Managed XDR
Group-IB MDP Report
File info
Filename: wextract.exe-.mui
File Type: PE32 executable (GUI) Intel 80386, for MS Windows
File Size: 6.2 MB
Env info
win7/x86 en
Hashes
SHA1: ce02c7fc53cc4f33ece5fc50253e953d700fec19
SHA256: 51ab4e0f6c15eff6a797de8425f07cdb597016e0d825939e5ef4c0f5c6c611d3
MD5: bab6c308a5bc847b003f6b0a97029c4a
Malwares
Symmi
Signatures
Privilege Escalation
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
Defense Evasion
T1027.002 packer_themida: Themida packer signatures detected
T1027.002 unnamed_memory_regions: Code was executed in unnamed regions
T1497.001 antivm_disk_size: Checks the amount of free disk space
T1497.001 antivm_generic_video: Checks information about video adapters in registry, possibly for anti-virtualization
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
Discovery
T1497.001 antivm_disk_size: Checks the amount of free disk space
T1497.001 antivm_generic_video: Checks information about video adapters in registry, possibly for anti-virtualization
Other
yara_rules: Static rules
creates_exe: Creates executable files in the file system
process_crashed: One of the processes has failed
unexpected_exception: Unexpected exception
no_graphical_activity: No graphic activity
has_pdb: This executable file has a PDB path
test_check_service: Starts services
executes_dropped_exe: Executes dropped exe files
next report: 4f9b3745-e660-4a6d-9188-223f7c7950a1
previous report: a4ede878-e156-45f2-9ae9-cbe08377c1e3
Managed XDR