Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
9b831491d41f8a6e59ed10ce7e72caf62f40eecd7d98db1b7fa1c3f9ef5d6732N.exe
-
Size
749KB
-
Sample
241225-3w971sskcl
-
MD5
e68369e17367e41717dbb16caddc9d30
-
SHA1
f2dc50d804f963797d65eb9b06a69d38fb7fd358
-
SHA256
9b831491d41f8a6e59ed10ce7e72caf62f40eecd7d98db1b7fa1c3f9ef5d6732
-
SHA512
06ebcaf9ec06f95bfb76bcd685ae752c6c27a516c9b8a9c1d6752d6d46fa402866a988162a3e4163a9faed64872afbe933e6f8fcd79d551452f3d63a4bdf5fe0
-
SSDEEP
12288:eKQbsJFJLEBMmOI7T7/BH0Cxf7377ZMhp2Wrz+91Gq3Tq0WN699y+8SAKBjvrEHM:eK+SL3mOIj/BHlf77NMhp7z01L3Tq5Ni
Malware Config
Targets
-
-
Target
9b831491d41f8a6e59ed10ce7e72caf62f40eecd7d98db1b7fa1c3f9ef5d6732N.exe
-
Size
749KB
-
MD5
e68369e17367e41717dbb16caddc9d30
-
SHA1
f2dc50d804f963797d65eb9b06a69d38fb7fd358
-
SHA256
9b831491d41f8a6e59ed10ce7e72caf62f40eecd7d98db1b7fa1c3f9ef5d6732
-
SHA512
06ebcaf9ec06f95bfb76bcd685ae752c6c27a516c9b8a9c1d6752d6d46fa402866a988162a3e4163a9faed64872afbe933e6f8fcd79d551452f3d63a4bdf5fe0
-
SSDEEP
12288:eKQbsJFJLEBMmOI7T7/BH0Cxf7377ZMhp2Wrz+91Gq3Tq0WN699y+8SAKBjvrEHM:eK+SL3mOIj/BHlf77NMhp7z01L3Tq5Ni
Score10/10-
Floxif family
-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Detects Floxif payload
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-