Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
0xVanguard.exe
-
Size
20.2MB
-
Sample
240424-yye3fagg66
-
MD5
e510770367dc26a1ed1c67feb70ccdf9
-
SHA1
7f989819e9851110980925b25301ee7a267e9058
-
SHA256
8e6dc734b552472725c80ecd5ad2187bac5427cf9deea9f78e41ca80563f5810
-
SHA512
f3c518d949c68b6ebcf5e603ffbf51f4c5d281b3cf66a63dde2304cfd01d7a57d2aa0dc774f61e86e804fd95fbc5c9c22210eae1851da5ef09e216cb6e48743c
-
SSDEEP
393216:EqPu8bmS69TPKFK4UCQTHvN6uR4LwqnPTD3qEjRBJ8oy52EvNu1WuAEZY:FqTRP6JUtTH16uRj0jRT8oylNKWuW
Malware Config
Targets
-
-
Target
0xVanguard.exe
-
Size
20.2MB
-
MD5
e510770367dc26a1ed1c67feb70ccdf9
-
SHA1
7f989819e9851110980925b25301ee7a267e9058
-
SHA256
8e6dc734b552472725c80ecd5ad2187bac5427cf9deea9f78e41ca80563f5810
-
SHA512
f3c518d949c68b6ebcf5e603ffbf51f4c5d281b3cf66a63dde2304cfd01d7a57d2aa0dc774f61e86e804fd95fbc5c9c22210eae1851da5ef09e216cb6e48743c
-
SSDEEP
393216:EqPu8bmS69TPKFK4UCQTHvN6uR4LwqnPTD3qEjRBJ8oy52EvNu1WuAEZY:FqTRP6JUtTH16uRj0jRT8oylNKWuW
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Stops running service(s)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-