Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
10source_prepared.exe
windows7-x64
7source_prepared.exe
windows10-2004-x64
7discord_to...er.pyc
windows7-x64
3discord_to...er.pyc
windows10-2004-x64
3get_cookies.pyc
windows7-x64
3get_cookies.pyc
windows10-2004-x64
3misc.pyc
windows7-x64
3misc.pyc
windows10-2004-x64
3passwords_grabber.pyc
windows7-x64
3passwords_grabber.pyc
windows10-2004-x64
3protections.pyc
windows7-x64
3protections.pyc
windows10-2004-x64
3source_prepared.pyc
windows7-x64
3source_prepared.pyc
windows10-2004-x64
3Behavioral task
behavioral1
Sample
source_prepared.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
source_prepared.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
discord_token_grabber.pyc
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
discord_token_grabber.pyc
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
get_cookies.pyc
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
get_cookies.pyc
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
misc.pyc
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
misc.pyc
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
passwords_grabber.pyc
Resource
win7-20240708-en
Behavioral task
behavioral10
Sample
passwords_grabber.pyc
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
protections.pyc
Resource
win7-20240708-en
Behavioral task
behavioral12
Sample
protections.pyc
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
source_prepared.pyc
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
source_prepared.pyc
Resource
win10v2004-20241007-en
General
-
Target
source_prepared.exe
-
Size
10.3MB
-
MD5
9ea7abaec2e7485e782f1ec0d331388c
-
SHA1
30539fdbd2f53458576f210e2186ca3152e351f9
-
SHA256
6ad00a113e2f70f9ed6af286fee6da9b45e81b2e71761d7519cf6b00dc46175f
-
SHA512
c95b62ac7df9aaea71e5c2ef86a63837adb4e482b86e47f630c8ab27e8fc3ab9a6c2f0d834edb9faba3bf62b88515962e4166bab90c3cf72b0a910fb35f1ca4b
-
SSDEEP
196608:4qin3DxOpJlXC4NmNumGOEJohaDjx4a0FAwYxM4JBXak7jCqbv7:4bnTxOpJUi/raMjm2BPJYk7v
Malware Config
Signatures
-
Detect Pysilon 1 IoCs
resource yara_rule static1/unpack001/source_prepared.pyc pysilon -
Pysilon family
-
Detects Pyinstaller 1 IoCs
resource yara_rule sample pyinstaller -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource source_prepared.exe
Files
-
source_prepared.exe.exe windows:6 windows x86 arch:x86
80fa9dd013bb874b9558b39c9cc07f50
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
user32
TranslateMessage
ShutdownBlockReasonCreate
GetWindowThreadProcessId
SetWindowLongW
GetWindowLongW
MsgWaitForMultipleObjects
ShowWindow
DestroyWindow
CreateWindowExW
RegisterClassW
DefWindowProcW
PeekMessageW
DispatchMessageW
GetMessageW
kernel32
GetTimeZoneInformation
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetStringTypeW
FormatMessageW
GetLastError
GetModuleFileNameW
LoadLibraryExW
SetDllDirectoryW
CreateSymbolicLinkW
GetProcAddress
CreateDirectoryW
GetCommandLineW
GetEnvironmentVariableW
ExpandEnvironmentStringsW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
HeapSize
RemoveDirectoryW
GetTempPathW
CloseHandle
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObject
Sleep
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
FreeLibrary
LocalFree
SetConsoleCtrlHandler
GetConsoleWindow
K32EnumProcessModules
K32GetModuleFileNameExW
CreateFileW
FindFirstFileExW
GetFinalPathNameByHandleW
MultiByteToWideChar
WideCharToMultiByte
GetFileAttributesExW
HeapReAlloc
WriteConsoleW
SetEndOfFile
GetDriveTypeW
InitializeSListHead
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentThreadId
GetSystemTimeAsFileTime
DecodePointer
IsDebuggerPresent
GetModuleHandleW
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RaiseException
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ReadFile
GetFullPathNameW
SetStdHandle
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
GetCommandLineA
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
CompareStringW
LCMapStringW
GetCurrentDirectoryW
FlushFileBuffers
SetEnvironmentVariableW
advapi32
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
Sections
.text Size: 156KB - Virtual size: 156KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 54KB - Virtual size: 53KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 188KB - Virtual size: 187KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
discord_token_grabber.pyc
-
get_cookies.pyc
-
misc.pyc
-
passwords_grabber.pyc
-
protections.pyc
-
source_prepared.pyc