Managed XDR
Group-IB MDP Report
File info
Filename: wextract.exe-.mui
File Type: PE32 executable (GUI) Intel 80386, for MS Windows
File Size: 3.8 MB
Env info
win7/x86 en
Hashes
SHA1: b5def8cd444ff3524fb458037bdecc782a128afc
SHA256: 4156817ea20a902aa3ff4b41f784c3764e2a572fdbccc1030de98901aa43629d
MD5: 5ad35e8ffa5c156c9d77c121d3bb18be
Malwares
Symmi
Signatures
Privilege Escalation
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
Defense Evasion
T1027.002 packer_themida: Themida packer signatures detected
T1497.001 antivm_disk_size: Checks the amount of free disk space
T1497.001 antivm_generic_video: Checks information about video adapters in registry, possibly for anti-virtualization
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
Discovery
T1497.001 antivm_disk_size: Checks the amount of free disk space
T1497.001 antivm_generic_video: Checks information about video adapters in registry, possibly for anti-virtualization
Other
yara_rules: Static rules
creates_exe: Creates executable files in the file system
process_crashed: One of the processes has failed
unexpected_exception: Unexpected exception
no_graphical_activity: No graphic activity
has_pdb: This executable file has a PDB path
test_check_service: Starts services
executes_dropped_exe: Executes dropped exe files
next report: 47d870c7-8211-4a54-b482-2c8c55cd3af0
previous report: 87c76995-9f27-4dc7-a8c4-4f4b286273c7
Managed XDR