Managed XDR

tweetsharp.dll — malware analysis report

File info

Filename
tweetsharp.dll
File type
PE32 executable (GUI) Intel 80386, for MS Windows
File size
3.8 MB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
43cbfd4c3df3403e68149b6b34a3c4f75edca13a
SHA256
72b53edf171174d84fe342177fd165917595b527a2fb0cba8b2fff4bf049a644
MD5
ff619da91a42c46a30f88550bea69cef

Signatures

Privilege Escalation

T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1518.001 antidbg_devices: Checks for devices typical for debuggers and forensic tools

Other

yara_rules: Static rules
static_pe_anomaly: The PE file structure contains anomalies
unexpected_exception: Unexpected exception
static_pe_duplicate_sections: The PE file structure contains anomalies: duplicate section names
no_graphical_activity: No graphic activity