Analyse score
No antivirus venders flagged
this file as malicious
Signature
File is not signed
Last scanned
First submission
File type
sys
No antivirus venders flagged
this file as malicious
File is not signed
sys
CRC32 | 0x18f77d0c |
---|---|
MD5 | f4898cbe1906fbb890f8a45164a8dee9 |
Magic | PE32+ executable (DLL) (console) x86-64, for MS Windows |
SHA1 | 9994e7c7c76281ea5aea536c3d10615217163e96 |
SHA256 | da21e8ca14a1ad9bf83d3b3f1330fa74f216d35d6fbb07063122443fa7c54374 |
SHA512 | 360a1f353a796f705448b1b5e990e21a0cc7311a49ccbf793204c8f256ce05c6d4fa2f522b87d1dc3e6fd2ceb9c8092b6b94185f24e0a2ecd9068205f1722d8e |
SSDeep | 768:6Li+C9rmai5ArwVIvE3IBIRP6/VIZ8uj38ZphcKxcLAJ5:XVM97IkPID6owA |
Size | 48.00KB |
Packer |
|
TrID |
|
Tags |
CharacterSet | Unicode |
---|---|
CodeSize | 20.00KB |
CompanyName | Microsoft Corporation |
EntryPoint | 0x5430 |
ExifToolVersionNumber | 12.62 |
FileDescription | Crypto SIP provider for signing and verifying PowerShell script files (.ps1/.ps1xml) |
FileFlags | (none) |
FileFlagsMask | 0x003f |
FileOs | Windows NT 32-bit |
FileSize | 49 kB |
FileSubtype | 0 |
Published | Name | Source | Country |
---|---|---|---|
pwrshsip.dll | web | US |
Description | Severity | Category | Module |
---|---|---|---|
Malware detection of a yara signature: Win32/WannaCry | malicious
|
Sandbox Detection | Behavior |
Communicates over HTTP with a low reputation domain | informational
|
C2 | Behavior |
Deletes itself after process termination | suspicious
|
Stealth | Behavior |
Write a file to the startup folder | suspicious
|
Persistence | Behavior |
Check for the existence of Virtual Machines | suspicious
|
Signature | Yara |
🚀 Coming soon!
🚀 Coming soon!