File 1558c7315705e8ad59f95a4f43816c1a1d9c492854876197c72952521c25af4b Summary
Like

Analyse score

7 / 14

7 antivirus venders flagged
this file as malicious

Signature

File is not signed

Last scanned

First submission

File type

exe

exe

Basic properties

CRC32

0x5649e7e2

MD5

4a45f12939a278552f5569673f0e9173

Magic

PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows

SHA1

7b69f4a62b07e58227168fe1f5e8690e82d1b01f

SHA256

1558c7315705e8ad59f95a4f43816c1a1d9c492854876197c72952521c25af4b

SHA512

3d4174077a139de082a97a406f82bfad4dd13c09d51d007233f3f85acbd181a9012f61c495d85271461a5bc0920b918d2ea1ec03e3492ddee60aaeb73b47f376

SSDeep

96:knrRUddnBbftsMafHH7u+3SHvHR4rAp/VzNt:krqdnlFsMafHbu5fR4r0v

Size

6.00KB

Packer
  • PE: library: .NET(v4.0.30319)[-]
  • PE: linker: Microsoft Linker(48.0)[EXE32,console]
TrID
  • 71.1% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
  • 10.2% (.EXE) Win64 Executable (generic) (10523/12/4)
  • 6.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
  • 4.3% (.EXE) Win32 Executable (generic) (4505/5/1)
  • 2.0% (.ICL) Windows Icons Library (generic) (2059/9)
Tags

ExifTool File Metadata

AssemblyVersion

1.0.0.0

CharacterSet

Unicode

CodeSize

3.50KB

Comments

CompanyName

EntryPoint

0x2c8e

ExifToolVersionNumber

12.49

FileDescription

Lime

FileFlags

(none)

FileFlagsMask

0x003f

FileOs

Win32

FileSize

6.1 kB

FileSubtype

0

FileType

Win32 EXE

FileTypeExtension

exe

FileVersion

1.0.0.0

FileVersionNumber

1.0.0.0

ImageFileCharacteristics

Executable, Large address aware

ImageVersion

0.0

InitializedDataSize

2.00KB

InternalName

Lime.exe

LanguageCode

Neutral

LegalCopyright

Copyright © 2021

LegalTrademarks

LinkerVersion

48.0

MachineType

Intel 386 or later, and compatibles

MimeType

application/octet-stream

ObjectFileType

Executable application

OriginalFileName

Lime.exe

OsVersion

4.0

PeType

PE32

ProductName

Lime

ProductVersion

1.0.0.0

ProductVersionNumber

1.0.0.0

Subsystem

Windows command line

SubsystemVersion

6.0

UninitializedDataSize

0

Show all

Submissions

Published Name Source Country
Lime.exe web FR

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!