Analyse score
6 antivirus venders flagged
this file as malicious
Signature
File is not signed
Last scanned
First submission
File type
sys
6 antivirus venders flagged
this file as malicious
File is not signed
sys
CRC32 | 0x18fd1099 |
---|---|
MD5 | 84e36d752271a46310b0afb8482a08ce |
Magic | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
SHA1 | 2e922c41f7136f327f74354afe7eace5484cb2d5 |
SHA256 | e2daf2c0841090b2dff517e14acd48d393b899be1e213f001229d1af9a1de2b8 |
SHA512 | 0b1632a766feec97de5e30a22e6abca67119e53d8715bc22d15970731e91446b17b625614cad79d887299dbc5b5fa78c66db2b0c36167a3009a678a5086b726c |
SSDeep | 192:BLCuLDdyxqvzfZ3ium13gyWacxv8ilNwOHLnq4UP1XPeDN6IW1Y6Up90Kli8Jlb0:QuDdYe0umJ6xfwEO4UNWD8Upt15h6V |
Size | 17.50KB |
Packer |
|
TrID |
|
Tags |
AssemblyVersion | 1.0.0.0 |
---|---|
CharacterSet | Unicode |
CodeSize | 15.50KB |
Comments |
|
CompanyName |
|
EntryPoint | 0x5ca6 |
ExifToolVersionNumber | 12.64 |
FileDescription | Keylogger |
FileFlags | (none) |
FileFlagsMask | 0x003f |
FileOs | Win32 |
Published | Name | Source | Country |
---|---|---|---|
e2daf2c0841090b2dff517e14acd48d393b899be1e213f001229d1af9a1de2b8.bin.sample | web | IR |
Description | Severity | Category | Module |
---|---|---|---|
Malware detection of a yara signature: Win32/WannaCry | malicious
|
Sandbox Detection | Behavior |
Communicates over HTTP with a low reputation domain | informational
|
C2 | Behavior |
Deletes itself after process termination | suspicious
|
Stealth | Behavior |
Write a file to the startup folder | suspicious
|
Persistence | Behavior |
Check for the existence of Virtual Machines | suspicious
|
Signature | Yara |
🚀 Coming soon!
🚀 Coming soon!