Analyse score
1 antivirus venders flagged
this file as malicious
Signature
File is not signed
Last scanned
First submission
File type
sys
1 antivirus venders flagged
this file as malicious
File is not signed
sys
CRC32 | 0x906ce4c6 |
---|---|
MD5 | e8b2f80220b898cd34eb60600163a209 |
Magic | PE32+ executable (DLL) (GUI) x86-64, for MS Windows |
SHA1 | b9ea189e2420a29978e4dc73d8d2fd801f6a0db2 |
SHA256 | 0b962ad02e8eef3c717ce6fcfda9587f92ebe9e7ed6ee93be6bc1103daa4e8bf |
SHA512 | 03ba709b0ebd5421e74e67f2379aaa06078ef1ab9c3008015661ee37432986c2b172f4dccb8ad0c99386ee4abef3cd0590c1f9c28641c136df9224553b824589 |
SSDeep | 24576:ZeU1w7xey62le2pgD5UAirLfone9QIJlYjb4D:AU1ax6Fn6AwLfbQgq |
Size | 994.00KB |
Packer |
|
TrID |
|
Tags |
CodeSize | 48.00KB |
---|---|
EntryPoint | 0x2394 |
ExifToolVersionNumber | 12.62 |
FileSize | 1018 kB |
FileType | Win64 DLL |
FileTypeExtension | dll |
ImageFileCharacteristics | Executable, Large address aware, DLL |
ImageVersion | 0.0 |
InitializedDataSize | 949.50KB |
LinkerVersion | 14.26 |
MachineType | AMD AMD64 |
Published | Name | Source | Country |
---|---|---|---|
0b962ad02e8eef3c717ce6fcfda9587f92ebe9e7ed6ee93be6bc1103daa4e8bf | web | AU |
Description | Severity | Category | Module |
---|---|---|---|
Malware detection of a yara signature: Win32/WannaCry | malicious
|
Sandbox Detection | Behavior |
Communicates over HTTP with a low reputation domain | informational
|
C2 | Behavior |
Deletes itself after process termination | suspicious
|
Stealth | Behavior |
Write a file to the startup folder | suspicious
|
Persistence | Behavior |
Check for the existence of Virtual Machines | suspicious
|
Signature | Yara |
🚀 Coming soon!
🚀 Coming soon!