File 0c2217b0e413d9557792e23cbe849eaac0d69c34c42dad168ab31e989591c8fd Summary
Like

Analyse score

2 / 14

2 antivirus venders flagged
this file as malicious

Signature

File is not signed

Last scanned

First submission

Basic properties

CRC32

0x9e99fead

MD5

b318e290d518b1d41d3ae90f5bb71de3

Magic

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

SHA1

5ee43c9a4a35f9370bdea1aaf5001ae4d787c7a4

SHA256

0c2217b0e413d9557792e23cbe849eaac0d69c34c42dad168ab31e989591c8fd

SHA512

9810c3d98a09c02f79ba69e9fb3080b05714f8a2d24bf52bb461717b26d1bb7570b7bc56b06a8624822afe4e6993ce22cfd92ed48f2f7e9c1c4a36b561f23168

SSDeep

12288:DgR/mZRM+kEfUOcGUbQwcs+G/7cyfiBVenspfuepKYJ6Vca4OW5OmfLj0b7bOWpf:DgkZR5kEcGrwVcQiBQnafueprAehY7

Size

688.00KB

Packer
  • PE: library: .NET(v4.0.30319)[-]
  • PE: linker: Microsoft Linker(48.0)[EXE32]
TrID
  • 69.7% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
  • 10.0% (.EXE) Win64 Executable (generic) (10523/12/4)
  • 6.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
  • 4.2% (.EXE) Win32 Executable (generic) (4505/5/1)
  • 1.9% (.EXE) Win16/32 Executable Delphi generic (2072/23)
Tags

ExifTool File Metadata

AssemblyVersion

0.0.0.0

CharacterSet

Unicode

CodeSize

672.00KB

EntryPoint

0xa97f2

ExifToolVersionNumber

12.62

FileDescription

FileFlags

(none)

FileFlagsMask

0x003f

FileOs

Win32

FileSize

705 kB

FileSubtype

0

FileType

Win32 EXE

FileTypeExtension

exe

FileVersion

0.0.0.0

FileVersionNumber

0.0.0.0

ImageFileCharacteristics

Executable, 32-bit

ImageVersion

0.0

InitializedDataSize

12.00KB

InternalName

IxKk.exe

LanguageCode

Neutral

LegalCopyright

LinkerVersion

48.0

MachineType

Intel 386 or later, and compatibles

MimeType

application/octet-stream

ObjectFileType

Executable application

OriginalFileName

IxKk.exe

OsVersion

4.0

PeType

PE32

ProductVersion

0.0.0.0

ProductVersionNumber

0.0.0.0

Subsystem

Windows GUI

SubsystemVersion

4.0

UninitializedDataSize

0

Show all

Submissions

Published Name Source Country
0c2217b0e413d9557792e23cbe849eaac0d69c34c42dad168ab31e989591c8fd.exe web EE

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!