Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
10WeChatSetup.exe
windows7-x64
4WeChatSetup.exe
windows10-2004-x64
4$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...ll.dll
windows7-x64
1$PLUGINSDI...ll.dll
windows10-2004-x64
1$PLUGINSDI...st.dll
windows7-x64
3$PLUGINSDI...st.dll
windows10-2004-x64
3Uninstall.exe
windows7-x64
4Uninstall.exe
windows10-2004-x64
4$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...ll.dll
windows7-x64
1$PLUGINSDI...ll.dll
windows10-2004-x64
1WeChat.exe
windows7-x64
10WeChat.exe
windows10-2004-x64
10WechatAppLauncher.exe
windows7-x64
1WechatAppLauncher.exe
windows10-2004-x64
1[3.9.9.43]...dk.dll
windows7-x64
1[3.9.9.43]...dk.dll
windows10-2004-x64
1host/wmpf_...rt.dll
windows7-x64
1host/wmpf_...rt.dll
windows10-2004-x64
1host/wmpf_...64.dll
windows7-x64
1host/wmpf_...64.dll
windows10-2004-x64
1runtime/Co...on.dll
windows7-x64
1runtime/Co...on.dll
windows10-2004-x64
1runtime/ConfSdk.dll
windows7-x64
1runtime/ConfSdk.dll
windows10-2004-x64
1User tags
Assigned on submission by the user, not by sandbox detections.
General
-
Target
WeChatSetup.exe
-
Size
213.9MB
-
Sample
240316-mgtzgsba96
-
MD5
f532bf00404c7e1c85cf0beea77a8087
-
SHA1
2e4b7a89c9dd6c94b0e2d1c4590647dac1db6e01
-
SHA256
f6de40a0e0c5b51daa70456189d10f7fc1e7dcd36168cf8afcb17035efda6686
-
SHA512
660a0f9e3d67cda569b1f23bf58704f88fa3954051ea54bcd45809572da131421cb54a799b2a09f8904b079aa62a2116525d07514780bdde50c5772dcd0cecab
-
SSDEEP
6291456:WGQuGyvvAlDNxMPt28nxoW94yGGGQnJGSEDeS:WSGyv4lDXORLnJ9LS
Behavioral task
behavioral1
Sample
WeChatSetup.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
WeChatSetup.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/FindProcDLL.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/FindProcDLL.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/WeChatInstallDll.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/WeChatInstallDll.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/nsInstallAssist.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/nsInstallAssist.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
Uninstall.exe
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
Uninstall.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/FindProcDLL.dll
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/FindProcDLL.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/System.dll
Resource
win7-20231129-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/WeChatInstallDll.dll
Resource
win7-20240220-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/WeChatInstallDll.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
WeChat.exe
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
WeChat.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
WechatAppLauncher.exe
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
WechatAppLauncher.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral23
Sample
[3.9.9.43]/ConfSdk.dll
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
[3.9.9.43]/ConfSdk.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral25
Sample
host/wmpf_host_export.dll
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
host/wmpf_host_export.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral27
Sample
host/wmpf_host_export_x64.dll
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
host/wmpf_host_export_x64.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral29
Sample
runtime/ComponentVerification.dll
Resource
win7-20240215-en
Behavioral task
behavioral30
Sample
runtime/ComponentVerification.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral31
Sample
runtime/ConfSdk.dll
Resource
win7-20240220-en
Behavioral task
behavioral32
Sample
runtime/ConfSdk.dll
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
WeChatSetup.exe
-
Size
213.9MB
-
MD5
f532bf00404c7e1c85cf0beea77a8087
-
SHA1
2e4b7a89c9dd6c94b0e2d1c4590647dac1db6e01
-
SHA256
f6de40a0e0c5b51daa70456189d10f7fc1e7dcd36168cf8afcb17035efda6686
-
SHA512
660a0f9e3d67cda569b1f23bf58704f88fa3954051ea54bcd45809572da131421cb54a799b2a09f8904b079aa62a2116525d07514780bdde50c5772dcd0cecab
-
SSDEEP
6291456:WGQuGyvvAlDNxMPt28nxoW94yGGGQnJGSEDeS:WSGyv4lDXORLnJ9LS
Score4/10 -
-
-
Target
$PLUGINSDIR/FindProcDLL.dll
-
Size
492KB
-
MD5
633625aa3be670a515fa87ff3a566d90
-
SHA1
de035c083125aef5df0a55c153ef6cc4dd4c15b4
-
SHA256
bda8e0ddb672ea3558ad68634c49da06cd72f93d7fca642ca41df00e26512df1
-
SHA512
3c687ddf0e4e93a6787a23a93e2011df42898f6d21101c848a1b7c7bd2eddd5d49fdd0748e47e6235e7808596d00a1ecf79b5c975d050dd8d00a95f515a444a9
-
SSDEEP
12288:LAeafIS4J8anXexYWGRhvgbTu4RJ6//sCMUx:04J9/WGRS33+
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
ca332bb753b0775d5e806e236ddcec55
-
SHA1
f35ef76592f20850baef2ebbd3c9a2cfb5ad8d8f
-
SHA256
df5ae79fa558dc7af244ec6e53939563b966e7dbd8867e114e928678dbd56e5d
-
SHA512
2de0956a1ad58ad7086e427e89b819089f2a7f1e4133ed2a0a736adc0614e8588ebe2d97f1b59ab8886d662aeb40e0b4838c6a65fbfc652253e3a45664a03a00
-
SSDEEP
192:eo24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35Ol6Sl:k8QIl975eXqlWBrz7YLOl6
Score3/10 -
-
-
Target
$PLUGINSDIR/WeChatInstallDll.dll
-
Size
3.6MB
-
MD5
2acb0c1f4f388e1dd5be9a01c9593185
-
SHA1
4700a4c989ef847f0bf39c907d08968003ec5942
-
SHA256
749fb2d7f65cfad8928a842d1103c22dab3239296472947798504b15858422ba
-
SHA512
fcba0b51326ead208db123c17118c452082fdcff9379328c5b4c0825d4039de80932cab8c38a2b7f95955907ce1a92bba4021e7e48bab7988991088cf7189f7b
-
SSDEEP
49152:OGHSauEm8jA+ZojaXvP3WW43XOYlZiz2yNyc0yfgWFbxq/WPyZuTJGeXMK+u80e8:OGHSabb7ZB/P2l+0yfgO0/FZPeV+d03
Score1/10 -
-
-
Target
$PLUGINSDIR/nsInstallAssist.dll
-
Size
192KB
-
MD5
28b411f3793dbcb81d6f3d3b0527cdba
-
SHA1
7614310be1231850e811a818f58ee8b54ae9ceaf
-
SHA256
0281e384c94cad29fd8279c1855f671c2dd1f7772cf5645f573dd1df2b3bd127
-
SHA512
e5c9f21e9838eca54a8ededb1bf279453e116b6cde629a75ad057b6438deec6bcacf6e27a81c8aa0fc732f26dc28cee7a006ba6d68c08846b92937e388349d78
-
SSDEEP
3072:tYglJRVqBh6wpVwGs5m5tEA346FO5F3zyY7IZGptOq5LSx/tcDa:FdqBhbWCuFpyq5SXya
Score3/10 -
-
-
Target
Uninstall.exe
-
Size
1.7MB
-
MD5
65a8d4d556099f4a62b3ab141034f38e
-
SHA1
38d2ee2b7a2c363cd99ab46d03fab2b87ff00d9e
-
SHA256
caff82547f14b0afff408cd83625321ad00c5145d9086e7f5c74c6ca10899f54
-
SHA512
f3ad2c0fb2d78551f6a65cbd4aae6a3ea5f3653e4456ec9fb4aa36ab299fffe9712acb3da91b272f9cef7f2d7216e38a9685d9179bf72f6f9cae6cebc5d8f8f5
-
SSDEEP
24576:0GTJPUbMP326XBoBBYHsIfDczcu5IOQ6LbitlK3cBD5Mm1cBJkkMG5pOVUWjPSdD:FI2G0oWMIoVljGG3aqmQkk9OOpt
Score4/10 -
-
-
Target
$PLUGINSDIR/FindProcDLL.dll
-
Size
492KB
-
MD5
633625aa3be670a515fa87ff3a566d90
-
SHA1
de035c083125aef5df0a55c153ef6cc4dd4c15b4
-
SHA256
bda8e0ddb672ea3558ad68634c49da06cd72f93d7fca642ca41df00e26512df1
-
SHA512
3c687ddf0e4e93a6787a23a93e2011df42898f6d21101c848a1b7c7bd2eddd5d49fdd0748e47e6235e7808596d00a1ecf79b5c975d050dd8d00a95f515a444a9
-
SSDEEP
12288:LAeafIS4J8anXexYWGRhvgbTu4RJ6//sCMUx:04J9/WGRS33+
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
ca332bb753b0775d5e806e236ddcec55
-
SHA1
f35ef76592f20850baef2ebbd3c9a2cfb5ad8d8f
-
SHA256
df5ae79fa558dc7af244ec6e53939563b966e7dbd8867e114e928678dbd56e5d
-
SHA512
2de0956a1ad58ad7086e427e89b819089f2a7f1e4133ed2a0a736adc0614e8588ebe2d97f1b59ab8886d662aeb40e0b4838c6a65fbfc652253e3a45664a03a00
-
SSDEEP
192:eo24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35Ol6Sl:k8QIl975eXqlWBrz7YLOl6
Score3/10 -
-
-
Target
$PLUGINSDIR/WeChatInstallDll.dll
-
Size
3.6MB
-
MD5
91153d3fc0b835b072aeebc4d8837faf
-
SHA1
1e1e524be7c69077229973e385c447d9692ad937
-
SHA256
a7971bce47584535e9033f9d72d8f6f386c7d8deef3b93e11de50cf9574f7413
-
SHA512
2b49c6d701cc6f0d25a81258dcec2159ab3ea30389d18aadcc486c540f5daf6adedf998def1bf5c5fb4a5712755dbca710387c862a89138b23ec081682e835ec
-
SSDEEP
49152:IBTaBlUSRRWRgyuHaLF12pv55EW4AXO/hPsQIYmSXyfgY2YBlWPRGtTLJMK+u8GJ:IBTaBzIguwv/ShTXyfgClmG13+dTW
Score1/10 -
-
-
Target
WeChat.exe
-
Size
644KB
-
MD5
66eb21741ecfc2a8a53a24d65ec7a40a
-
SHA1
6d70532a0b9a1012da004bb78461fff8d9845253
-
SHA256
64cd27f902fdf3e74c2ed74f7640ec000441ef46daffa20416da582e751b18a8
-
SHA512
47289021ab9543a30a2ab647f42619cba048be9c03f4b8c6fbc888bb7167c0cd8868e482114874c0b6c8f02dc48b6e87d22b1c4f04e53a0d20b62897199955be
-
SSDEEP
6144:GYEMF2LJ65kzLpKhlD24mjLrTeXivA29PR7YK:GYEtLJ65kzLpA1VOr9J/N
-
Meduza Stealer payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
-
-
Target
WechatAppLauncher.exe
-
Size
612KB
-
MD5
08e35f062f4ab4583e683360fda618c9
-
SHA1
69278dd8903ab811e5475d3cbe3ffa64f337fc96
-
SHA256
19ba49900886740468c8b42c3137554a72348cb9c7f197283ea05998313ab667
-
SHA512
14380cea0ec17daf79395cb36866b0cb44a05dcc1e1a21198817b20f949841ece07e7c17b0a91c1a35d2e97cb853e9842d1efda5fc235fb2d3404a7ae3c01e9f
-
SSDEEP
6144:1M3AikYL7twGMx4s0eBRWZp2QGnvY4lgNt:1CAi3Y9VBgZp0vH6Nt
Score1/10 -
-
-
Target
[3.9.9.43]/ConfSdk.dll
-
Size
1.3MB
-
MD5
b469a62b38b18869c3146b16652f7cad
-
SHA1
eba667eae4e894f9fbf1d67fde6665349480d27f
-
SHA256
cf6e5dd1dbd3e1963279aa5120adb2fb544817c3f74a2819ccbaa3c27773ffc6
-
SHA512
a5502bc2e09f218d3948fffe70e71cc7ec654e031f71357a78f06077a567b5a06d10879e2b1f4d4c96a4b56ea777e762ded457f33260c1f1f8f0a6718710141d
-
SSDEEP
24576:Y3Yptx6ZMFT8wnorDnD0ADl6dWmHc240YGr0fJIp:YjSFt46dWmR4zGrd
Score1/10 -
-
-
Target
host/wmpf_host_export.dll
-
Size
1.8MB
-
MD5
557263e28dc6c1416cea8b43a9a47282
-
SHA1
bb2306ef4e99dc0b10aa8ab51bb2872ed2a5d45a
-
SHA256
d40ebacc2c08b72aa48dbe613ef2bc4cfe65bf0fcd63254239308fc4ae0eb226
-
SHA512
b8fd24c566d770a452ecb5d227ccfe2ae8afc37d1c797d064adda63ec34a606c3ac882b2a366e4828c5c4869e249e2cf9dd9852185d63da9ff4bfc6c71c3d686
-
SSDEEP
24576:e+JpOhdC4YyHBU8p4aolR7esO2YgdlnL6tO/MbcTuMilTfYR01Is0B2o5pvy82+f:kC4YyHBP4DesjgsYOmP0B1i+
Score1/10 -
-
-
Target
host/wmpf_host_export_x64.dll
-
Size
2.2MB
-
MD5
e479c9b7f445f62e512dca0b671fddba
-
SHA1
20a0df44d91a5e3b9bb8e422946f343d4f82df61
-
SHA256
c9c85a4136cfd3a06cf15d1fa59e0ae0343cab03986bec5cf4456402d8eb3b3c
-
SHA512
0a1606ec5a794f1c1b4b28e3161cc142999d09f4bc8ffbd241b4c42bba562048a0653857ae1b2f70cde6691e7ce4b78a2201fbf540c3ca4c64a4f64d7887b1fe
-
SSDEEP
49152:nQPPNAKvIm0DEcv5Qx5XBPo7BxBZGY4R24FmwK74vSeTtc:mcDEcvuqP4rzK70TO
Score1/10 -
-
-
Target
runtime/ComponentVerification.dll
-
Size
179KB
-
MD5
2d39b287fc2e07a9f26620c5173b41b8
-
SHA1
5cb471dea1a7087f5b6735ff8f43f9f27d32a061
-
SHA256
28e883c76d68de23f0a2aaaaf8458e490c54d6874e33594b8fbf7e44f099270b
-
SHA512
6e37dfa78c40ce8fd58edf237cf26c4d100f19970fdda8c0cb2cb95718ebba284c1e1ea481335f8270b9ecf015757f206b74de6c83a5c7e409e89b214abb064c
-
SSDEEP
3072:KdnhUaZ90uRBfBFS2AFtKccB5n0piJMYbomgXuxlT4y:Kh3BZFF6t9c3nK6Oy
Score1/10 -
-
-
Target
runtime/ConfSdk.dll
-
Size
1.2MB
-
MD5
c21a0198c2c75b325b8fd1233ba6984e
-
SHA1
fc0442083b7c165b97efb8018cffa0c78ac50a8c
-
SHA256
f9c904746a447a25f2e7815448e69a5c29dd2c207962df208916d3e52e2ae888
-
SHA512
d34a74715ef8c86b05b8802882a77265d71249f00fa4e9b850322465747fda2fce8e6a56bd1aed3ec99ef5957cb192e487f51fb0c575bc07fc7b532e783be0e3
-
SSDEEP
24576:ND9Yx6VsUPUN3onEeV47fI+jF5Sw9Y3Cj+j+xb:NKgwagQMF5Sf3oL
Score1/10 -