Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
3LICENSE.html
windows7-x64
3LICENSE.html
windows10-2004-x64
3Unlock_Tool_2.3.exe
windows7-x64
10Unlock_Tool_2.3.exe
windows10-2004-x64
10lesseeVari...es.dll
windows7-x64
1lesseeVari...es.dll
windows10-2004-x64
1locales/re...ar.dll
windows7-x64
1locales/re...ar.dll
windows10-2004-x64
1locales/re...ge.dll
windows7-x64
1locales/re...ge.dll
windows10-2004-x64
1locales/re....1.dll
windows7-x64
1locales/re....1.dll
windows10-2004-x64
1locales/x86/ACE.dll
windows7-x64
3locales/x86/ACE.dll
windows10-2004-x64
3locales/x86/AGM.dll
windows7-x64
3locales/x86/AGM.dll
windows10-2004-x64
3locales/x86/AIDE.dll
windows7-x64
3locales/x86/AIDE.dll
windows10-2004-x64
3locales/x8...OL.dll
windows7-x64
3locales/x8...OL.dll
windows10-2004-x64
3locales/x8...32.dll
windows7-x64
3locales/x8...32.dll
windows10-2004-x64
3locales/x8...MP.dll
windows7-x64
3locales/x8...MP.dll
windows10-2004-x64
3locales/x86/BIB.dll
windows7-x64
3locales/x86/BIB.dll
windows10-2004-x64
3locales/x8...ls.dll
windows7-x64
3locales/x8...ls.dll
windows10-2004-x64
3locales/x8...pe.dll
windows7-x64
3locales/x8...pe.dll
windows10-2004-x64
3locales/x8...ib.dll
windows7-x64
3locales/x8...ib.dll
windows10-2004-x64
3General
-
Target
Unlock_Tool_2.3.zip
-
Size
26.2MB
-
Sample
241016-27kaasycpe
-
MD5
7ac1b1e4026b2f847e283de1a149da04
-
SHA1
a7e1dcc1d1386094b17271181519ff94943f17b4
-
SHA256
6a47bed443d129fb6c3661b64547971090889b7c1a8fdf8d27bd804d5f5dd1d8
-
SHA512
6f340809c0de7c1a21ef0449ed945f8b0ddcfc4dde19d586c9d6c8119cebcf22022dbd106337b21b9cc86ceaa4108b9cf0dab9891165a3475d08285e5e2c3d85
-
SSDEEP
786432:jYbolarHLcezVOkmJybtLe35N7X+f4kPA4:MRjLXOIRGN1i/
Static task
static1
Behavioral task
behavioral1
Sample
LICENSE.html
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
LICENSE.html
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Unlock_Tool_2.3.exe
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
Unlock_Tool_2.3.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
lesseeVariant/modules.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
lesseeVariant/modules.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
locales/resources/app.asar.unpacked/keytar.dll
Resource
win7-20241010-en
Behavioral task
behavioral8
Sample
locales/resources/app.asar.unpacked/keytar.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
locales/resources/app.asar.unpacked/native/tvdbridge.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
locales/resources/app.asar.unpacked/native/tvdbridge.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
locales/resources/mkl_sequential.1.dll
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
locales/resources/mkl_sequential.1.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
locales/x86/ACE.dll
Resource
win7-20241010-en
Behavioral task
behavioral14
Sample
locales/x86/ACE.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
locales/x86/AGM.dll
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
locales/x86/AGM.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
locales/x86/AIDE.dll
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
locales/x86/AIDE.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
locales/x86/Acrobat/Acrobat32OL.dll
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
locales/x86/Acrobat/Acrobat32OL.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
locales/x86/Acrobat/Onix32.dll
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
locales/x86/Acrobat/Onix32.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
locales/x86/AdobeXMP.dll
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
locales/x86/AdobeXMP.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
locales/x86/BIB.dll
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
locales/x86/BIB.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
locales/x86/BIBUtils.dll
Resource
win7-20241010-en
Behavioral task
behavioral28
Sample
locales/x86/BIBUtils.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
locales/x86/CoolType.dll
Resource
win7-20240708-en
Behavioral task
behavioral30
Sample
locales/x86/CoolType.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
locales/x86/JP2KLib.dll
Resource
win7-20240903-en
Behavioral task
behavioral32
Sample
locales/x86/JP2KLib.dll
Resource
win10v2004-20241007-en
Malware Config
Extracted
vidar
11.1
23a142269e47ce1692ccc9fb68473bc2
https://steamcommunity.com/profiles/76561199786602107
https://t.me/lpnjoke
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
Targets
-
-
Target
LICENSE.html
-
Size
6.3MB
-
MD5
6e638956244aaded2c92b77f9d421a81
-
SHA1
f5269556b6fe04cfca5a1da21af718641708a666
-
SHA256
652457f1b5ec60a81c8aff095366bcc068402c21eb380ba8286366bc4e9a029e
-
SHA512
f0e173761a6acd13b6c1b5eb896c361487a770a54f1842ffaa80c8ff780b37a1e801169786776c4afa7d9c75cd968dbaddabff082de55cf75cc4f9d871d08bc1
-
SSDEEP
24576:nPVZ5W5WS95zHIlGMmfu626s6W6a6q5AHOeQDph:SMn
Score3/10 -
-
-
Target
Unlock_Tool_2.3.exe
-
Size
1.5MB
-
MD5
875d0ab4d446da201127377ef3756d5e
-
SHA1
45cdad2ed72f5d4956d13ffcee2002caabc68625
-
SHA256
5067e33aee627b233fccbfa9516fdb2bb96216694a606986f986add251a856fd
-
SHA512
4ee704b5cc1cf693a511ca555de476ec76fa39b9993fbde102545a390e91ae286c57f7c4cd717b56748a1549e1c28c5e7cfde994f61dac0b762b832fed4d769e
-
SSDEEP
12288:1hzfw9F+PLs7BYQtUq6xGfMD/lienK07szdiNb4uhYUsZNYHjuO83IEO:Lw9FOYBYQ6xG0TI4QO4uhNSNYDu/4t
-
Detect Vidar Stealer
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
-
-
Target
lesseeVariant/modules.dll
-
Size
907KB
-
MD5
dc05f0b8f1a32e872721d3486e6332b8
-
SHA1
dbf055b0f934640fadcfaa93971fead8df7a3869
-
SHA256
37ec5f998a5c376d4fcd4342b43a4163d1f043e0f7711e46677cd30013882723
-
SHA512
0f89d713237ef11a1ef8d824ad9767bb13fb4f5f334acdd65af0ba6e54cec4a910398636683254b3fe4d46a069a1781187313684ff827a907b8b968134f6efa0
-
SSDEEP
24576:z0OY4ZFajHYDTR2yfVbf+c6Z5WODYsHh6g3P0zAk75:z0CZFaj4HR2yfVbd6Z5WODYsHh6g3P03
Score1/10 -
-
-
Target
locales/resources/app.asar.unpacked/keytar.node
-
Size
691KB
-
MD5
c5c99144e2e1589628e14999ba59ad73
-
SHA1
9c80f8de6b5cdaf38677d5368b5287bacb9e465a
-
SHA256
90e35de89ab5e5f9290e4ff1bbadcf221a82b2aa0d9b922187dc980adff3c831
-
SHA512
0bcb99953397c6604d8e08bf2ba89248ee82f92436c2dcc779157b65227b0e1350927273a1b6d150a9db914d0a8830680df05ef651ee291b40657a3025a721c5
-
SSDEEP
12288:cRInDhSzUpqDDa2XX05VNpk4th460iQlp1Qk5wUFPcvKKR0JQQ8jKOx8:cOnDHpqnaskrdx
Score1/10 -
-
-
Target
locales/resources/app.asar.unpacked/native/tvdbridge.node
-
Size
296KB
-
MD5
e5526203a1a46494f6940c755189321a
-
SHA1
fe8995c525a41c38ddfadcce065bd5a4f9d6a9cd
-
SHA256
d849a98540c05e1d0e770bc7d72a5d88213430745acf7aec8ecc246e042d0aad
-
SHA512
033fa4ba21d8086e516deddac9d25aaa4180b4c341ceb05c1ef9f86a790ebf22a4ee4eb9505da6703cd4309cee1e6be76dbdf4870f0c4d398bababde9facf899
-
SSDEEP
6144:0MYYj6PQEzvJhuQlVvR+biOSvX3wa5zedaPqhUrYOv:uYj6PbzRhflVZ+dg395zedaPEe
Score1/10 -
-
-
Target
locales/resources/mkl_sequential.1.dll
-
Size
24.4MB
-
MD5
dc669a38669daa5f86ee691ab76f256a
-
SHA1
d096b0e62e2cd804d1cdfc1cee97cfd88c6f3526
-
SHA256
14d2183e60955af7844004fd394c38667a627804eebd23f88d8b2916803c0191
-
SHA512
7c0fb218cc5403d25f0a50e500ed2cd5c1a2c95a6538edae366ec8e6dae2d6fcee0a047cb1c1f4b382630cf06d9f9aa140a7c37c7d6bc30008bfa5a03544f834
-
SSDEEP
786432:jAjbotve5/l6Qofwx/xGHfHr9kmk5D0EnnP+IobqgGzt:jAjbotve5/l6Qofwx/xGHfHr9kmk5D0O
Score1/10 -
-
-
Target
locales/x86/ACE.dll
-
Size
1.1MB
-
MD5
d0ae82cdf9911bec3eddda128602af04
-
SHA1
58e167521f2b028d03aeb6c926d34c2c969fa9c6
-
SHA256
f9675304d13efaee32e6b4a3317b64231a59b684532a898d12b4e7ed88518afd
-
SHA512
c1520462a8e02ab09e2a101207e88cf6861b48c32b7c2523047251496479740a84987fb19aba4dc8610abe2c81e5f7dbc80c51b8667f4953e17dda583d27557d
-
SSDEEP
24576:tmGLzPLOXbuKR17zBXE+MXRHRg2yTEg863NzSxoopoo+F:v3jOyY7zB0+MXRHRg2iBrdzSqF
Score3/10 -
-
-
Target
locales/x86/AGM.dll
-
Size
5.8MB
-
MD5
b39b8d45413692ff856e9ba907256c2f
-
SHA1
ab06b594a57b8bbe0f4c4ba80a12129953521667
-
SHA256
ee32f4cbba3a601d57064695a8ed5955e1b9af984110d34504b8d5ebb132c084
-
SHA512
1dcc8bbbc55ac27b0a0b96e28de73338b972e2998bc9c33439c32b721de811b2c9ecf6d7953dfbdfadcbcc0c64f56871d09ae953a449c516578e9e8b3e1df661
-
SSDEEP
98304:lUpuc5sPE5fMZywrovF+rMnV17FVgvhiWaOuBue5SlIN:cuMCEZ3wrovF+a5Z
Score3/10 -
-
-
Target
locales/x86/AIDE.dll
-
Size
2.0MB
-
MD5
ad388ce4c2cc3aaff605994da782d57e
-
SHA1
f43c3f588c77a34e8b81b63247ac1d7657016050
-
SHA256
d3ba1adbfeef8f19e4aa570299c06d39a87dfc5fe3d85946270b722e44dacda7
-
SHA512
f8e8f0fc5d8e01f8afe1aac55d3a301fa0019c6e80099616abf5a41c09aeabd0294e4391ddac170c2cd5bcff0b9e9cb4b559a2eca50a273e398083542065e27b
-
SSDEEP
49152:h50rEANbHm4w0H5QZXjr/nZA9XANcZ4T5lQ:b0rEcbG4w0H5QZTrnZEmlu
Score3/10 -
-
-
Target
locales/x86/Acrobat/Acrobat32OL.dll
-
Size
200KB
-
MD5
18e5a6296e02efb842fb3d11ca0c7c63
-
SHA1
1a774bc3ec960bf1d639b883ba34de0a101748a8
-
SHA256
629b4cef2c394c6a1fad37e5ac6f497b3bdac489270d54f4e98c5dfc925ea883
-
SHA512
66fe300a275d0dc403479668a3120e6eb9a84a28736e64b24afc37298e556589b40c191a83f5871b2ad1778e0a8a65f7a0878f29d409b2efb9d51531854c5198
-
SSDEEP
6144:tbL7Ohthut5BCRVS989WUY+7F4C9WOOS0mvpMJDJ2C7ejmj:xL7ObhG5BZUYiF4C9WOOS0m+JD
Score3/10 -
-
-
Target
locales/x86/Acrobat/Onix32.dll
-
Size
745KB
-
MD5
e03d8bbcf584de58500efdac4c7b6a97
-
SHA1
7aac481128eda876bc111b0cb33e202c68ef1f93
-
SHA256
58cc0c31514e89a743c9b96c7892c256cd9daaa18bdcff784b8ddb1d5c15a163
-
SHA512
eb3346b4d93137476f57eb43c87e4160b5d85431e2e9a75fbf4250161414d290eead6bcdadb290e23f13158ea265da880ddef1cad4b12cce60c0fa9d4f95c3d2
-
SSDEEP
12288:JPuGQm/KqPd7dg3EPctRuVcnQUFkZrBzKWe5p7MQnowzk7NugLqKiaC3P2nYs8rh:gGQm/KqPd7dg3EPctRuVcnQUFkZrBzKz
Score3/10 -
-
-
Target
locales/x86/AdobeXMP.dll
-
Size
887KB
-
MD5
7c3033588c1a187918cf3fd246069a3f
-
SHA1
2b637a9d37de604ae8e98fcbc73746ccc0402b31
-
SHA256
e958f4ed8272a96e599ff9f0a79331e7b5109104a9d20d3f760c7eb162daf7e0
-
SHA512
80d513d25477081c84af87e8127a02bb332204ad7399ac653a27ca726e446fd25518d36189bf90b10cbf34119d35501e006a2e06dbca5a96dc2348aff6b6fe91
-
SSDEEP
24576:7CaZsdfNjJaN0OdQfLCKVkDavzVi5p5bafAAy4:7ZspNQVQdkahi5zaf5R
Score3/10 -
-
-
Target
locales/x86/BIB.dll
-
Size
119KB
-
MD5
404de37b800b661ebfaa218b20c8c0c6
-
SHA1
2a2416b663ee9d9ec6325d2c70bf05be27a73eac
-
SHA256
ca53407b356fcdea51a6d536447ed6b88ad14c87facf421080d141cae837eedc
-
SHA512
e6d66bcb0da4ca5456dab376385c73a918fc13c4b0ab9a05d2324dbb7a9fcf197d727acfbedb15e55452b916c9afde0ed01b233868a88ae0f34ee01306289430
-
SSDEEP
3072:x9mmiJ1WvqJ7fW7n/WY0EZrZsibdumKr9igRsNpKN02+OzHwn:TkaqJi7M0dO
Score3/10 -
-
-
Target
locales/x86/BIBUtils.dll
-
Size
170KB
-
MD5
79622b56347c1fd44b74bd4ea74cb813
-
SHA1
51c1e13a4b5aad657c570149c529dd4963adf77a
-
SHA256
0f2b3d012a9abe420bc36c62847bba6ca4478ceebc018bad2b19f22d481fcc10
-
SHA512
ebc329e0d1d869107043e5b0a0e05d4322fa0a2bbc2c30411d51ce1b4b33778ee94f82ad072cc8cf75222f488e52bf52dfb7481edfdef3e39fd58259685ad195
-
SSDEEP
3072:0VMWnX3e6TCL2ssOGpibdy1ZLKDZW7TPtAlgeoVA/sis/zquLtyQh1g:0JnHeKk2s03q0nh
Score3/10 -
-
-
Target
locales/x86/CoolType.dll
-
Size
3.2MB
-
MD5
6fb9f15b6a1dd1ee9cdb9b4ef290d69e
-
SHA1
c5955655e9b96004a72bbb09aa72996f3ddaa539
-
SHA256
d4a0db913fa555808ce627114fe6e2725970499c70364edbedf47d907d52242d
-
SHA512
24be26d2e0dc3e05f786ce3eee815247261fe99e1bff08e689d71bf68e7d5340e942aaaefd9203569f63c23a5f5cb46c1ff6a2d91f2753fd6d78240fffa7beed
-
SSDEEP
49152:37sVoVC47fsPVTs57ovd2MMg6NYpnd3EQUyfha+P/u6LSXvowU7u9qRXApP4Cqrt:37RCwfsdTk+dlb73ELyfhlf9K4Cqi3
Score3/10 -
-
-
Target
locales/x86/JP2KLib.dll
-
Size
508KB
-
MD5
73c0da5c825e3a2275dbef4f8dae0813
-
SHA1
6f6191867fddf3c284066dd855512198c509d64c
-
SHA256
979851cac4a2a0e394f06ca7139d7402911048b094f550dd9b33d1203ae92862
-
SHA512
aa01cba77cf94d3a4c66ac7169414d4d7f91d8965d312bb46430b766affe0ff93c241a84ad9e1796c08c28fcbc613c9d98cde37b2b4914e801abff6c638a111b
-
SSDEEP
12288:tskp3VH/G2LrUUIGVC3hCDfF5AzO5qkkZalIf+AGzVYu5uRcyef0njWcArh45j:tsK3VH/dlIGAGzqu07ef0qO
Score3/10 -
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
4Credentials In Files
4