File 9802a1e8fb425ac3a7c0a7fca5a17cfcb7f3f5f0962deb29e3982f0bece95e26 Summary
Like

Analyse score

11 / 14

11 antivirus venders flagged
this file as malicious

Last scanned

First submission

Basic properties

CRC32

0x6df335f7

MD5

769fdda466dcd97eb8a7a99c958d460e

Magic

ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=1160ff112cc7794bb149ea33daaf6db0948fc63a, stripped

SHA1

5ac485d60fe2c096b10cda2624588427928e3f0d

SHA256

9802a1e8fb425ac3a7c0a7fca5a17cfcb7f3f5f0962deb29e3982f0bece95e26

SHA512

d0a514d81b0453f532e56875d912f1297d0e8bc81ac7e29f402ad0173c203aca135d9712d0e38e301f6d72737a7c5c06b364c9bd76f0e2f422da680f5cb04de1

SSDeep

49152:IqeL+lTdKGwpizjdRVdjezCFvw9b28vXUG3ao3tAbK:Iqe0/FdjezChXbK

Size

1.83MB

Packer
  • ELF64: library: GLIBC(2.9)[shared object AMD64-64]
  • ELF64: compiler: gcc(3.X)[shared object AMD64-64]
TrID
  • 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
  • 49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Tags

ExifTool File Metadata

CpuArchitecture

64 bit

CpuByteOrder

Little endian

CpuType

AMD x86-64

ExifToolVersionNumber

12.49

FileSize

1922 kB

FileType

ELF shared library

FileTypeExtension

so

MimeType

application/octet-stream

ObjectFileType

Shared object file

Submissions

Published Name Source Country
nanofocus_plus_dc web CN

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!