File 0c2217b0e413d9557792e23cbe849eaac0d69c34c42dad168ab31e989591c8fd Summary
Like

Analyse score

2 / 14

2 antivirus venders flagged
this file as malicious

Signature

File is not signed

Last scanned

First submission

File type

exe

exe

Basic properties

CRC32

0x9e99fead

MD5

b318e290d518b1d41d3ae90f5bb71de3

Magic

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

SHA1

5ee43c9a4a35f9370bdea1aaf5001ae4d787c7a4

SHA256

0c2217b0e413d9557792e23cbe849eaac0d69c34c42dad168ab31e989591c8fd

SHA512

9810c3d98a09c02f79ba69e9fb3080b05714f8a2d24bf52bb461717b26d1bb7570b7bc56b06a8624822afe4e6993ce22cfd92ed48f2f7e9c1c4a36b561f23168

SSDeep

12288:DgR/mZRM+kEfUOcGUbQwcs+G/7cyfiBVenspfuepKYJ6Vca4OW5OmfLj0b7bOWpf:DgkZR5kEcGrwVcQiBQnafueprAehY7

Size

688.00KB

Packer
  • PE: library: .NET(v4.0.30319)[-]
  • PE: linker: Microsoft Linker(48.0)[EXE32]
TrID
  • 69.7% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
  • 10.0% (.EXE) Win64 Executable (generic) (10523/12/4)
  • 6.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
  • 4.2% (.EXE) Win32 Executable (generic) (4505/5/1)
  • 1.9% (.EXE) Win16/32 Executable Delphi generic (2072/23)
Tags

ExifTool File Metadata

AssemblyVersion

0.0.0.0

CharacterSet

Unicode

CodeSize

672.00KB

EntryPoint

0xa97f2

ExifToolVersionNumber

12.62

FileDescription

FileFlags

(none)

FileFlagsMask

0x003f

FileOs

Win32

FileSize

705 kB

FileSubtype

0

FileType

Win32 EXE

FileTypeExtension

exe

FileVersion

0.0.0.0

FileVersionNumber

0.0.0.0

ImageFileCharacteristics

Executable, 32-bit

ImageVersion

0.0

InitializedDataSize

12.00KB

InternalName

IxKk.exe

LanguageCode

Neutral

LegalCopyright

LinkerVersion

48.0

MachineType

Intel 386 or later, and compatibles

MimeType

application/octet-stream

ObjectFileType

Executable application

OriginalFileName

IxKk.exe

OsVersion

4.0

PeType

PE32

ProductVersion

0.0.0.0

ProductVersionNumber

0.0.0.0

Subsystem

Windows GUI

SubsystemVersion

4.0

UninitializedDataSize

0

Show all

Submissions

Published Name Source Country
0c2217b0e413d9557792e23cbe849eaac0d69c34c42dad168ab31e989591c8fd.exe web EE

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!