Analyse score
2 antivirus venders flagged
this file as malicious
Signature
File is not signed
Last scanned
First submission
File type
sys
2 antivirus venders flagged
this file as malicious
File is not signed
sys
CRC32 | 0x84031083 |
---|---|
MD5 | 2904a97192c35c8f0b5e8566515d1d1a |
Magic | PE32+ executable (DLL) (GUI) x86-64, for MS Windows |
SHA1 | fe4c29e60eb3534385150ccb120ecb5a3e81a564 |
SHA256 | 29fe73a7a1be43ccadd6b6fbacd1f3d6ec0f613033a97c3f413fdf453e2ae4b8 |
SHA512 | 2e646c4ba373430c2a045b8f5d22dac0a8198ab1d14c43c48abd4b6dc4e4a63ca0326ed240e7d2680772819e77158c301bd2d8a0c6f039d169f8b2a6aa11bee4 |
SSDeep | 3072:ZwMUoxTuNJWqQNmMppNMblIfLetHDkY3ebjU:4ox6NXEmMpyxeP |
Size | 105.00KB |
Packer |
|
TrID |
|
Tags |
CodeSize | 55.00KB |
---|---|
EntryPoint | 0x1400 |
ExifToolVersionNumber | 12.64 |
FileSize | 108 kB |
FileType | Win64 DLL |
FileTypeExtension | dll |
ImageFileCharacteristics | Executable, Large address aware, DLL |
ImageVersion | 0.0 |
InitializedDataSize | 53.00KB |
LinkerVersion | 14.35 |
MachineType | AMD AMD64 |
Published | Name | Source | Country |
---|---|---|---|
nightmare.dll | web | undefined |
Description | Severity | Category | Module |
---|---|---|---|
Malware detection of a yara signature: Win32/WannaCry | malicious
|
Sandbox Detection | Behavior |
Communicates over HTTP with a low reputation domain | informational
|
C2 | Behavior |
Deletes itself after process termination | suspicious
|
Stealth | Behavior |
Write a file to the startup folder | suspicious
|
Persistence | Behavior |
Check for the existence of Virtual Machines | suspicious
|
Signature | Yara |
🚀 Coming soon!
🚀 Coming soon!