Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
IObitUninstallerPro_pass1234.rar
-
Size
41.9MB
-
Sample
230305-zlyjpagh4v
-
MD5
63d153c17050f247ccfbca49e339b71c
-
SHA1
05ac008bdf73c9ae831f057eda11eef354c2dd45
-
SHA256
ba862c1df63bf8ba0548f9246cad2a2f34f33b944d77540267c1c56812f51321
-
SHA512
b46ffe8186c7d87b6ad85047af20d2ce2b83e42bae6b160e8aa7dd8c81b493c259a01d03b9faae103717817981c4a4c8fbec7210146212a864d1007ad7fb5e1a
-
SSDEEP
786432:ZwzyyhMu1bNAjm3yI5M4JSguz9MfnEfl5PvjfENpFiR8ATQUktPM8Y:izyyyObCjsyI57Sguz9iEfP8NjiuA/kK
Malware Config
Targets
-
-
Target
IObitUninstallerPro.exe
-
Size
41.9MB
-
MD5
ca3ea9f9e7ea2acabe198d10ebb3f2e9
-
SHA1
6733097ddbf32b8f2b518db62be2464e2258b6bc
-
SHA256
d07c6790f1ed323cc52b723ccf02bd2b03c125083e163d80ea9228ec937a8164
-
SHA512
de6f10d0e2e24c61311cfeb75da1c7d34995623404803a9cfb6c7b16a5074786be9ee0592308f87b0b9d765b6b57b36480ba36d555da51ed83885acfcfbe883d
-
SSDEEP
786432:cWo8a8H+CXdclEUmxx5e38O49Px5+3PyMxHl0pgbUUZYh4Y7KfAnE:dfa8zKl3o53x9PbmP0pgbZYq7+E
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-