Analyse score
5 antivirus venders flagged
this file as malicious
Signature
File is not signed
Last scanned
First submission
File type
exe
5 antivirus venders flagged
this file as malicious
File is not signed
exe
CRC32 | 0x5ffaea37 |
---|---|
MD5 | d19ec4fac0c10b2f77eaf56eb0c160e5 |
Magic | PE32+ executable (console) x86-64, for MS Windows |
SHA1 | 33a8f3acc0047fc42d5f6c1ef3f932399dcd4c27 |
SHA256 | 042b1faf0ddafe6712e8216800c82030d886e7b3c20fdbaab9a75f6bb6914849 |
SHA512 | e13a8606cbfe1fa1a21b8973a05d7f2ec5d787fba61305a688972612ea4ed93ab86de10ad22b0a7782f6d760a275ff4a9b514cb4cea718291ef7b86dd22d0cc7 |
SSDeep | 3072:hq7hnceFnA0dsCmab+5//4gpi/x2wICjP5AZHdvKEfZTHy4QGBCPOClK22JXtU6:hqmeFArJN/4gpi/XI2f54NX2NNNyNm |
Size | 239.00KB |
Packer |
|
TrID |
|
Tags |
CodeSize | 80.50KB |
---|---|
EntryPoint | 0x14674 |
ExifToolVersionNumber | 12.49 |
FileSize | 245 kB |
FileType | Win64 EXE |
FileTypeExtension | exe |
ImageFileCharacteristics | Executable, Large address aware |
ImageVersion | 0.0 |
InitializedDataSize | 159.50KB |
LinkerVersion | 14.29 |
MachineType | AMD AMD64 |
Published | Name | Source | Country |
---|---|---|---|
al-khaser.exe | web | CN |
Description | Severity | Category | Module |
---|---|---|---|
Malware detection of a yara signature: Win32/WannaCry | malicious
|
Sandbox Detection | Behavior |
Communicates over HTTP with a low reputation domain | informational
|
C2 | Behavior |
Deletes itself after process termination | suspicious
|
Stealth | Behavior |
Write a file to the startup folder | suspicious
|
Persistence | Behavior |
Check for the existence of Virtual Machines | suspicious
|
Signature | Yara |
🚀 Coming soon!
🚀 Coming soon!