Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
file.exe
-
Size
3.9MB
-
Sample
231024-ktap9sdf67
-
MD5
6c13146feeabc071309b41335514bf99
-
SHA1
127ba6047bdbc24d66a2be4d975bfc8d8bbf3808
-
SHA256
c630fc1a9602a939621027c5c7c6be78e598b66d86fec0ed103ebae22fc99577
-
SHA512
f617e7168a9b4848d2278bdc5dd0cd8986f47300d58644121adc43c7236333ba8474309ce25be96709103e5ee1a4f3e62471b1fc2e876c347505920965144a0e
-
SSDEEP
49152:9Zt7mOXOJ79zFO/xx25/g0wDHIhQXjoLBaBhIT2iL54oU6Hhs2WtuHr1j7jEuPYM:9/hOJYrVjIhQXEiil7H6pSJpY3ZU0zK
Malware Config
Targets
-
-
Target
file.exe
-
Size
3.9MB
-
MD5
6c13146feeabc071309b41335514bf99
-
SHA1
127ba6047bdbc24d66a2be4d975bfc8d8bbf3808
-
SHA256
c630fc1a9602a939621027c5c7c6be78e598b66d86fec0ed103ebae22fc99577
-
SHA512
f617e7168a9b4848d2278bdc5dd0cd8986f47300d58644121adc43c7236333ba8474309ce25be96709103e5ee1a4f3e62471b1fc2e876c347505920965144a0e
-
SSDEEP
49152:9Zt7mOXOJ79zFO/xx25/g0wDHIhQXjoLBaBhIT2iL54oU6Hhs2WtuHr1j7jEuPYM:9/hOJYrVjIhQXEiil7H6pSJpY3ZU0zK
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-