Skip to content

Instantly share code, notes, and snippets.

@msuiche

msuiche/EquationDrug-IOC-list.txt

Created January 13, 2017 05:38
Show Gist options
  • Star 3 You must be signed in to star a gist
  • Fork 2 You must be signed in to fork a gist
  • Save msuiche/5459d62be83744e779a3193a54b7fbd7 to your computer and use it in GitHub Desktop.
Save msuiche/5459d62be83744e779a3193a54b7fbd7 to your computer and use it in GitHub Desktop.
Download ZIP
List of EquationDrug IOCs #ShadowBrokers
Raw
EquationDrug-IOC-list.txt
PS E:\ioc> dir . | Foreach-Object{
>> $file = $_
>> $hash = Get-FileHash $file -Algorithm MD5
>> $fileinfo = Get-Item $file
>>
>> New-Object -TypeName PSObject -Property @{
>> LastWriteTime = $fileinfo.LastWriteTime
>> Length = $fileinfo.Length
>> Algorithm = $hash.Algorithm
>> MD5 = $hash.Hash
>> Name = $fileinfo.Name
>> VersionInfo = $fileinfo.VersionInfo
>> }
>> } | Format-List
Name : DoubleFeatureDll.dll.unfinalized
VersionInfo : File: E:\ioc\DoubleFeatureDll.dll.unfinalized
InternalName:
OriginalFilename:
FileVersion:
FileDescription:
Product:
ProductVersion:
Debug: False
Patched: False
PreRelease: False
PrivateBuild: False
SpecialBuild: False
Language:
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 397824
Algorithm : MD5
MD5 : 61110BEA272972903985D5D5E452802C
Name : DuplicateToken_Implant.dll
VersionInfo : File: E:\ioc\DuplicateToken_Implant.dll
InternalName:
OriginalFilename:
FileVersion:
FileDescription:
Product:
ProductVersion:
Debug: False
Patched: False
PreRelease: False
PrivateBuild: False
SpecialBuild: False
Language:
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 26624
Algorithm : MD5
MD5 : 997BA8C988340A1C644CF9A5F67E4177
Name : DuplicateToken_Lp.dll
VersionInfo : File: E:\ioc\DuplicateToken_Lp.dll
InternalName:
OriginalFilename:
FileVersion:
FileDescription:
Product:
ProductVersion:
Debug: False
Patched: False
PreRelease: False
PrivateBuild: False
SpecialBuild: False
Language:
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 94208
Algorithm : MD5
MD5 : A33F13F57AB2CE36A29796996C5E58E4
Name : DXGHLP16.SYS
VersionInfo : File: E:\ioc\DXGHLP16.SYS
InternalName: DXGHLP16.SYS
OriginalFilename: DXGHLP16.SYS
FileVersion: 4.00
FileDescription: TCP/IP driver
Product: Microsoft(R) Windows (TM) Operating System
ProductVersion: 4.00
Debug: False
Patched: False
PreRelease: False
PrivateBuild: True
SpecialBuild: False
Language: English (United States)
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 57456
Algorithm : MD5
MD5 : 4A184A987D297E6B1D578D5C25A4980C
Name : EventLogEdit_Implant.dll
VersionInfo : File: E:\ioc\EventLogEdit_Implant.dll
InternalName:
OriginalFilename:
FileVersion:
FileDescription:
Product:
ProductVersion:
Debug: False
Patched: False
PreRelease: False
PrivateBuild: False
SpecialBuild: False
Language:
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 35840
Algorithm : MD5
MD5 : 425FB612BA62FC1ECAD9FB24D10F9BFA
Name : EventLogEdit_Lp.dll
VersionInfo : File: E:\ioc\EventLogEdit_Lp.dll
InternalName:
OriginalFilename:
FileVersion:
FileDescription:
Product:
ProductVersion:
Debug: False
Patched: False
PreRelease: False
PrivateBuild: False
SpecialBuild: False
Language:
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 86016
Algorithm : MD5
MD5 : 2B8D4A2F9E28F4FB84CBECDFA7858E43
Name : GetAdmin_Implant.dll
VersionInfo : File: E:\ioc\GetAdmin_Implant.dll
InternalName:
OriginalFilename:
FileVersion:
FileDescription:
Product:
ProductVersion:
Debug: False
Patched: False
PreRelease: False
PrivateBuild: False
SpecialBuild: False
Language:
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 27136
Algorithm : MD5
MD5 : C11142CAA3013F852CCB698CC6008B51
Name : GetAdmin_Lp.dll
VersionInfo : File: E:\ioc\GetAdmin_Lp.dll
InternalName:
OriginalFilename:
FileVersion:
FileDescription:
Product:
ProductVersion:
Debug: False
Patched: False
PreRelease: False
PrivateBuild: False
SpecialBuild: False
Language:
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 86016
Algorithm : MD5
MD5 : A5D04EADA9C99EA2D110CE5D4BFA1D21
Name : kill_Implant.dll
VersionInfo : File: E:\ioc\kill_Implant.dll
InternalName:
OriginalFilename:
FileVersion:
FileDescription:
Product:
ProductVersion:
Debug: False
Patched: False
PreRelease: False
PrivateBuild: False
SpecialBuild: False
Language:
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 21504
Algorithm : MD5
MD5 : BDD2B462E050EF2FA7778526EA4A2A58
Name : kill_Implant9x.dll
VersionInfo : File: E:\ioc\kill_Implant9x.dll
InternalName:
OriginalFilename:
FileVersion:
FileDescription:
Product:
ProductVersion:
Debug: False
Patched: False
PreRelease: False
PrivateBuild: False
SpecialBuild: False
Language:
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 4608
Algorithm : MD5
MD5 : B10035B584FD0AA353FF05F3998546F0
Name : LSADUMP_Implant.dll
VersionInfo : File: E:\ioc\LSADUMP_Implant.dll
InternalName:
OriginalFilename:
FileVersion:
FileDescription:
Product:
ProductVersion:
Debug: False
Patched: False
PreRelease: False
PrivateBuild: False
SpecialBuild: False
Language:
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 49152
Algorithm : MD5
MD5 : 199796E3F413074D5FDEF7FE8334ECCF
Name : LSADUMP_Lp.dll
VersionInfo : File: E:\ioc\LSADUMP_Lp.dll
InternalName:
OriginalFilename:
FileVersion:
FileDescription:
Product:
ProductVersion:
Debug: False
Patched: False
PreRelease: False
PrivateBuild: False
SpecialBuild: False
Language:
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 98304
Algorithm : MD5
MD5 : 530EDFCA04227E4A0ABE2EA6AA0D372A
Name : modifyAudit_Implant.dll
VersionInfo : File: E:\ioc\modifyAudit_Implant.dll
InternalName:
OriginalFilename:
FileVersion:
FileDescription:
Product:
ProductVersion:
Debug: False
Patched: False
PreRelease: False
PrivateBuild: False
SpecialBuild: False
Language:
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 30208
Algorithm : MD5
MD5 : CF5B0D82D39669F584258389F4307B82
Name : modifyAudit_Lp.dll
VersionInfo : File: E:\ioc\modifyAudit_Lp.dll
InternalName:
OriginalFilename:
FileVersion:
FileDescription:
Product:
ProductVersion:
Debug: False
Patched: False
PreRelease: False
PrivateBuild: False
SpecialBuild: False
Language:
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 86016
Algorithm : MD5
MD5 : F9F26A2EE950ABC1CD4E768DD03A0671
Name : modifyAuthentication_Implant.dll
VersionInfo : File: E:\ioc\modifyAuthentication_Implant.dll
InternalName:
OriginalFilename:
FileVersion:
FileDescription:
Product:
ProductVersion:
Debug: False
Patched: False
PreRelease: False
PrivateBuild: False
SpecialBuild: False
Language:
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 53248
Algorithm : MD5
MD5 : 8187650EB74CCB3F0FB647335FD54D30
Name : modifyAuthentication_Lp.dll
VersionInfo : File: E:\ioc\modifyAuthentication_Lp.dll
InternalName:
OriginalFilename:
FileVersion:
FileDescription:
Product:
ProductVersion:
Debug: False
Patched: False
PreRelease: False
PrivateBuild: False
SpecialBuild: False
Language:
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 90112
Algorithm : MD5
MD5 : 09445EEBBA047F25E36FED573D0DB4FC
Name : ModifyGroup_Implant.dll
VersionInfo : File: E:\ioc\ModifyGroup_Implant.dll
InternalName:
OriginalFilename:
FileVersion:
FileDescription:
Product:
ProductVersion:
Debug: False
Patched: False
PreRelease: False
PrivateBuild: False
SpecialBuild: False
Language:
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 26112
Algorithm : MD5
MD5 : B46DF0DBE9774125CDC6F3B2BEFEE900
Name : ModifyGroup_Lp.dll
VersionInfo : File: E:\ioc\ModifyGroup_Lp.dll
InternalName:
OriginalFilename:
FileVersion:
FileDescription:
Product:
ProductVersion:
Debug: False
Patched: False
PreRelease: False
PrivateBuild: False
SpecialBuild: False
Language:
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 86016
Algorithm : MD5
MD5 : A1923D73B0488E0AB174BF759580F7EF
Name : ModifyPrivilege_Implant.dll
VersionInfo : File: E:\ioc\ModifyPrivilege_Implant.dll
InternalName:
OriginalFilename:
FileVersion:
FileDescription:
Product:
ProductVersion:
Debug: False
Patched: False
PreRelease: False
PrivateBuild: False
SpecialBuild: False
Language:
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 27648
Algorithm : MD5
MD5 : FBD7816D2E3E36F8976E18DCF0301CE8
Name : ModifyPrivilege_Lp.dll
VersionInfo : File: E:\ioc\ModifyPrivilege_Lp.dll
InternalName:
OriginalFilename:
FileVersion:
FileDescription:
Product:
ProductVersion:
Debug: False
Patched: False
PreRelease: False
PrivateBuild: False
SpecialBuild: False
Language:
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 86016
Algorithm : MD5
MD5 : 0D5B61F7F515A3B7A9D5566B6F4A7BE5
Name : msgkd.ex_
VersionInfo : File: E:\ioc\msgkd.ex_
InternalName:
OriginalFilename:
FileVersion:
FileDescription:
Product:
ProductVersion:
Debug: False
Patched: False
PreRelease: False
PrivateBuild: False
SpecialBuild: False
Language:
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 86016
Algorithm : MD5
MD5 : ECB7174BAFED0C53CDC1227E301CF003
Name : msgki.ex_
VersionInfo : File: E:\ioc\msgki.ex_
InternalName:
OriginalFilename:
FileVersion:
FileDescription:
Product:
ProductVersion:
Debug: False
Patched: False
PreRelease: False
PrivateBuild: False
SpecialBuild: False
Language:
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 114688
Algorithm : MD5
MD5 : 2F0CD139C60AE484DE4B076D34B8B39E
Name : msgks.ex_
VersionInfo : File: E:\ioc\msgks.ex_
InternalName:
OriginalFilename:
FileVersion:
FileDescription:
Product:
ProductVersion:
Debug: False
Patched: False
PreRelease: False
PrivateBuild: False
SpecialBuild: False
Language:
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 118784
Algorithm : MD5
MD5 : 9DAB2F84EB817AAB4CCF8C237F88B422
Name : msgku.ex_
VersionInfo : File: E:\ioc\msgku.ex_
InternalName:
OriginalFilename:
FileVersion:
FileDescription:
Product:
ProductVersion:
Debug: False
Patched: False
PreRelease: False
PrivateBuild: False
SpecialBuild: False
Language:
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 90112
Algorithm : MD5
MD5 : A54F0112500C956C21DC13285F43FC7E
Name : mssld.dll
VersionInfo : File: E:\ioc\mssld.dll
InternalName:
OriginalFilename:
FileVersion:
FileDescription:
Product:
ProductVersion:
Debug: False
Patched: False
PreRelease: False
PrivateBuild: False
SpecialBuild: False
Language:
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 358912
Algorithm : MD5
MD5 : 88C6980345E31FB53DF122348985C13D
Name : msslu.dll
VersionInfo : File: E:\ioc\msslu.dll
InternalName:
OriginalFilename:
FileVersion:
FileDescription:
Product:
ProductVersion:
Debug: False
Patched: False
PreRelease: False
PrivateBuild: False
SpecialBuild: False
Language:
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 430080
Algorithm : MD5
MD5 : D05A64DF9A4ADED3C5906764B2F69476
Name : mstcp32.sys
VersionInfo : File: E:\ioc\mstcp32.sys
InternalName: mstcp32.sys
OriginalFilename: mstcp32.sys
FileVersion: 4.00
FileDescription: TCP/IP driver
Product: Microsoft(R) Windows (TM) Operating System
ProductVersion: 4.00
Debug: False
Patched: False
PreRelease: False
PrivateBuild: True
SpecialBuild: False
Language: English (United States)
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 57328
Algorithm : MD5
MD5 : 74DE13B5EA68B3DA24ADDC009F84BAEE
Name : nethide_Implant.dll
VersionInfo : File: E:\ioc\nethide_Implant.dll
InternalName:
OriginalFilename:
FileVersion:
FileDescription:
Product:
ProductVersion:
Debug: False
Patched: False
PreRelease: False
PrivateBuild: False
SpecialBuild: False
Language:
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 29696
Algorithm : MD5
MD5 : 1AEA840C3EC3EBAEEEBD20A6A8D7E03F
Name : nethide_Lp.dll
VersionInfo : File: E:\ioc\nethide_Lp.dll
InternalName:
OriginalFilename:
FileVersion:
FileDescription:
Product:
ProductVersion:
Debug: False
Patched: False
PreRelease: False
PrivateBuild: False
SpecialBuild: False
Language:
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 94208
Algorithm : MD5
MD5 : E8A2645855578188E57FCCF74026AA6A
Name : ntevt.sys
VersionInfo : File: E:\ioc\ntevt.sys
InternalName:
OriginalFilename:
FileVersion:
FileDescription:
Product:
ProductVersion:
Debug: False
Patched: False
PreRelease: False
PrivateBuild: False
SpecialBuild: False
Language:
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 171520
Algorithm : MD5
MD5 : 48496C7DB1C66656E054CCCBC01930CC
Name : ntevtx64.sys
VersionInfo : File: E:\ioc\ntevtx64.sys
InternalName:
OriginalFilename:
FileVersion:
FileDescription:
Product:
ProductVersion:
Debug: False
Patched: False
PreRelease: False
PrivateBuild: False
SpecialBuild: False
Language:
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 246272
Algorithm : MD5
MD5 : F9FDC58C2A3EA2C00D0CAA3C33D6A575
Name : ntfltmgr.sys
VersionInfo : File: E:\ioc\ntfltmgr.sys
InternalName: ntfltmgr.sys
OriginalFilename: ntfltmgr.sys
FileVersion: 5.1.2600.2180
FileDescription: Network Filter Manager
Product: Microsoft® Windows® Operating System
ProductVersion: 5.1.2600.2180
Debug: False
Patched: False
PreRelease: False
PrivateBuild: True
SpecialBuild: False
Language: English (United States)
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 41600
Algorithm : MD5
MD5 : 0D81F9972863C6D8C90100A73B0600AB
Name : PassFreely_Implant.dll
VersionInfo : File: E:\ioc\PassFreely_Implant.dll
InternalName:
OriginalFilename:
FileVersion:
FileDescription:
Product:
ProductVersion:
Debug: False
Patched: False
PreRelease: False
PrivateBuild: False
SpecialBuild: False
Language:
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 79360
Algorithm : MD5
MD5 : 13031E736EE4698B8C4813A8F2AE1848
Name : PassFreely_Lp.dll
VersionInfo : File: E:\ioc\PassFreely_Lp.dll
InternalName:
OriginalFilename:
FileVersion:
FileDescription:
Product:
ProductVersion:
Debug: False
Patched: False
PreRelease: False
PrivateBuild: False
SpecialBuild: False
Language:
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 94208
Algorithm : MD5
MD5 : 3A63D2A31F60DB565C61EE5307076980
Name : PC_Legacy_dll
VersionInfo : File: E:\ioc\PC_Legacy_dll
InternalName: perfrt.dll
OriginalFilename: perfrt.dll
FileVersion: 4.00
FileDescription: Real-Time Performance Metrics
Product: Microsoft(R) Windows (TM) Operating System
ProductVersion: 4.00
Debug: False
Patched: False
PreRelease: False
PrivateBuild: True
SpecialBuild: False
Language: English (United States)
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 77824
Algorithm : MD5
MD5 : B91C125EE67ECCB5843000FD22BE0935
Name : PC_Level3_dll
VersionInfo : File: E:\ioc\PC_Level3_dll
InternalName: Psxssdll.dll
OriginalFilename: Psxssdll.dll
FileVersion: 4.00
FileDescription: Posix Server Dll
Product: Microsoft(R) Windows (TM) Operating System
ProductVersion: 4.00
Debug: False
Patched: False
PreRelease: False
PrivateBuild: True
SpecialBuild: False
Language: English (United States)
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 72704
Algorithm : MD5
MD5 : 164F2F1132A8AE98A4FFA070EB2AC8AE
Name : PC_Level3_dll_x64
VersionInfo : File: E:\ioc\PC_Level3_dll_x64
InternalName: Psxssdll.dll
OriginalFilename: Psxssdll.dll
FileVersion: 4.00
FileDescription: Posix Server Dll
Product: Microsoft(R) Windows (TM) Operating System
ProductVersion: 4.00
Debug: False
Patched: False
PreRelease: False
PrivateBuild: True
SpecialBuild: False
Language: English (United States)
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 91648
Algorithm : MD5
MD5 : 22E03CFF8F2F6BC56E61196FA98B19E1
Name : PC_Level3_flav_dll
VersionInfo : File: E:\ioc\PC_Level3_flav_dll
InternalName: Psxssdll.dll
OriginalFilename: Psxssdll.dll
FileVersion: 4.00
FileDescription: Posix Server Dll
Product: Microsoft(R) Windows (TM) Operating System
ProductVersion: 4.00
Debug: False
Patched: False
PreRelease: False
PrivateBuild: True
SpecialBuild: False
Language: English (United States)
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 78848
Algorithm : MD5
MD5 : D2EFFA60A83E6FC5533E6BA5A3C306D4
Name : PC_Level3_flav_dll_x64
VersionInfo : File: E:\ioc\PC_Level3_flav_dll_x64
InternalName: Psxssdll.dll
OriginalFilename: Psxssdll.dll
FileVersion: 4.00
FileDescription: Posix Server Dll
Product: Microsoft(R) Windows (TM) Operating System
ProductVersion: 4.00
Debug: False
Patched: False
PreRelease: False
PrivateBuild: True
SpecialBuild: False
Language: English (United States)
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 100864
Algorithm : MD5
MD5 : 2ECE5C84446A46F80BB7701AE922C8D7
Name : PC_Level3_http_dll
VersionInfo : File: E:\ioc\PC_Level3_http_dll
InternalName: Psxssdll.dll
OriginalFilename: Psxssdll.dll
FileVersion: 4.00
FileDescription: Posix Server Dll
Product: Microsoft(R) Windows (TM) Operating System
ProductVersion: 4.00
Debug: False
Patched: False
PreRelease: False
PrivateBuild: True
SpecialBuild: False
Language: English (United States)
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 91136
Algorithm : MD5
MD5 : 6F55A9C081989468043C1E9887D45AEA
Name : PC_Level3_http_dll_x64
VersionInfo : File: E:\ioc\PC_Level3_http_dll_x64
InternalName: Psxssdll.dll
OriginalFilename: Psxssdll.dll
FileVersion: 4.00
FileDescription: Posix Server Dll
Product: Microsoft(R) Windows (TM) Operating System
ProductVersion: 4.00
Debug: False
Patched: False
PreRelease: False
PrivateBuild: True
SpecialBuild: False
Language: English (United States)
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 116736
Algorithm : MD5
MD5 : 2C6CEE802CFE8A7489D4782B123EC7CA
Name : PC_Level3_http_flav_dll
VersionInfo : File: E:\ioc\PC_Level3_http_flav_dll
InternalName: Psxssdll.dll
OriginalFilename: Psxssdll.dll
FileVersion: 4.00
FileDescription: Posix Server Dll
Product: Microsoft(R) Windows (TM) Operating System
ProductVersion: 4.00
Debug: False
Patched: False
PreRelease: False
PrivateBuild: True
SpecialBuild: False
Language: English (United States)
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 103424
Algorithm : MD5
MD5 : 42E2E64E897606EB936372A8EE616AB0
Name : PC_Level3_http_flav_dll_x64
VersionInfo : File: E:\ioc\PC_Level3_http_flav_dll_x64
InternalName: Psxssdll.dll
OriginalFilename: Psxssdll.dll
FileVersion: 4.00
FileDescription: Posix Server Dll
Product: Microsoft(R) Windows (TM) Operating System
ProductVersion: 4.00
Debug: False
Patched: False
PreRelease: False
PrivateBuild: True
SpecialBuild: False
Language: English (United States)
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 135680
Algorithm : MD5
MD5 : D962749F06E24167C61E67A7C1BC1ABD
Name : PC_Level4_flav_dll
VersionInfo : File: E:\ioc\PC_Level4_flav_dll
InternalName: wship.dll
OriginalFilename: wship.dll
FileVersion: 5.1.2600.2180
FileDescription: Windows Sockets IP Helper DLL
Product: Microsoft® Windows® Operating System
ProductVersion: 5.1.2600.2180
Debug: False
Patched: False
PreRelease: False
PrivateBuild: True
SpecialBuild: False
Language: English (United States)
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 87552
Algorithm : MD5
MD5 : 7A3E60615F2B3283FE95E80719E901A3
Name : PC_Level4_flav_dll_x64
VersionInfo : File: E:\ioc\PC_Level4_flav_dll_x64
InternalName: wship.dll
OriginalFilename: wship.dll
FileVersion: 5.1.2600.2180
FileDescription: Windows Sockets IP Helper DLL
Product: Microsoft® Windows® Operating System
ProductVersion: 5.1.2600.2180
Debug: False
Patched: False
PreRelease: False
PrivateBuild: True
SpecialBuild: False
Language: English (United States)
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 113664
Algorithm : MD5
MD5 : D093DB7F175AF28D6E7492918D38234F
Name : PC_Level4_flav_exe
VersionInfo : File: E:\ioc\PC_Level4_flav_exe
InternalName: memess.exe
OriginalFilename: memess.exe
FileVersion: 5.1.2600.2180
FileDescription: Extended Memory Runtime Process
Product: Microsoft® Windows® Operating System
ProductVersion: 5.1.2600.2180
Debug: False
Patched: False
PreRelease: False
PrivateBuild: False
SpecialBuild: False
Language: English (United States)
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 79872
Algorithm : MD5
MD5 : 43406F7487979E55751D9F8A1174B33C
Name : PC_Level4_http_flav_dll
VersionInfo : File: E:\ioc\PC_Level4_http_flav_dll
InternalName: wship.dll
OriginalFilename: wship.dll
FileVersion: 5.1.2600.2180
FileDescription: Windows Sockets IP Helper DLL
Product: Microsoft® Windows® Operating System
ProductVersion: 5.1.2600.2180
Debug: False
Patched: False
PreRelease: False
PrivateBuild: True
SpecialBuild: False
Language: English (United States)
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 113664
Algorithm : MD5
MD5 : 609F9D1B05D217E8B05FEAB6EBF6FC52
Name : PC_Level4_http_flav_dll_x64
VersionInfo : File: E:\ioc\PC_Level4_http_flav_dll_x64
InternalName: wship.dll
OriginalFilename: wship.dll
FileVersion: 5.1.2600.2180
FileDescription: Windows Sockets IP Helper DLL
Product: Microsoft® Windows® Operating System
ProductVersion: 5.1.2600.2180
Debug: False
Patched: False
PreRelease: False
PrivateBuild: True
SpecialBuild: False
Language: English (United States)
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 148992
Algorithm : MD5
MD5 : FB97F8B8535DE1E2CB7EAC6177226CCA
Name : PortMap_Implant.dll
VersionInfo : File: E:\ioc\PortMap_Implant.dll
InternalName:
OriginalFilename:
FileVersion:
FileDescription:
Product:
ProductVersion:
Debug: False
Patched: False
PreRelease: False
PrivateBuild: False
SpecialBuild: False
Language:
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 25088
Algorithm : MD5
MD5 : EB6AECE07B1A2E2DCE95A1FAA2657BF2
Name : PortMap_Lp.dll
VersionInfo : File: E:\ioc\PortMap_Lp.dll
InternalName:
OriginalFilename:
FileVersion:
FileDescription:
Product:
ProductVersion:
Debug: False
Patched: False
PreRelease: False
PrivateBuild: False
SpecialBuild: False
Language:
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 90112
Algorithm : MD5
MD5 : 4AE51C9701D8A910F37591CB45215CA5
Name : ProcessHide_Implant.dll
VersionInfo : File: E:\ioc\ProcessHide_Implant.dll
InternalName:
OriginalFilename:
FileVersion:
FileDescription:
Product:
ProductVersion:
Debug: False
Patched: False
PreRelease: False
PrivateBuild: False
SpecialBuild: False
Language:
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 25600
Algorithm : MD5
MD5 : 0BE1B2FA181721AFF98B0BC05B814734
Name : ProcessHide_Lp.dll
VersionInfo : File: E:\ioc\ProcessHide_Lp.dll
InternalName:
OriginalFilename:
FileVersion:
FileDescription:
Product:
ProductVersion:
Debug: False
Patched: False
PreRelease: False
PrivateBuild: False
SpecialBuild: False
Language:
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 86016
Algorithm : MD5
MD5 : A7BD6D21E3DDED0F6342F170CE9613A7
Name : processinfo_Implant.dll
VersionInfo : File: E:\ioc\processinfo_Implant.dll
InternalName:
OriginalFilename:
FileVersion:
FileDescription:
Product:
ProductVersion:
Debug: False
Patched: False
PreRelease: False
PrivateBuild: False
SpecialBuild: False
Language:
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 26624
Algorithm : MD5
MD5 : 0C93EEE98A5A389CA7AC14064A2445B9
Name : processinfo_Implant9x.dll
VersionInfo : File: E:\ioc\processinfo_Implant9x.dll
InternalName:
OriginalFilename:
FileVersion:
FileDescription:
Product:
ProductVersion:
Debug: False
Patched: False
PreRelease: False
PrivateBuild: False
SpecialBuild: False
Language:
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 8192
Algorithm : MD5
MD5 : 6042EA9707316784FBC77A8B450E0991
Name : ProcessOptions_Implant.dll
VersionInfo : File: E:\ioc\ProcessOptions_Implant.dll
InternalName:
OriginalFilename:
FileVersion:
FileDescription:
Product:
ProductVersion:
Debug: False
Patched: False
PreRelease: False
PrivateBuild: False
SpecialBuild: False
Language:
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 22528
Algorithm : MD5
MD5 : B3ECAF9399DF17A5DCDDB45E9556BEFF
Name : ProcessOptions_Lp.dll
VersionInfo : File: E:\ioc\ProcessOptions_Lp.dll
InternalName:
OriginalFilename:
FileVersion:
FileDescription:
Product:
ProductVersion:
Debug: False
Patched: False
PreRelease: False
PrivateBuild: False
SpecialBuild: False
Language:
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 90112
Algorithm : MD5
MD5 : AEA3434D75FB81373FF275006686043C
Name : pwdump_Implant.dll
VersionInfo : File: E:\ioc\pwdump_Implant.dll
InternalName:
OriginalFilename:
FileVersion:
FileDescription:
Product:
ProductVersion:
Debug: False
Patched: False
PreRelease: False
PrivateBuild: False
SpecialBuild: False
Language:
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 49152
Algorithm : MD5
MD5 : DEC51CF04BE82ED22948A3275EF541F9
Name : pwdump_Lp.dll
VersionInfo : File: E:\ioc\pwdump_Lp.dll
InternalName:
OriginalFilename:
FileVersion:
FileDescription:
Product:
ProductVersion:
Debug: False
Patched: False
PreRelease: False
PrivateBuild: False
SpecialBuild: False
Language:
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 102400
Algorithm : MD5
MD5 : 6D8454150934D75FD0506F1D5A2D227F
Name : RunAsChild_Implant.dll
VersionInfo : File: E:\ioc\RunAsChild_Implant.dll
InternalName:
OriginalFilename:
FileVersion:
FileDescription:
Product:
ProductVersion:
Debug: False
Patched: False
PreRelease: False
PrivateBuild: False
SpecialBuild: False
Language:
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 30208
Algorithm : MD5
MD5 : BA1711B9CD87A10F2AD1816FB55C10B8
Name : RunAsChild_Lp.dll
VersionInfo : File: E:\ioc\RunAsChild_Lp.dll
InternalName:
OriginalFilename:
FileVersion:
FileDescription:
Product:
ProductVersion:
Debug: False
Patched: False
PreRelease: False
PrivateBuild: False
SpecialBuild: False
Language:
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 86016
Algorithm : MD5
MD5 : 97E3BAEE87B396716F647FE41D03F218
Name : tdi6.sys
VersionInfo : File: E:\ioc\tdi6.sys
InternalName: tdi6.sys
OriginalFilename: tdi6.sys
FileVersion: 5.1.2600.3300
FileDescription: TDI IPv6 Wrapper
Product: Microsoft® Windows® Operating System
ProductVersion: 5.1.2600.3300
Debug: False
Patched: False
PreRelease: False
PrivateBuild: True
SpecialBuild: False
Language: English (United States)
LastWriteTime : 1/1/1970 12:01:30 PM
Length : 33408
Algorithm : MD5
MD5 : E14AB6E6AE835792979FF50E647B89C8
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment