File e2daf2c0841090b2dff517e14acd48d393b899be1e213f001229d1af9a1de2b8 Summary

Analyse score

6 / 14

6 antivirus venders flagged
this file as malicious

Signature

File is not signed

Last scanned

First submission

Basic properties

CRC32

0x18fd1099

MD5

84e36d752271a46310b0afb8482a08ce

Magic

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

SHA1

2e922c41f7136f327f74354afe7eace5484cb2d5

SHA256

e2daf2c0841090b2dff517e14acd48d393b899be1e213f001229d1af9a1de2b8

SHA512

0b1632a766feec97de5e30a22e6abca67119e53d8715bc22d15970731e91446b17b625614cad79d887299dbc5b5fa78c66db2b0c36167a3009a678a5086b726c

SSDeep

192:BLCuLDdyxqvzfZ3ium13gyWacxv8ilNwOHLnq4UP1XPeDN6IW1Y6Up90Kli8Jlb0:QuDdYe0umJ6xfwEO4UNWD8Upt15h6V

Size

17.50KB

Packer
  • PE: library: .NET(v4.0.30319)[-]
  • PE: compiler: VB.NET(-)[-]
  • PE: linker: Microsoft Linker(80.0)[DLL32,console]
TrID
  • 30.2% (.EXE) Win64 Executable (generic) (10523/12/4)
  • 18.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
  • 14.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
  • 12.9% (.EXE) Win32 Executable (generic) (4505/5/1)
  • 5.9% (.ICL) Windows Icons Library (generic) (2059/9)
Tags

ExifTool File Metadata

AssemblyVersion

1.0.0.0

CharacterSet

Unicode

CodeSize

15.50KB

Comments

CompanyName

EntryPoint

0x5ca6

ExifToolVersionNumber

12.64

FileDescription

Keylogger

FileFlags

(none)

FileFlagsMask

0x003f

FileOs

Win32

FileSize

18 kB

FileSubtype

0

FileType

Win32 DLL

FileTypeExtension

dll

FileVersion

1.0.0.0

FileVersionNumber

1.0.0.0

ImageFileCharacteristics

Executable, Large address aware, DLL

ImageVersion

0.0

InitializedDataSize

1.50KB

InternalName

Keylogger.dll

LanguageCode

Neutral

LegalCopyright

Copyright © 2022

LegalTrademarks

LinkerVersion

80.0

MachineType

Intel 386 or later, and compatibles

MimeType

application/octet-stream

ObjectFileType

Dynamic link library

OriginalFileName

Keylogger.dll

OsVersion

4.0

PeType

PE32

ProductName

Keylogger

ProductVersion

1.0.0.0

ProductVersionNumber

1.0.0.0

Subsystem

Windows command line

SubsystemVersion

4.0

UninitializedDataSize

0

Show all

Submissions

Published Name Source Country
e2daf2c0841090b2dff517e14acd48d393b899be1e213f001229d1af9a1de2b8.bin.sample web IR

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!