File 708338add13944191f101d0fc9b4df4f0abfad7d408074ef03ea7f439437cfcf Summary
Like

Analyse score

12 / 14

12 antivirus venders flagged
this file as malicious

Signature

File is not signed

Last scanned

First submission

File type

sys

sys

Basic properties

CRC32

0xd01c5cc6

MD5

000375d06d495a82b7dca669cbb1b7a0

Magic

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

SHA1

d90ce98f61536b2508b16994f484a11c38fc5125

SHA256

708338add13944191f101d0fc9b4df4f0abfad7d408074ef03ea7f439437cfcf

SHA512

0e65e8ae143d2cb61cf2cfbe98ebb03b26fc6c044e95d6cd4266f46ee88f48d932802e6fd3eccdbcc9c35cafd3f29779f241527f0a02159a785a3b92aab4af3c

SSDeep

768:I8G2fhgPY6eJki8ab04V1xxN8cer2LWryXLXo9hiHRY6:3GohMzwZNreyL7joz6p

Size

48.00KB

Packer
  • PE: compiler: Microsoft Visual C/C++(6.0)[libc]
  • PE: linker: Microsoft Linker(6.0)[DLL32]
TrID
  • 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
  • 15.9% (.EXE) Win64 Executable (generic) (10523/12/4)
  • 9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
  • 7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
  • 6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
Tags

ExifTool File Metadata

CodeSize

32.00KB

EntryPoint

0x5f9f

ExifToolVersionNumber

12.49

FileSize

49 kB

FileType

Win32 DLL

FileTypeExtension

dll

ImageFileCharacteristics

Executable, No line numbers, No symbols, 32-bit, DLL

ImageVersion

0.0

InitializedDataSize

20.00KB

LinkerVersion

6.0

MachineType

Intel 386 or later, and compatibles

MimeType

application/octet-stream

OsVersion

4.0

PeType

PE32

Subsystem

Windows GUI

SubsystemVersion

4.0

UninitializedDataSize

0

Warning

Error processing PE data dictionary

Show all

Submissions

Published Name Source Country
708338add13944191f101d0fc9b4df4f0abfad7d408074ef03ea7f439437cfcf web CN

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!