Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
10PCRemoteRe...16.exe
windows7-x64
4PCRemoteRe...16.exe
windows10-2004-x64
10$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3MonectMediaCenter.exe
windows7-x64
10MonectMediaCenter.exe
windows10-2004-x64
10MonectRunt...ck.exe
windows7-x64
5MonectRunt...ck.exe
windows10-2004-x64
8MonectServer.exe
windows7-x64
1MonectServer.exe
windows10-2004-x64
1MonectServ...ce.exe
windows7-x64
1MonectServ...ce.exe
windows10-2004-x64
1PCRemoteReceiver.exe
windows7-x64
10PCRemoteReceiver.exe
windows10-2004-x64
10Packages/v...64.exe
windows7-x64
7Packages/v...64.exe
windows10-2004-x64
7QRCodeEncoder.dll
windows7-x64
1QRCodeEncoder.dll
windows10-2004-x64
1SDL2.dll
windows7-x64
1SDL2.dll
windows10-2004-x64
1SDL2_image.dll
windows7-x64
1SDL2_image.dll
windows10-2004-x64
1TouchInput.dll
windows7-x64
1TouchInput.dll
windows10-2004-x64
1avcodec-59.dll
windows7-x64
10avcodec-59.dll
windows10-2004-x64
10avformat-59.dll
windows7-x64
10avformat-59.dll
windows10-2004-x64
10General
-
Target
PCRemoteReceiverSetup_7_5_16.exe
-
Size
63.3MB
-
Sample
240504-r6h1qsbg74
-
MD5
ca3eb78b4bfcd2388bf49a980f1053b7
-
SHA1
81c60fff0a2f0bf8e8ffc4161b0ed00fd3353a9f
-
SHA256
b1707825c0f2fde7bfdbb5f4a4cef4002a935b2c9edfa93f512127f430cfbdd0
-
SHA512
5f02bd4cab05cd242f3605ab027c11d28b855bd9180ff52aa14963248e2778cacc36466dcca684c0c17c9bab874f12b3a3e2d3ca655570831101cfc5c1022e51
-
SSDEEP
1572864:DGr9D2YYvt8/7Z9lRA9lg5yJRotDthtYt/1vv+W5x/t6rRYyjvZXTpoZC86:DO9DoFE3lKYgJ1cW5+ruyjv1Nos86
Behavioral task
behavioral1
Sample
PCRemoteReceiverSetup_7_5_16.exe
Resource
win7-20240221-es
Behavioral task
behavioral2
Sample
PCRemoteReceiverSetup_7_5_16.exe
Resource
win10v2004-20240419-es
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240215-es
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240426-es
Behavioral task
behavioral5
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win7-20231129-es
Behavioral task
behavioral6
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win10v2004-20240419-es
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-es
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240419-es
Behavioral task
behavioral9
Sample
MonectMediaCenter.exe
Resource
win7-20231129-es
Behavioral task
behavioral10
Sample
MonectMediaCenter.exe
Resource
win10v2004-20240419-es
Behavioral task
behavioral11
Sample
MonectRuntimeCheck.exe
Resource
win7-20240221-es
Behavioral task
behavioral12
Sample
MonectRuntimeCheck.exe
Resource
win10v2004-20240419-es
Behavioral task
behavioral13
Sample
MonectServer.exe
Resource
win7-20240221-es
Behavioral task
behavioral14
Sample
MonectServer.exe
Resource
win10v2004-20240226-es
Behavioral task
behavioral15
Sample
MonectServerService.exe
Resource
win7-20240221-es
Behavioral task
behavioral16
Sample
MonectServerService.exe
Resource
win10v2004-20240419-es
Behavioral task
behavioral17
Sample
PCRemoteReceiver.exe
Resource
win7-20240215-es
Behavioral task
behavioral18
Sample
PCRemoteReceiver.exe
Resource
win10v2004-20240419-es
Behavioral task
behavioral19
Sample
Packages/vc_redist.x64.exe
Resource
win7-20240220-es
Behavioral task
behavioral20
Sample
Packages/vc_redist.x64.exe
Resource
win10v2004-20240419-es
Behavioral task
behavioral21
Sample
QRCodeEncoder.dll
Resource
win7-20240221-es
Behavioral task
behavioral22
Sample
QRCodeEncoder.dll
Resource
win10v2004-20240419-es
Behavioral task
behavioral23
Sample
SDL2.dll
Resource
win7-20231129-es
Behavioral task
behavioral24
Sample
SDL2.dll
Resource
win10v2004-20240419-es
Behavioral task
behavioral25
Sample
SDL2_image.dll
Resource
win7-20240221-es
Behavioral task
behavioral26
Sample
SDL2_image.dll
Resource
win10v2004-20240419-es
Behavioral task
behavioral27
Sample
TouchInput.dll
Resource
win7-20240221-es
Behavioral task
behavioral28
Sample
TouchInput.dll
Resource
win10v2004-20240419-es
Behavioral task
behavioral29
Sample
avcodec-59.dll
Resource
win7-20240215-es
Behavioral task
behavioral30
Sample
avcodec-59.dll
Resource
win10v2004-20240426-es
Behavioral task
behavioral31
Sample
avformat-59.dll
Resource
win7-20240221-es
Behavioral task
behavioral32
Sample
avformat-59.dll
Resource
win10v2004-20240419-es
Malware Config
Targets
-
-
Target
PCRemoteReceiverSetup_7_5_16.exe
-
Size
63.3MB
-
MD5
ca3eb78b4bfcd2388bf49a980f1053b7
-
SHA1
81c60fff0a2f0bf8e8ffc4161b0ed00fd3353a9f
-
SHA256
b1707825c0f2fde7bfdbb5f4a4cef4002a935b2c9edfa93f512127f430cfbdd0
-
SHA512
5f02bd4cab05cd242f3605ab027c11d28b855bd9180ff52aa14963248e2778cacc36466dcca684c0c17c9bab874f12b3a3e2d3ca655570831101cfc5c1022e51
-
SSDEEP
1572864:DGr9D2YYvt8/7Z9lRA9lg5yJRotDthtYt/1vv+W5x/t6rRYyjvZXTpoZC86:DO9DoFE3lKYgJ1cW5+ruyjv1Nos86
Score10/10-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Drops file in Drivers directory
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
15KB
-
MD5
0a9fb96a7579b685ec36b17fc354e6a3
-
SHA1
355754104dd47d5fcf8918dee0dc2e2ee53390a6
-
SHA256
b34fb342f21d690aac024b6f48a597e78d15791ef480ac55159cd585d0f64af7
-
SHA512
67870206fa7f1e7df45c8c1bc2f51fb430f0a048a2bdb55a4a41525388ca3b50203784537f139169705a03db4bb13b591162a79a5d2df81a4d11fd849615c86b
-
SSDEEP
384:EFC43tPegZ3eBaRwCPOYY7nNYXCg/Yosa:EMTgZ3eBTCmrnNAo
Score3/10 -
-
-
Target
$PLUGINSDIR/LangDLL.dll
-
Size
5KB
-
MD5
014a3be4a7c1ccb217916dbf4f222bd1
-
SHA1
9b4c41eb0e84886beb5591d8357155e27f9c68ed
-
SHA256
09acfc5ee34a1dfa1af3a9d34f00c3b1327b56641feebd536e13752349c08ac8
-
SHA512
0f3d1bf548e29a136150b699665a3f22c6ea2821701737363fa2920b51c391d735f1eae92dea8af655e7d07304bd3d06e4aff3f5a82fa22bcf5d1690013eb922
-
SSDEEP
48:S46+/iTKYKxbWsptIpBtWZ0iV8jAWiAJCvxft2O2B8mMofjLl:zsuPbOBtWZBV8jAWiAJCdv2CmfL
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
564bb0373067e1785cba7e4c24aab4bf
-
SHA1
7c9416a01d821b10b2eef97b80899d24014d6fc1
-
SHA256
7a9ddee34562cd3703f1502b5c70e99cd5bba15de2b6845a3555033d7f6cb2a5
-
SHA512
22c61a323cb9293d7ec5c7e7e60674d0e2f7b29d55be25eb3c128ea2cd7440a1400cee17c43896b996278007c0d247f331a9b8964e3a40a0eb1404a9596c4472
-
SSDEEP
192:nenY0qWTlt70IAj/lQ0sEWc/wtYbBH2aDybC7y+XBDIwL:n8+Qlt70Fj/lQRY/9VjjfL
Score3/10 -
-
-
Target
MonectMediaCenter.exe
-
Size
143KB
-
MD5
55b6cb3f16a0f837179c7c1c241e1c57
-
SHA1
41ba6d07f19d4155afb815882d80c9ac74349a7e
-
SHA256
ef2b810a55b58c71ef3fb184b3949f4d108027b8f1f3a18f4a646b265547ff5b
-
SHA512
6531b179b00e8879a7551819d54c6d448ca71fa29764f1b5a40037d1580f8ff8b1b363c09dfa4be8a809b34204fc21ffb269d2c4a6f45b831c2c1e0d637adfa9
-
SSDEEP
1536:SZ60XWFeE3F4UvmE2T9BmUM16R6FJ+rw1Y1mLE3hYDQuSKiVpmrMz00tXWBgOxw/:GHXWFBFlcBBXHwD+ueMrUtmBgO2/w0
Score10/10-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
-
-
Target
MonectRuntimeCheck.exe
-
Size
121KB
-
MD5
855868707c8daba66438545fba07b490
-
SHA1
cb28feed2dc91fbb47dd3da4527ac7fb00a04f25
-
SHA256
7a3846a11ebe48d769c2983931fad9c71a924b2f0d892a478aeff528e108883e
-
SHA512
df3cd7a00eb562412b204cbb8e06cb31917b665f01cb9f521a8ba66ede8440b208f705da17159048e34327ca00d0c1b926bd1a78c0543c272203cb749c55dca3
-
SSDEEP
768:kLnW4UkQyOM9aV1+qXUpv9Sbh9SbPvNnr2u+vTS+ST6nkM:k7hUFyOyaV1+f9C4vNrxk/me
Score8/10-
Drops file in Drivers directory
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Modifies Windows Firewall
-
Drops file in System32 directory
-
-
-
Target
MonectServer.exe
-
Size
158KB
-
MD5
67d3e56a71739c8da1b63f67ff0b2d3e
-
SHA1
00fd96b988ffe43ca6f82509de75ca8cdd7a7d2f
-
SHA256
68c45fb8ef63e88d843a902444c7abba285244b88711f75e0e5c5836535cb46f
-
SHA512
68e83c3203b6ed6f839f88820789e18e48ad9984ee5a259c25467eadeea8cadb1cd838a21eb21d2badec9944dfb55b7e12eaab804c0c4a1d85d1b6201b24701c
-
SSDEEP
1536:glOA1XM6FlHn11JG+oDHFc2xlkC3xM/mi:glOApRH13G+0Hu2xqC3i/B
Score1/10 -
-
-
Target
MonectServerService.exe
-
Size
2.5MB
-
MD5
ff7e7658509e639ee022b9a079df1c52
-
SHA1
052c6f08e11ab143d653f3db27390da0673ac1d2
-
SHA256
8ee17b3085f769d34a7da47fb61d29f9c46326c0be1e52f29a87a3cdb0c11f54
-
SHA512
f7d4ffc09c1e53bf5cc985d470ed488578c9935c2d9ba8176217ae76a929ffa0b634d5f2503c57e7b8a10ff4e42e34c5556cab79be825f45580e63a4b85b5cef
-
SSDEEP
49152:cIVwASOCGtlqS/IU6i7tRywB8kldM65y0oZOusM1TjLOh5PhP3fo1rriPNnmBYZk:5Q+Xl5EhmA1/GnmBY5I
Score1/10 -
-
-
Target
PCRemoteReceiver.exe
-
Size
7.2MB
-
MD5
1f131b830b107f7ff0e12be96cac1eb1
-
SHA1
1abb094ccb683d7e5ab18c1fe3bc37ad777accba
-
SHA256
22720868281ba4a699ebe9e34a94865bfb40207b386672d0afa4e4daba94bc0d
-
SHA512
c4df0294a1b25f96de69bf228f6b8612a9ab6f048110de441f83ef088296cb7106cc1dd125b32f4784395f99f579a4090c35a6db801d8ee442e57344858142eb
-
SSDEEP
98304:n+iVLTjmGW8YRlXXe4nazbKBZ1P9BAvzycT6BKig+Z6elPq:nhzmGQRlXX5azWH1qKgig+Aepq
Score10/10-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Drops file in Drivers directory
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
-
-
Target
Packages/vc_redist.x64.exe
-
Size
14.3MB
-
MD5
f0248d477e74687c5619ae16498b13d4
-
SHA1
9ed4b091148c9b53f66b3f2c69be7e60e74c486a
-
SHA256
b6c82087a2c443db859fdbeaae7f46244d06c3f2a7f71c35e50358066253de52
-
SHA512
0c373b06ffe84f3e803831e90f22d7d73304e47a47839db614f63399ff1b7fcf33153bf3d23998877c96d2a75e316291a219fdd12358ca48928526284b802591
-
SSDEEP
393216:q5lptVYmfr7yBG/4WoI+j6LTinXKSf0fzTDv8:q7pttD7yBG/uljIinXj0fQ
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
QRCodeEncoder.dll
-
Size
40KB
-
MD5
cc39b3af69c02e64f3560b0c078141e7
-
SHA1
4c2a4644a6908e766180054eb8d792f1c4a17b2e
-
SHA256
9c9a8da4bb2b628b77de98c2b48f1c039649700db6bcadc0af97ec465dd28441
-
SHA512
59228ba046bfd12091ee4f3e43f3ed9a021b55e2f6e990bc063e90a1d92a9b62ae4d90b97060d4a3de5d1862bd84211522f4e9c6d433d28d672cadf3dea5c609
-
SSDEEP
384:aoI6JUHDdlKSXrA5m/UHXrA5m/UFouYDe+gDlpLqQVWrlWa+w6MibZKfg+AObT7n:aoIHrDHFVsHSoaNr2u+vJzS+ST6nkW
Score1/10 -
-
-
Target
SDL2.dll
-
Size
2.2MB
-
MD5
5a2819c823a5af53420511a1ceb7a9aa
-
SHA1
3b80b1228631abbb7f2745828a25cbce0d9dce09
-
SHA256
81c70b7bfa5690b0ff20c15caa499f615a82cf5b49d278da89265eb836036465
-
SHA512
da85ca5a8666eb5a2a4bc6b0c9e2f7b7811eb22fe1632a8604274f4fdd5b4303e8943b85cdacb4a3378261d1c0c2d754f4db372294a7146c26a9a546ba83b399
-
SSDEEP
24576:HzJfKNu0feee3s8LjMwUiny7Irssh55Z0lZGO5cO7bSbtnG4+bDYnZVBsi9s8ZF7:H9fd8y5m5cv9F0Qc3OW/a45m5
Score1/10 -
-
-
Target
SDL2_image.dll
-
Size
122KB
-
MD5
b8d249a5e394b4e6a954c557af1b80e6
-
SHA1
b03bb9d09447114a018110bfb91d56ef8d5ec3bb
-
SHA256
1e364af75fee0c83506fbdfd4d5b0e386c4e9c6a33ddbddac61ddb131e360194
-
SHA512
2f2e248c3963711f1a9f5d8baea5b8527d1df1748cd7e33bf898a380ae748f7a65629438711ff9a5343e64762ec0b5dc478cdf19fbf7111dac9d11a8427e0007
-
SSDEEP
3072:6bsejIuO504fzsOM05Nmy7iGpJ7SvFisgf:6bmX0qQOhmyPs
Score1/10 -
-
-
Target
TouchInput.dll
-
Size
26KB
-
MD5
5594270400bd6b2c68f706067efcd889
-
SHA1
c344b768407e0ebbaa67c830f1b8bb96d0762e88
-
SHA256
ebdf396161b4c6ff20cdd54d08a334e3a98aba33663130a43f0f92fe7ee4801e
-
SHA512
f4d64294c255a5c0c579172a1275b925964e5901f61acc06820b89c30a6d1d597c1ee473a6290d2d902aa31f1ae62491aa81cffe1423542d9fef47adcffb8ec2
-
SSDEEP
384:emeTqSLPB4XT7MQv/uo6ki2Di+vywbS+ShjmM6IGBkS+E:emetLP6Wr2u+v5bS+ST6nk0
Score1/10 -
-
-
Target
avcodec-59.dll
-
Size
67.3MB
-
MD5
5398be059d32fc99ae35a469bcd55255
-
SHA1
dd4a6154a185e1fe24a4ce024179441ec8a44194
-
SHA256
5023347055e0dc62d02d6e1d557832d61834fda26da11f43ea7eb04f224ed92d
-
SHA512
c0f6b782030c8bd4da9bde690192a826f4eb9bb027918bdb81b1a91195e22d2a1e2475767f250cc4e6cd23e5a21650030765ec769acb8399f330172200251f94
-
SSDEEP
393216:rh5v+6bVVGcq20EPrEStqiJ0WOf5dd0EhRCe9lBZkvxMXHthsT6ltmPshdPPRX29:r7HK20+RJ8jd0EjCilb+MXc4Ph4dH3
Score10/10-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
-
-
Target
avformat-59.dll
-
Size
14.8MB
-
MD5
73719d8f1cc65ebce26a5e2959b92bc4
-
SHA1
3b27af34a204c0feebe1ff217880ea90d6341584
-
SHA256
2072e00d0c821eff03b22cfafdc164404ec7a15c2cee28520184efe6fd97bee6
-
SHA512
2d19463188bd36cc7cfa1b18c3bb4e58642d14cab12cf8653730f93260a9c2e0e8101e768d30ca22ba26887d2abb11ea8f407203df50a4de754dc7f019b6c395
-
SSDEEP
196608:+EizaE5RwATgZaqd+KPRkbTNV/3Ew/1g3wg7T:+RRlY+GRkbTT3HgXT
Score10/10-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-