File 47ffdbd85438891b7963408ea26151ba26ae1b303bbdab3a55f0f11056085893 Summary
Like

Analyse score

0 / 14

No antivirus venders flagged
this file as malicious

Signature

Signed file, invalid signature

Last scanned

First submission

File type

sys

sys

Basic properties

CRC32

0x55b00099

MD5

cb72bef6ce55aa7c9e3a09bd105dca33

Magic

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

SHA1

d48336e1c8215ccf71a758f2ff7e5913342ea229

SHA256

47ffdbd85438891b7963408ea26151ba26ae1b303bbdab3a55f0f11056085893

SHA512

c89eebcf43196f8660eee19ca41cc60c2a00d93f4b3bf118fe7a0deccb3f831cac0db04b2f0c5590fa8d388eb1877a3706ba0d58c7a4e38507c6e64cfd6a50a0

SSDeep

24576:LCfhbh3v3mtZDiAQeWj26k41ob2nrZ1rqpegQDJqoZtp22GkmgA9u808jQPEdkr1:LCfhbh3v3mtEAQrW41obCraeRhy9ou6r

Size

1.44MB

Packer
  • PE+(64): compiler: Microsoft Visual C/C++(-)[-]
  • PE+(64): linker: Microsoft Linker(14.30**)[DLL64,signed]
TrID
  • 48.7% (.EXE) Win64 Executable (generic) (10523/12/4)
  • 23.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
  • 9.3% (.EXE) OS/2 Executable (generic) (2029/13)
  • 9.2% (.EXE) Generic Win/DOS Executable (2002/3)
  • 9.2% (.EXE) DOS Executable Generic (2000/1)
Tags

ExifTool File Metadata

CharacterSet

Unicode

CodeSize

1.12MB

CompanyName

Microsoft(r) Corporation

EntryPoint

0x10ce10

ExifToolVersionNumber

12.64

FileDescription

DirectX IL for Redistribution

FileFlags

(none)

FileFlagsMask

0x0000

FileOs

Unknown (0)

FileSize

1508 kB

FileSubtype

0

FileType

Win64 DLL

FileTypeExtension

dll

FileVersion

101.6.2112.13

FileVersionNumber

101.6.2112.13

ImageFileCharacteristics

Executable, Large address aware, DLL

ImageVersion

0.0

InitializedDataSize

328.50KB

InternalName

DirectX IL for Redistribution

LanguageCode

English (U.S.)

LegalCopyright

(c) Microsoft Corporation. All rights reserved.

LinkerVersion

14.30

MachineType

AMD AMD64

MimeType

application/octet-stream

ObjectFileType

Unknown

OriginalFileName

dxil.dll

OsVersion

10.0

PeType

PE32+

ProductName

ProductVersion

101.6.2112.13 (release/github-release-1.6.2112, b9cfa8a)

ProductVersionNumber

0.0.0.0

Subsystem

Windows GUI

SubsystemVersion

10.0

UninitializedDataSize

0

Show all

Submissions

Published Name Source Country
dxil.dll web DE

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!