2026-02-08_7db863d7066f5d284f504d7e85c79f69_elex_wannacry

HOSTILE

Mal-ecule

Size 96.0 KB download

First seen 54 days ago

Analyzed 52 days ago

Ecosystem _unknown

Well-known

malware/trojan/elex Storm DDoS Active Setup loader

evasion/self-delete COMSPEC CreateProcess self-delete

persistence/login/startup Active Setup StubPath persistence

persistence/system/service Persists DLL through Windows service

anti-static/obfuscation Unusual PE section alignment

data/embedded Complete PE resource extraction with data access

fs/file Copy files (Windows API ANSI)

os/registry Registry open create and write APIs

os/service Windows service admin import cluster

process/inject CreateRemoteThread API reference

binary Overlay exceeds one-third

unsigned Binary is not digitally signed

dylib::advapi32 links ADVAPI32.dll (CloseServiceHandle, RegOpenKeyExA, RegQueryValueExA, StartServiceCtrlDispatcherA, RegCreateKeyA, ... +10 more)

dylib::comdlg32 links comdlg32.dll (GetFileTitleA)

dylib::kernel32 links KERNEL32.dll (lstrcatA, lstrcpyA, GetEnvironmentVariableA, GetShortPathNameA, GetModuleFileNameA, ... +28 more)

dylib::mfc42 links MFC42.DLL (ORDINAL 924, ORDINAL 800, ORDINAL 941, ORDINAL 535, ORDINAL 537)

dylib::msvcp60 links MSVCP60.dll (??0_Winit@std@@QAE@XZ, ??1_Winit@std@@QAE@XZ, ??1Init@ios_base@std@@QAE@XZ, ??0Init@ios_base@std@@QAE@XZ)

hardening::no-pie Binary is not position-independent (fixed load address)

signed::unsigned Binary is not digitally signed

SigBase/SUSP/Imphash Detects imphash often found in malware samples (Zero hits with with search for 'imphash:x p:0' on Virustotal)

20 of 56 traits shown

SHA-256	ffc684c8dd10478ba980494de3f37d066337c0ea671778b865c7410b04301282
Filename	2026-02-08_7db863d7066f5d284f504d7e85c79f69_elex_wannacry

Not seeing what you expected? Let us know