File da21e8ca14a1ad9bf83d3b3f1330fa74f216d35d6fbb07063122443fa7c54374 Summary
Like

Analyse score

0 / 14

No antivirus venders flagged
this file as malicious

Signature

File is not signed

Last scanned

First submission

Basic properties

CRC32

0x18f77d0c

MD5

f4898cbe1906fbb890f8a45164a8dee9

Magic

PE32+ executable (DLL) (console) x86-64, for MS Windows

SHA1

9994e7c7c76281ea5aea536c3d10615217163e96

SHA256

da21e8ca14a1ad9bf83d3b3f1330fa74f216d35d6fbb07063122443fa7c54374

SHA512

360a1f353a796f705448b1b5e990e21a0cc7311a49ccbf793204c8f256ce05c6d4fa2f522b87d1dc3e6fd2ceb9c8092b6b94185f24e0a2ecd9068205f1722d8e

SSDeep

768:6Li+C9rmai5ArwVIvE3IBIRP6/VIZ8uj38ZphcKxcLAJ5:XVM97IkPID6owA

Size

48.00KB

Packer
  • PE+(64): compiler: Microsoft Visual C/C++(-)[-]
  • PE+(64): linker: Microsoft Linker(14.30**)[DLL64,console]
TrID
  • 43.3% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
  • 27.6% (.EXE) Win64 Executable (generic) (10523/12/4)
  • 13.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
  • 5.3% (.EXE) OS/2 Executable (generic) (2029/13)
  • 5.2% (.EXE) Generic Win/DOS Executable (2002/3)
Tags

ExifTool File Metadata

CharacterSet

Unicode

CodeSize

20.00KB

CompanyName

Microsoft Corporation

EntryPoint

0x5430

ExifToolVersionNumber

12.62

FileDescription

Crypto SIP provider for signing and verifying PowerShell script files (.ps1/.ps1xml)

FileFlags

(none)

FileFlagsMask

0x003f

FileOs

Windows NT 32-bit

FileSize

49 kB

FileSubtype

0

FileType

Win64 DLL

FileTypeExtension

dll

FileVersion

10.0.22621.1 (WinBuild.160101.0800)

FileVersionNumber

10.0.22621.1

ImageFileCharacteristics

Executable, Large address aware, DLL

ImageVersion

10.0

InitializedDataSize

24.00KB

InternalName

pwrshsip

LanguageCode

English (U.S.)

LegalCopyright

© Microsoft Corporation. All rights reserved.

LinkerVersion

14.30

MachineType

AMD AMD64

MimeType

application/octet-stream

ObjectFileType

Dynamic link library

OriginalFileName

pwrshsip.dll

OsVersion

10.0

PeType

PE32+

ProductName

Microsoft® Windows® Operating System

ProductVersion

10.0.22621.1

ProductVersionNumber

10.0.22621.1

Subsystem

Windows command line

SubsystemVersion

10.0

UninitializedDataSize

0

Warning

Possibly corrupt Version resource

Show all

Submissions

Published Name Source Country
pwrshsip.dll web US

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!