Managed XDR

scanpst.exe — malware analysis report

File info

Filename
scanpst.exe
File type
PE32 executable (GUI) Intel 80386, for MS Windows
File size
596.5 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
43889fe7ae3f4a70b77dc66fa71a54c7156f30bc
SHA256
22cae7992287d8c98c07dc3b8854a4130d8910278ca69735f04efc0a4d7f1ea1
MD5
6d96ab638da864d76b85486d3b34ef7c

Signatures

Privilege Escalation

T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules
no_graphical_activity: No graphic activity
has_pdb: This executable file has a PDB path