popup

Report - mpsvc.dll

PE File DLL OS Processor Check PE32
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2021.07.06 15:28 Machine s1_win7_x6401
Filename mpsvc.dll
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
AI Score Not founds Behavior Score
0.4
ZERO API file : clean
VT API (file) 51 detected (Trojan.Win32.Generic!BT, Ransom.Win32.Gen.ns, Win32/Ransom.REvil.HgkASXsA, Win32/Filecoder.Sodinokibi.N, malicious (high confidence), malware (ai score=100), Trojan.Gen.bla, Ransom/W32.Sodinokibi.808328, Ransom:Win32/Sodinokibi.e19b89d6, MalCert.A (A), Malicious (score: 99), W32/Sodinokibi.EAD4!tr.ransom, Trojan.Siggen14.22193, Win.Ransomware.REvil-9875494-0, Trojan.MalCert!1.D7D2 (CLASSIC), Ransom.Win32.SODINOKIBI.YABGC, Trojan.Win32.Ransom.807816, Trojan ( 0057ee151 ), HEUR:Trojan-Ransom.Win32.Gen.gen, win/malicious_confidence_100% (W), Trojan-Ransom.Sodinokibi, Ransom.Sodinokibi, TR/AD.SodinoRansom.mzlsy, Ransom:Win32/Sodinokibi, Trojan.Ransom.Sodinokibi, Ransom-revil.c, Trj/Agent.TV, W32/Sodinokibi.C.gen!Eldorado, W32.Ransom.Gen, Trojan.Ransom.Sodinokibi.61, Win32:DangerousSig [Trj, Malware@#3hwodgg4ohaeh, Gen:NN.ZedlaF.34790.Xq5@aOA@xIk, Generic.mg.a47cf00aedf769d6, Trojan.Win32.Bulz.4!c, Win32.Troj.Undef.(kcloud), BehavesLike.Win32.VirRansom.bh, generic.ml, Ransomware/Win.REvil.C4540965, Unsafe, Gen:Variant.Ransom.Sodinokibi.61, Ransom.Win32.Revil.uzhi, Static AI - Malicious PE, Troj/Ransom-GIP)
md5 a47cf00aedf769d60d58bfe00c0b5421
sha256 8dd620d9aeb35960bb766458c8890ede987c33d239cf730f93fe49d90ae759dd
ssdeep 12288:KXnKcEqGM00LJdqoHuDWeij0XukcWl9e56+5gD6QRqb/kYxFNFsX3ArTjvJjx0uA:YETDWX4XukZeVL/kYx9P/JY6gfjcs
imphash
impfuzzy
  Network IP location

Signature (1cnts)

Level Description
notice The binary likely contains encrypted or compressed data indicative of a packer

Rules (4cnts)

Level Name Description Collection
info IsDLL (no description) binaries (upload)
info IsPE32 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids


Similarity measure (PE file only) - Checking for service failure