Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
6Static
static
3winhex19�...se.dll
windows7-x64
1winhex19�...se.dll
windows10-2004-x64
1winhex19�...an.exe
windows7-x64
3winhex19�...an.exe
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PROGRAMFI...ME.url
windows7-x64
6$PROGRAMFI...ME.url
windows10-2004-x64
6$PROGRAMFI...tl.exe
windows7-x64
1$PROGRAMFI...tl.exe
windows10-2004-x64
1$PROGRAMFI...ard.js
windows7-x64
3$PROGRAMFI...ard.js
windows10-2004-x64
3$PROGRAMFI...pt.vbs
windows7-x64
1$PROGRAMFI...pt.vbs
windows10-2004-x64
1$PROGRAMFI...er.exe
windows7-x64
1$PROGRAMFI...er.exe
windows10-2004-x64
1$PROGRAMFI...or.exe
windows7-x64
1$PROGRAMFI...or.exe
windows10-2004-x64
1$PROGRAMFI...ME.url
windows7-x64
6$PROGRAMFI...ME.url
windows10-2004-x64
6$PROGRAMFI...tl.exe
windows7-x64
1$PROGRAMFI...tl.exe
windows10-2004-x64
1$PROGRAMFI...ard.js
windows7-x64
3$PROGRAMFI...ard.js
windows10-2004-x64
3$PROGRAMFI...pt.vbs
windows7-x64
1$PROGRAMFI...pt.vbs
windows10-2004-x64
1$PROGRAMFI...er.exe
windows7-x64
1$PROGRAMFI...er.exe
windows10-2004-x64
1$PROGRAMFI...or.exe
windows7-x64
1$PROGRAMFI...or.exe
windows10-2004-x64
1$SYSDIR/dokan.dll
windows7-x64
1$SYSDIR/dokan.dll
windows10-2004-x64
1General
-
Target
320c2bf617ca46f8b48ac1ed5e2e3edf11b89c6c3b9429bbc630a47ad65c73ca
-
Size
3.2MB
-
Sample
240705-tjqheatema
-
MD5
15b15cd4038bff493586eed699456216
-
SHA1
bb68bc0b7c0381cd82f2e563dc1a000ebd65bbb4
-
SHA256
320c2bf617ca46f8b48ac1ed5e2e3edf11b89c6c3b9429bbc630a47ad65c73ca
-
SHA512
e284cd5db21034d184b0e7e1e753b6b18033fbc787e079b1db8664a53dd2fa5d51842f9cc028dc49c1fc493696a579c52b147d10a34db16889b74adf0f06c602
-
SSDEEP
98304:3Vxmyi9810EpbBqplqYxPjdzQbEk021nYeJ/VbIp:3riobsJxPjOz0lsUp
Static task
static1
Behavioral task
behavioral1
Sample
winhex19来自百度/Chinese.dll
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
winhex19来自百度/Chinese.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral3
Sample
winhex19来自百度/Dokan.exe
Resource
win7-20240220-en
Behavioral task
behavioral4
Sample
winhex19来自百度/Dokan.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240705-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral7
Sample
$PROGRAMFILES/Dokan/DokanLibrary/README.url
Resource
win7-20240704-en
Behavioral task
behavioral8
Sample
$PROGRAMFILES/Dokan/DokanLibrary/README.url
Resource
win10v2004-20240704-en
Behavioral task
behavioral9
Sample
$PROGRAMFILES/Dokan/DokanLibrary/dokanctl.exe
Resource
win7-20240704-en
Behavioral task
behavioral10
Sample
$PROGRAMFILES/Dokan/DokanLibrary/dokanctl.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral11
Sample
$PROGRAMFILES/Dokan/DokanLibrary/include/fuse/ScopeGuard.js
Resource
win7-20240704-en
Behavioral task
behavioral12
Sample
$PROGRAMFILES/Dokan/DokanLibrary/include/fuse/ScopeGuard.js
Resource
win10v2004-20240704-en
Behavioral task
behavioral13
Sample
$PROGRAMFILES/Dokan/DokanLibrary/include/fuse/fuse_opt.vbs
Resource
win7-20240508-en
Behavioral task
behavioral14
Sample
$PROGRAMFILES/Dokan/DokanLibrary/include/fuse/fuse_opt.vbs
Resource
win10v2004-20240704-en
Behavioral task
behavioral15
Sample
$PROGRAMFILES/Dokan/DokanLibrary/mounter.exe
Resource
win7-20240705-en
Behavioral task
behavioral16
Sample
$PROGRAMFILES/Dokan/DokanLibrary/mounter.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral17
Sample
$PROGRAMFILES/Dokan/DokanLibrary/sample/mirror/mirror.exe
Resource
win7-20240705-en
Behavioral task
behavioral18
Sample
$PROGRAMFILES/Dokan/DokanLibrary/sample/mirror/mirror.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral19
Sample
$PROGRAMFILES64/Dokan/DokanLibrary/README.url
Resource
win7-20240704-en
Behavioral task
behavioral20
Sample
$PROGRAMFILES64/Dokan/DokanLibrary/README.url
Resource
win10v2004-20240704-en
Behavioral task
behavioral21
Sample
$PROGRAMFILES64/Dokan/DokanLibrary/dokanctl.exe
Resource
win7-20240705-en
Behavioral task
behavioral22
Sample
$PROGRAMFILES64/Dokan/DokanLibrary/dokanctl.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral23
Sample
$PROGRAMFILES64/Dokan/DokanLibrary/include/fuse/ScopeGuard.js
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
$PROGRAMFILES64/Dokan/DokanLibrary/include/fuse/ScopeGuard.js
Resource
win10v2004-20240704-en
Behavioral task
behavioral25
Sample
$PROGRAMFILES64/Dokan/DokanLibrary/include/fuse/fuse_opt.vbs
Resource
win7-20240508-en
Behavioral task
behavioral26
Sample
$PROGRAMFILES64/Dokan/DokanLibrary/include/fuse/fuse_opt.vbs
Resource
win10v2004-20240704-en
Behavioral task
behavioral27
Sample
$PROGRAMFILES64/Dokan/DokanLibrary/mounter.exe
Resource
win7-20240705-en
Behavioral task
behavioral28
Sample
$PROGRAMFILES64/Dokan/DokanLibrary/mounter.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral29
Sample
$PROGRAMFILES64/Dokan/DokanLibrary/sample/mirror/mirror.exe
Resource
win7-20240705-en
Behavioral task
behavioral30
Sample
$PROGRAMFILES64/Dokan/DokanLibrary/sample/mirror/mirror.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral31
Sample
$SYSDIR/dokan.dll
Resource
win7-20240704-en
Behavioral task
behavioral32
Sample
$SYSDIR/dokan.dll
Resource
win10v2004-20240704-en
Malware Config
Targets
-
-
Target
winhex19来自百度/Chinese.dat
-
Size
21KB
-
MD5
833ab5b37febb906dbfa095b8793d46e
-
SHA1
7628d462af363c3714af98b6f9d88f40908304db
-
SHA256
bf96bcd2180b7d5f1c5c50d1f3d146160b8a1ad642c0049c8cf283ec5bf1a172
-
SHA512
07913534721c72619504f17b25ab441fa7ca527f67792edbd29186a75d130e7f611bf242d266736ae89fe798f0fb450bc3d5924e848d0921517450785778aada
-
SSDEEP
192:nqkhd5kGU7tofwjcWvYYadJNAxfCZTrlJbLE9JUUcGTqEwu5uBSaoV/xNKMlrk+:JdadtlzvYYadJsUJ3aJUUcGTKjMrNrk
Score1/10 -
-
-
Target
winhex19来自百度/Dokan.exe
-
Size
658KB
-
MD5
b2e209833057cc4780209a6002c45d12
-
SHA1
8ce9986d09e446ac9781de6de39d8cff765d8f98
-
SHA256
3d676ce6e3a12c14f275b03f64d73d49463a0ff946a5f661b603559025e71a84
-
SHA512
d39222d0136f27cf01b14cc147eb149e266e55f8bc265fd15b158d785bc246f02be3a0156c79ceb96ee5d2142cb2c85ed6bdc563633cbdb142c60fc90fc97288
-
SSDEEP
12288:zgFlvmqVx1SCW6rER4afkJPAPO1Bet3+xii6hD+ueolM:cbwCEyLJKOmeFO6ue0M
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
883eff06ac96966270731e4e22817e11
-
SHA1
523c87c98236cbc04430e87ec19b977595092ac8
-
SHA256
44e5dfd551b38e886214bd6b9c8ee913c4c4d1f085a6575d97c3e892b925da82
-
SHA512
60333253342476911c84bbc1d9bf8a29f811207787fdd6107dce8d2b6e031669303f28133ffc811971ed7792087fe90fb1faabc0af4e91c298ba51e28109a390
-
SSDEEP
96:UPDYcJ+nx4vVp76JX7zBlkCg21Fxz4THxtrqw1at0JgwLEjo+OB3yUVCdl/wNj+l:UPtkuWJX7zB3kGwfy0nyUVsxCjOMb1u
Score3/10 -
-
-
Target
$PROGRAMFILES/Dokan/DokanLibrary/README.url
-
Size
147B
-
MD5
d73e2ea707a98bce24b1970c91d82f6c
-
SHA1
958c538cbf96d06dd81f014fe4ac0c90137c5d40
-
SHA256
64bdc2e022158e93eefb2f1473f419ae9f135bc193a846300d95be39a0a4237d
-
SHA512
0201be70496c4961219b5063c95461dba01e03961e1aa3170518de615c1337551c2fc78b3e957817e534d431e0c71781492967688b3ee95ab3ab664f6ee9a658
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
$PROGRAMFILES/Dokan/DokanLibrary/dokanctl.exe
-
Size
19KB
-
MD5
e40b0a2f59f793740329ed22d3b541f7
-
SHA1
2bc325c247e35040841f6f5eb0cdc965a026c947
-
SHA256
83b3bdeb96229130d83b7b813a73cb88e08f347e3488ec8b9fa09be135e5e590
-
SHA512
846d2023862ff8e49506223d9016c56fce9931a5167ab85a89d7d59343837d00db20b0754b8880b4ff634b1a86a7ca24ce8fe5cfbcecff51183c481fdcbced96
-
SSDEEP
192:fzbL1R1TGInfuQyPZdSb+xfILyIfIQXJfHCAtAO8cwEBnYe+PjPDHDJVg2bjymzt:fb1HUm+CZfICJHLtgcw4nYPLDHxF60/
Score1/10 -
-
-
Target
$PROGRAMFILES/Dokan/DokanLibrary/include/fuse/ScopeGuard.h
-
Size
6KB
-
MD5
ac9b04dcb1bf826e1fd0b6428585ce99
-
SHA1
d98f35b0be9b47cbb20d40448724f50e877dcc75
-
SHA256
b69359de466ec783f7a0070c9ecc2930e0cf4ede5d729eb7f2a408afcfdf9f33
-
SHA512
9558037d7a82cb64decdf511f387315b8c71773217eaa7097b48bfbc16e245a877b7e24d6e64ddd2c3a0d3dcc7827a91c87e8cb7058d2c202cc2678fd7fd19a3
-
SSDEEP
96:wxWHb1jCneAKFIIlVSDhvKNWisAfav8TsumLEnyRbohH:LG3oDsyyoH
Score3/10 -
-
-
Target
$PROGRAMFILES/Dokan/DokanLibrary/include/fuse/fuse_opt.h
-
Size
7KB
-
MD5
aa66662107a23f3e24cfaa54bcd42eb5
-
SHA1
00b7983edf4188cf9b7d1b93a9fdc1f84e820bcb
-
SHA256
55174accdbc584dc5e2d875837f6debb57f6c3fd8e0c379b64396cdd48e45472
-
SHA512
b6eb422d1fc2c17e6ac5723462b9dd90b835b5931edb789922d0bc79b545d5b381f514bace5f6c86682d25f1af429237b53985039403a4926aabf55877456778
-
SSDEEP
192:b+QRIDI8NRdUgIrirNFwa3Q3nQMM1mII91XxVgl:yQSKGF5mnQahA
Score1/10 -
-
-
Target
$PROGRAMFILES/Dokan/DokanLibrary/mounter.exe
-
Size
22KB
-
MD5
6569d05c382977bca5644385b464b611
-
SHA1
e2e7be33f3ef79c010dbbf57cc2a6a4e9fc63d23
-
SHA256
7e999ffd64d21810b7eb7725188b0023fba19753875ae6b0c27f0d5d9d9e4503
-
SHA512
2b38a5ff0c494bdbd68f074070d480ec6902df84bc912cfd6c064a87ed0bd5f6dd1667f14347732f19b326e1179206698a925df40a2a76eeffad0da79292131b
-
SSDEEP
384:EBu+IqJyYVFKu4WTntWDiIEHTuAgbOPTn2fVQ8kDhJh3EWqnYPLDHxF6O:Eg+TwYPNWi7Ht3EPGmO
Score1/10 -
-
-
Target
$PROGRAMFILES/Dokan/DokanLibrary/sample/mirror/mirror.exe
-
Size
33KB
-
MD5
6acbc945f2d080370369e635b0dbf34e
-
SHA1
94ced85b00dd5c35b8c0089f8f55168fb9236856
-
SHA256
9fb18147d2d0fbe0ca4380b046ec4c8b4e9c768563496f55af3f7ab030e11b08
-
SHA512
cf0b7d7ce7ccd21165e64eef7dac607870fbf9a9ca77789befb81b19554c6a8715f3941cede865427a92208db14fbed8eda6bfa826cb73024c73b2e52bc76793
-
SSDEEP
384:tzTNGajG5cxPcazjBb7IRRFg0yk/+pK7lq9pehABt7OCnYPLDHxF6A:tzJj1xEaeRF2kAxP1tCCGmA
Score1/10 -
-
-
Target
$PROGRAMFILES64/Dokan/DokanLibrary/README.url
-
Size
147B
-
MD5
d73e2ea707a98bce24b1970c91d82f6c
-
SHA1
958c538cbf96d06dd81f014fe4ac0c90137c5d40
-
SHA256
64bdc2e022158e93eefb2f1473f419ae9f135bc193a846300d95be39a0a4237d
-
SHA512
0201be70496c4961219b5063c95461dba01e03961e1aa3170518de615c1337551c2fc78b3e957817e534d431e0c71781492967688b3ee95ab3ab664f6ee9a658
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
$PROGRAMFILES64/Dokan/DokanLibrary/dokanctl.exe
-
Size
19KB
-
MD5
217420512a7ead98b0af328f6bfd2e24
-
SHA1
7a46e505dd933d93de7e3cc16b1f8f7bb01a15cf
-
SHA256
4b3584794ffc6e947b54c8c296405f400b0325f5419d978164625b29c783ccec
-
SHA512
7f4ed1fe023cc4a65a45ef635c26707ea545be7cf51b6ed5274c5101cdf7274ecd750860a5a5f02b27a959117cc38048763f0057d9da4940d616c52c1df9ab79
-
SSDEEP
384:HHQq/E4Q/sWh1dN+Ctu/ICBHD1nYPLDHxF6I5L:HTLLadoCU/ZZZGmI5L
Score1/10 -
-
-
Target
$PROGRAMFILES64/Dokan/DokanLibrary/include/fuse/ScopeGuard.h
-
Size
6KB
-
MD5
ac9b04dcb1bf826e1fd0b6428585ce99
-
SHA1
d98f35b0be9b47cbb20d40448724f50e877dcc75
-
SHA256
b69359de466ec783f7a0070c9ecc2930e0cf4ede5d729eb7f2a408afcfdf9f33
-
SHA512
9558037d7a82cb64decdf511f387315b8c71773217eaa7097b48bfbc16e245a877b7e24d6e64ddd2c3a0d3dcc7827a91c87e8cb7058d2c202cc2678fd7fd19a3
-
SSDEEP
96:wxWHb1jCneAKFIIlVSDhvKNWisAfav8TsumLEnyRbohH:LG3oDsyyoH
Score3/10 -
-
-
Target
$PROGRAMFILES64/Dokan/DokanLibrary/include/fuse/fuse_opt.h
-
Size
7KB
-
MD5
aa66662107a23f3e24cfaa54bcd42eb5
-
SHA1
00b7983edf4188cf9b7d1b93a9fdc1f84e820bcb
-
SHA256
55174accdbc584dc5e2d875837f6debb57f6c3fd8e0c379b64396cdd48e45472
-
SHA512
b6eb422d1fc2c17e6ac5723462b9dd90b835b5931edb789922d0bc79b545d5b381f514bace5f6c86682d25f1af429237b53985039403a4926aabf55877456778
-
SSDEEP
192:b+QRIDI8NRdUgIrirNFwa3Q3nQMM1mII91XxVgl:yQSKGF5mnQahA
Score1/10 -
-
-
Target
$PROGRAMFILES64/Dokan/DokanLibrary/mounter.exe
-
Size
24KB
-
MD5
166428c4def3b4b3db206770011b044f
-
SHA1
e37de4a30f6aac82d3294a43646e20619b94eb18
-
SHA256
7bb5e6094d27be2ecd2c5f9d3990cb81eb02a26314388e546a60918686fd91a9
-
SHA512
e45368344a68698ff4efa9ab4f9bcf6b8099825c96c57e6af37afbfe7e2ac699af8e399f3dfb08d9c66afd501efe8f4e87cbffb42660c3e609825af3a81022f3
-
SSDEEP
384:9N4SJ1SIyN1tzzI1UJpRsGgAbuP0gncNfVA8UEHUHCunYPLDHxF6BH:9SNzdzQUuHCuGm1
Score1/10 -
-
-
Target
$PROGRAMFILES64/Dokan/DokanLibrary/sample/mirror/mirror.exe
-
Size
34KB
-
MD5
d2558426e6a7dcfcfdc070972e761175
-
SHA1
cec9616ce32b4ae0f683dcee3a5e1ae75edda2bf
-
SHA256
37e0aa7808e82ca01ef3eb9e937e5976ccc75503af6b70e42edf437673c97568
-
SHA512
3636b9731d5a5806378aa41055b7b4639cea3ca04d5b06cfa92050a25790612588901415cdeffb345c3a7953e3221e1647656782a6d068ea0528d4cfafdc45ab
-
SSDEEP
384:5BoJShlcKiBtUqaCg8gWmiDe5Tno8Ermb7oxRlA0ykf+DoolK+5pTdLK63/nYPLM:5BcShlmBtdiPtodRlWkg7Q6PGm3
Score1/10 -
-
-
Target
$SYSDIR/dokan.dll
-
Size
37KB
-
MD5
aabd2e7fb2fd1036fd1ba8f1c5d1386b
-
SHA1
7e00b00237fd7784a75ff9dfcc24c56d0d801e4f
-
SHA256
a72a2544d8ab64094dddc759d26300581e03ae6b736ee0bfba67171e1cb6d148
-
SHA512
26e70bfbb590922f5d761215af3522eddc29425ea33637ea1deeda7cb89db412bc0e1ed4eb1aaca89462962829226582fec13e40affddae74a1af0797d7d4992
-
SSDEEP
768:JJuJRvI2ALAGUg00j0M6mYLnYqYyKMeEtMqGmx4:JJuJ1PAL10M6LYqYKeIgx
Score1/10 -