File 0b962ad02e8eef3c717ce6fcfda9587f92ebe9e7ed6ee93be6bc1103daa4e8bf Summary
Like

Analyse score

1 / 14

1 antivirus venders flagged
this file as malicious

Signature

File is not signed

Last scanned

First submission

File type

sys

sys

Basic properties

CRC32

0x906ce4c6

MD5

e8b2f80220b898cd34eb60600163a209

Magic

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

SHA1

b9ea189e2420a29978e4dc73d8d2fd801f6a0db2

SHA256

0b962ad02e8eef3c717ce6fcfda9587f92ebe9e7ed6ee93be6bc1103daa4e8bf

SHA512

03ba709b0ebd5421e74e67f2379aaa06078ef1ab9c3008015661ee37432986c2b172f4dccb8ad0c99386ee4abef3cd0590c1f9c28641c136df9224553b824589

SSDeep

24576:ZeU1w7xey62le2pgD5UAirLfone9QIJlYjb4D:AU1ax6Fn6AwLfbQgq

Size

994.00KB

Packer
  • PE+(64): compiler: Microsoft Visual C/C++(-)[-]
  • PE+(64): linker: Microsoft Linker(14.26**)[DLL64]
TrID
  • 44.4% (.EXE) Win64 Executable (generic) (10523/12/4)
  • 21.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
  • 8.7% (.ICL) Windows Icons Library (generic) (2059/9)
  • 8.5% (.EXE) OS/2 Executable (generic) (2029/13)
  • 8.4% (.EXE) Generic Win/DOS Executable (2002/3)
Tags

ExifTool File Metadata

CodeSize

48.00KB

EntryPoint

0x2394

ExifToolVersionNumber

12.62

FileSize

1018 kB

FileType

Win64 DLL

FileTypeExtension

dll

ImageFileCharacteristics

Executable, Large address aware, DLL

ImageVersion

0.0

InitializedDataSize

949.50KB

LinkerVersion

14.26

MachineType

AMD AMD64

MimeType

application/octet-stream

OsVersion

6.0

PeType

PE32+

Subsystem

Windows GUI

SubsystemVersion

6.0

UninitializedDataSize

0

Show all

Submissions

Published Name Source Country
0b962ad02e8eef3c717ce6fcfda9587f92ebe9e7ed6ee93be6bc1103daa4e8bf web AU

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!