Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Static task
static1
Behavioral task
behavioral1
Sample
0acd2bc16e85c03505f6e33236bf02be5773214ae2ebc201e4ade6f6b80fa895N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
0acd2bc16e85c03505f6e33236bf02be5773214ae2ebc201e4ade6f6b80fa895N.exe
Resource
win10v2004-20241007-en
General
-
Target
0acd2bc16e85c03505f6e33236bf02be5773214ae2ebc201e4ade6f6b80fa895N.exe
-
Size
133KB
-
MD5
91fceb0c23c4b6be39dde58df54c1bb0
-
SHA1
e39d4c5253b0077a968737cc278a470b96118c5b
-
SHA256
0acd2bc16e85c03505f6e33236bf02be5773214ae2ebc201e4ade6f6b80fa895
-
SHA512
b488f4f44ecc410e7178b21bae3a256f54e233e8a5e7a8fb51d73720cd279794527886c7d099030c9b5d376e4c831a1a53aceb4e3d7bea99eefee28e7ee21f12
-
SSDEEP
3072:n5LWQKRH3sdOyM8WLAIPsMJAcTFq0gW18znpH3PM:5LWQKRXsdOyM8WLAQdJAcS3
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0acd2bc16e85c03505f6e33236bf02be5773214ae2ebc201e4ade6f6b80fa895N.exe
Files
-
0acd2bc16e85c03505f6e33236bf02be5773214ae2ebc201e4ade6f6b80fa895N.exe.exe windows:4 windows x86 arch:x86
f5cef65c1fb76352722b1eecbea31104
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetCurrentProcess
GetModuleHandleA
GetStartupInfoA
shlwapi
SHDeleteValueA
SHRegQueryUSValueW
SHQueryValueExW
SHRegGetBoolUSValueA
PathRelativePathToA
PathIsFileSpecW
StrToIntExW
PathFindNextComponentA
SHSetValueW
PathUnquoteSpacesA
PathSetDlgItemPathA
StrFromTimeIntervalW
SHDeleteValueW
PathAddBackslashA
StrToIntW
ChrCmpIA
SHRegEnumUSKeyW
StrNCatW
PathRemoveExtensionA
StrCSpnA
PathRemoveBlanksA
PathGetCharTypeW
PathBuildRootA
PathIsUNCW
PathRenameExtensionW
SHRegQueryInfoUSKeyW
PathRemoveBackslashW
PathGetDriveNumberW
PathIsPrefixW
StrCatW
PathIsSystemFolderW
SHRegGetBoolUSValueW
PathIsRootW
SHRegWriteUSValueA
SHRegWriteUSValueW
PathIsUNCServerW
ChrCmpIW
PathIsContentTypeW
StrCmpIW
PathStripToRootA
PathCommonPrefixW
PathMatchSpecA
SHRegEnumUSKeyA
PathIsRelativeA
SHDeleteEmptyKeyA
PathUnquoteSpacesW
PathAddExtensionA
SHRegDeleteUSValueA
oleaut32
OleLoadPicturePath
SafeArrayGetUBound
VarAdd
LPSAFEARRAY_UserSize
VarDateFromBool
SafeArrayAllocData
VarR8FromR4
SysStringLen
VarUI4FromUI1
VarBoolFromDec
VarUI1FromDec
VarI4FromR4
VarI4FromUI1
rpcrt4
RpcSmEnableAllocate
imm32
ImmGetIMEFileNameW
ImmGetStatusWindowPos
ImmCreateContext
ImmDestroyContext
ImmGetIMEFileNameA
ole32
OleNoteObjectVisible
pdh
PdhParseInstanceNameA
PdhLookupPerfIndexByNameA
PdhEnumObjectItemsW
winspool.drv
GetPrinterDriverDirectoryW
AddPrinterConnectionW
DeletePrinterDataExA
StartDocPrinterA
AddPrinterDriverExW
OpenPrinterA
AddFormW
XcvDataW
AddPrinterDriverA
AddJobA
DeletePrintProcessorW
SetJobW
EnumPrinterDriversW
AddPrintProcessorW
DeletePrintProvidorA
GetPrinterDataW
GetPrinterDataExA
DeletePrinterConnectionA
AddPrinterDriverW
DeletePrinterDriverW
SetPortA
SetFormA
DeletePrinterDataW
SetPortW
EnumPrinterDataExA
DeletePrintProvidorW
EnumPrinterDataA
DeletePrinterConnectionW
FindClosePrinterChangeNotification
GetFormA
EndPagePrinter
EnumPortsW
EnumMonitorsA
AdvancedDocumentPropertiesA
SetPrinterW
SetPrinterDataExA
PrinterProperties
gdi32
CreatePatternBrush
FrameRgn
GetLogColorSpaceA
setupapi
SetupDiGetClassImageIndex
comctl32
ImageList_Copy
ImageList_Write
ImageList_SetIconSize
ImageList_Read
ImageList_GetImageInfo
ImageList_ReplaceIcon
ord6
ImageList_SetOverlayImage
CreatePropertySheetPageW
wininet
InternetOpenW
CommitUrlCacheEntryA
InternetCreateUrlA
FtpRenameFileW
FtpGetFileA
InternetGetCookieA
SetUrlCacheEntryInfoA
DeleteUrlCacheGroup
GopherOpenFileA
FtpOpenFileA
InternetTimeFromSystemTime
InternetQueryDataAvailable
SetUrlCacheEntryInfoW
HttpSendRequestW
GetUrlCacheEntryInfoExW
advapi32
RegisterServiceCtrlHandlerW
IsTextUnicode
GetSidLengthRequired
GetSecurityDescriptorControl
MakeSelfRelativeSD
DuplicateToken
GetServiceKeyNameA
LookupPrivilegeValueA
SetFileSecurityA
LsaQueryTrustedDomainInfoByName
AddAccessDeniedAce
GetExplicitEntriesFromAclW
LsaLookupNames
ImpersonateLoggedOnUser
QueryServiceConfigW
GetTrusteeNameW
DeregisterEventSource
CopySid
LsaStorePrivateData
BuildExplicitAccessWithNameA
OpenServiceA
SetAclInformation
CreateRestrictedToken
LogonUserW
RegEnumKeyExA
MakeAbsoluteSD
LsaQueryDomainInformationPolicy
RegUnLoadKeyA
RegDeleteValueW
RegisterEventSourceW
ClearEventLogA
SetSecurityDescriptorDacl
AdjustTokenPrivileges
GetTrusteeTypeA
RegCreateKeyW
RegConnectRegistryA
LookupPrivilegeValueW
ObjectPrivilegeAuditAlarmW
ImpersonateNamedPipeClient
SetKernelObjectSecurity
OpenEventLogA
GetSecurityInfo
LsaSetDomainInformationPolicy
SetTokenInformation
GetFileSecurityA
ObjectPrivilegeAuditAlarmA
GetSecurityDescriptorGroup
msvcrt
__p__commode
_controlfp
__set_app_type
__p__fmode
_except_handler3
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
mpr
WNetConnectionDialog1A
shell32
DragAcceptFiles
imagehlp
GetImageConfigInformation
RemovePrivateCvSymbolicEx
RemoveRelocations
SymGetOptions
SymGetSymPrev
SymFunctionTableAccess
FindExecutableImage
StackWalk
Sections
.text Size: 102KB - Virtual size: 102KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 26KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 1.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ