Extracted

Extracted

• • Target

    33ee7ae472e679c8f3b53370f9eba8fa58c923ec1831525f56524fc9963353a9

  • Size

    8.5MB

  • MD5

    ee535a8ea4f5a528203b7fed911f0cdd

  • SHA1

    5cf4a8b0b3acab1f68df9792677a4dbd4da8dca2

  • SHA256

    33ee7ae472e679c8f3b53370f9eba8fa58c923ec1831525f56524fc9963353a9

  • SHA512

    e47f3a0622977eec135c3750838aa38c1ea40d7df372cebd56b19f1297fb7dd3d0beb6ddbe6cfdd54bd8d2b02ecd40081608e93f124dc6456c48679306f0a8ce

  Score

  10^/10

  metasploitbackdoorevasionthemidatrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Loads dropped DLL

  • Themida packer

    Detects Themida, an advanced Windows software protection system.

    themida

  • Checks whether UAC is enabled

    evasiontrojan

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2