File b80707de08a518394cd343afbd506ffeee25db34b4068f7970f4d2eea3dfdbdc Summary
Like

Analyse score

3 / 14

3 antivirus venders flagged
this file as malicious

Last scanned

First submission

File type

wsf

wsf

Basic properties

CRC32

0xe0700d28

MD5

90d94ab45d1c4acd9377e73e46c4bca8

Magic

exported SGML document, ASCII text, with very long lines, with CRLF line terminators

SHA1

b0704a3e7f0ebe7468b5c2aa8e295d40c50f8804

SHA256

b80707de08a518394cd343afbd506ffeee25db34b4068f7970f4d2eea3dfdbdc

SHA512

d0fb6bb8a7648cf522bfbe57661a82fd4cfa99d32d195642a7a1debb3692cbadbafe731a2faad188aab5fcc85042c3715246cb50112aad15964d2a9fd94a6424

SSDeep

6144:s0J1JzFmmp3GxGDTSuhMCcT5pw9rIjEUqbj8HmYfu8Ux:vJ1Jzbp3RhMNT5pmUjE/j8GMuP

Size

285.57KB

Packer
  • Text: format: plain text[CRLF]
TrID
  • Warning: file seems to be plain text/ASCII
  • TrID is best suited to analyze binary files!
  • 72.7% (.WSF) Windows Script File (8000/1/2)
  • 27.2% (.HTML) HyperText Markup Language (3000/1/1)
Tags

ExifTool File Metadata

ExifToolVersionNumber

12.64

FileSize

292 kB

FileType

TXT

FileTypeExtension

txt

LineCount

5941

MimeEncoding

us-ascii

MimeType

text/plain

Newlines

Windows CRLF

WordCount

25345

Submissions

Published Name Source Country
KMS_VL_ALL_AIO.cmd web undefined

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!