File e2daf2c0841090b2dff517e14acd48d393b899be1e213f001229d1af9a1de2b8 Summary
Like

Analyse score

6 / 14

6 antivirus venders flagged
this file as malicious

Signature

File is not signed

Last scanned

First submission

File type

sys

sys

Basic properties

CRC32

0x18fd1099

MD5

84e36d752271a46310b0afb8482a08ce

Magic

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

SHA1

2e922c41f7136f327f74354afe7eace5484cb2d5

SHA256

e2daf2c0841090b2dff517e14acd48d393b899be1e213f001229d1af9a1de2b8

SHA512

0b1632a766feec97de5e30a22e6abca67119e53d8715bc22d15970731e91446b17b625614cad79d887299dbc5b5fa78c66db2b0c36167a3009a678a5086b726c

SSDeep

192:BLCuLDdyxqvzfZ3ium13gyWacxv8ilNwOHLnq4UP1XPeDN6IW1Y6Up90Kli8Jlb0:QuDdYe0umJ6xfwEO4UNWD8Upt15h6V

Size

17.50KB

Packer
  • PE: library: .NET(v4.0.30319)[-]
  • PE: compiler: VB.NET(-)[-]
  • PE: linker: Microsoft Linker(80.0)[DLL32,console]
TrID
  • 30.2% (.EXE) Win64 Executable (generic) (10523/12/4)
  • 18.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
  • 14.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
  • 12.9% (.EXE) Win32 Executable (generic) (4505/5/1)
  • 5.9% (.ICL) Windows Icons Library (generic) (2059/9)
Tags

ExifTool File Metadata

AssemblyVersion

1.0.0.0

CharacterSet

Unicode

CodeSize

15.50KB

Comments

CompanyName

EntryPoint

0x5ca6

ExifToolVersionNumber

12.64

FileDescription

Keylogger

FileFlags

(none)

FileFlagsMask

0x003f

FileOs

Win32

FileSize

18 kB

FileSubtype

0

FileType

Win32 DLL

FileTypeExtension

dll

FileVersion

1.0.0.0

FileVersionNumber

1.0.0.0

ImageFileCharacteristics

Executable, Large address aware, DLL

ImageVersion

0.0

InitializedDataSize

1.50KB

InternalName

Keylogger.dll

LanguageCode

Neutral

LegalCopyright

Copyright © 2022

LegalTrademarks

LinkerVersion

80.0

MachineType

Intel 386 or later, and compatibles

MimeType

application/octet-stream

ObjectFileType

Dynamic link library

OriginalFileName

Keylogger.dll

OsVersion

4.0

PeType

PE32

ProductName

Keylogger

ProductVersion

1.0.0.0

ProductVersionNumber

1.0.0.0

Subsystem

Windows command line

SubsystemVersion

4.0

UninitializedDataSize

0

Show all

Submissions

Published Name Source Country
e2daf2c0841090b2dff517e14acd48d393b899be1e213f001229d1af9a1de2b8.bin.sample web IR

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!