File 9cffa1ad709a181c1f72fb1e74b37f53b44a280388d28680eef6e9ab462c0455 Summary
Like

Analyse score

11 / 14

11 antivirus venders flagged
this file as malicious

Signature

File is not signed

Last scanned

First submission

File type

sys

sys

Basic properties

CRC32

0x67952e85

MD5

85f04048f0b9093a58a47a6ecd7de92f

Magic

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

SHA1

7e3de51dce1b45ae1658963b28b8d2907788c7ac

SHA256

9cffa1ad709a181c1f72fb1e74b37f53b44a280388d28680eef6e9ab462c0455

SHA512

1abdbf578e3e5f95da4f31b657563a71c653063de084bb4829ab5c92e5da172f2d9b7aa402455cfe43f16dbbedd42644b33944774e032b0a94ff3adda2801cf2

SSDeep

12288:kqdJaxkOWFornPmGZqnTFWbDPUYVubhesslBvQqEPO7:kOOsornPTwFWbIYVohevBoi7

Size

612.00KB

Packer
  • PE: library: MFC(-)[static]
  • PE: compiler: Microsoft Visual C++(2005)[-]
  • PE: linker: Microsoft Linker(8.0 or 11.0)[DLL32]
TrID
  • 61.7% (.CPL) Windows Control Panel Item (generic) (197083/11/60)
  • 13.4% (.EXE) InstallShield setup (43053/19/16)
  • 9.7% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
  • 4.1% (.SCR) Windows screen saver (13097/50/3)
  • 3.2% (.EXE) Win64 Executable (generic) (10523/12/4)
Tags

ExifTool File Metadata

CharacterSet

Windows, Latin1

CodeSize

292.00KB

CompanyName

Don Sheck

EntryPoint

0x3457c

ExifToolVersionNumber

12.49

FileDescription

Maze Solver

FileFlags

(none)

FileFlagsMask

0x003f

FileOs

Win32

FileSize

627 kB

FileSubtype

0

FileType

Win32 DLL

FileTypeExtension

dll

FileVersion

1.0.0.1

FileVersionNumber

1.0.5.3

ImageFileCharacteristics

Executable, 32-bit, DLL

ImageVersion

0.0

InitializedDataSize

316.00KB

InternalName

Maze Walker.exe

LanguageCode

English (U.S.)

LegalCopyright

(c) Don Sheck. All rights reserved.

LinkerVersion

8.0

MachineType

Intel 386 or later, and compatibles

MimeType

application/octet-stream

ObjectFileType

Executable application

OriginalFileName

Maze Walker.exe

OsVersion

4.0

PeType

PE32

ProductName

MazeWalker

ProductVersion

1.0.5.3

ProductVersionNumber

1.0.5.3

Subsystem

Windows GUI

SubsystemVersion

4.0

UninitializedDataSize

0

Show all

Submissions

Published Name Source Country
9cffa1ad709a181c1f72fb1e74b37f53b44a280388d28680eef6e9ab462c0455 web CN

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!