Sample details: 9180d5affe1e5df0717d7385e7f54386 --

Hashes
MD5: 9180d5affe1e5df0717d7385e7f54386
SHA1: 4ce6e77a11b443cc7cbe439b71bf39a39d3d7fa3
SHA256: 24b7e7553b1aa241997e28775d3952c4cb885056c4606cbed9b450320b601255
SSDEEP: 384:/nNqDEWqU6pP4eVVQ8TxgIo0lP6AUrc9m:/nfN148zxgIzliAUrcY
Details
File Type: PE32
Yara Hits
YRP/Visual_Cpp_2005_DLL_Microsoft | YRP/Visual_Cpp_2003_DLL_Microsoft | YRP/IsPE32 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/Equation_Kaspersky_TripleFantasy_Loader | FlorianRoth/Equation_Kaspersky_TripleFantasy_Loader | FlorianRoth/DragonFly_APT_Sep17_3 |
Source
http://94.130.104.170/TripleFantasy_9180D5AFFE1E5DF0717D7385E7F54386
Strings
		!This program cannot be run in DOS mode.
UQtN(QU
UQtN.QQ
UQtN;Q\
UQtN8Qm
UQtN+QR
UQRichS
`.rdata
@.data
@.reloc
Global\{8c38e4f3-591f-91cf-06a6-67b84d8a0102}
VC20XC00U
t ;t$$t
URPQQh
v	N+D$
UQPXY]Y[
```hhh
xppwpp
CryptDecrypt
CryptImportKey
CryptAcquireContextA
ADVAPI32.dll
memset
wcsrchr
_wcslwr
memcpy
ntdll.dll
RtlUnwind
CreateThread
GetLastError
GetModuleFileNameW
HeapAlloc
HeapFree
GetProcessHeap
VirtualProtect
GetProcAddress
ReadFile
GetFileSize
CreateFileW
LoadLibraryW
ExpandEnvironmentStringsW
KERNEL32.dll
malloc
msvcrt.dll
_XcptFilter
_initterm
_amsg_exit
_adjust_fdiv
InterlockedExchange
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
AlgUninstall
hnetcfg.AlgUninstall
DllCanUnloadNow
hnetcfg.DllCanUnloadNow
DllGetClassObject
hnetcfg.DllGetClassObject
DllRegisterServer
hnetcfg.DllRegisterServer
DllUnregisterServer
hnetcfg.DllUnregisterServer
HNetDeleteRasConnection
hnetcfg.HNetDeleteRasConnection
HNetFreeFirewallLoggingSettings
hnetcfg.HNetFreeFirewallLoggingSettings
HNetFreeSharingServicesPage
hnetcfg.HNetFreeSharingServicesPage
HNetGetFirewallSettingsPage
hnetcfg.HNetGetFirewallSettingsPage
HNetGetShareAndBridgeSettings
hnetcfg.HNetGetShareAndBridgeSettings
HNetGetSharingServicesPage
hnetcfg.HNetGetSharingServicesPage
HNetSetShareAndBridgeSettings
hnetcfg.HNetSetShareAndBridgeSettings
HNetSharedAccessSettingsDlg
hnetcfg.HNetSharedAccessSettingsDlg
HNetSharingAndFirewallSettingsDlg
hnetcfg.HNetSharingAndFirewallSettingsDlg
IcfChangeNotificationCreate
hnetcfg.IcfChangeNotificationCreate
IcfChangeNotificationDestroy
hnetcfg.IcfChangeNotificationDestroy
IcfCheckAppAuthorization
hnetcfg.IcfCheckAppAuthorization
IcfCloseDynamicFwPort
hnetcfg.IcfCloseDynamicFwPort
IcfConnect
hnetcfg.IcfConnect
IcfDisconnect
hnetcfg.IcfDisconnect
IcfFreeAdapters
hnetcfg.IcfFreeAdapters
IcfFreeDynamicFwPorts
hnetcfg.IcfFreeDynamicFwPorts
IcfFreeProfile
hnetcfg.IcfFreeProfile
IcfFreeString
hnetcfg.IcfFreeString
IcfFreeTickets
hnetcfg.IcfFreeTickets
IcfGetAdapters
hnetcfg.IcfGetAdapters
IcfGetCurrentProfileType
hnetcfg.IcfGetCurrentProfileType
IcfGetDynamicFwPorts
hnetcfg.IcfGetDynamicFwPorts
IcfGetOperationalMode
hnetcfg.IcfGetOperationalMode
IcfGetProfile
hnetcfg.IcfGetProfile
IcfGetTickets
hnetcfg.IcfGetTickets
IcfIsIcmpTypeAllowed
hnetcfg.IcfIsIcmpTypeAllowed
IcfIsPortAllowed
hnetcfg.IcfIsPortAllowed
IcfOpenDynamicFwPort
hnetcfg.IcfOpenDynamicFwPort
IcfOpenDynamicFwPortWithoutSocket
hnetcfg.IcfOpenDynamicFwPortWithoutSocket
IcfOpenFileSharingPorts
hnetcfg.IcfOpenFileSharingPorts
IcfRefreshPolicy
hnetcfg.IcfRefreshPolicy
IcfRemoveDisabledAuthorizedApp
hnetcfg.IcfRemoveDisabledAuthorizedApp
IcfSetProfile
hnetcfg.IcfSetProfile
IcfSetServicePermission
hnetcfg.IcfSetServicePermission
IcfSubNetsGetScope
hnetcfg.IcfSubNetsGetScope
IcfSubNetsIsStringValid
hnetcfg.IcfSubNetsIsStringValid
IcfSubNetsToString
hnetcfg.IcfSubNetsToString
RegisterClassObjects
hnetcfg.RegisterClassObjects
ReleaseSingletons
hnetcfg.ReleaseSingletons
RevokeClassObjects
hnetcfg.RevokeClassObjects
WinBomConfigureHomeNet
hnetcfg.WinBomConfigureHomeNet
WinBomConfigureWindowsFirewall
hnetcfg.WinBomConfigureWindowsFirewall
PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
2.2;2F2
3 3&3,32383>3D3J3P3V3\3b3h3n3t3z3
4	5E5^5w5
6#666O6j6t6
;!;2;<;O;\;j;
?.?:?N?_?m?
0D1^1d1j1p1
5*5B5W5\5b5}5
696?6F6Q6[6l6
8(9.949:9@9F9M9T9[9b9i9p9w9
<	<&<s<x<
04181D1H1h1p1t1|1