Analyse score
3 antivirus venders flagged
this file as malicious
Signature
File is not signed
Last scanned
First submission
File type
exe
3 antivirus venders flagged
this file as malicious
File is not signed
exe
CRC32 | 0x5d53a0bb |
---|---|
MD5 | 326a2e96597f028078cb9430290e0486 |
Magic | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows |
SHA1 | 483cd7fa7564e1fc1ef74bc177d787a5f18c62fa |
SHA256 | 0230ab17095485c3ccd7f09ce03b7c5da4d546591bcc1ed40b105a3822e560fa |
SHA512 | 925655df49a235f4b033945b23cc224c74e2d195dddbbed4ae517484757ac13d6dea1d2e778bc4b64629123cadbf78b2575bd4c3c9cd20afaccf6cfaa04572ba |
SSDeep | 6144:XUOotoKGVXgITXxoQKgrQuxMwhYi2APnMy7Sg5Lfyx52xKtGUGwkdP3MIgma:EOou5SITXx1OAPMi/Lfj8TGwIP8Ila |
Size | 383.50KB |
Packer |
|
TrID |
|
Tags |
CodeSize | 92.50KB |
---|---|
EntryPoint | 0x14c0 |
ExifToolVersionNumber | 12.64 |
FileSize | 393 kB |
FileType | Win64 EXE |
FileTypeExtension | exe |
ImageFileCharacteristics | No relocs, Executable, No line numbers, No symbols, Large address aware, No debug |
ImageVersion | 0.0 |
InitializedDataSize | 382.50KB |
LinkerVersion | 2.35 |
MachineType | AMD AMD64 |
Published | Name | Source | Country |
---|---|---|---|
Nim-Rev-Shell-Stageless.exe | web | undefined |
Description | Severity | Category | Module |
---|---|---|---|
Malware detection of a yara signature: Win32/WannaCry | malicious
|
Sandbox Detection | Behavior |
Communicates over HTTP with a low reputation domain | informational
|
C2 | Behavior |
Deletes itself after process termination | suspicious
|
Stealth | Behavior |
Write a file to the startup folder | suspicious
|
Persistence | Behavior |
Check for the existence of Virtual Machines | suspicious
|
Signature | Yara |
🚀 Coming soon!
🚀 Coming soon!