Analyse score
3 antivirus venders flagged
this file as malicious
Signature
File is not signed
Last scanned
First submission
File type
exe
3 antivirus venders flagged
this file as malicious
File is not signed
exe
CRC32 | 0xfe403984 |
---|---|
MD5 | 9b041e7ddc7676463edcc8fd15a8076e |
Magic | PE32+ executable (console) x86-64, for MS Windows |
SHA1 | 40a8226eb42913c9b662850337709102b1a2ed70 |
SHA256 | 0290ddb4f1e966d92b2b62a8916b2174e663f9ef2f4138082b5ecde4ce81e717 |
SHA512 | 076ec718640979ed0045015111c0b45c47cef9cc691a38257f326439763edb6e897e2c0c2822cf53ac89e8be5d08d753ab3527dcb90183f8542eb790747cc0ef |
SSDeep | 6144:mLHFS/PxZfomBX8cZKebbv0LBJ1xVJ49ikdG:mDFgJZg2X35bOB/9kdG |
Size | 340.57KB |
Packer |
|
TrID |
|
Tags |
CodeSize | 7.50KB |
---|---|
EntryPoint | 0x14e0 |
ExifToolVersionNumber | 12.64 |
FileSize | 349 kB |
FileType | Win64 EXE |
FileTypeExtension | exe |
ImageFileCharacteristics | No relocs, Executable, No line numbers, Large address aware |
ImageVersion | 0.0 |
InitializedDataSize | 211.50KB |
LinkerVersion | 2.35 |
MachineType | AMD AMD64 |
Published | Name | Source | Country |
---|---|---|---|
Harriet-ReverseShellTest.exe | web | undefined |
Description | Severity | Category | Module |
---|---|---|---|
Malware detection of a yara signature: Win32/WannaCry | malicious
|
Sandbox Detection | Behavior |
Communicates over HTTP with a low reputation domain | informational
|
C2 | Behavior |
Deletes itself after process termination | suspicious
|
Stealth | Behavior |
Write a file to the startup folder | suspicious
|
Persistence | Behavior |
Check for the existence of Virtual Machines | suspicious
|
Signature | Yara |
🚀 Coming soon!
🚀 Coming soon!