Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

1890c78a3c...c8.exe

windows7-x64

10

1890c78a3c...c8.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1890c78a3c93a98b369c10f6f3cd2de069d9ab456172b732a890c52a5546f3c8.exe

  • Size

    436KB

  • MD5

    b2f6b9e3c10c59c3f0979f4c9b67c8ec

  • SHA1

    ae228cc40ec62a7a83fd4a5426462069e1bc40cf

  • SHA256

    1890c78a3c93a98b369c10f6f3cd2de069d9ab456172b732a890c52a5546f3c8

  • SHA512

    a8ce45f33739726f25170d05fade6ecbcae9ecb13c4e4203b3fc75ad6c1cfedda812b90ddd1508b77b00618256f0e607eb91d4d11c32340e6dc545aed0a83852

  • SSDEEP

    3072:q0mx45LFnq9qDAuSbAXVkQUQ9oPfz0c0uxNUIqTkHoYCDfxj4/0/yjUuMx8kl:q0m2FqgDAuSbAXKfz0c0sUIJHk40/yWp

Score
10/10
blackmoonqqpass

Malware Config

Extracted

Family

qqpass

C2

http://lol.qq.com/act/a20141212poroking/index.htm?atm_cl=ctips&atm_pos=1257?ADTAG=media.innerenter.client.jump

Attributes
  • url

    http://i2.tietuku.com/ebdef15df1128b31.png

  • user_agent

    Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

Signatures

  • Blackmoon family
    blackmoon
  • Detect Blackmoon payload 1 IoCs
  • Qqpass family
    qqpass
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1890c78a3c93a98b369c10f6f3cd2de069d9ab456172b732a890c52a5546f3c8.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections