File 0290ddb4f1e966d92b2b62a8916b2174e663f9ef2f4138082b5ecde4ce81e717 Summary
Like

Analyse score

3 / 14

3 antivirus venders flagged
this file as malicious

Signature

File is not signed

Last scanned

First submission

File type

exe

exe

Basic properties

CRC32

0xfe403984

MD5

9b041e7ddc7676463edcc8fd15a8076e

Magic

PE32+ executable (console) x86-64, for MS Windows

SHA1

40a8226eb42913c9b662850337709102b1a2ed70

SHA256

0290ddb4f1e966d92b2b62a8916b2174e663f9ef2f4138082b5ecde4ce81e717

SHA512

076ec718640979ed0045015111c0b45c47cef9cc691a38257f326439763edb6e897e2c0c2822cf53ac89e8be5d08d753ab3527dcb90183f8542eb790747cc0ef

SSDeep

6144:mLHFS/PxZfomBX8cZKebbv0LBJ1xVJ49ikdG:mDFgJZg2X35bOB/9kdG

Size

340.57KB

Packer
  • PE+(64): linker: unknown(2.35)[EXE64,console,signed]
TrID
  • 41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
  • 26.1% (.EXE) Win64 Executable (generic) (10523/12/4)
  • 12.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
  • 5.1% (.ICL) Windows Icons Library (generic) (2059/9)
  • 5.0% (.EXE) OS/2 Executable (generic) (2029/13)
Tags

ExifTool File Metadata

CodeSize

7.50KB

EntryPoint

0x14e0

ExifToolVersionNumber

12.64

FileSize

349 kB

FileType

Win64 EXE

FileTypeExtension

exe

ImageFileCharacteristics

No relocs, Executable, No line numbers, Large address aware

ImageVersion

0.0

InitializedDataSize

211.50KB

LinkerVersion

2.35

MachineType

AMD AMD64

MimeType

application/octet-stream

OsVersion

4.0

PeType

PE32+

Subsystem

Windows command line

SubsystemVersion

5.2

UninitializedDataSize

512

Show all

Submissions

Published Name Source Country
Harriet-ReverseShellTest.exe web undefined

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!