Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    adsav.exe

  • Size

    55KB

  • MD5

    80c7ba2da4987600d1e9008265aafb0d

  • SHA1

    4712783a6004912fd4cedd71e9f60a0ddd03b6d0

  • SHA256

    47d0ceb844938cc8c28168f069f45461e5f0d670205fef7d092a41704ae416f0

  • SHA512

    fbefdc6b3f2d6669c1382ebad364d96e9561c40d561e6d9d9a1d50e331d54c72d7fd3602f8f9e2824a43ee11e20bd0d15f2dc80fef27fe840618c0b2c6c31317

  • SSDEEP

    768:h2GgkY5J4Z3LSPQVrHO46v/qNo/ORG7CAXORF72pC+beeM2cSj428lDADOcLeh+E:hLEv/6om47OR92k+bVRcSESO7gJXG

Score
10/10

Malware Config

Extracted

Family

xworm

C2

127.0.0.1:58981

147.185.221.24:58981

Attributes
  • Install_directory

    %AppData%

  • install_file

    Update.exe

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • adsav.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections