File 2b3ead4f40779324d728c8970721b3af78f8085877e73e1ae163085515ed285a Summary
Like

Analyse score

0 / 14

No antivirus venders flagged
this file as malicious

Signature

Signed file, invalid signature

Last scanned

First submission

File type

sys

sys

Basic properties

CRC32

0xfb82ef32

MD5

a029bd0904a2966373c1302b0e0324a9

Magic

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

SHA1

b01c81668917eb6b8566c1fe210fb300648d97ba

SHA256

2b3ead4f40779324d728c8970721b3af78f8085877e73e1ae163085515ed285a

SHA512

33e9deb58c0f1220b097a6be47f8b00696261e61d0a3910cbe871cb03240aaf4acfde2af9a9dbf38c1b9061246fffc9eefe6b036d0cba87f351182c367c9acf1

SSDeep

768:3HAl9c5QjPRFpN1s+9G5e4HN4gr/lD1Qa7KCltiPZA9mo6rq:3HAlOQrrNG5e4t4gr/91DK3hAKrq

Size

55.88KB

TrID
  • 35.4% (.EXE) Win64 Executable (generic) (10523/12/4)
  • 22.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
  • 15.1% (.EXE) Win32 Executable (generic) (4505/5/1)
  • 6.9% (.ICL) Windows Icons Library (generic) (2059/9)
  • 6.8% (.EXE) OS/2 Executable (generic) (2029/13)
Tags

ExifTool File Metadata

AssemblyVersion

4.0.0.0

CharacterSet

Unicode

CodeSize

44.50KB

Comments

mscorlib

CompanyName

Microsoft Corporation

EntryPoint

0xd026

ExifToolVersionNumber

12.64

FileDescription

mscorlib

FileFlags

(none)

FileFlagsMask

0x003f

FileOs

Win32

FileSize

57 kB

FileSubtype

0

FileType

Win32 DLL

FileTypeExtension

dll

FileVersion

5.0.20.51904

FileVersionNumber

5.0.20.51904

ImageFileCharacteristics

Executable, Large address aware, DLL

ImageVersion

0.0

InitializedDataSize

2.00KB

InternalName

mscorlib.dll

LanguageCode

Neutral

LegalCopyright

© Microsoft Corporation. All rights reserved.

LinkerVersion

48.0

MachineType

Intel 386 or later, and compatibles

MimeType

application/octet-stream

ObjectFileType

Dynamic link library

OriginalFileName

mscorlib.dll

OsVersion

4.0

PeType

PE32

ProductName

Microsoft® .NET

ProductVersion

5.0.0+cf258a14b70ad9069470a108f13765e0e5988f51

ProductVersionNumber

5.0.0.0

Subsystem

Windows command line

SubsystemVersion

4.0

UninitializedDataSize

0

Show all

Submissions

Published Name Source Country
mscorlib.dll web AU

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!