File 0230ab17095485c3ccd7f09ce03b7c5da4d546591bcc1ed40b105a3822e560fa Summary
Like

Analyse score

3 / 14

3 antivirus venders flagged
this file as malicious

Signature

File is not signed

Last scanned

First submission

File type

exe

exe

Basic properties

CRC32

0x5d53a0bb

MD5

326a2e96597f028078cb9430290e0486

Magic

PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows

SHA1

483cd7fa7564e1fc1ef74bc177d787a5f18c62fa

SHA256

0230ab17095485c3ccd7f09ce03b7c5da4d546591bcc1ed40b105a3822e560fa

SHA512

925655df49a235f4b033945b23cc224c74e2d195dddbbed4ae517484757ac13d6dea1d2e778bc4b64629123cadbf78b2575bd4c3c9cd20afaccf6cfaa04572ba

SSDeep

6144:XUOotoKGVXgITXxoQKgrQuxMwhYi2APnMy7Sg5Lfyx52xKtGUGwkdP3MIgma:EOou5SITXx1OAPMi/Lfj8TGwIP8Ila

Size

383.50KB

Packer
  • PE+(64): linker: unknown(2.35)[EXE64]
TrID
  • 41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
  • 26.1% (.EXE) Win64 Executable (generic) (10523/12/4)
  • 12.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
  • 5.1% (.ICL) Windows Icons Library (generic) (2059/9)
  • 5.0% (.EXE) OS/2 Executable (generic) (2029/13)
Tags

ExifTool File Metadata

CodeSize

92.50KB

EntryPoint

0x14c0

ExifToolVersionNumber

12.64

FileSize

393 kB

FileType

Win64 EXE

FileTypeExtension

exe

ImageFileCharacteristics

No relocs, Executable, No line numbers, No symbols, Large address aware, No debug

ImageVersion

0.0

InitializedDataSize

382.50KB

LinkerVersion

2.35

MachineType

AMD AMD64

MimeType

application/octet-stream

OsVersion

4.0

PeType

PE32+

Subsystem

Windows GUI

SubsystemVersion

5.2

UninitializedDataSize

79360

Show all

Submissions

Published Name Source Country
Nim-Rev-Shell-Stageless.exe web undefined

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!