Managed XDR

vtdl_wpxiebrd — malware analysis report

File info

Filename
vtdl_wpxiebrd
File type
PE32 executable (GUI) Intel 80386, for MS Windows
File size
303.6 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
09f682376103b1175ea1ac03441e894481404d0a
SHA256
ef948ff2b598ac3bcc5f277ef941a9ab33c6e433ad13c834e97a39b4aa89150e
MD5
433d4e40d1a4343e6f9f77d24c1dbffd

Signatures

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1497.003 antisandbox_sleep: The process attempted to slow down analysis
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1497.003 antisandbox_sleep: The process attempted to slow down analysis
T1057 process_interest: Enumerates processes

Other

yara_rules: Static rules
no_graphical_activity: No graphic activity
origin_langid: Unconventional language of the executable file
pe_overlay: PE file contains overlay