File 712cce2b6e38be0912da7d21d8912af546f69d055aa24dff1d33a84dd509c5e0 Summary
Like

Analyse score

0 / 14

No antivirus venders flagged
this file as malicious

Signature

Signed file, valid signature

Last scanned

First submission

File type

sys

sys

Basic properties

CRC32

0xa0552bab

MD5

b5f0517badff6c834b8b10b063a9bd9f

Magic

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

SHA1

5686871912d7c9bff1f00995dbadcb6febca0055

SHA256

712cce2b6e38be0912da7d21d8912af546f69d055aa24dff1d33a84dd509c5e0

SHA512

3336a6379450b752f7dc3e1ef9a6da46b76aaad98caf7e6d23ecf395c81d9299cc19d567cf23ed4f8f7d5979f6e11a1c366180d69fa02f859a2f3aff82dc9f51

SSDeep

3072:6jRfh31pr1A2zzO9n6LpXpB0oTdO2WVJn3WNO0/NYKA24HUVo+U:6jRfh//zzOWpXpBfTdmVh3+jlYO4

Size

159.01KB

Packer
  • PE+(64): compiler: Microsoft Visual C/C++(2013 SP5)[-]
  • PE+(64): linker: Microsoft Linker(12.0*)[DLL64,signed]
TrID
  • 48.7% (.EXE) Win64 Executable (generic) (10523/12/4)
  • 23.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
  • 9.3% (.EXE) OS/2 Executable (generic) (2029/13)
  • 9.2% (.EXE) Generic Win/DOS Executable (2002/3)
  • 9.2% (.EXE) DOS Executable Generic (2000/1)
Tags

ExifTool File Metadata

CodeSize

88.50KB

EntryPoint

0xa4e4

ExifToolVersionNumber

12.62

FileSize

163 kB

FileType

Win64 DLL

FileTypeExtension

dll

ImageFileCharacteristics

Executable, Large address aware, DLL

ImageVersion

0.0

InitializedDataSize

70.50KB

LinkerVersion

12.0

MachineType

AMD AMD64

MimeType

application/octet-stream

OsVersion

6.0

PeType

PE32+

Subsystem

Windows GUI

SubsystemVersion

6.0

UninitializedDataSize

0

Warning

Error processing PE data dictionary

Show all

Submissions

Published Name Source Country
avdevice-58.dll web CN

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!