File 9caa9d970f801818ebf71838c7338d726bdd70fc7cac343bdb21512c3bd6ceaa Summary
Like

Analyse score

4 / 14

4 antivirus venders flagged
this file as malicious

Signature

File is not signed

Last scanned

First submission

File type

exe

exe

Basic properties

CRC32

0x7228b8a2

MD5

09991e29ec9d81b8d1b8050c0916e3f2

Magic

PE32 executable (GUI) Intel 80386, for MS Windows

SHA1

2aa96c89a89a48f507f66367b8a8f8bf77170aa4

SHA256

9caa9d970f801818ebf71838c7338d726bdd70fc7cac343bdb21512c3bd6ceaa

SHA512

1fe29b227023b9501a8f91fe6da0ffa0d7c95a580f722f3ab85de6aa8bb90f2e8cf64ad06191b69958ddf12a4fc92b016b9dd0047af47ad2742f2b7f5831d0e2

SSDeep

12288:h1OgLdaaZXqzU7rOv/O6/NH90u9KIyburq6fAdAYmy32:h1OYdaCIO6/LXEYr8dABy32

Size

822.97KB

Packer
  • PE: installer: 7-Zip(-)[-]
  • PE: compiler: Microsoft Visual C/C++(2010)[libcmt]
  • PE: archive: 7-Zip(0.4)[-]
  • PE: linker: Microsoft Linker(6.0*)[EXE32]
  • PE: overlay: 7-zip Installer data(-)[-]
TrID
  • 37.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
  • 20.0% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
  • 12.7% (.EXE) Win64 Executable (generic) (10523/12/4)
  • 7.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
  • 6.1% (.EXE) Win16 NE executable (generic) (5038/12/1)
Tags

ExifTool File Metadata

CharacterSet

Unicode

CodeSize

102.50KB

CompanyName

Gallery Inc

EntryPoint

0x14b04

ExifToolVersionNumber

12.64

FileDescription

Defender Remover

FileFlags

(none)

FileFlagsMask

0x003f

FileOs

Windows NT 32-bit

FileSize

843 kB

FileSubtype

0

FileType

Win32 EXE

FileTypeExtension

exe

FileVersion

12.7.2

FileVersionNumber

12.7.2.0

ImageFileCharacteristics

No relocs, Executable, No line numbers, No symbols, 32-bit

ImageVersion

0.0

InitializedDataSize

307.00KB

LanguageCode

English (U.S.)

LegalCopyright

Gallery Inc.

LinkerVersion

6.0

MachineType

Intel 386 or later, and compatibles

MimeType

application/octet-stream

ObjectFileType

Executable application

OsVersion

4.0

PeType

PE32

ProductName

Defender Remover

ProductVersion

12.7.2

ProductVersionNumber

12.7.2.0

Subsystem

Windows GUI

SubsystemVersion

4.0

UninitializedDataSize

0

Show all

Submissions

Published Name Source Country
DefenderRemover.exe web undefined

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!