Managed XDR

zaxarsteam.exe — malware analysis report

File info

Filename
zaxarsteam.exe
File type
PE32 executable (GUI) Intel 80386, for MS Windows
File size
2.5 MB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
522f345c2944410f4ede521ea3ea8f305fa339c7
SHA256
935b526346c91a5b5ea8595ac7411ed40d34f21313b50b351ef3b30c24a4b094
MD5
aef93d393402647e4c2c781f4ffee3c4

Signatures

Privilege Escalation

T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1036.001 invalid_authenticode: Digital signature of the executable file has failed the verification
T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules
no_graphical_activity: No graphic activity
pe_overlay: PE file contains overlay