Sample details: 91b1f4a4fa5c26473ab678408edcb913 --

Hashes
MD5: 91b1f4a4fa5c26473ab678408edcb913
SHA1: 1666dcfcb0d11a45a80bf937cb575396103db936
SHA256: 574e6f4175253b4a98aaee4977645cd12995f1bf5bae723bfeaebbe8242a3a25
SSDEEP: 3072:TtnUNALmVZvvGBeQYtjpdIAq2tnhTBfki43y97FozS4Oq1sqH73oGC:p4LvkwtjpDqunhTB8i4i0zLOosqHkG
Details
File Type: PE32
Yara Hits
YRP/Armadillo_v1xx_v2xx_additional | YRP/Microsoft_Visual_Cpp_60_DLL_additional | YRP/Microsoft_Visual_Cpp_v70_DLL | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Microsoft_Visual_Cpp_60_DLL_Debug | YRP/Armadillo_v1xx_v2xx | YRP/Microsoft_Visual_Cpp_v60_DLL | YRP/Microsoft_Visual_Cpp_60_DLL | YRP/Microsoft_Visual_Cpp_60 | YRP/Armadillov1xxv2xx | YRP/IsPE32 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/Dropper_Strings | YRP/antisb_threatExpert | YRP/win_mutex | YRP/win_registry | YRP/win_token | YRP/win_files_operation | YRP/CRC32_poly_Constant | YRP/CRC32_table | YRP/Str_Win32_Winsock2_Library | YRP/apt_equation_exploitlib_mutexes | YRP/Equation_Kaspersky_FannyWorm | FlorianRoth/EquationGroup_EquationDrug_Gen_2 | FlorianRoth/apt_equation_exploitlib_mutexes | FlorianRoth/Equation_Kaspersky_FannyWorm |
Parent Files
88106b8b1ef1a00644a90ca67ad57e1f
Source
http://94.130.104.170/Equation_KasperskyReport_and_Additionalsamples//AdditionalSamples/FannyWorm/FannyWorm_91B1F4A4FA5C26473AB678408EDCB913
http://94.130.104.170/Equation_KasperskyReport_and_Additionalsamples/AdditionalSamples/FannyWorm/FannyWorm_91B1F4A4FA5C26473AB678408EDCB913