Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
8Static
static
3Clash.Verg...up.exe
windows7-x64
8Clash.Verg...up.exe
windows10-2004-x64
7$PLUGINSDI...ID.dll
windows7-x64
3$PLUGINSDI...ID.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...SC.dll
windows7-x64
3$PLUGINSDI...SC.dll
windows10-2004-x64
3$PLUGINSDI...nu.dll
windows7-x64
3$PLUGINSDI...nu.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...ls.dll
windows7-x64
3$PLUGINSDI...ls.dll
windows10-2004-x64
3$TEMP/Micr...up.exe
windows7-x64
8$TEMP/Micr...up.exe
windows10-2004-x64
8Clash Verge.exe
windows7-x64
1Clash Verge.exe
windows10-2004-x64
1clash-meta-alpha.exe
windows7-x64
1clash-meta-alpha.exe
windows10-2004-x64
1clash-meta.exe
windows7-x64
1clash-meta.exe
windows10-2004-x64
1resources/...ce.exe
windows7-x64
1resources/...ce.exe
windows10-2004-x64
1resources/...ck.exe
windows7-x64
1resources/...ck.exe
windows10-2004-x64
5resources/...ce.exe
windows7-x64
1resources/...ce.exe
windows10-2004-x64
1resources/...ce.exe
windows7-x64
1resources/...ce.exe
windows10-2004-x64
1General
-
Target
Clash.Verge_1.5.4_x64-setup.exe
-
Size
25.8MB
-
Sample
240829-cngydsydng
-
MD5
3f614b108ea9c666bd8077f2637e31f9
-
SHA1
c1603f4a77b5dd004f9d5f860362d2c797905304
-
SHA256
e4642f6ecf8e2fd74dab5f966f6e7cac8cb0435c15dbe24ce8ac7e96708ca550
-
SHA512
9034329b43551da10799b1564ef69b395e14c0e71e74d11585d65f15f4cf2cd413246fd69da7ef81344172fc6273606e9f040a0c49e84fb9d6a1d623ad0fda1c
-
SSDEEP
786432:wweIwIow8KjeEpahVOE4gf2wKGtmuNU8Zs2Jp:ww9w/KDIfOngudGtmwU8C2H
Static task
static1
Behavioral task
behavioral1
Sample
Clash.Verge_1.5.4_x64-setup.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
Clash.Verge_1.5.4_x64-setup.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/ApplicationID.dll
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/ApplicationID.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win7-20240729-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/SimpleSC.dll
Resource
win7-20240705-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/SimpleSC.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win7-20240704-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240705-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240704-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/nsis_tauri_utils.dll
Resource
win7-20240708-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/nsis_tauri_utils.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral17
Sample
$TEMP/MicrosoftEdgeWebview2Setup.exe
Resource
win7-20240705-en
Behavioral task
behavioral18
Sample
$TEMP/MicrosoftEdgeWebview2Setup.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral19
Sample
Clash Verge.exe
Resource
win7-20240705-en
Behavioral task
behavioral20
Sample
Clash Verge.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral21
Sample
clash-meta-alpha.exe
Resource
win7-20240704-en
Behavioral task
behavioral22
Sample
clash-meta-alpha.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral23
Sample
clash-meta.exe
Resource
win7-20240708-en
Behavioral task
behavioral24
Sample
clash-meta.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral25
Sample
resources/clash-verge-service.exe
Resource
win7-20240708-en
Behavioral task
behavioral26
Sample
resources/clash-verge-service.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral27
Sample
resources/enableLoopback.exe
Resource
win7-20240708-en
Behavioral task
behavioral28
Sample
resources/enableLoopback.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral29
Sample
resources/install-service.exe
Resource
win7-20240708-en
Behavioral task
behavioral30
Sample
resources/install-service.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral31
Sample
resources/uninstall-service.exe
Resource
win7-20240705-en
Behavioral task
behavioral32
Sample
resources/uninstall-service.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
Clash.Verge_1.5.4_x64-setup.exe
-
Size
25.8MB
-
MD5
3f614b108ea9c666bd8077f2637e31f9
-
SHA1
c1603f4a77b5dd004f9d5f860362d2c797905304
-
SHA256
e4642f6ecf8e2fd74dab5f966f6e7cac8cb0435c15dbe24ce8ac7e96708ca550
-
SHA512
9034329b43551da10799b1564ef69b395e14c0e71e74d11585d65f15f4cf2cd413246fd69da7ef81344172fc6273606e9f040a0c49e84fb9d6a1d623ad0fda1c
-
SSDEEP
786432:wweIwIow8KjeEpahVOE4gf2wKGtmuNU8Zs2Jp:ww9w/KDIfOngudGtmwU8C2H
Score8/10-
Downloads MZ/PE file
-
Event Triggered Execution: Image File Execution Options Injection
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
-
-
Target
$PLUGINSDIR/ApplicationID.dll
-
Size
198KB
-
MD5
91c2e2f34b5bba068e9a6178e13a4e5c
-
SHA1
affcac00894c9afd152e55d0bff7899349edcd6c
-
SHA256
f6851dcbf0a39edecd8a46564bc455e5273736c3dbcb02b954c201c79ccdf117
-
SHA512
ce7f629bc0e6e10eca9d671513062f353d8d47666df58c9ad7cc7f767df520b75b2da1f9d6551eae86c738455919463ec89a0c3dc2a8366fa021e6fa6e292000
-
SSDEEP
3072:/1RnVZfr2qLTV4U3fKHzy/s3fyitDJXqtZnyj80mAg0FubAPl/IJ:/Hnzfr7HU6ipJaLAOKy
Score3/10 -
-
-
Target
$PLUGINSDIR/LangDLL.dll
-
Size
5KB
-
MD5
68b287f4067ba013e34a1339afdb1ea8
-
SHA1
45ad585b3cc8e5a6af7b68f5d8269c97992130b3
-
SHA256
18e8b40ba22c7a1687bd16e8d585380bc2773fff5002d7d67e9485fcc0c51026
-
SHA512
06c38bbb07fb55256f3cdc24e77b3c8f3214f25bfd140b521a39d167113bf307a7e8d24e445d510bc5e4e41d33c9173bb14e3f2a38bc29a0e3d08c1f0dca4bdb
-
SSDEEP
48:S46+/nTKYKxbWsptIpBtWZ0iV8jAWiAJCvxft2O2B8mFofjLl:zFuPbOBtWZBV8jAWiAJCdv2Cm0L
Score3/10 -
-
-
Target
$PLUGINSDIR/SimpleSC.dll
-
Size
1.1MB
-
MD5
7b89329c6d8693fb2f6a4330100490a0
-
SHA1
851b605cdc1c390c4244db56659b6b9aa8abd22c
-
SHA256
1620cdf739f459d1d83411f93648f29dcf947a910cc761e85ac79a69639d127d
-
SHA512
ac07972987ee610a677ea049a8ec521a720f7352d8b93411a95fd4b35ec29bfd1d6ccf55b48f32cc84c3dceef05855f723a88708eb4cf23caec77e7f6596786a
-
SSDEEP
12288:fRdJsAp4dXFcLBz75cwoCmJKHwe6VuoH9v0D/LF5mM6:fBsmyVS151oCmJKE1dv0DX
Score3/10 -
-
-
Target
$PLUGINSDIR/StartMenu.dll
-
Size
7KB
-
MD5
d070f3275df715bf3708beff2c6c307d
-
SHA1
93d3725801e07303e9727c4369e19fd139e69023
-
SHA256
42dd4dda3249a94e32e20f76eaffae784a5475ed00c60ef0197c8a2c1ccd2fb7
-
SHA512
fcaf625dac4684dad33d12e3a942b38489ecc90649eee885d823a932e70db63c1edb8614b9fa8904d1710e9b820e82c5a37aeb8403cf21cf1e3692f76438664d
-
SSDEEP
96:h8dPIKJhMuhik+CfoEwknt6io8zv+qy5/utta/H3lkCTcaqHCI:yZIKXgk+cx6QYFkAXlncviI
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
cff85c549d536f651d4fb8387f1976f2
-
SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
-
SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
-
SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
-
SSDEEP
192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
Score3/10 -
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
6c3f8c94d0727894d706940a8a980543
-
SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd
-
SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2
-
SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355
-
SSDEEP
96:o0svUu3Uy+sytcS8176b+XR8pCHFcMcxSgB5PKtAtgt+Nt+rnt3DVEB3YcNqkzfS:o0svWyNO81b8pCHFcM0PuAgkOyuIFc
Score3/10 -
-
-
Target
$PLUGINSDIR/nsis_tauri_utils.dll
-
Size
968KB
-
MD5
0ba06473cec3f0e72fc6865d870b6bd9
-
SHA1
16df1d1a5b4d5df3859447279c55be36d4109dfb
-
SHA256
2b454443f12806d9e531e18bf19933c0aad1cd8ae397c71b99e814566e6bb5fd
-
SHA512
42b3c4ce685afb43b8ba235b29919f7fdbc1997618b74d189817d14d1d80e52ea67f6e614d4097bce6ca53b90d46a6d6a54882cd2ea176134a308b64a2b882cc
-
SSDEEP
24576:v2zSi+70fdjsUD5Y/CjsS5NpIMDcuHeoPffPJT1Qn652hOfuvNwRnkYkN2IO:ivm0TYKw8DnVbTwbBInkYkN2F
Score3/10 -
-
-
Target
$TEMP/MicrosoftEdgeWebview2Setup.exe
-
Size
1.5MB
-
MD5
2fbe10e4233824fbea08ddf085d7df96
-
SHA1
17068c55b3c15e1213436ba232bbd79d90985b31
-
SHA256
5b01d964ced28c1ff850b4de05a71f386addd815a30c4a9ee210ef90619df58e
-
SHA512
4c4d256d67b6aadea45b1677ab2f0b66bef385fa09127c4681389bdde214b35351b38121d651bf47734147afd4af063e2eb2e6ebf15436ad42f1533c42278fa4
-
SSDEEP
49152:Py+3n/URd7ygwxXXOMzrn7yOcIEjg0VonVl:PyaC75wxXOMzr7yOAyVl
Score8/10-
Downloads MZ/PE file
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
-
-
Target
Clash Verge.exe
-
Size
9.5MB
-
MD5
499fdd71a2fd059cf6b60bd9fecfb688
-
SHA1
461177473ceb01b845efbbe22cd3507e4cc1a25e
-
SHA256
00121067ba92f12bd03cf5c293892b2f9eca1891ea14d0cf36be5c7095ca8b34
-
SHA512
7dd403f879b50480dd07ac60906ae97f042db9ae28189593ffd7c5b972c38969b1595eba8c2611ef11f641839627378cfdeeb5cd364c1ef11527fc0472667ced
-
SSDEEP
196608:lUfkc0vrVMLhgUKOc6+1Pqc7Unsu/jSYet:luk6LhVhcJqco/jSX
Score1/10 -
-
-
Target
clash-meta-alpha.exe
-
Size
24.2MB
-
MD5
b6d30103d72364c5c6b8b6101feec352
-
SHA1
40843a86d6d2245ce18e24a4e4ccff3c665ae0bd
-
SHA256
a495df4a19ff3001629b88d9beda766c6ce0f3c23d1d1fd8b72b2b26ee9406b8
-
SHA512
8ebe762563736d825f065f5abbd274ccfd199fec0eec2689b340cdc53ffd3ee579fb4884e79859781c8abbb35374832f26ed8f25e38734973bbb3105595f4d28
-
SSDEEP
196608:hn1onMipupttN/XVu674IQb20uPi9sWCZq:hnQMiYLH/HQq0uSsWC4
Score1/10 -
-
-
Target
clash-meta.exe
-
Size
28.1MB
-
MD5
f64dc3b8fbe0f8195acfdf144061f471
-
SHA1
99da00a5e40cf1b6501329e2d05b10cce4571271
-
SHA256
dff5634f57856309e141f5420fa18b586a2d9e6bee5c4abbc8605ea5cf2b5716
-
SHA512
5a58de453a3f8d7a144fa1982c01c4a011794d4c98992c123c9b2809b59013a3b55b5893ed02c20410f33f7c2100cc36e91a59176ea71b43b8c17f68bdc745c9
-
SSDEEP
196608:9OX08B8+gEjLi3TWd57Tco6eW0zAUDkDyIAEZw:9OX7B8+ZLi3TWTHDI0vI6
Score1/10 -
-
-
Target
resources/clash-verge-service.exe
-
Size
810KB
-
MD5
e55991f7c18f2a16cb34a76d29ff0a12
-
SHA1
9d0a590daf3bf5a2ce4f9124619185b4f5fd3040
-
SHA256
7545f1cf2cb477cd0ccb15d00f61e80eefc1b25ca834f8fdf1204338a83f4e68
-
SHA512
bb6543a483bb2efccef87db7378ae81a622fb09af0fbc7e68fa2f84194e666f1addcc2d054ab321b7b1a4dd62966e83b716f54cfcb294bb9b116c93a952f6ec5
-
SSDEEP
12288:V9eUsVlYFq1d5ozJeuDljRGm2vbdqC3EEuI0b6SQryZ:V9eUspJuDltedqC3p
Score1/10 -
-
-
Target
resources/enableLoopback.exe
-
Size
95KB
-
MD5
5d16400084f534535c922180c562bd70
-
SHA1
20444c63a2e6ff17a1970f8af0744c0ccfdbb659
-
SHA256
0ccf6f4b2f6e89ddb50b3075fd6b604ef7c0d6b13ce377781d898dcd8f9c91d7
-
SHA512
b9dc50aac871ff81c54e000adb1de11c17aeea75fbc80afa5f025d1efe6c79acbfd05b5de6066f084ed0e26d4287c354984195e7aa134545846d371f84063bd0
-
SSDEEP
768:izEI16zcI2eTcvEWm/ljPjOPAxr25znrSh7A8g3CqnZZ6qmmlGThRR2fTnR2fTT0:y1H5MiP1zrSh7JwZQxmlGKyn6hb
Score5/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
resources/install-service.exe
-
Size
151KB
-
MD5
9733b9189a1e3337d42fb31ef4c9c17f
-
SHA1
299db7b12c9f6511f27e3968a3f5f6e6ea4f04fa
-
SHA256
aa575f832564c5e85beddb652f59dffc145f27f6db6f547dfa6465c7e4370b33
-
SHA512
b14b47745898ff61943bba0c980a4273a78c22e5896d59fc881eb3c2d3fbdab03e87c88c35db7dd8e43e9ba58567420bc6554917d2de9940f6d47dd5b309dcf1
-
SSDEEP
3072:UODshvuH5PifoioYnnBR8EefPsyHmW5O+2c+EFbfY:UObH5PiAiFnZe3GW32SFb
Score1/10 -
-
-
Target
resources/uninstall-service.exe
-
Size
132KB
-
MD5
a34714c81bcef05c7b1824c9753b8785
-
SHA1
e73a244eb3cb12a08579b98d0b86c98fcbdf3611
-
SHA256
9f32016f64c204bddd5b486833360290bc80e8b97e1485a66e57ca1db541e3e6
-
SHA512
e384d4a41a4dd0c3feeeb6c89a217ea397274b207c3d76618843a48b574a171f6f71ca52ec4b1bf591a2f8573261e9bc6965071fa0435187a191b2e3bd20ab7a
-
SSDEEP
1536:7DR0YxXfJuWwdEl+/JhB6n6hax6JTJ9Nfj4XBsgyYSqt/1iQdUkhLyPVBM3yG5kk:HJxXxuWajB6A11lqt1dSkMPVOjSi/Bf
Score1/10 -
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Privilege Escalation
Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1