Analyse score
12 antivirus venders flagged
this file as malicious
Signature
File is not signed
Last scanned
First submission
File type
sys
12 antivirus venders flagged
this file as malicious
File is not signed
sys
CRC32 | 0xd01c5cc6 |
---|---|
MD5 | 000375d06d495a82b7dca669cbb1b7a0 |
Magic | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows |
SHA1 | d90ce98f61536b2508b16994f484a11c38fc5125 |
SHA256 | 708338add13944191f101d0fc9b4df4f0abfad7d408074ef03ea7f439437cfcf |
SHA512 | 0e65e8ae143d2cb61cf2cfbe98ebb03b26fc6c044e95d6cd4266f46ee88f48d932802e6fd3eccdbcc9c35cafd3f29779f241527f0a02159a785a3b92aab4af3c |
SSDeep | 768:I8G2fhgPY6eJki8ab04V1xxN8cer2LWryXLXo9hiHRY6:3GohMzwZNreyL7joz6p |
Size | 48.00KB |
Packer |
|
TrID |
|
Tags |
CodeSize | 32.00KB |
---|---|
EntryPoint | 0x5f9f |
ExifToolVersionNumber | 12.49 |
FileSize | 49 kB |
FileType | Win32 DLL |
FileTypeExtension | dll |
ImageFileCharacteristics | Executable, No line numbers, No symbols, 32-bit, DLL |
ImageVersion | 0.0 |
InitializedDataSize | 20.00KB |
LinkerVersion | 6.0 |
MachineType | Intel 386 or later, and compatibles |
Published | Name | Source | Country |
---|---|---|---|
708338add13944191f101d0fc9b4df4f0abfad7d408074ef03ea7f439437cfcf | web | CN |
Description | Severity | Category | Module |
---|---|---|---|
Malware detection of a yara signature: Win32/WannaCry | malicious
|
Sandbox Detection | Behavior |
Communicates over HTTP with a low reputation domain | informational
|
C2 | Behavior |
Deletes itself after process termination | suspicious
|
Stealth | Behavior |
Write a file to the startup folder | suspicious
|
Persistence | Behavior |
Check for the existence of Virtual Machines | suspicious
|
Signature | Yara |
🚀 Coming soon!
🚀 Coming soon!