Extracted

• • Target

    SecuriteInfo.com.Win32.TrojanX-gen.1402.17438.exe

  • Size

    2.2MB

  • MD5

    c69257754756a39feb6866d4182de5ff

  • SHA1

    166ce2d73c9d910413d03f4e4230dd4b9e73f9dd

  • SHA256

    28743b7096beacaf8a67056ec70274af4b84fc5410f22ce4e9086eba7be5e665

  • SHA512

    3ab7d9cf02f85aa16220af4337176dbb2957ed68a122fd744fa5a3d29c2e49019bc948cf6315fc117f79ae81f5dd54b401e4330529d2181c35eb7b3e41321d45

  • SSDEEP

    49152:maSEP2yVfKG32h2Ougih+mvVW7FI460FSR2Cs:j92ydw2/h5g7ulR2C

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2