Managed XDR

vtdl_8yvgh_dk — malware analysis report

File info

Filename
vtdl_8yvgh_dk
File type
PE32 executable (GUI) Intel 80386, for MS Windows
File size
303.6 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
ffd134e5ffe91e1070c9977677d8d5c76b82c07c
SHA256
401a671ab4643e6f485b39c367f40ee5e7d0185de03a99e98a292262f167051d
MD5
8e2ef2d641bd9fb169a45013a1b06578

Signatures

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1497.003 antisandbox_sleep: The process attempted to slow down analysis
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1497.003 antisandbox_sleep: The process attempted to slow down analysis
T1057 process_interest: Enumerates processes

Other

yara_rules: Static rules
no_graphical_activity: No graphic activity
origin_langid: Unconventional language of the executable file
pe_overlay: PE file contains overlay