Analyse score
8
/ 14
8 antivirus venders flagged
this file as malicious
File 3cf81eba189cdedde93a9f4fbbb85bed58dbfade1bc7a81656c205957a7de677 Summary
Basic properties
| CRC32 | 0x3ec663c0 |
|---|---|
| MD5 | 901c391f79607d8c07d392fa6c7b4c0f |
| Magic | PHP script, UTF-8 Unicode text |
| SHA1 | 6c1b26b616fcb67a82d68e6f116406fbf51e33dc |
| SHA256 | 3cf81eba189cdedde93a9f4fbbb85bed58dbfade1bc7a81656c205957a7de677 |
| SHA512 | 379506caba3cfde3b8fa2c477043fd493bf7bd94d88d29dbe0f0c54bcaf0852c947bd626affbcdf68cdb613d80090af8ccb298cfa49641147f3c19618935f8af |
| SSDeep |
|
| Size | 643B |
| Packer |
|
| TrID |
|
| Tags |
ExifTool File Metadata
| ExifToolVersionNumber | 12.62 |
|---|---|
| FileSize | 643 bytes |
| FileType | PHP |
| FileTypeExtension | php |
| MimeType | application/x-httpd-php |
| Warning | Unsupported file type |
Submissions
| Published | Name | Source | Country |
|---|---|---|---|
| shell.gif | web | HK |
Indicators
| Description | Severity | Category | Module |
|---|---|---|---|
| Malware detection of a yara signature: Win32/WannaCry | malicious
|
Sandbox Detection | Behavior |
| Communicates over HTTP with a low reputation domain | informational
|
C2 | Behavior |
| Deletes itself after process termination | suspicious
|
Stealth | Behavior |
| Write a file to the startup folder | suspicious
|
Persistence | Behavior |
| Check for the existence of Virtual Machines | suspicious
|
Signature | Yara |
🚀 Coming soon!
Virtual Screens
🚀 Coming soon!