?$?)?@?Q?W?b?
1'191^1e1
1V2f2o2
626A6W6g6
5&5K5V5
656C6\6s6
7(7.767<7B7Q7j7v7
8)8A8J8R8Z8h8p8y8
9'959;9K9T9Y9i9o9
:;:A:Z:y:
=&=3=b=
>2>D>O>l>v>~>
?&?8???F?T?e?u?y?}?
0)0>0[0c0
1:2b2i2o2x2
3$303<3H3Q3d3p3y3
4%424A4I4c4t4|4
5%5-555=5G5S5Y5e5
747P7j7
8&8,878K8V8\8l8v8
9#949B9I9V9[9h9p9~9
;!;2;E;`;g;o;
=$=]=d=p=
171X1i1z1
1=2P2]2|2
3/3S3^3
4$4/4E4M4e4
5.5S5c5|5
5$6K6{6
7;7D7P7p7u7z7
:#:/:E:J:\:f:
:+;D;e;o;|;
<'<0<5<:<?<D<I<N<S<_<d<w<
=+=4=@=X=w=
>">9>^>g>
>#?)?9?>?F?P?
010<0I0h0y0
141V1{1
2-373Q3W3{3
3+5V5u5
7?8N8y8
: ;>;B;F;J;N;R;V;Z;^;b;f;j;
< <9<L<{<
>K>f>o>
60;0a0h0m0{0
6-737V7t7z7
7+8Q8W8^8
:+;J;];m;
<.<4<e<x<
= =F=Q=i=
>=>\>s>
?+?K?z?
0!0+0A0P0f0r0
1'2-2R2
2"3.3`3
4!4(464G4P4
576=6H6[6
819B9]9
<'<b<,=2=B=R=c=
=W>]>h>{>
0;0F0R0
3P4q4O5p5
8<8O8W8w8}8
9"989>9K9m9z9
:%:>:F:P:X:h:p:u:}:
:*;H;o;z;
<'=h=m=
>(>.>4>;>A>M>T>
1!1%1)1-11151X1d1
2!2b2h2
3	3&303<3Q3u3
414?4E4x4
8=8H8]8e8x8
9)9G9[9b9g9
;&;1;<;G;R;[;d;m;x;
;A<E<I<M<Q<U<Y<]<a<e<i<m<q<u<y<}<
?_?g?p?
6#616j6
6D7f7v7
8#8D8S8i8z8
8%9d9k9{9
:A;T;Z;g;t;
;!<O<o<u<
2B2M2Z2
556@6s6
7B8U8Z8
8(9f9s9
;	<B<x<
=/>?>`>m>
?#?=?Y?
0G0R0Y0}0
0#1E1n1u1
3!3A3J3r3
=)=(>;>
1#2?2D2I2N2
2!3.333;3C3L3Q3\3c3r3
4(444H4t4~4
565?5o5
8)8F8a8r9
9":E:{:
>*?0?6?;?E?O?\?l?
!0'0B0V0n1t1
1C2L2Q2X2s2|2
353@3M3X3}3
;!;2;D;
5W5p7,<;<H<U<b<o<K=[=n=
>,?F?Q?c?
151=1c1k1
3 3(3l3
4?5J5Q5]5c5k5
6#7-767d7
0)050=0I0
0E1M1b1i1
7j8>9]9c9
<h<Q=d=
3"3&3*3.364
6 6$6(6,6064686<6B6H6N6T6Z6`6f6l6r6x6~6
6R7`7h7n7y7
4$4(4,44484<4D4H4T4X4d4h4t4x4