Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    IObitUninstallerPro_pass1234.rar

  • Size

    41.9MB

  • Sample

    230305-zlyjpagh4v

  • MD5

    63d153c17050f247ccfbca49e339b71c

  • SHA1

    05ac008bdf73c9ae831f057eda11eef354c2dd45

  • SHA256

    ba862c1df63bf8ba0548f9246cad2a2f34f33b944d77540267c1c56812f51321

  • SHA512

    b46ffe8186c7d87b6ad85047af20d2ce2b83e42bae6b160e8aa7dd8c81b493c259a01d03b9faae103717817981c4a4c8fbec7210146212a864d1007ad7fb5e1a

  • SSDEEP

    786432:ZwzyyhMu1bNAjm3yI5M4JSguz9MfnEfl5PvjfENpFiR8ATQUktPM8Y:izyyyObCjsyI57Sguz9iEfP8NjiuA/kK

Malware Config

Targets

    • Target

      IObitUninstallerPro.exe

    • Size

      41.9MB

    • MD5

      ca3ea9f9e7ea2acabe198d10ebb3f2e9

    • SHA1

      6733097ddbf32b8f2b518db62be2464e2258b6bc

    • SHA256

      d07c6790f1ed323cc52b723ccf02bd2b03c125083e163d80ea9228ec937a8164

    • SHA512

      de6f10d0e2e24c61311cfeb75da1c7d34995623404803a9cfb6c7b16a5074786be9ee0592308f87b0b9d765b6b57b36480ba36d555da51ed83885acfcfbe883d

    • SSDEEP

      786432:cWo8a8H+CXdclEUmxx5e38O49Px5+3PyMxHl0pgbUUZYh4Y7KfAnE:dfa8zKl3o53x9PbmP0pgbZYq7+E

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks