Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
lasservices_spoofer.exe
-
Size
11.0MB
-
Sample
240224-kcq1xsfb9y
-
MD5
09bbb184c9a6e587b0f40492723e604f
-
SHA1
4bbcfa112b1cf36b138d463a7e6a99fbe94754eb
-
SHA256
6235dcfcc025b267404345ac9cbab036edd2e17b7f1c3009374042204d380b21
-
SHA512
906402ea905c08ce33690ce6d8b04e20ba50537ccd66e5422a27b1899960d2501ac693d5d06045bb68fd755f5c454ea8d319042f5383cc579e113c541e405317
-
SSDEEP
196608:JGluENPKd3fjqfnHzW2JmMf8PzHm1ufh6Bffpf5YUAyQ:Ml5RKJqPaMQa1ufh6BZyUAN
Malware Config
Targets
-
-
Target
lasservices_spoofer.exe
-
Size
11.0MB
-
MD5
09bbb184c9a6e587b0f40492723e604f
-
SHA1
4bbcfa112b1cf36b138d463a7e6a99fbe94754eb
-
SHA256
6235dcfcc025b267404345ac9cbab036edd2e17b7f1c3009374042204d380b21
-
SHA512
906402ea905c08ce33690ce6d8b04e20ba50537ccd66e5422a27b1899960d2501ac693d5d06045bb68fd755f5c454ea8d319042f5383cc579e113c541e405317
-
SSDEEP
196608:JGluENPKd3fjqfnHzW2JmMf8PzHm1ufh6Bffpf5YUAyQ:Ml5RKJqPaMQa1ufh6BZyUAN
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-