General
-
Target
pwkxmpqtpc.vjr
-
Size
14.8MB
-
Sample
220701-j7vf6adbf6
-
MD5
92efc14aa81e78a75d0ec57cb5807c5d
-
SHA1
c1301afc869509bc6b71a19edfeb8e82776b8bc0
-
SHA256
817e0007386c685b1ca38fd9957310e9e34e30c664f6da65a9b5943009af8087
-
SHA512
75a36405df5928a8a4dad148b184e573ee0c3f7c0c9cf1571b8f6222872323f015b6bca07d3134c32b87a6efde3c2b0a9b75897273887b0dd9fef5ce4b2928fa
Static task
static1
Behavioral task
behavioral1
Sample
pwkxmpqtpc.dll
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
pwkxmpqtpc.vjr
-
Size
14.8MB
-
MD5
92efc14aa81e78a75d0ec57cb5807c5d
-
SHA1
c1301afc869509bc6b71a19edfeb8e82776b8bc0
-
SHA256
817e0007386c685b1ca38fd9957310e9e34e30c664f6da65a9b5943009af8087
-
SHA512
75a36405df5928a8a4dad148b184e573ee0c3f7c0c9cf1571b8f6222872323f015b6bca07d3134c32b87a6efde3c2b0a9b75897273887b0dd9fef5ce4b2928fa
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-