File 0eb6e153d245abe73992362bc5ee6199134df8fadabd52725e077e3477c24cb9 Summary
Like

Analyse score

0 / 14

No antivirus venders flagged
this file as malicious

Signature

Signed file, invalid signature

Last scanned

First submission

File type

sys

sys

Basic properties

CRC32

0xc5704bb7

MD5

177389958f183b29153b4976d3ca503b

Magic

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

SHA1

392ae15c992626d844a32e910bca083952b78b1e

SHA256

0eb6e153d245abe73992362bc5ee6199134df8fadabd52725e077e3477c24cb9

SHA512

f5509cdf7a6e4f5666136ec585e216609f47ef304d5820bcead9def9cc72dd952812b006f6e26734886386fcbdde19fae4d85ba8bb8e6da94a5df4d25f4b4c2e

SSDeep

6144:LbCZDtrpOHP7XXwpCHds3HXGprAT/MRsgNyoXJa2LfVf2HQtWvR:GKHPDXcSdCGprKMSloM2TVfMz

Size

412.12KB

Packer
  • PE+(64): compiler: Microsoft Visual C/C++(2017 v.15.8)[-]
  • PE+(64): linker: Microsoft Linker(14.15, Visual Studio 2017 15.8*)[DLL64,signed]
TrID
  • 48.7% (.EXE) Win64 Executable (generic) (10523/12/4)
  • 23.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
  • 9.3% (.EXE) OS/2 Executable (generic) (2029/13)
  • 9.2% (.EXE) Generic Win/DOS Executable (2002/3)
  • 9.2% (.EXE) DOS Executable Generic (2000/1)
Tags

ExifTool File Metadata

CharacterSet

Unicode

CodeSize

285.00KB

CompanyName

Microsoft Corporation

EntryPoint

0x41460

ExifToolVersionNumber

12.57

FileDescription

System Guard Runtime Monitor Enclave

FileFlags

(none)

FileFlagsMask

0x003f

FileOs

Windows NT 32-bit

FileSize

422 kB

FileSubtype

0

FileType

Win64 DLL

FileTypeExtension

dll

FileVersion

10.0.18362.145 (WinBuild.160101.0800)

FileVersionNumber

10.0.18362.145

ImageFileCharacteristics

Executable, Large address aware, DLL

ImageVersion

10.0

InitializedDataSize

125.50KB

InternalName

SgrmEnclave

LanguageCode

English (U.S.)

LegalCopyright

© Microsoft Corporation. All rights reserved.

LinkerVersion

14.15

MachineType

AMD AMD64

MimeType

application/octet-stream

ObjectFileType

Dynamic link library

OriginalFileName

SgrmEnclave.dll

OsVersion

10.0

PeType

PE32+

ProductName

Microsoft® Windows® Operating System

ProductVersion

10.0.18362.145

ProductVersionNumber

10.0.18362.145

Subsystem

Windows GUI

SubsystemVersion

10.0

UninitializedDataSize

0

Warning

Possibly corrupt Version resource

Show all

Submissions

Published Name Source Country
SgrmEnclave_secure.dll web US

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!