Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
4.5.4.exe
-
Size
840KB
-
MD5
8a2318868f36e910dd4f23ab8cafa166
-
SHA1
472ae1e6a1354cde1a5f45fbe50c90e68532ab07
-
SHA256
7955b9bd95203cba3131477b66ae3485a410c1ed59c7a96ca42565dfaa06d265
-
SHA512
35b9417e50607fedcd47d2bd38dabad2ba6d48277f0fb38ac402b9efe408dc8a20ba5c345774a0205978590dc88002ce37a856a53aed9d9f2f92326f0ed92b3a
-
SSDEEP
24576:QyPS04YNEMuExDiU6E5R9s8xY/2l/dL5Ibt+rt:Qyl4auS+UjfU2TFIbt+r
Score
10/10
Malware Config
Extracted
Family
orcus
C2
192.168.10.8
91.92.247.123
tech11.ddns.net
tech22.ddns.net
Mutex
ec3750d27df2422f9771480c02d90266
Attributes
-
administration_rights_required
false
-
anti_debugger
false
-
anti_tcp_analyzer
false
-
antivm
false
-
autostart_method
1
-
change_creation_date
false
-
force_installer_administrator_privileges
false
-
hide_file
false
-
install
false
-
installation_folder
%appdata%\Microsoft\Speech\AudioDriver.exe
-
installservice
false
-
keylogger_enabled
false
-
newcreationdate
04/04/2023 06:41:34
-
plugins
AgEAAA==
-
reconnect_delay
10000
-
registry_autostart_keyname
Audio HD Driver
-
registry_hidden_autostart
false
-
set_admin_flag
false
-
tasksch_request_highest_privileges
false
-
try_other_autostart_onfail
false
aes.plain
1
CrackedByWardow
Signatures
-
Orcus family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
4.5.4.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections