Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

pafish64.exe

windows11-21h2-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    pafish64.exe

  • Size

    118KB

  • Sample

    240217-1nltcabe93

  • MD5

    4b6229d1b32d7346cf4c8312a8bc7925

  • SHA1

    4d83e18a7e1650b4f9bb5e866ea4ad97a21522bd

  • SHA256

    ff24b9da6cddd77f8c19169134eb054130567825eee1008b5a32244e1028e76f

  • SHA512

    804f7e663f3a4e03f99e19f7ad8e89362c9d11793ece2e0716f86bce020f6ce95766fc4f6e686375b73d0b6765cc75029d8d6527abe0777b91ec807f81c7146a

  • SSDEEP

    3072:wgjIzC10pKQ6PbNehdv3I0lmPendNyrOMGTkrNRD:wgSCuMDendVMGTuNR

Score
9/10
evasion

Malware Config

Targets

    • Target

      pafish64.exe

    • Size

      118KB

    • MD5

      4b6229d1b32d7346cf4c8312a8bc7925

    • SHA1

      4d83e18a7e1650b4f9bb5e866ea4ad97a21522bd

    • SHA256

      ff24b9da6cddd77f8c19169134eb054130567825eee1008b5a32244e1028e76f

    • SHA512

      804f7e663f3a4e03f99e19f7ad8e89362c9d11793ece2e0716f86bce020f6ce95766fc4f6e686375b73d0b6765cc75029d8d6527abe0777b91ec807f81c7146a

    • SSDEEP

      3072:wgjIzC10pKQ6PbNehdv3I0lmPendNyrOMGTkrNRD:wgSCuMDendVMGTuNR

    Score
    9/10
    evasion

    • Enumerates VirtualBox registry keys

      evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Looks for VMWare Tools registry key

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks