Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

7

pluto mapp...d).exe

windows7-x64

9

pluto mapp...d).exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    pluto mapper (old).exe

  • Size

    3.5MB

  • Sample

    241005-zj4ypaxbjb

  • MD5

    7294182f058ab0f2b33f9c3eedea3384

  • SHA1

    9c40e090ab7194fe532ae59242eec445f6611367

  • SHA256

    ec3a258141b27d3cdb83949cbe03637b5da953406d4a2261a6c8b7640d8371a0

  • SHA512

    f269698dfb08e738a54312cfacbeb318e0014647b66d6034c86baed134d15452f47f7bd687db03c02a35f0182c0a4965bbac1524d7d49228ade59df7f55b0f57

  • SSDEEP

    98304:U/r4by8mP5/92kxAINXHY/7jDNOTGh8meDGICOOv7krApL:orZP58kOIH2OS1YGICr7BL

Score
9/10
discoveryevasionthemidatrojan

Malware Config

Targets

    • Target

      pluto mapper (old).exe

    • Size

      3.5MB

    • MD5

      7294182f058ab0f2b33f9c3eedea3384

    • SHA1

      9c40e090ab7194fe532ae59242eec445f6611367

    • SHA256

      ec3a258141b27d3cdb83949cbe03637b5da953406d4a2261a6c8b7640d8371a0

    • SHA512

      f269698dfb08e738a54312cfacbeb318e0014647b66d6034c86baed134d15452f47f7bd687db03c02a35f0182c0a4965bbac1524d7d49228ade59df7f55b0f57

    • SSDEEP

      98304:U/r4by8mP5/92kxAINXHY/7jDNOTGh8meDGICOOv7krApL:orZP58kOIH2OS1YGICr7BL

    Score
    9/10
    discoveryevasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks