File 29fe73a7a1be43ccadd6b6fbacd1f3d6ec0f613033a97c3f413fdf453e2ae4b8 Summary
Like

Analyse score

2 / 14

2 antivirus venders flagged
this file as malicious

Signature

File is not signed

Last scanned

First submission

File type

sys

sys

Basic properties

CRC32

0x84031083

MD5

2904a97192c35c8f0b5e8566515d1d1a

Magic

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

SHA1

fe4c29e60eb3534385150ccb120ecb5a3e81a564

SHA256

29fe73a7a1be43ccadd6b6fbacd1f3d6ec0f613033a97c3f413fdf453e2ae4b8

SHA512

2e646c4ba373430c2a045b8f5d22dac0a8198ab1d14c43c48abd4b6dc4e4a63ca0326ed240e7d2680772819e77158c301bd2d8a0c6f039d169f8b2a6aa11bee4

SSDeep

3072:ZwMUoxTuNJWqQNmMppNMblIfLetHDkY3ebjU:4ox6NXEmMpyxeP

Size

105.00KB

Packer
  • PE+(64): compiler: Microsoft Visual C/C++(-)[-]
  • PE+(64): linker: Microsoft Linker(14.35**)[DLL64]
TrID
  • 48.7% (.EXE) Win64 Executable (generic) (10523/12/4)
  • 23.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
  • 9.3% (.EXE) OS/2 Executable (generic) (2029/13)
  • 9.2% (.EXE) Generic Win/DOS Executable (2002/3)
  • 9.2% (.EXE) DOS Executable Generic (2000/1)
Tags

ExifTool File Metadata

CodeSize

55.00KB

EntryPoint

0x1400

ExifToolVersionNumber

12.64

FileSize

108 kB

FileType

Win64 DLL

FileTypeExtension

dll

ImageFileCharacteristics

Executable, Large address aware, DLL

ImageVersion

0.0

InitializedDataSize

53.00KB

LinkerVersion

14.35

MachineType

AMD AMD64

MimeType

application/octet-stream

OsVersion

6.0

PeType

PE32+

Subsystem

Windows GUI

SubsystemVersion

6.0

UninitializedDataSize

0

Show all

Submissions

Published Name Source Country
nightmare.dll web undefined

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!