2026-02-07_c1bf45620b0c9ed2aac6d73365a76045_elex_wannacry

HOSTILE

Mal-ecule

Size 96.0 KB download

First seen 54 days ago

Analyzed 54 days ago

Ecosystem _unknown

Well-known

malware/trojan/elex Storm DDoS Active Setup loader

evasion/self-delete COMSPEC CreateProcess self-delete

persistence/login/startup Active Setup StubPath persistence

persistence/system/service Persists DLL through Windows service

anti-static/obfuscation Unusual PE section alignment

data/embedded Complete PE resource extraction with data access

fs/file Copy files (Windows API ANSI)

os/registry Registry open create and write APIs

os/service Full Windows service dispatch triplet

process/inject CreateRemoteThread API reference

binary Overlay exceeds one-third

unsigned Binary is not digitally signed

dylib::advapi32 links ADVAPI32.dll (CloseServiceHandle, RegOpenKeyExA, RegQueryValueExA, StartServiceCtrlDispatcherA, RegCreateKeyA, ... +10 more)

dylib::comdlg32 links comdlg32.dll (GetFileTitleA)

dylib::kernel32 links KERNEL32.dll (lstrcatA, lstrcpyA, GetEnvironmentVariableA, GetShortPathNameA, GetModuleFileNameA, ... +28 more)

dylib::mfc42 links MFC42.DLL (ORDINAL 924, ORDINAL 800, ORDINAL 941, ORDINAL 535, ORDINAL 537)

dylib::msvcp60 links MSVCP60.dll (??0_Winit@std@@QAE@XZ, ??1_Winit@std@@QAE@XZ, ??1Init@ios_base@std@@QAE@XZ, ??0Init@ios_base@std@@QAE@XZ)

hardening::no-pie Binary is not position-independent (fixed load address)

signed::unsigned Binary is not digitally signed

SigBase/SUSP/Imphash Detects imphash often found in malware samples (Zero hits with with search for 'imphash:x p:0' on Virustotal)

20 of 56 traits shown

SHA-256	7a59052dde463dd7a545695446e5c6fddd2c1166e626c947b594b0666b28d8fb
Filename	2026-02-07_c1bf45620b0c9ed2aac6d73365a76045_elex_wannacry

Not seeing what you expected? Let us know