Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Train.Simulator.Classic(GamingBeasts.com).zip
-
Size
1023.1MB
-
Sample
250127-xzd14asqdl
-
MD5
9afbd34bfd646accd29353f7d9ca27c7
-
SHA1
1b9def6438124d60491ece458d750e4bc5922433
-
SHA256
0e6df159e58f9c47bddae3fd9d307ba039289981f55d9f1a2d66539a27ae4e2b
-
SHA512
1da1290e0e315ba4e4827ffc57c43c6ee1426ac8bf14951b5b895eef25afc6f418c6ab1f80b915937f849ee51d0a2134e1a589babbac788da429c7478070678b
-
SSDEEP
25165824:HnyA7lzcR/f+upNy8U/lkTjzF5YLaj5y7ePbyPfpgsrr87IVe3D/YkjXCiI3:HnZBdjUPLYLW50i+3pJo71/YkjXCie
Malware Config
Extracted
warmcookie
Targets
-
-
Target
Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/AddIns/BPEPowerTools.dll
-
Size
35KB
-
MD5
8b5cba0ad096dcbd7bbd3778ce6c9d0e
-
SHA1
ddfa58997c780eb18df00576905f24b70f187da7
-
SHA256
e809e371e70a76b2d3e5ba3588a4b33d44aadecc8f0e17c0dd078d3bd8473bb3
-
SHA512
58fde50d827ec6a7d985df2b5324a8fd998f7cb50fd3895ef0ae1d2f3a6b9642264b3044f4af1ed4befc1c3a312b3b4de8e25470a2c55d549675f076fa168133
-
SSDEEP
768:s7D+Hwoe2P7svsGcBICsRv/ozrJUq3DsSjFJGSFNww:smH/e07svTcBFsFkrJZ3DBjFJBXz
Score3/10 -
-
-
Target
Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/AddIns/DefaultEditors.dll
-
Size
93KB
-
MD5
55fc1cd76178acea78cc46269f31ad9e
-
SHA1
7124c0b1cc78dfc32c93e1a2e9dcbd7f9fc2e72a
-
SHA256
ff30dd1126f973ae04d06a32b6c47bb46a89f799134d02c9fe09ebcb9b6bcb0a
-
SHA512
8ead13afcd3bcc19938b7e99758383a856270903780a279666ca21d0108ff33db9b1eeb5d2eb39189895e1a91a6366c77921f70d98e9048da388982c0fb064c0
-
SSDEEP
1536:UfsFdaW4aif/70zkxS5mEy8MoiEWQKAYEiICyHBKwi1owVJ4z7SelwbppwFO6ql8:BFA/X4TBEiajbHCO6wWqQ
Score3/10 -
-
-
Target
Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/ApplyXSL.exe
-
Size
20KB
-
MD5
52e2c6eeda7f2225037cdec2103fcdd0
-
SHA1
1169c7a6cdc4800c59f0e74fdeaed00ad7f0c3d4
-
SHA256
d26c7b290dc597465a239dc8710c09a4870fa69c8a4e6d277a1cadd98f8dc258
-
SHA512
c23a1a53e97b292c4a9030f4d1fcbdf5bf296f2ebaf3520cad4957fce4ccf82bc23ae0f4ad9877519a329ae44011dbdc64c334d6132220a63a773a060f634fc8
-
SSDEEP
96:+cq4MRbjBOI+pj/oZeFo0BHWkiPoHQjzQMLy+H4PVWWg23PQI1k4v:7JefBX+pye3nyowJL/0VJg2YIv
Score3/10 -
-
-
Target
Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/Assets/Kuju/RailSimulatorCore/Audio/UI_NewRelaySound.dav
-
Size
418KB
-
MD5
f8326c7d9f761ed8390b155a2e900824
-
SHA1
c70e5f9202e1cd91ad54c82aca3e4d2e019bd70f
-
SHA256
364591bfe9839fd0b0905db62ee4e5c19dc120874f3469605376b51582e4323f
-
SHA512
56e0e337954a6cd2c44444ac3d64bf532e05054b7ad5060778ab450a759a444703764037a0afbdc5a5b79f5d0d6cdd7969af8c6c16893f8cd634c6db34488bea
-
SSDEEP
12288:QvAWa167dUlez43R71fRSecuA2jLVBTb99mu:QvKsM3RWvu5Btou
Score6/10-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
-
-
Target
Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/BlueprintEditor2.exe
-
Size
796KB
-
MD5
a1e7c9b1d99d67ed8b3e895f8059d747
-
SHA1
f2859df753428fdcc84e8adc9ed3d04bc01a98ab
-
SHA256
a230395408036068256b31026fe815b09c1c8011ad1540b563eabe0017840f2b
-
SHA512
edbf83f8ccae730e0462aa73e4c3a2568ab6c42d7d26b13de0cfc4fc9ed051d0e74f169dde76a1b0ac5c3291fd4749986f8ba6a5b934f50b72fcd0516827308f
-
SSDEEP
12288:YURc9Xl+1B0rFNm+bgbvWp2UxTYiEOc8j/lcEZf9Nm+7gbvWp2:WXlAB0ZN2vWp2UFYibc87qEZVN2vWp2
Score3/10 -
-
-
Target
Scenarios/66c8dfe8-f59c-4f70-b676-f2658dccb7fe/de/Complete.html
-
Size
476B
-
MD5
d028286b07ed8b5d92d1d153e8fe6f80
-
SHA1
d2f47b21c4a5819a40cb0968ad703fb7c4fa6145
-
SHA256
f53f2f25a91da1b0c831cec39edf205adfa6a4c5ffe10b17e3db2cda7c15b906
-
SHA512
fc9711b428d4614fe483a3884baa7627444018c7141d8f00cb82492eb308c8a5fde6307207206df5daad31ba06aaf539be381b88b8f65be169a5b88333fc8a9a
Score3/10 -
-
-
Target
Scenarios/66c8dfe8-f59c-4f70-b676-f2658dccb7fe/de/Message1.html
-
Size
775B
-
MD5
af1ddfd6219f4d00d5b4fa688f38bd40
-
SHA1
a6a84e2f79684fce0406b11105ca3173765f115e
-
SHA256
8c73b425725ffaef9ec179021413ed0e4e43c19aae3b98e8c6f354f2eda9dae4
-
SHA512
7fd3f44533c20160115ce1942b424680d6606c456cab50ae8d7c648dcc576380c8ef25e679c37fd990b6e37eb50b998f3126317322aab344df208d9ba7807c23
Score3/10 -
-
-
Target
Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/ConvertDDSToTG.bat
-
Size
298B
-
MD5
5fe7c5a46bb440257f67bf9715e2cf15
-
SHA1
dc7eeab62f806aae36df10ec86c79a55e3682cd4
-
SHA256
04df8716af2074b685dd15565958c704f8a50bfa31601ae4de00a6030e898cc4
-
SHA512
1ea9cb70728299d2b1d04d4ca41db0376420516e703b5c272f0229b22d2ad9672b94f2842423741e931e2b6c5adb2a3496cd8a408dc065af1734ae83fbe204a6
Score1/10 -
-
-
Target
Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/ConvertToDav.exe
-
Size
41KB
-
MD5
1a05d75e32b59feba66833ac50150aac
-
SHA1
a69549ee0fb4849f682475843f88ebf017b10d4e
-
SHA256
8207347a50e5be4af03f13a06fe697774b2cdc638dbc63fe4c599f5a9548dab3
-
SHA512
3647d43ac3cea6b8a65f8b578b36ee752a61902a0db01e297c6fc0f52a19213a2ff8c6374220186e8ee0d0fa8ac21bf633f9879521f00e7405275f0b7a92359a
-
SSDEEP
768:Jbb/Zgp0OaY0vMJcIg9L030/eisLjOCEPDsqL9wEvu06Tt6HOoUOcdUJ:JbjG6/Iga3uezP5bqL9wc6TJOPJ
Score3/10 -
-
-
Target
Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/ConvertToGEO.exe
-
Size
843KB
-
MD5
8a6e32e1d876806acaf2470b98110ad4
-
SHA1
72a3e82c77bbb2d0a8c9eb4f44596665bd1bdbc1
-
SHA256
db6d30c0cf042846aa807bbc2564e50c284a079f24ab74869941be45389be977
-
SHA512
e472f9dfd2a9721d6df5fe8f9baf6829c62d5102b60d9a7122e2efcb1864748144542e3b510505fef182167af000f1b781a328f472a8dd299057ea0dd94d387b
-
SSDEEP
24576:7Hyp/HNgVduL9HPsWw8YZ7q95SdzBJsZiDTrcvRttT1WvwTl:78/HNgVQL9HPsUYIGFJXTrEqv0
Score3/10 -
-
-
Target
Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/ConvertToTG.exe
-
Size
88KB
-
MD5
e4699d1b3f7702f9e90def7bcb623620
-
SHA1
0b92c701da3b80fe688e255d48858c1eb5b7acc8
-
SHA256
61a5620564b8fa47abda683fa6f8922ac2d4511b5a1e130754512863eaffcd8f
-
SHA512
8469b3e3da54b38fcdca6cb8ecff8f182b9be7d501417a4808860ce342af8020834f38db16696e119bcae201f7e11a1ebcf9e2b43d9c485daacbefa04b91c5ae
-
SSDEEP
1536:64+MynRw9w9mOt3eaWTgUctHcfJvOqP66PX/ODQ741SObsT:6X8KtwJckJGqPPPODQBObsT
Score3/10 -
-
-
Target
Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/ConvertToTGLib.dll
-
Size
544KB
-
MD5
e5a3dc9c7cbd36c4519e20e649eba88e
-
SHA1
63307e0c8b3e8dec6ec1442f419d1bc17ef62057
-
SHA256
c0d67232e284cdb5cde627f5c47a456c3319d80cf5a29e7481bf378f2cbe9b96
-
SHA512
ac3b332289b01496aa4d2e26958dd8b65f9e452ed0fe70e5c3f3ecf19158398484e843e756f1f952d58d8c85797503c67c5b92cdea8c1cec0bb683e67a64b906
-
SSDEEP
12288:a6hauxI9jP7CWjCzh04mNWLMfNx97LTrXqokM3g:BhaQI9j2AfNXfTrX1zg
Score3/10 -
-
-
Target
Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/Dialogs/Credits/de/main.html
-
Size
4KB
-
MD5
697560f2327dfb5274f1c474f300a4e7
-
SHA1
a4d3b7b84f80a033445fc322684fb1d866dce424
-
SHA256
44de79c931d2f32159aa09bc58a5d95d5defd8da84c58ad8835a69917ef8b677
-
SHA512
b90ca2231d7b434df68c491ce31fc7c694512037393966363f1ec764c92895a53b84e339409176a1e9ee2aadbcfa7779fe4caa756dce3fa331026062539480cc
-
SSDEEP
96:GDLJF/4NxJFqNud3BDtMEmoMitNxLWKnVtsxb7cHjNvNUpBfNUYZwlACK0ps:MFCxLqNGBOEmoTtNxLM9SNSylA7is
Score3/10 -
-
-
Target
Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/Dialogs/Credits/en/main.html
-
Size
4KB
-
MD5
09e43cc7db894a1aeffa15095b0abcb8
-
SHA1
ab54912b3af1f2b1dfe8862950c98273a002d583
-
SHA256
d1a6e873296dfcbe095833698a0c60ef14a82747fb0b22452bb160aa3df44e0f
-
SHA512
e4b4f14fbf52fb133f6dd91b5cdda5c4178c08bbcdbb65d2b20d317e8282545cee7edd4ce1fdfbb0c5eabd3cfae9997f4428e482dad3677ce26278af64077a72
-
SSDEEP
96:GDLJF/4NxJFqNud3BDtMEmoMitNxLWKnVtsxb7BHjNvCpBfNUYZwlACK0dd:MFCxLqNGBOEmoTtNxLM9xN2ylA7Q
Score3/10 -
-
-
Target
Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/Dialogs/Credits/es/main.html
-
Size
4KB
-
MD5
551a7812118691524de10f91dc4bf917
-
SHA1
d86e9e9ef295c27a42685adbdc45c5a2376f7ea2
-
SHA256
55e622f1017676dfaaac8b966de8b561631ccbb9c3c530cda875e1668717f635
-
SHA512
5e92cfd003c7bc65b1defa54f331ed236f83dc78d20618f97504b6166089051d4662a33124e03d7cfb83d79219f6e4347e1c7557d606deaf9556e4fe27c9cd54
-
SSDEEP
96:GDLJF/4NxJFqNud3BDtMEmoMitNxLWKnVtsxb7IHjNvOZpBfNUYZwlACK0w:MFCxLqNGBOEmoTtNxLM9mNkylA7j
Score3/10 -
-
-
Target
Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/Dialogs/Credits/fr/main.html
-
Size
4KB
-
MD5
9594af50dbb31d38a1c3e7f731334566
-
SHA1
ecedf00121538565eda28f12b7fcd6cdb3fe69db
-
SHA256
30db7d4f45bb5e50a05f3cd6febef608243e88dff8d8be755b074cfbe75f14d2
-
SHA512
52792af1ca2b8e65aca2fd3ccbbbec9b3ec2320b865221a4cabb9c1d005bd4fef4301e0d3be762faf15d4b7d4bcbbc0e432e2583096cdf09f0230a95c48dc8be
-
SSDEEP
96:GDLJF/4NxJFqNud3BDtMEmoMitNxLWKnVtsxb7LHjNvqpBfNUYZwlACK0v:MFCxLqNGBOEmoTtNxLM9jNuylA70
Score3/10 -
-
-
Target
Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/Dialogs/Credits/it/main.html
-
Size
4KB
-
MD5
db1293354792c4fb56a2302539880ff8
-
SHA1
b09893bf58f7267070daa3e1eb2b60af38829e13
-
SHA256
9b8aabc47df92c720629e900c7e297eeda0ffb74313592d8b67d89a49fd0f453
-
SHA512
e19f27e6efe0408933543f15eb36227ffdf2621f995a25b082faef0b51db6ebe4f6b2427bbaad9c13ea3ecee8ae269c235747e3897cacaefc067a1d07c73e3ab
-
SSDEEP
96:GDLJF/4NxJFqNud3BDtMEmoMitNxLWKnVtsxb7yHjNvppBfNUYZwlACK0r:MFCxLqNGBOEmoTtNxLM94NVylA7u
Score3/10 -
-
-
Target
Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/Dialogs/Credits/pl/main.html
-
Size
4KB
-
MD5
8705e9e8d08d841d44181ef784834bb8
-
SHA1
495c2235ce40efde9c6e21cec168132fcacd91eb
-
SHA256
6231bacfcac3729110a83beb124786bcc8f8cc91afa09f6ae37ffe893d4ae0c3
-
SHA512
58d794a20fda842293ac07b67ca4d6817ae9cd3d4010fd767c8aefe7a9b0c4e48bf016e0b517035c0af1f853efd06d7f7482f43d90d0903463cf803c45be82c0
-
SSDEEP
96:GDLJF/4NxJFqNud3BDtMEmoMitNxLWKnVtsxb7IHjNvCnBfNUYZwlACK0dd:MFCxLqNGBOEmoTtNxLM92NEylA7Q
Score3/10 -
-
-
Target
Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/Dialogs/Credits/ru/main.html
-
Size
5KB
-
MD5
fa7fa8c8ea74bf2cecd71bc28ef99452
-
SHA1
08c559a088cba52ad22a8a5fd3648ed57075b581
-
SHA256
49dcd00b4a3b39a1aea6475c0b0a545bffaf22100c4430d7558b287c7f9a7e51
-
SHA512
8db378bd0cd6acd5cba928a9b9f49cb944ca8eb9513ce823ed074e63cbf47c6464b6d85907667c1504b62aed566b4ba49f5fb191c0074852f44834244f24508d
-
SSDEEP
96:GDLJF/4NxJFqNud3BDtMEmoMitNxLWKnVtsxb7cnHjNvdbpBfNUYZwlACK04i:MFCxLqNGBOEmoTtNxLM9gDNFPylA7ti
Score3/10 -
-
-
Target
Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/Dialogs/Credits/zh/main.html
-
Size
4KB
-
MD5
f26a609ac2c95a2e66cb82081a39868c
-
SHA1
7d6823d4412f4d3f2b6fc3305058324e29287908
-
SHA256
ec48e15638ec31f3b1e3b0af26945263f2d96ee79015c4b2d16d91dcca479770
-
SHA512
2af568cdfa11153f1f0fc8254aaf02d26e7d962260a7320285228f2e8f33b722664c1830a62d70204eaba7be5347aeeb99480dd019fdcbb0d88b144c1df4015c
-
SSDEEP
96:GDLJF/4NxJFqNud3BDtMEmoMitNxLWKnVtsxb73HjNvGApBfNUYZwlACK0WC:MFCxLqNGBOEmoTtNxLM93N1ylA7Q
Score3/10 -
-
-
Target
Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/Dialogs/Legal/en/main.html
-
Size
3KB
-
MD5
b64e4962d96db2e36ca1f024105b3164
-
SHA1
fef7144a50112bf738b593eb30e8aa65b869811b
-
SHA256
3b02fcb5ca5763a4f34d802cf2b15f16e357faff3d01519d62f9438b87fdef9b
-
SHA512
79899948d0a7b66da6b08d3734d870bf850e6b4e229e7140a112e8cb0e86314fb6be043668ee124433c6865ef400a49f5bf1320734daf7c021cce31db32f31f2
Score3/10 -
-
-
Target
Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/Dialogs/News/en/main.html
-
Size
237B
-
MD5
b34cdb684c85dacf56b4e5bf688aeb7d
-
SHA1
bfbed24331d2af270ec9c55b6c77532b5c00182f
-
SHA256
888c7e033a9ecef744cd1807d72b9a2ebbcbf2a91a374eb416a2557fd99a69c6
-
SHA512
b3702caa11cc0bb3c9f3949df3c649802e5747863c00735fa06b7f014079ab10db9339837e295fe9c6ee6848ae1f178e8b4ae198fe2b9c9ad46a8b0f97d78b91
Score3/10 -
-
-
Target
Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/ErrorReporter.exe
-
Size
18KB
-
MD5
53051c7047881ed6700aa409bf007530
-
SHA1
a582d9e07cf209a2a0be59148c41ca7885138306
-
SHA256
83653a47df3ec8a97a860ca424daac20e453263ed6578a3ab09fa03afda24fa1
-
SHA512
2a025857f1a633643d285e30445183f90e148e0a70037feb05524700622053667fcb6a3e0a626d6051915addea3768f3fdf2b490ff21220914a9a7de841924af
-
SSDEEP
384:tLFjUpq4kO3YTTJ+SNLjVAk+3ACKC6p9:NFjUplkFT7LjVQ3Av
Score3/10 -
-
-
Target
Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/IAOptimiser.exe
-
Size
33KB
-
MD5
93a1256ec67f757c388671aa7bb90eed
-
SHA1
61a1fd5e2bec1ca659a03e05ad0ea1048d623c2b
-
SHA256
9731926d08cf176669dc31bc8d75b694744dc08436d66d391ec1769f76e557fc
-
SHA512
0dc20115a3959f30665e9d498576723eb0019f2b56246e10eaff898f8986d51746c4066f151e2224f34dbadd29fbb0e8c755aad0cb1fefea73dd3e0a9e3cc911
-
SSDEEP
768:eNZiZJnBFuJaMktwKVKDpJ3iKoyPPqH7aS0OWdeTXjYEl:ezIJnBFdLDYDpnoyPPgQOHTXjBl
Score3/10 -
-
-
Target
Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/ICSharpCode.SharpZipLib.dll
-
Size
188KB
-
MD5
2290ffa97c0a8bf75e7e4b23a0539655
-
SHA1
05540b2b4869d8729f7e5999fed7c6c7c9a851d6
-
SHA256
bb931d3f03868e1a4519be88f619c6e54841a9722c4a92b4a89c799ba9402d12
-
SHA512
df3eceeb03961dd8e85d4bea2089b24189a7311101ab0162f37b3bbb4c854d49af2cac13c04cf8a3ad7262f21295edcec9c58c82763cb1d158e283bab0154c22
-
SSDEEP
3072:2DJi0H3bkPnJiFtKdfZzaxy/1bUwwixknu9zuzpDwHqAJIjH6vGrY:hEFeZzaxkUwnaPT
Score3/10 -
-
-
Target
Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/Install/DirectX9/DSETUP.dll
-
Size
93KB
-
MD5
eb701def7d0809e8da765a752ab42be5
-
SHA1
7897418f0fae737a3ebe4f7954118d71c6c8b426
-
SHA256
2a61679eeedabf7d0d0ac14e5447486575622d6b7cfa56f136c1576ff96da21f
-
SHA512
6ff8433c0dadc0e87d18f04289ab6f48624c908acbda506708f5e0f3c9522e9316e587e71f568938067ba9f37f96640b793fdfaa580caedc3bf9873dc221271f
-
SSDEEP
1536:Bc8tBKv1HCyODN2wjIqlLmqxY3AMVI4I9okOEvc0/c/sZRYltL26VVE2S+JJqsHy:BftQv1iyODswNLmqxY3AMV71Ev54EAxM
Score4/10 -
-
-
Target
Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/Install/DirectX9/DXSETUP.exe
-
Size
505KB
-
MD5
bf3f290275c21bdd3951955c9c3cf32c
-
SHA1
9fd00f3bb8a870112dae464f555fcd5e7f9200c0
-
SHA256
8f47d7121ef6532ad9ad9901e44e237f5c30448b752028c58a9d19521414e40d
-
SHA512
d2c354ee8b6977d01f23c6d2bb4977812bf653eae25e7a75a7d0a36b588c89fcdbdc2a8087c24d6ff687afebd086d4b7d0c92203ce39691b21dab71eafd1d249
-
SSDEEP
3072:Qi6LKKSPluzye9iHWptICTrbusJxDO9insyH6+PJTOramZap5XVeR4zW1mFD1gbH:8UHWDICTmUxDpEa04+GU
Score4/10 -
-
-
Target
Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/Install/DirectX9/dsetup32.dll
-
Size
1.5MB
-
MD5
d8fa7bb4fe10251a239ed75055dd6f73
-
SHA1
76c4bd2d8f359f7689415efc15e3743d35673ae8
-
SHA256
fb0e534f9b0926e518f1c2980640dfd29f14217cdfa37cf3a0c13349127ed9a8
-
SHA512
73f633179b1340c1c14d0002b72e44cab1919d0ef174f307e4bfe6de240b0b6ef233e67a8b0a0cd677556865ee7b88c6de152045a580ab9fbf1a50d2db0673b4
-
SSDEEP
24576:CIQ+ddddddddddddddxOOOOOOOOOOOOOO2iWeXiWeXiWeXiWeXiWeXiWeXiWeXi+:CIQsOOOOOOOOOOOOOO2iWeXiWeXiWeXf
Score4/10 -
-
-
Target
Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/Install/OpenAL/32bit/OpenAL32.dll
-
Size
411KB
-
MD5
fcba8d7fb2eb23d6ffa7f8bac9b698c4
-
SHA1
4371e0f2882675707181c2021d9be899a4579a78
-
SHA256
007fcc334fb5fbb92b0aeb6d5ddb4f0cbaf9cc1dc9c59d5f072e1856bd382d67
-
SHA512
aac00bb6b1a4da611fe3d463118c3e08f76a7313ebad37fd9b8b8e0bda8050c90d9bc6cbeef9f09f50f9e2d951410313bbb99c0b58cf5ef5739d917c150988dd
-
SSDEEP
6144:v84qM6ywBMllyEn2hx4aD+qGHlofevpQZ9cN810emrSyYONa4fK75:v8s6ywByYCqyLhQZ9cN8C3Q
Score3/10 -
-
-
Target
Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/Install/OpenAL/64bit/OpenAL32.dll
-
Size
408KB
-
MD5
9945ba621ec33338f4acdeff5f410291
-
SHA1
3841fc34b7511bf3dd695519f352651305049460
-
SHA256
6f34249f3001a13f110f87835b9df5a3499268afc7dc5d90c71565f718d0e0b9
-
SHA512
53759a834cc312bc3cbb21c686131233dd1962b64e92dafcc12c999e4015d0dfdabc701375f9fb76481e81825c2c5579c1091ebd376c67c879dc9b64cbe786d4
-
SSDEEP
6144:Gp2s6S4bSSZ5Sv/ewYNCzvPI6YXaZB0wYfTK0IiBXWSD1y/XIuI+D:ERSLk/ewzzvPjKaZB0wYIXIuI+D
Score10/10-
Warmcookie family
-
Warmcookie, Badspace
Warmcookie aka Badspace is a backdoor written in C++.
-
-
-
Target
Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/Install/PhysX_9.10.0513_SystemSoftware.exe
-
Size
32.4MB
-
MD5
a91dc17d650098cd3273b78dc1f36932
-
SHA1
58d4da52bedd606abbf8ea6a5d5008dae3d413a9
-
SHA256
449ad1fd72e9ceb6738a921fd803d3da1671048e49b0f4248fa7bb9bde3a4732
-
SHA512
62b78e64cdb74be78dbec6ca4c7a441b7002b85032b2b7f5ccb0f1aa9d2ac828987a5335f9a881c5d560e45e54cd46dd09d12c0725031ac89dde48a71c65f504
-
SSDEEP
786432:IxSGhM//IkbzhC9Bqq3RH6tSZUiPfVs1OgAwlx:LYsA3RH6YBVs15lx
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/Train.Simulator.Classic.v73.9a.Incl.ALL.DLC/Install/dotNetFx40_Full_x86_x64.exe
-
Size
29.6MB
-
MD5
79b124ce4d5b8dd67267716cf56c18b6
-
SHA1
e31aa6a7788c12e8de9c3f1be09774a442e6a6bc
-
SHA256
1dd2ed5be1e9b1dfbe68e669c34e54e08291d357872b0e0c540d66466bbb14f6
-
SHA512
4060d678134cf653bfd8bbe489b06082879c111a329637935a6b93d94b80418b05ecb9fc139b3781d78a175d00197ab2d7c93b2392b18e6e8a20c60b2bbf6b09
-
SSDEEP
786432:clknCsegqwj/QQ1MzQe3ciicNCbxsvCKrKlJzTgrsRn:cAVBjIQSzQe3cf7xOCHKYx
Score3/10 -
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1