Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
9Static
static
83km2-20120...��.chm
windows7-x64
13km2-20120...��.chm
windows10-2004-x64
13km2-20120...cn.url
windows7-x64
13km2-20120...cn.url
windows10-2004-x64
13km2-20120...er.exe
windows7-x64
13km2-20120...er.exe
windows10-2004-x64
13km2-20120...er.exe
windows7-x64
13km2-20120...er.exe
windows10-2004-x64
13km2-20120...er.exe
windows7-x64
13km2-20120...er.exe
windows10-2004-x64
13km2-20120...te.exe
windows7-x64
13km2-20120...te.exe
windows10-2004-x64
13km2-20120...rv.exe
windows7-x64
83km2-20120...rv.exe
windows10-2004-x64
83km2-20120...al.dll
windows7-x64
13km2-20120...al.dll
windows10-2004-x64
13km2-20120...er.exe
windows7-x64
93km2-20120...er.exe
windows10-2004-x64
93km2-20120...le.dll
windows7-x64
93km2-20120...le.dll
windows10-2004-x64
93km2-20120...te.exe
windows7-x64
13km2-20120...te.exe
windows10-2004-x64
13km2-20120...te.exe
windows7-x64
13km2-20120...te.exe
windows10-2004-x64
13km2-20120...��.exe
windows7-x64
13km2-20120...��.exe
windows10-2004-x64
13km2-20120...ne.exe
windows7-x64
13km2-20120...ne.exe
windows10-2004-x64
13km2-20120...��.bat
windows7-x64
13km2-20120...��.bat
windows10-2004-x64
13km2-20120...��.exe
windows7-x64
13km2-20120...��.exe
windows10-2004-x64
1General
-
Target
e9494f781813c9721d83f6b3d087f8f36db9eff5da568564697f0ff45038cf98
-
Size
15.6MB
-
Sample
221127-r2nenaaa9v
-
MD5
f796b03671447929e8047546f4f8f49d
-
SHA1
4d77bd7dd3c95fbd65c7b0259be050d718270e7e
-
SHA256
e9494f781813c9721d83f6b3d087f8f36db9eff5da568564697f0ff45038cf98
-
SHA512
4449b0bf720177b0ac01b5e775b404a426fd9b0cbe7617f76243896a62d174f1757272c8e419e9c1a91471efe6d8d399ceace02b9ad20a7dd45817712f07f28d
-
SSDEEP
393216:ay28NLuHz6iHiS5CiS0ibA8eSLsralugzYHKM0lV69fsc:aQwJHJCiS0JeRgNgs
Behavioral task
behavioral1
Sample
3km2-20120528[1117]/3K20120528(0404)合击引擎/3K引擎M2说明书.chm
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
3km2-20120528[1117]/3K20120528(0404)合击引擎/3K引擎M2说明书.chm
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
3km2-20120528[1117]/3K20120528(0404)合击引擎/3km2.com.cn.url
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
3km2-20120528[1117]/3K20120528(0404)合击引擎/3km2.com.cn.url
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
3km2-20120528[1117]/3K20120528(0404)合击引擎/DBServer/DBServer.exe
Resource
win7-20221111-en
Behavioral task
behavioral6
Sample
3km2-20120528[1117]/3K20120528(0404)合击引擎/DBServer/DBServer.exe
Resource
win10v2004-20220901-en
Behavioral task
behavioral7
Sample
3km2-20120528[1117]/3K20120528(0404)合击引擎/GameCenter.exe
Resource
win7-20220812-en
Behavioral task
behavioral8
Sample
3km2-20120528[1117]/3K20120528(0404)合击引擎/GameCenter.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral9
Sample
3km2-20120528[1117]/3K20120528(0404)合击引擎/LogServer/LogDataServer.exe
Resource
win7-20220812-en
Behavioral task
behavioral10
Sample
3km2-20120528[1117]/3K20120528(0404)合击引擎/LogServer/LogDataServer.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral11
Sample
3km2-20120528[1117]/3K20120528(0404)合击引擎/LoginGate/LoginGate.exe
Resource
win7-20221111-en
Behavioral task
behavioral12
Sample
3km2-20120528[1117]/3K20120528(0404)合击引擎/LoginGate/LoginGate.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral13
Sample
3km2-20120528[1117]/3K20120528(0404)合击引擎/LoginSrv/LoginSrv.exe
Resource
win7-20220812-en
Behavioral task
behavioral14
Sample
3km2-20120528[1117]/3K20120528(0404)合击引擎/LoginSrv/LoginSrv.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral15
Sample
3km2-20120528[1117]/3K20120528(0404)合击引擎/Mir200/IPLocal.dll
Resource
win7-20220901-en
Behavioral task
behavioral16
Sample
3km2-20120528[1117]/3K20120528(0404)合击引擎/Mir200/IPLocal.dll
Resource
win10v2004-20221111-en
Behavioral task
behavioral17
Sample
3km2-20120528[1117]/3K20120528(0404)合击引擎/Mir200/M2Server.exe
Resource
win7-20220812-en
Behavioral task
behavioral18
Sample
3km2-20120528[1117]/3K20120528(0404)合击引擎/Mir200/M2Server.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral19
Sample
3km2-20120528[1117]/3K20120528(0404)合击引擎/Mir200/SystemModule.dll
Resource
win7-20221111-en
Behavioral task
behavioral20
Sample
3km2-20120528[1117]/3K20120528(0404)合击引擎/Mir200/SystemModule.dll
Resource
win10v2004-20221111-en
Behavioral task
behavioral21
Sample
3km2-20120528[1117]/3K20120528(0404)合击引擎/RunGate/RunGate.exe
Resource
win7-20221111-en
Behavioral task
behavioral22
Sample
3km2-20120528[1117]/3K20120528(0404)合击引擎/RunGate/RunGate.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral23
Sample
3km2-20120528[1117]/3K20120528(0404)合击引擎/SelGate/SelGate.exe
Resource
win7-20220901-en
Behavioral task
behavioral24
Sample
3km2-20120528[1117]/3K20120528(0404)合击引擎/SelGate/SelGate.exe
Resource
win10v2004-20220901-en
Behavioral task
behavioral25
Sample
3km2-20120528[1117]/3K20120528(0404)合击引擎/副将数据转换.exe
Resource
win7-20220812-en
Behavioral task
behavioral26
Sample
3km2-20120528[1117]/3K20120528(0404)合击引擎/副将数据转换.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral27
Sample
3km2-20120528[1117]/3K20120528(0404)合击引擎/合区工具/AllInOne.exe
Resource
win7-20220901-en
Behavioral task
behavioral28
Sample
3km2-20120528[1117]/3K20120528(0404)合击引擎/合区工具/AllInOne.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral29
Sample
3km2-20120528[1117]/3K20120528(0404)合击引擎/开始更新程序.bat
Resource
win7-20220901-en
Behavioral task
behavioral30
Sample
3km2-20120528[1117]/3K20120528(0404)合击引擎/开始更新程序.bat
Resource
win10v2004-20220901-en
Behavioral task
behavioral31
Sample
3km2-20120528[1117]/3K20120528(0404)合击引擎/数据升级.exe
Resource
win7-20220812-en
Behavioral task
behavioral32
Sample
3km2-20120528[1117]/3K20120528(0404)合击引擎/数据升级.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
3km2-20120528[1117]/3K20120528(0404)合击引擎/3K引擎M2说明书.chm
-
Size
832KB
-
MD5
b961af6847c50e3fbfad9dddf0571811
-
SHA1
f5ecedf097181c9816082459fe46eb06e2ab4fb7
-
SHA256
94a58122712d79d18214ba2d4c676c03533bfceb3d32914161fbb0eadc97c4f7
-
SHA512
c69815680f800d3b93cdb54462877dfc850efd19053d19493546e21fa27ac4875eda67629d92a068591ed01ae99b402d6b3e3328a68d3bf56c818581962ac625
-
SSDEEP
24576:JV9Jnm6H02ZgqM3kWmUtJlOP2HO/dW7gD:DH1UZs
Score1/10 -
-
-
Target
3km2-20120528[1117]/3K20120528(0404)合击引擎/3km2.com.cn.url
-
Size
187B
-
MD5
f2b2a3fc83bd2a514240f88f7d81cdcb
-
SHA1
f8f496bb310d030a7cce278db2e226ced284edd2
-
SHA256
dd5c64bea3a3f7e8b3b3384d1ed134d34fabdd547c6b2930377ba73ccc28599f
-
SHA512
fa2e49a23c0ffcceb288370767abe8d8b251b070934d155ce6b67dce076d2d3d09845e9102dfbee27568b0d3ae3c2342dd9f1bfaaf0d6481074c12ad0f916328
Score1/10 -
-
-
Target
3km2-20120528[1117]/3K20120528(0404)合击引擎/DBServer/DBServer.exe
-
Size
485KB
-
MD5
09339d8bf1c5891db81737c22dfb9dc0
-
SHA1
88f86c6195a3fe12e40250287031e3203d93b0fe
-
SHA256
43fce1808e399bcb2a35cb7d9c18a3c44df01c0e3bf3e2d1cc69b459c0782ed1
-
SHA512
5a83f287b53540cb877eb2185be89401838c4959c1fc5b2cf6eefb0ffc93424b16c4f0c3e15af7157d00793ce9f2d97864b7418d36f477816d8e5608baf72bc8
-
SSDEEP
12288:sYxJQY+YdZR4gFfzqjldvP8zasz/Ct8mQWtmQ2go:XxCY+i7TfSFvQC+tW3
Score1/10 -
-
-
Target
3km2-20120528[1117]/3K20120528(0404)合击引擎/GameCenter.exe
-
Size
508KB
-
MD5
1ed1c217b9687078ae3d6a0fee0d45c2
-
SHA1
5c1f3b7af2ba906d4bece854e37364142d5e420b
-
SHA256
e231b72ff94084ce3d98f7c9f9b98824e437e90fd1469922a4fcbbc2e35f768c
-
SHA512
c12f909f386780c3583a7d73626a069089f2f0e41bc6e5683add66cc19fdff7eac0d3e49e31fd23c07e7a776f5eabb907dcf88a1b1670226c79bbadd141f4dc9
-
SSDEEP
12288:roNFBhCGm1Godt78LxLNk6tW9eWILhDwtXg5KpeQZ0772bpth+p:roNXkGm1RdtYLxo9eW8Dyg5KpD0nuptw
Score1/10 -
-
-
Target
3km2-20120528[1117]/3K20120528(0404)合击引擎/LogServer/LogDataServer.exe
-
Size
383KB
-
MD5
64cf2cfcd2503c486e6957a569c0dc76
-
SHA1
77592007a54ece0327df90a7096f27652e9cd665
-
SHA256
dcee4f53b38c5424ee128dd153a47d4e1d8086ca90f2c1fab4be29bc8ca02cf3
-
SHA512
96772724daf228701b434490963a3cddaf022634ad4048a1dc34d9f683f991e3b31adfde6599be23774343e48fdf82772170e0eebfa52487cf0e40df834a0a2f
-
SSDEEP
6144:QcZwt8EL8UgzFJJpOYTELbsu9IBXmv9gt722JqgrX2g8VAU/VFSOu7AtUlRMV3F:zZahYN3w4ZBKgdSgRyVFLrtUlRMV
Score1/10 -
-
-
Target
3km2-20120528[1117]/3K20120528(0404)合击引擎/LoginGate/LoginGate.exe
-
Size
480KB
-
MD5
3dd9be1401c813af75ec398b3f57c028
-
SHA1
eb60adab845f21998bb59ff9e4a428e4c2779cb4
-
SHA256
808595de42bf3c5df1583fd0088c8a36d88c4217acc81be565e74a8a49b8a2ac
-
SHA512
1100605268953a2cffa72213502ce4db32984165a17c1e57656cda883a3f887af9d379e2edbf84d7f5f1b5a2a0629bf7eab008d0f713962dc104340d2008001c
-
SSDEEP
12288:hcsfv2muayPvLGBFBSjWA95mk3AktuebnQgyV8JIiIb:b+fbbGBFBSzmk33Aeblgb
Score1/10 -
-
-
Target
3km2-20120528[1117]/3K20120528(0404)合击引擎/LoginSrv/LoginSrv.exe
-
Size
333KB
-
MD5
c07b785b690fb9dfa0b404c6e69a7001
-
SHA1
b236a4720d6ac9426f40195fa5619a8c6eb24fff
-
SHA256
27f4d216da33de9541a9e30702caa1ffeb68ca6e3e904382d3f8b1aba79e27b1
-
SHA512
47a0904d5d7a2143795e41ed7e6b8efd6e2816f502748921d0f3dbf53bd5d83ba041926b0e458aa5f3423f3752c6454074af9d8b9189138a1e9ac04946cd493e
-
SSDEEP
6144:LOzLPjdf+/66Z5TsfkRumVMPz3apGeAyx8WXc5FshwBWJg6djNVYmxtu+:LOz/t+/phckwJr346eCF9WZNntu+
Score8/10 -
-
-
Target
3km2-20120528[1117]/3K20120528(0404)合击引擎/Mir200/IPLocal.dll
-
Size
708KB
-
MD5
8b1cc052a316b3d9c987638e090dc30c
-
SHA1
8a786247ed4b8e3b3b23894a40a2662bb6bb864b
-
SHA256
ec68caf90c61e2c3620154c562f306d3104c99855ee2d6cb40a390003cc21c13
-
SHA512
fd8f4f5f73756472268acff656b3064858d5dbd98643d2bac27eac4ac23ea51cae30bcabc3a209d466cec72c634e4de06f93345eae49d864e596a3a5c67f3674
-
SSDEEP
6144:wacWxKtTHt9kwZ7oCSr/eu+zYJfnWV3j8MXSnkxHepk1NHwgIDLL5fKH+c:wacWxoN9kwZMCl3j8xn0+pk15ghfKT
Score1/10 -
-
-
Target
3km2-20120528[1117]/3K20120528(0404)合击引擎/Mir200/M2Server.exe
-
Size
3.4MB
-
MD5
c2da6a2920b67b4c888c7209e55e484a
-
SHA1
296d2aec76116c25b3550b52d80d94440d3a783e
-
SHA256
e9be4facf1882e685aebe9703664715523c21995fdf9c19197da9a0a6adf8f4d
-
SHA512
edf04caabe60bef22e05075496eff89c40d6ecce4eb2f717a3881596bc3d0953bea594f125725893c274e84de9b9008a076a52126e2da87d1b210470d3d57144
-
SSDEEP
98304:eQ8PU3vL2A4ZMNbEhy7DpeSrsK+AZH2c4+:h8sh9y2dXfZHR1
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
3km2-20120528[1117]/3K20120528(0404)合击引擎/Mir200/SystemModule.dll
-
Size
1.7MB
-
MD5
6e00bde454e5c87cd6a4c0abdc698c89
-
SHA1
9f9c5d03f1ed8fc40b7f1560fa3db94c0b8a2b28
-
SHA256
b66ff82da730bb8021fd28aa9f7aa7d6c002a9ade9f64e14645a51665723c5e2
-
SHA512
fce79019308bf11449f88d52c746ec4dad624c5f4ec03d8b9a1d4cc95dd1a4997513676160eb03101bb041c30970ba7e93df5dd38d39ceac3b935ae74d0de489
-
SSDEEP
24576:U9kBIWxwSHJvOqByWQH0qYCSIxRJsxLwWfu7bOaSKN/6ZqlRIV+BEl6SujwK:nBINc2qBLlCSQxGuPOyl2V+UL0wK
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
3km2-20120528[1117]/3K20120528(0404)合击引擎/RunGate/RunGate.exe
-
Size
371KB
-
MD5
3555f6b20c2e139a846ba0a6fd31aa97
-
SHA1
0941ba558b4640b2d46c6c6ba26f90be4546e3ae
-
SHA256
4584bfec89ae175834a47df600c98f054584cacf6eef4919f973b13c41674917
-
SHA512
e9a5e770295eb527895ea667bc81a5feec6d1379d4bcfd788056e6187819e806a0a37c1410687ec2bb9edddcde674ad86c648eaae6a9037ca6233bef03a0a6dd
-
SSDEEP
6144:vbBBPs6RIjBAarBQrFrgTRKrYNfU6spHn7zCA9upZZhiqD10NV1s:zBe3r0ZgFAYNfU6spHfC2upc81qs
Score1/10 -
-
-
Target
3km2-20120528[1117]/3K20120528(0404)合击引擎/SelGate/SelGate.exe
-
Size
296KB
-
MD5
80bfe461c0a4df0f2a6dc808aaffe86b
-
SHA1
000817f018c43f2544037e6b45431d8bb0592c1d
-
SHA256
cddee7119496376779c2184b68438207d63e889a5ed4cfe47772530120b099cd
-
SHA512
9204d28b824f5223d486820d4a6de02ec503236c856f93bb97587a60c1f6215a0b137fe67a0d95d2adef60eb84840cb01ca3f9a073a6ca48c8de13aa7f179844
-
SSDEEP
6144:wxp2Iqw3fysi6BAgsmouJXkwlyxHZ6IVsYzdouRKCp+mhbC:wxIIqwvy5yfouxS6I5YC82
Score1/10 -
-
-
Target
3km2-20120528[1117]/3K20120528(0404)合击引擎/副将数据转换.exe
-
Size
406KB
-
MD5
a89c4a9a2f623c0fdd6c9fea68735bb3
-
SHA1
b012a26192769a56a92446d820b06c902b06b08a
-
SHA256
7f76aa96812819466576b11711efefb0b4e52be89b4e7c4b02cad717c6ae960a
-
SHA512
fed6f747bbcea8ef611547db973dad24952e77dad4deb483e68de1ca77bc066cec9fe4fef9c96cbe19bb54c79c6950d434030ab30539e7224e0bf1b4f93b8ba8
-
SSDEEP
12288:r39e2xgs3C9DOqLoBXkoXfp6gmplCMMVo:rNvxgs0DzoBBogGM+
Score1/10 -
-
-
Target
3km2-20120528[1117]/3K20120528(0404)合击引擎/合区工具/AllInOne.exe
-
Size
383KB
-
MD5
1fd69fe8016fba4696bbc37e47be3f5d
-
SHA1
00baa7eda6753f25add8ec64bef239feae99f1a9
-
SHA256
f1ef5d0962735eb6341b3c2cbd6c5c4ee3c74071be4c721a36a26fd5c1e394f0
-
SHA512
40f1b350ef39585ece7cd06f09c84931c785c139c0e597ea11700573afee16bd8563af716c7b4a70aa854d130ce3210d0c855c8ad86b5da7adbee41cf54a4a53
-
SSDEEP
6144:0uI8TbCceQIRjFkrDPqSZP9wTjdaB7NLrsyNotHVP6Fa36c:5IXxnKDSCmTjK3sv1VPSaK
Score1/10 -
-
-
Target
3km2-20120528[1117]/3K20120528(0404)合击引擎/开始更新程序.bat
-
Size
764B
-
MD5
36a3f6229863c32189d31d261a9fa647
-
SHA1
ccae052c897e053f8dd16fbb388c4fb3e64f548f
-
SHA256
d0e860ab0c36dc5f031128153fdb3979407c3a917a6485b73fd096bf1c3a9eae
-
SHA512
2a8c3605e4a3860aec187f20d19ac129281f2dad8597bb884872578832c480a894ea327f925dcbd5dfb8c437910d7729b9f7cf0af61dcfb13d206c2d9a567bce
Score1/10 -
-
-
Target
3km2-20120528[1117]/3K20120528(0404)合击引擎/数据升级.exe
-
Size
407KB
-
MD5
49ab59f5b8405721b09797642296c1f4
-
SHA1
01bd8bd414bcd1c145828488acc0678d5513672d
-
SHA256
6b80d96d18fd937eabcccb7ca16994a8f93a481c319fc15eeb6570ad45745508
-
SHA512
c63ebeefc91a9b3558be510efb150783d37bbde07be23a1c9a88ac08ca23a07855e06f3240b858ee38490fc45a80436652fd92daf0cc27a4970775f53e8bd403
-
SSDEEP
12288:n39e2xgs3C9DOqLoB6NPBroi49fH6ItZEIJQiYdhv:nNvxgs0DzoB0PVoi49xRY/
Score1/10 -