Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
aio.exe
-
Size
7.6MB
-
Sample
240419-c3rfdaed59
-
MD5
f087101c9fbf951e8cfac1aae1a1b43d
-
SHA1
c1647f0d4f42cc3e555695910fd4d5a5905bb9cc
-
SHA256
c26bcff0de67f90f62a8da6da37ee17df01a49c06f2e2d938878e61e9620f622
-
SHA512
702be19d5816d7aed421ca6103b6b565c7024f85126c177292daa80bfd0154ec75d514f91eb111f33f26f32369ae111c1bed7782f73615d9695e4bbf5fd29af7
-
SSDEEP
196608:zErmEGqgQnS2Yre0pL19JRQjAWraTKwBuApVWOenE6ul:zEGhQSfygBujFWLolE6y
Malware Config
Targets
-
-
Target
aio.exe
-
Size
7.6MB
-
MD5
f087101c9fbf951e8cfac1aae1a1b43d
-
SHA1
c1647f0d4f42cc3e555695910fd4d5a5905bb9cc
-
SHA256
c26bcff0de67f90f62a8da6da37ee17df01a49c06f2e2d938878e61e9620f622
-
SHA512
702be19d5816d7aed421ca6103b6b565c7024f85126c177292daa80bfd0154ec75d514f91eb111f33f26f32369ae111c1bed7782f73615d9695e4bbf5fd29af7
-
SSDEEP
196608:zErmEGqgQnS2Yre0pL19JRQjAWraTKwBuApVWOenE6ul:zEGhQSfygBujFWLolE6y
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Modifies boot configuration data using bcdedit
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-