File ceaec139a9370a4cd4eca876e7c4b3d51a013d3739b3f4d526fdfeab27cd2fc2 Summary
Like

Analyse score

1 / 14

1 antivirus venders flagged
this file as malicious

Signature

File is not signed

Last scanned

First submission

File type

sys

sys

Basic properties

CRC32

0xc2d637b2

MD5

680f1dfc326680600c8111659b4b4e26

Magic

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

SHA1

1babb010c78762ca8eeb1b8d41a0902dc485659c

SHA256

ceaec139a9370a4cd4eca876e7c4b3d51a013d3739b3f4d526fdfeab27cd2fc2

SHA512

9aa8e7fc98b14457cb58f647d274de60fa4c4956f8369d150b09f3dcd871262dd210e840a9481178399b21d64115a64dc89e736dcc7b0bc817bbc59acfd095b5

SSDeep

1536:32vMx2qCrMiZ+A8/OtS3Fa6MCQmd6C71SJCpQsWBhyd09dlZYBwV0pC:8MIqCrM7Ak6aFaGQU6C8Mp06MvmS0I

Size

92.50KB

Packer
  • PE+(64): compiler: Microsoft Visual C/C++(-)[-]
  • PE+(64): linker: Microsoft Linker(14.26**)[DLL64]
TrID
  • 48.7% (.EXE) Win64 Executable (generic) (10523/12/4)
  • 23.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
  • 9.3% (.EXE) OS/2 Executable (generic) (2029/13)
  • 9.2% (.EXE) Generic Win/DOS Executable (2002/3)
  • 9.2% (.EXE) DOS Executable Generic (2000/1)
Tags

ExifTool File Metadata

CodeSize

44.50KB

EntryPoint

0x1764

ExifToolVersionNumber

12.62

FileSize

95 kB

FileType

Win64 DLL

FileTypeExtension

dll

ImageFileCharacteristics

Executable, Large address aware, DLL

ImageVersion

0.0

InitializedDataSize

51.50KB

LinkerVersion

14.26

MachineType

AMD AMD64

MimeType

application/octet-stream

OsVersion

6.0

PeType

PE32+

Subsystem

Windows GUI

SubsystemVersion

6.0

UninitializedDataSize

0

Show all

Submissions

Published Name Source Country
ceaec139a9370a4cd4eca876e7c4b3d51a013d3739b3f4d526fdfeab27cd2fc2 web AU

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!