File 0f7325f4221cf7e0e6edb6e6e2460eec8bc41a6ea714ab64788ca9dd87e62265 Summary
Like

Analyse score

0 / 14

No antivirus venders flagged
this file as malicious

Signature

File is not signed

Last scanned

First submission

File type

exe

exe

Basic properties

CRC32

0xf7781490

MD5

423d24fe678eccb0c1354b9d55a1e076

Magic

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

SHA1

fbc1edfacf5ffca5559373670a91d6909549dfd8

SHA256

0f7325f4221cf7e0e6edb6e6e2460eec8bc41a6ea714ab64788ca9dd87e62265

SHA512

c9e3b42aa8d330fd5f36847f978c0577b62e4fd92d19f6215186cb64a855985b02e245829c4cfa3cab7d1ad1cdb8aa24dffe69eb70b1c2efeaeb2d56c1ab3235

SSDeep

24576:0uwwnbIV/TYlqsBBw/33ZliGuPZyTcUjdLWmC06jy1dyZGvBItTD:0TwbIRYssPw/nr2PZyLdC46edM

Size

1.49MB

Packer
  • PE: library: .NET(v4.0.30319)[-]
  • PE: compiler: VB.NET(-)[-]
  • PE: linker: Microsoft Linker(80.0)[EXE32,admin]
TrID
  • 30.2% (.EXE) Win64 Executable (generic) (10523/12/4)
  • 18.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
  • 14.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
  • 12.9% (.EXE) Win32 Executable (generic) (4505/5/1)
  • 5.9% (.ICL) Windows Icons Library (generic) (2059/9)
Tags

ExifTool File Metadata

CodeSize

1.43MB

EntryPoint

0x17098e

ExifToolVersionNumber

12.62

FileSize

1562 kB

FileType

Win32 EXE

FileTypeExtension

exe

ImageFileCharacteristics

Executable, Large address aware, 32-bit

ImageVersion

0.0

InitializedDataSize

58.00KB

LinkerVersion

80.0

MachineType

Intel 386 or later, and compatibles

MimeType

application/octet-stream

OsVersion

4.0

PeType

PE32

Subsystem

Windows GUI

SubsystemVersion

6.0

UninitializedDataSize

0

Show all

Submissions

Published Name Source Country
SRV.exe web SK

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!