Extracted

• • Target

    b7104e1420fbcdd4a78b02069f32d4882d38203dcb5f73509b60cc1567dac437

  • Size

    392.0MB

  • MD5

    8a121fd92c5ccf804f7682de0aa4f685

  • SHA1

    5723e27841445373e1816ef142aa80970ae1d469

  • SHA256

    b7104e1420fbcdd4a78b02069f32d4882d38203dcb5f73509b60cc1567dac437

  • SHA512

    368aa322e2884a75d4afa16c4c092f1cbf989f1fa8193744be224bed474c7fa13acf0996944b3bab74e72cf7fb8b53e50a6ef3a454f12c4a4c7ecb0bc80503cd

  Score

  10^/10

  recordbreakerevasionstealerthemidatrojanvmprotect

  • Raccoon ver2

    Raccoon ver2.

  • RecordBreaker

    RecordBreaker is an information stealer capable of downloading and executing secondary payloads written in C++.

    stealerrecordbreaker

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • VMProtect packed file

    Detects executables packed with VMProtect commercial packer.

    vmprotect

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Themida packer

    Detects Themida, an advanced Windows software protection system.

    themida

  • Checks whether UAC is enabled

    evasiontrojan

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2