Analyse score
4 antivirus venders flagged
this file as malicious
Signature
File is not signed
Last scanned
First submission
File type
exe
4 antivirus venders flagged
this file as malicious
File is not signed
exe
CRC32 | 0x7228b8a2 |
---|---|
MD5 | 09991e29ec9d81b8d1b8050c0916e3f2 |
Magic | PE32 executable (GUI) Intel 80386, for MS Windows |
SHA1 | 2aa96c89a89a48f507f66367b8a8f8bf77170aa4 |
SHA256 | 9caa9d970f801818ebf71838c7338d726bdd70fc7cac343bdb21512c3bd6ceaa |
SHA512 | 1fe29b227023b9501a8f91fe6da0ffa0d7c95a580f722f3ab85de6aa8bb90f2e8cf64ad06191b69958ddf12a4fc92b016b9dd0047af47ad2742f2b7f5831d0e2 |
SSDeep | 12288:h1OgLdaaZXqzU7rOv/O6/NH90u9KIyburq6fAdAYmy32:h1OYdaCIO6/LXEYr8dABy32 |
Size | 822.97KB |
Packer |
|
TrID |
|
Tags |
CharacterSet | Unicode |
---|---|
CodeSize | 102.50KB |
CompanyName | Gallery Inc |
EntryPoint | 0x14b04 |
ExifToolVersionNumber | 12.64 |
FileDescription | Defender Remover |
FileFlags | (none) |
FileFlagsMask | 0x003f |
FileOs | Windows NT 32-bit |
FileSize | 843 kB |
FileSubtype | 0 |
Published | Name | Source | Country |
---|---|---|---|
DefenderRemover.exe | web | undefined |
Description | Severity | Category | Module |
---|---|---|---|
Malware detection of a yara signature: Win32/WannaCry | malicious
|
Sandbox Detection | Behavior |
Communicates over HTTP with a low reputation domain | informational
|
C2 | Behavior |
Deletes itself after process termination | suspicious
|
Stealth | Behavior |
Write a file to the startup folder | suspicious
|
Persistence | Behavior |
Check for the existence of Virtual Machines | suspicious
|
Signature | Yara |
🚀 Coming soon!
🚀 Coming soon!