Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
VirusSample2.rar
-
Size
21.1MB
-
Sample
250113-galfwa1kdl
-
MD5
e4e8f137fcd5d8c8be5d87228a1e83ac
-
SHA1
a6ad110c747a40def97b5a4eb29fb35e4c299be7
-
SHA256
a0d69f37d3ba0dc95cb0f3eaa9975a1ff418890a68c6393b3a9d2e7634d1b00b
-
SHA512
20fff490f2e73457a06cf39cca57880741aab3714721d0a896770b0ee33b1a078f7eb209eed5cde019538f0ccfa3bd12f6ee6d76d7571346c76bc2d6bc545713
-
SSDEEP
393216:7Ma43eiU82dY4aPvkTCwie/akRForX96btuJxcZ7SYAnumlc:4aqeTNaPvkweD/8AtuCZ7SXucc
Malware Config
Targets
-
-
Target
VirusSample2.rar
-
Size
21.1MB
-
MD5
e4e8f137fcd5d8c8be5d87228a1e83ac
-
SHA1
a6ad110c747a40def97b5a4eb29fb35e4c299be7
-
SHA256
a0d69f37d3ba0dc95cb0f3eaa9975a1ff418890a68c6393b3a9d2e7634d1b00b
-
SHA512
20fff490f2e73457a06cf39cca57880741aab3714721d0a896770b0ee33b1a078f7eb209eed5cde019538f0ccfa3bd12f6ee6d76d7571346c76bc2d6bc545713
-
SSDEEP
393216:7Ma43eiU82dY4aPvkTCwie/akRForX96btuJxcZ7SYAnumlc:4aqeTNaPvkweD/8AtuCZ7SXucc
Score7/10-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
-
-
Target
License Terms/151/Shared/xe.dll
-
Size
616KB
-
MD5
9abbdab424f66a7f4c395fd8759cef0e
-
SHA1
d08a1fe1ab2eb09827f26fe493994e8f064c74c8
-
SHA256
f724575de0ea9ec3cc15a1f10d6a936ef2ec6dd3790d0d1c39dfc1f9d31aece4
-
SHA512
2583f01afd894330c1e98a57327df14605b19c4baa06beba9f42bb63a0831f669bf495fc91c16041cd882169434a568b09fffa2d5f56edbd2b36fbb6a8ae5ef8
-
SSDEEP
6144:atkUO5IjISRbo5x88oTPVXU+u/o6XPLFlDxzqKoAMl2FrbyOHgNf1UfD2t2BgCcJ:ukU3IBC823SLMkFrzgx1Uyt2mL0eUW
Score3/10 -
-
-
Target
LocalDB/Bin/SqlUserrInstance.dll
-
Size
150KB
-
MD5
423671a408eedd5e51f4d4f6a3de4589
-
SHA1
7a96a2c6e2381e78bdd152e3caef75146460f488
-
SHA256
b62fab3be134e7765720c0eb579be5a65ae719771b1e39c14ac39958d554b90e
-
SHA512
4e9aa8c9ff248d4ec86d79b8515dbe51fa30aa5b28124a2c1872270c30e7887c1d49c573116237f393c29ef431b97110212fdac9d3a27134b6effdc5d373c11c
-
SSDEEP
3072:bm07GntHw9i1pCiY/cYCuyaBeipTCl/0YgPjGWuwLWW1cQFaNWpVfxTdv7OH3UCb:k9Y/cpascTg/0YgPjGWuwSW1cQae5TdS
Score3/10 -
-
-
Target
S0FTWARE.exe
-
Size
10.5MB
-
MD5
107f2ad17a30b5d498a0bde5f6b76147
-
SHA1
ca206ceb5253b83bb009d87ea0d6b4265cabd768
-
SHA256
82819ee0b35a59f56f57b91fc9f9b53a6086e6d35df65ba854f874580bc63639
-
SHA512
146eaa30a2b8070f5ea76a3a5657ff35390dd2ff38f593712b749aa84fa9fb4512cb2be8cf4aea8422c00db65074a17feb27e1e98d5db84f1fde80fc92a1f3ad
-
SSDEEP
98304:e+qJPaUzaWKe4QMl/OlCQs4znK2px5PLRfuSbrKjYiGlTf2:tqNak4os4zfzlliGl
Score5/10-
Suspicious use of SetThreadContext
-
-
-
Target
SDK/100/KeyFile/1033/sqlsysclrtypes_keyfile.dll
-
Size
13KB
-
MD5
166a4eb063fbff4d85b7647b9b3819b0
-
SHA1
1738ea07615836656f9d5579e1de65a1a9fa6ca4
-
SHA256
c51a51d4e3734765d1352dbf09511e49a2773b3d6bd9a704ee664fb8e3059e42
-
SHA512
d178a00dd133698bc04c9d641c4c77cd6547c05e2fb4b81d9b86db53b12ee49def2496360eee2d8b84c7461adc1db8cc0f1632d6bd8938957fb34880e8df992f
-
SSDEEP
192:eezaYKTBCxaMQk3X7rrqYPWhRmWQRFGQKPnEtObMacxc8hjeyveC3cgYBv:euKT4wMdrrxPWhgWQKLXci2jpvqBv
Score3/10 -
-
-
Target
SDK/100/KeyFile/1049/sqlsysclrtypes_keyfile.dll
-
Size
13KB
-
MD5
166a4eb063fbff4d85b7647b9b3819b0
-
SHA1
1738ea07615836656f9d5579e1de65a1a9fa6ca4
-
SHA256
c51a51d4e3734765d1352dbf09511e49a2773b3d6bd9a704ee664fb8e3059e42
-
SHA512
d178a00dd133698bc04c9d641c4c77cd6547c05e2fb4b81d9b86db53b12ee49def2496360eee2d8b84c7461adc1db8cc0f1632d6bd8938957fb34880e8df992f
-
SSDEEP
192:eezaYKTBCxaMQk3X7rrqYPWhRmWQRFGQKPnEtObMacxc8hjeyveC3cgYBv:euKT4wMdrrxPWhgWQKLXci2jpvqBv
Score3/10 -
-
-
Target
SDK/Include/sqlncli.h
-
Size
171KB
-
MD5
e18728306ff50e10128b78b1996c8fec
-
SHA1
b1213ebd3c35ebc9c364e06ca9daa05a1f1a660a
-
SHA256
c456a690db999e90100b20ba464ba06670310fc16959553cd6991ff411387b67
-
SHA512
8016b045ca325b2f05417a398e4ed0262bc5dc162377f2adaa33df02101f177bfa1aeee08972b3b6fe01b475c5190f1d739e6942ff06c5e6296459fc7ab8596f
-
SSDEEP
3072:rnBb6ds1q3r33ozc3FRHKf5Ba/T7vQW7aoC2nHBZpioWAmiA/8Op:rnBb6ds1q3jjT7vQW7aoC2nHDpioWA9+
Score3/10 -
-
-
Target
SDK/Lib/x64/sqlncli11.lib
-
Size
6KB
-
MD5
8af8f618a6b6063d18ef5dd016b5a08b
-
SHA1
1c95ba05a02294d0945b0d88b378100442ad7330
-
SHA256
ae6cef1c8164775bef8202c367e45c69f09b92b86d04876f45f7befc4196e4e8
-
SHA512
abf4b25e3b071d1c8490c81181b7f7a4c341f41348c5230548ceddd3749a70170877594c37ffb2185105e7352ccba7ce3dc1b89eb71ceda73534bc57a0e3ea9d
-
SSDEEP
96:Qgf+2NI0QpsyHx2FbdpXZEKf+EK1KfKyeuj3FTk/Yx:QgWH0QpsyMbjXZEKWEzj3FTk/Yx
Score3/10 -
-
-
Target
SDK/Lib/x86/sqlncli11.lib
-
Size
6KB
-
MD5
1fa6ee9c2e84b4a46127df1af4c09b7d
-
SHA1
62fbf0018de9bffab8e0eb4fe297f0a76b8a12f0
-
SHA256
ff52761730b58b81857dfe330bb240b90e948910025d92eb3369eae3af18f8fa
-
SHA512
0919e58ffd5df98bc801044e03cca67878924b45f2bec0a20219de08afe969d591af77ff678343d4889f62ec64c2b74c2f627bd4be670fa0df24ceda9937f789
-
SSDEEP
96:VVZzw5mOqjLw/Qv/MSasj2A5wA7ZYKVKCKL5q4N1R5zxnV:XZaqjLw/PSasj2UZGN1R5zxnV
Score3/10 -
-
-
Target
Shared/Resources/1033/sqlevn70.rll
-
Size
2.5MB
-
MD5
27d0d43f7ee9daefc96eef48620bdb4c
-
SHA1
83c84ce3c517871dec311500001db5c501d25be3
-
SHA256
4790c4c828d21865b556b48bdbb0dc84fec7e49e8fbccfd5e75c9dcfb86cae5a
-
SHA512
fd651fb3cb9335db0a26fd58bc0831a0e91c437ca1a65355b968cf0900fecab1289b6660e64220c330b00c456e1a40e6536e8ad0a3df3f58021f6c1a47861530
-
SSDEEP
12288:GgNYGl0T5TJ4IkbB84tgpciKgYLtXU558:GgNcTQtgVKS8
Score1/10 -
-
-
Target
Shared/Resources/1049/sqlevn70.rll
-
Size
2.8MB
-
MD5
35e743c24d8eda76966acf60ed8b337f
-
SHA1
9eacb67db44b21d2091a50f2d7a7ba7cfa7bfbea
-
SHA256
09c875779139587ede45c49cf14173d7ce1b68246471a4f5b67dad021e5085ff
-
SHA512
a25e279baca808528e8d9c0d824ca008a3666eb62f483dc3c9f81c503c97d22689c4ef8e525bf45844f865200f85a3b0a9b1911535fc427e51269043f5983a5e
-
SSDEEP
12288:Y2LLINEgCKk8WfQV8vdjH6m9csYVkTzwx/1:Y2pgn8vK1
Score1/10 -
-
-
Target
Shared/instapi110.dll
-
Size
47KB
-
MD5
f9ee4c23a7bdbbb94bbfff3da087b431
-
SHA1
b8dad015dcd170bc84e8ae333c66e40c7e4090c3
-
SHA256
fc988b3fad95fd8ad36d829c9bfa2f36dcd517de674705a3928ad3384354f34f
-
SHA512
9ba5b2865854929f6ce41139c0a2db61ff49291b0a4e8a0ba653ed622406c0cd9eaeaa4df44fccddc03f0ad621ae75db071d93b76454d4be468334069d8bf5dd
-
SSDEEP
768:6YNhRVG+vZ0Q3V0qOflcSpvxxqGdhO2zUGA1el:Nt48Z0hcexKEUJel
Score3/10 -
-
-
Target
Shared/lssyscat.dat
-
Size
1.0MB
-
MD5
8079e21b5980d3089761d2366d1c0828
-
SHA1
77d8430339e0d384a50064697846c8f818f0176c
-
SHA256
7cb429032be391e6f01065bb772aaf00f979ce7f1766b71d541fa53c58988f27
-
SHA512
96cb7f455fb567ba5a4e1cb019114d0680fcd338b78d6ed0a2cdd442809d4611cf46bfa95be39e0657b245a1e8c5913d21c53b1f35ee035d4b98af6b51657438
-
SSDEEP
6144:4uubPKb5VM8Jyg2T/XcwNOwBfZpM2+k2+E2NzzSJrNtdMBbHmT02Jh2vfRYA8hI9:4uubSPrZM
Score3/10 -
-
-
Target
Shared/sqldk.dll
-
Size
1.6MB
-
MD5
9284cdf83b7b75720344b616864e8766
-
SHA1
0ff8fe5eed78440044f1b6afe117e91d2453744a
-
SHA256
5ab3dfd1f5c303688593e8779dca3fdeb3075647cc675df4d3a23a0a3f90f84d
-
SHA512
6b9fbcbafe732720e3bc7b4ff15a1349b55d46fc760ab2961193c4103439aeaa1313a950436de80fa6d2c78e9e4334a1d64c157046ec4ce41c2ce32c6df2665c
-
SSDEEP
49152:aBTO/KEiThdwXGn736mpSLa2CWtvhpW6xaf+MBAm7PdQJDdwczf4jW:ZyDThKmWtvhpW6xaf+MBAm7PdQJDp
Score3/10 -
-
-
Target
Shared/sqllang.dll
-
Size
24.8MB
-
MD5
29f692b545d0493d4d2257439c6969e7
-
SHA1
fccfcd17acf600abafe4671be0a1e0d9c06ce3f6
-
SHA256
f51cf85cfe31f0b447ad5d6000d176b64de50b5e7a09a0af9f59c0a23cbc729c
-
SHA512
dccdd19aba438f40fd944988f4431a905633cd29048de3b45c924350db67ad481bb221546c41145de93bc1f210c5c9e830a6dcb95127c04f8c80924647f027b0
-
SSDEEP
786432:bNCDpdcZRUQeXCcIOwpjfUwLMusl6xVxKwDu5ZKj0YPmSRVYUzFLSm9GPW22hlcB:bNSWaQeycIOwpjfUwLMusl6xVxxu5ZKu
Score3/10 -
-
-
Target
Shared/sqllangsvc.dll
-
Size
51KB
-
MD5
fe645bdecf22601e9fdc293aed23ba0c
-
SHA1
a665dd12847f2f19a18e68329c98ec543e295027
-
SHA256
b5108ecfc1dd73e8023d609d5edd8e6dbc5279991a0ae1628f0ca2932b61010b
-
SHA512
43ac5d53d58c18c0983cbee628ff31dd3ad643b6b9e2ae1bae6d604885538a6733eb05551984dd7cbbb2ae00904e43ba3755ee007c83f874d0627d891e4162b8
-
SSDEEP
384:3xZhtomhKV3lOIEPiswqIWqmxD/lmXruk76OeyO4tepvgizbPVHMgBqPWbdWEWr3:DhteQ/RxlcrP9evjbdH1nlWhMGAedt
Score3/10 -