Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

7

Alien_Wooferr.exe

windows7-x64

9

Alien_Wooferr.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Alien_Wooferr.exe

  • Size

    3.8MB

  • Sample

    231014-3gd62aec64

  • MD5

    07df8b71759fd825a418a7075d4d0552

  • SHA1

    61e116200e4c2119795ffb14ee3221b6022f8141

  • SHA256

    b5c05c9af1f689f1967fb86b3bea8e6b0a72194c60ec7e7603ff0bfb772ddfc7

  • SHA512

    fdfa5133eb4df7f6b358556d0f223cba8152ec9dab3efa6fe7c057fa3cf12ef582d4eed8056cd9c3eddd01bb7df1565aeabd200fe608401cc6fa0a32e867268f

  • SSDEEP

    98304:HIm+0/3Os0J+4kgN37+RjDck6XQ1z0LLlxdBmPab:Hq0/+sM6gNAfcDaomP8

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      Alien_Wooferr.exe

    • Size

      3.8MB

    • MD5

      07df8b71759fd825a418a7075d4d0552

    • SHA1

      61e116200e4c2119795ffb14ee3221b6022f8141

    • SHA256

      b5c05c9af1f689f1967fb86b3bea8e6b0a72194c60ec7e7603ff0bfb772ddfc7

    • SHA512

      fdfa5133eb4df7f6b358556d0f223cba8152ec9dab3efa6fe7c057fa3cf12ef582d4eed8056cd9c3eddd01bb7df1565aeabd200fe608401cc6fa0a32e867268f

    • SSDEEP

      98304:HIm+0/3Os0J+4kgN37+RjDck6XQ1z0LLlxdBmPab:Hq0/+sM6gNAfcDaomP8

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Stops running service(s)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks