Windows

Extrac32.exeExtrac32.exe

Platform
Windows
Abuse functions
4
Mapped techniques
2

Description

Extrac32.exe is a Windows living-off-the-land binary catalogued by the LOLBAS Project. Documented abuse functions: ADS, Download, Copy. Mapped ATT&CK techniques (per LOLBAS / GTFOBins → MITRE crosswalk): T1105, T1564.004. Defenders should monitor execution of Extrac32.exe under non-administrative or sudo contexts and alert when its arguments match the abuse-function signatures.

Abuse functions· 4

Extract data from cab file and hide it in an alternate data stream.

Extract data from cab file and hide it in an alternate data stream.

DownloadT1105

Download file from UNC/WEBDav

CopyT1105

Copy file

MITRE ATT&CK techniques· 2

T1564.004T1105

Uses2

TypeTargetConfidenceTier
TechniqueIngress Tool Transfert1105100%live
SubTechniqueNTFS File Attributest1564.004100%live

Abuses2

TypeTargetConfidenceTier
SubTechniqueNTFS File Attributest1564.00490%live
TechniqueIngress Tool Transfert110585%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

LOLbin
Extexport.exe
LOLbin
Expand.exe
LOLbin
Esentutl.exe
LOLbin
adplus.exe
LOLbin
cmdl32.exe
LOLbin
Rundll32.exe
Sourced from LOLBAS Project. Curated by Adam Lundqvist, SQUR.