Managed XDR

wextract.exe-.mui — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
wextract.exe-.mui
Тип файла
PE32+ executable (GUI) x86-64, for MS Windows
Размер файла
331.6 KB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x64 en

Хеши

SHA1
75e4b3d62cdb6c8931b3bd97c6ebc2c0393fc8df
SHA256
7f4668733a190e593612572f0ebf8f1e53c2514e760463d7fa294cfb92723049
MD5
654da1d02834259ca0a6347e6a0f8013

Сигнатуры

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules
static_pe_anomaly: The PE file structure contains anomalies
dns_without_resolve: DNS query without a response
no_graphical_activity: No graphic activity
has_pdb: This executable file has a PDB path
break_limit_exceeded: Warning: function calls limit has been exceeded
creates_exe: Creates executable files in the file system
get_policy_info: Retrieves information about a Policy object
writes_data: Writes big amount of data to disk
pe_overlay: PE file contains overlay