File 042b1faf0ddafe6712e8216800c82030d886e7b3c20fdbaab9a75f6bb6914849 Summary
Like

Analyse score

5 / 14

5 antivirus venders flagged
this file as malicious

Signature

File is not signed

Last scanned

First submission

File type

exe

exe

Basic properties

CRC32

0x5ffaea37

MD5

d19ec4fac0c10b2f77eaf56eb0c160e5

Magic

PE32+ executable (console) x86-64, for MS Windows

SHA1

33a8f3acc0047fc42d5f6c1ef3f932399dcd4c27

SHA256

042b1faf0ddafe6712e8216800c82030d886e7b3c20fdbaab9a75f6bb6914849

SHA512

e13a8606cbfe1fa1a21b8973a05d7f2ec5d787fba61305a688972612ea4ed93ab86de10ad22b0a7782f6d760a275ff4a9b514cb4cea718291ef7b86dd22d0cc7

SSDeep

3072:hq7hnceFnA0dsCmab+5//4gpi/x2wICjP5AZHdvKEfZTHy4QGBCPOClK22JXtU6:hqmeFArJN/4gpi/XI2f54NX2NNNyNm

Size

239.00KB

Packer
  • PE+(64): compiler: Microsoft Visual C++(-)[-]
  • PE+(64): linker: Microsoft Linker(14.29**)[EXE64,console]
TrID
  • 90.1% (.CPL) Windows Control Panel Item (generic) (197083/11/60)
  • 4.8% (.EXE) Win64 Executable (generic) (10523/12/4)
  • 2.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
  • 0.9% (.EXE) OS/2 Executable (generic) (2029/13)
  • 0.9% (.EXE) Generic Win/DOS Executable (2002/3)
Tags

ExifTool File Metadata

CodeSize

80.50KB

EntryPoint

0x14674

ExifToolVersionNumber

12.49

FileSize

245 kB

FileType

Win64 EXE

FileTypeExtension

exe

ImageFileCharacteristics

Executable, Large address aware

ImageVersion

0.0

InitializedDataSize

159.50KB

LinkerVersion

14.29

MachineType

AMD AMD64

MimeType

application/octet-stream

OsVersion

6.0

PeType

PE32+

Subsystem

Windows command line

SubsystemVersion

6.0

UninitializedDataSize

0

Show all

Submissions

Published Name Source Country
al-khaser.exe web CN

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!