Get File Attributes

Use in Malware

Name	Date	Method	Description
Dark Comet	2008	--	Dark Comet gets file attributes. [1]
DNSChanger	2011	--	DNSChanger gets file attributes. [1]
Gamut	2014	--	Gamut gets file attributes. [1]
Hupigon	2013	--	Hupigon gets file attributes. [1]
Redhip	2011	--	Redhip gets file attributes. [1]
UP007	2016	--	UP007 gets file attributes. [1]

Tool: capa	Mapping	APIs
get file attributes	Get File Attributes (C0049)	kernel32.GetFileAttributes, ZwQueryDirectoryFile, ZwQueryInformationFile, NtQueryDirectoryFile, NtQueryInformationFile, System.IO.File::GetAttributes, System.IO.File::GetCreationTime, System.IO.File::GetCreationTimeUtc, System.IO.File::GetLastAccessTime, System.IO.File::GetLastAccessTimeUtc, System.IO.File::GetLastWriteTime, System.IO.File::GetLastWriteTimeUtc

[1] capa v4.0, analyzed at MITRE on 10/12/2022