File 071bf740a32b5d954ced279b88761247a9cdf9c1cf69b8431b02f52787a92762 Summary
Like

Analyse score

0 / 14

No antivirus venders flagged
this file as malicious

Signature

File is not signed

Last scanned

First submission

File type

exe

exe

Basic properties

CRC32

0x9a623ee

MD5

791eb42398b365e412b12f5106fa1e3c

Magic

PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows

SHA1

9de69a9876414b8f9c52415b3e15625a08273a2e

SHA256

071bf740a32b5d954ced279b88761247a9cdf9c1cf69b8431b02f52787a92762

SHA512

4e262aab8f2dffd5280704e00b60abba0706a89e43e822ba91aac4435b71de76093d4bc85a5502f06dc8255efe8e00e29edbd25d1c046b346ecdc7456c019e48

SSDeep

196608:llVT/nk7Of/5fQUr+zBvYTIovkXES1abuNAk:xT/k74FbEBv/FAuf

Size

15.47MB

Packer
  • PE+(64): linker: unknown(3.0)[EXE64,console]
TrID
  • 48.7% (.EXE) Win64 Executable (generic) (10523/12/4)
  • 23.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
  • 9.3% (.EXE) OS/2 Executable (generic) (2029/13)
  • 9.2% (.EXE) Generic Win/DOS Executable (2002/3)
  • 9.2% (.EXE) DOS Executable Generic (2000/1)
Tags

ExifTool File Metadata

CodeSize

5.07MB

EntryPoint

0x68900

ExifToolVersionNumber

12.64

FileSize

16 MB

FileType

Win64 EXE

FileTypeExtension

exe

ImageFileCharacteristics

Executable, Large address aware, No debug

ImageVersion

1.0

InitializedDataSize

338.50KB

LinkerVersion

3.0

MachineType

AMD AMD64

MimeType

application/octet-stream

OsVersion

6.1

PeType

PE32+

Subsystem

Windows command line

SubsystemVersion

6.1

UninitializedDataSize

0

Show all

Submissions

Published Name Source Country
saferwall-agent-server-v0.4.0-windows-amd64.exe web US

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!