Managed XDR

vtdl_yyn9uswn — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
vtdl_yyn9uswn
Тип файла
PE32 executable (GUI) Intel 80386, for MS Windows
Размер файла
4.1 MB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x86 en

Хеши

SHA1
9b8c883ec2d97e2322f79f27aa70aab5851ee498
SHA256
a49d77f977e231c08eaa8d1a76b398fd717ea1306e72b17cf3fbe3a3f3428ba3
MD5
847dd0857a9683ef63f1efb86b143d0a

Сигнатуры

Defense Evasion

T1036.001 invalid_authenticode: Digital signature of the executable file has failed the verification
T1027.002 packer_entropy: Probably contains compressed or encrypted data

Command and Control

T1102.003 cloud_discord: Connects to cloud services of Discord (potentially for malicious payload delivery)

Other

ip_domains: Identifies an IP address using external resources
dns_without_resolve: DNS query without a response
no_graphical_activity: No graphic activity
origin_langid: Unconventional language of the executable file
suspicious_network_port: Performs TCP or UDP request to non-standard port
pe_overlay: PE file contains overlay
suricata_alert: Malicious traffic detected