Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
7freeSpoofe...er.exe
windows7-x64
10freeSpoofe...er.exe
windows10-2004-x64
10freeSpoofe...64.exe
windows7-x64
1freeSpoofe...64.exe
windows10-2004-x64
1freeSpoofe...64.exe
windows7-x64
1freeSpoofe...64.exe
windows10-2004-x64
1freeSpoofe...64.sys
windows10-2004-x64
1freeSpoofe...64.exe
windows7-x64
1freeSpoofe...64.exe
windows10-2004-x64
1freeSpoofe...64.sys
windows10-2004-x64
1freeSpoofe..._2.exe
windows7-x64
9freeSpoofe..._2.exe
windows10-2004-x64
9freeSpoofe...64.sys
windows10-2004-x64
1freeSpoofe...er.exe
windows7-x64
7freeSpoofe...er.exe
windows10-2004-x64
7freeSpoofe...AC.exe
windows7-x64
3freeSpoofe...AC.exe
windows10-2004-x64
3freeSpoofe...p.html
windows7-x64
3freeSpoofe...p.html
windows10-2004-x64
3General
-
Target
freeSpoofer.rar
-
Size
13.8MB
-
Sample
250111-tgwxeasqgy
-
MD5
4de784dcf73d6a71b45f090e999a591b
-
SHA1
a0dbb8326e1d122c8ef4f8a2bdfb3ec406ad8ebf
-
SHA256
94985615c3a4143304e8f85e41d9f1bd2281d073d47ade04dcac1f63d31305c2
-
SHA512
83e92a5bea27d2ea801296bee5e249f971e2501d7fb7ebb406d6ff43a75ab2c899b74864e317be4e89a4979787d5a3e600a64dece18dffa1145a991edf11d39d
-
SSDEEP
196608:P4t4b2VYuO9EjW+gZ9Lu7XD2jbgMleIJS9tGbDkkxmTsmYm0HKdbFrQzTV2bN9VW:P4tVH2ExgZA7XaQMl1JSabQAKdbF9JK
Behavioral task
behavioral1
Sample
freeSpoofer/freeSpoofer.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
freeSpoofer/freeSpoofer.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
freeSpoofer/tools/AFUWINx64.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
freeSpoofer/tools/AFUWINx64.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
freeSpoofer/tools/AMIDEWINx64.exe
Resource
win7-20241010-en
Behavioral task
behavioral6
Sample
freeSpoofer/tools/AMIDEWINx64.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
freeSpoofer/tools/LeCrud64.sys
Resource
win10v2004-20241007-en
Behavioral task
behavioral8
Sample
freeSpoofer/tools/Volumeid64.exe
Resource
win7-20240903-en
Behavioral task
behavioral9
Sample
freeSpoofer/tools/Volumeid64.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral10
Sample
freeSpoofer/tools/amigendrv64.sys
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
freeSpoofer/tools/applecleaner_2.exe
Resource
win7-20240708-en
Behavioral task
behavioral12
Sample
freeSpoofer/tools/applecleaner_2.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
freeSpoofer/tools/lvafudrv64.sys
Resource
win10v2004-20241007-en
Behavioral task
behavioral14
Sample
freeSpoofer/tools/tmac/Installer.exe
Resource
win7-20240903-en
Behavioral task
behavioral15
Sample
freeSpoofer/tools/tmac/Installer.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral16
Sample
freeSpoofer/tools/tmac/TMAC.exe
Resource
win7-20240903-en
Behavioral task
behavioral17
Sample
freeSpoofer/tools/tmac/TMAC.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral18
Sample
freeSpoofer/tools/tmac/help.html
Resource
win7-20241010-en
Behavioral task
behavioral19
Sample
freeSpoofer/tools/tmac/help.html
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
freeSpoofer/freeSpoofer.exe
-
Size
1.4MB
-
MD5
57749553c159683cf8c646bea1fa7e21
-
SHA1
414bdd48c6fd752f6d6100ad1c38fdecda8ffece
-
SHA256
5f1287749ae0d7025a05ab21ab24a6ccce54618f0890e51e85c12f76b0559d13
-
SHA512
6f3138fe1628880e30e7c451f285f8090ec41463c19aaabe2f42395f366d9f29dfe86a07a9086b0da1e1c52f71746fdb82f16a86c472a209996eb94098c19c41
-
SSDEEP
24576:wUNxvqF6FGYJf6yjNQpNONZNlTX5PlGPgquLEIWxUc7N11QaSYx7Gq6n9uX5:wUNxvC6FGYJf6yjNQpNONZnTX5PlGPgQ
Score10/10-
Cerber family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops desktop.ini file(s)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
freeSpoofer/tools/AFUWINx64.EXE
-
Size
1015KB
-
MD5
59a47fc8e9b4396dddb52907a8a54177
-
SHA1
d16c0825ea1ce721b00df160d826475fda2bae44
-
SHA256
03e11400f15251c9bf2d764b1020f32904f9569a426adfbe26b21e04898c8800
-
SHA512
e857e9627b811d48510e14f0b8e65a12eb4153d0e05ad322cc8b95f6ee5c52cc018a1073acecbed43148de26e5c252ae9a2a6d5fdda1b585dfc41f030bb2f6e3
-
SSDEEP
24576:xplWGl3HtCFYAQaYe9pwD+yweJUCHHWDa:8Ye9K+5L
Score1/10 -
-
-
Target
freeSpoofer/tools/AMIDEWINx64.EXE
-
Size
377KB
-
MD5
8690997c90d94b5a10f2fe39caa0d7a6
-
SHA1
ad05c719b046da3946e370409b342e3c67946a87
-
SHA256
157f846e4865f27898917304ba4480f6d67a327cbb25a790f885a78b8fba6db1
-
SHA512
39d2ff1aa49cdb302fd88f6903d71d0008e89ff9113eab8a3ca2b7dbc0e5604a059f8c6f798c97971149f80a379a73ea6900ad46cce5203effe5c226bcd080e0
-
SSDEEP
6144:u0lLNvLmP/LgoYG5HViOlHH7qKPUcky2FpwhPa24UW3Pl+MnUURgr:lzmP/Lgk5HViOlHH7qKPfky2FpwhyV38
Score1/10 -
-
-
Target
freeSpoofer/tools/LeCrud64.sys
-
Size
46KB
-
MD5
3e5c48ee4bdd6229f6bef52e940af600
-
SHA1
f8dc06c1fda53ee0f64306ad76c070ab2f5b2350
-
SHA256
f3046cf53ef29e9882918978310680497a1a329076c046697b4a1312f590fc09
-
SHA512
b9c289c6f301a32bc719cecb8aba99bf32539467f1e3762dacbd529339e0c9d5946235f98dfb9c3d5f9f07a7e4c4714236fe570d71aeb33c091c894576d6b0f8
-
SSDEEP
768:m1aGDGmA4cTr5efxS4EyRuaCjeLmNGUooNzYieNdVPxWEGg5x9z4cOo:GqeEfeLKo2z7enVPxP5jzgo
Score1/10 -
-
-
Target
freeSpoofer/tools/Volumeid64.exe
-
Size
165KB
-
MD5
81a45f1a91448313b76d2e6d5308aa7a
-
SHA1
0d615343d5de03da03bce52e11b233093b404083
-
SHA256
fb0d02ea26bb1e5df5a07147931caf1ae3d7d1d9b4d83f168b678e7f3a1c0ecd
-
SHA512
675662f84dfcbf33311f5830db70bff50b6e8a34a4a926de6369c446ea2b1cf8a63e9c94e5a5c2e1d226248f0361a1698448f82118ac4de5a92b64d8fdf8815d
-
SSDEEP
3072:PngbfXWm18pX82lOl7NuT7DLM5Weo5UFs5QM8JwDmtFk1glurXEa:/gbfXWVoRNuT7DkbFsKM1glI
Score1/10 -
-
-
Target
freeSpoofer/tools/amigendrv64.sys
-
Size
36KB
-
MD5
9accebd928a8926fecf317f53cd1c44e
-
SHA1
d7d71135cc3cf7320f8e63cefb6298dd44e5b1d4
-
SHA256
811e5d65df60dfb8c6e1713da708be16d9a13ef8dfcd1022d8d1dda52ed057b2
-
SHA512
2563402cc8e1402d9ac3a76a72b7dab0baa4ecd03629cc350e7199c7e1e1da4000e665bd02ac3a75fd9883fa678b924c8b73d88d8c50bf9d2ae59254a057911e
-
SSDEEP
768:cBOmh786zi+NqkO8Ouwn3uivOyiRZSFInq1os29zjTUD:cXi+NXwnecOyiaFInq1lCz+
Score1/10 -
-
-
Target
freeSpoofer/tools/applecleaner_2.exe
-
Size
3.6MB
-
MD5
f96eb2236970fb3ea97101b923af4228
-
SHA1
e0eed80f1054acbf5389a7b8860a4503dd3e184a
-
SHA256
46fe5192387d3f897a134d29c069ebf39c72094c892134d2f0e77b12b11a6172
-
SHA512
2fd2d28c5f571d40b43a4dd7a22d367ba42420c29627f21ca0a2052070ffb9f689d80dad638238189eed26ed19af626f47e70f1207e10007041c620dac323cc7
-
SSDEEP
98304:z7m+ij9HD0+jCihNRkl/W6aG/wcKnfu8NUT6Ko:e+y4ihkl/Wo/afHPb
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
freeSpoofer/tools/lvafudrv64.sys
-
Size
35KB
-
MD5
8d533ae1500f743a177b27c88a241163
-
SHA1
52c25cf4c903714fa52870a16d143fb6aeb0fa99
-
SHA256
b9e8de155fb9aabb4760034a65855130eb85aadc88963e40e2be87b049c025bf
-
SHA512
546c9309b9b078ce4c49a3b56ec8d77b0fd4c0bd583f4bce53705f854fe2addba5c8029ed8b8da9e944b2c212d2ee0508095bf20c12632b760a5c271d19940de
-
SSDEEP
384:mrzqfCQlZluZfnktrQsHGh1jEiI4IHith5kCN88ZGmGovy8ZpHcS8FRJvIsWAR9k:+dCluVG0zuiv1yiR89PL9zIf
Score1/10 -
-
-
Target
freeSpoofer/tools/tmac/Installer.exe
-
Size
189KB
-
MD5
34636047a124a3bdb21ff9c2b9402250
-
SHA1
49ecf948cfd6e85f38007b4267792d75031da015
-
SHA256
0d3390d29cde2d1f4b147d70fc7008abe2107c5cfdc0d1bfa746a180b70e03fe
-
SHA512
607d9a123c9b0a3fb74503e78255ac2033177f36903272660f9f650639496662d16177f47e61204e699172ba4233cda23442be538e6a07a2e39632eb709c0e9d
-
SSDEEP
3072:68dMhw/SymvBpLYDhU6Fh/S1PcU8MsGlUbLB:6I/tmvBpLYDhU6q1PcUnsGubl
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
freeSpoofer/tools/tmac/TMAC.exe
-
Size
712KB
-
MD5
230b4c45774e95dd75241068c68aeb0d
-
SHA1
ef46dd76a8c6d4a7d6882469015a07a9bf660a50
-
SHA256
6c3d76c9a4d1652ce25ae8c2ba1907167cfaa0054b8e1325f370c52eafa74c97
-
SHA512
fc08d219e1023d7929250ecab81f640e4114f51b184d9004da0887c93b24a6026931a71da4ef0e95caa2a416d858496b5e174bcd0dd3bd3a76bca6582283e90c
-
SSDEEP
12288:A3fO0HyZz3H3PrpYMP/KyBAQ+KFBSmbrz6C4QXwmfW/sfH6s7zQcKDsVv/JLSF69:+On5pYyKyBAiFBSmb6CrXwmfW/sfH6sn
Score3/10 -
-
-
Target
freeSpoofer/tools/tmac/help.html
-
Size
22KB
-
MD5
8a707156b8ac8760e9de9f2d62c2050e
-
SHA1
8bd91f7606a7d456bccca513a14ef6583a1815e7
-
SHA256
c37d369d1f1ee945da67587b530d433b7fa0d16ba09a9ef13d468141a403c09d
-
SHA512
a092f62a5646150fc5a3891186c297c12488e509d59c73f5095d5ada0fc4b9356406f332e4e5cfc846b909e599bb6f7be6481c471c7d0b7b796974655e66b266
-
SSDEEP
192:5jU+nCqyZ5picOcYgWeCsKsbVRDEogq0ZWHaDfPhgA+2/eF5stchmai:5FcZzlrZKsbVRDEBq03gZMeFu
Score3/10 -