Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ExeToolsVGBypass2PC.exe
-
Size
4.2MB
-
Sample
240921-fyg8pawhkp
-
MD5
8675adcd1c579fbc35b39727ac782587
-
SHA1
310e6c01ada0529791cc0655359874ebf8f94d9d
-
SHA256
c7cd7a8939eeeef530992a9ecd73c9874282009527657b7886a56122cba047bd
-
SHA512
b063ee51782f722ba604ea90f92fa862b1b34e4d59d60ab61ecca466bca2793ee4e24f00390981963545cf59b34cfb308bd46872b1ff8b0326d33ae23dddbbc0
-
SSDEEP
98304:tM3sumlm7Kja4WS9WHV9I90dmlJktRHb945YQgM2:tmsnyJMd9hlCD79456M2
Malware Config
Targets
-
-
Target
ExeToolsVGBypass2PC.exe
-
Size
4.2MB
-
MD5
8675adcd1c579fbc35b39727ac782587
-
SHA1
310e6c01ada0529791cc0655359874ebf8f94d9d
-
SHA256
c7cd7a8939eeeef530992a9ecd73c9874282009527657b7886a56122cba047bd
-
SHA512
b063ee51782f722ba604ea90f92fa862b1b34e4d59d60ab61ecca466bca2793ee4e24f00390981963545cf59b34cfb308bd46872b1ff8b0326d33ae23dddbbc0
-
SSDEEP
98304:tM3sumlm7Kja4WS9WHV9I90dmlJktRHb945YQgM2:tmsnyJMd9hlCD79456M2
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Stops running service(s)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-