File 11684b5455bfda95cbb167c59ef1fcb634922365fd9f4d72b5d5b7871f9a6349 Summary
Like

Analyse score

0 / 14

No antivirus venders flagged
this file as malicious

Signature

Signed file, invalid signature

Last scanned

First submission

File type

exe

exe

Basic properties

CRC32

0xff30558b

MD5

a1fd384455f58239ecddd9166328c9b7

Magic

PE32+ executable (GUI) x86-64, for MS Windows

SHA1

b18211f4dd98d008c3b3099eddda3831902ba47f

SHA256

11684b5455bfda95cbb167c59ef1fcb634922365fd9f4d72b5d5b7871f9a6349

SHA512

96e20b2485c100974f10bdbf83cef22938d580566c9c2999982385aa4719a2824e30a2b2bc15f6a0fd040df879ee0da03795023b4ba31348d9ec1889dcea9092

SSDeep

6144:LowmtmCqLJvL5yIMKzB9AF+14lksL3UMKYMKo6A+sJz6xBn:kwPCqLJvL5yIPl9AF+14lksL3/m4oiBn

Size

324.45KB

Packer
  • PE+(64): compiler: Microsoft Visual C/C++(-)[-]
  • PE+(64): linker: Microsoft Linker(14.28**)[EXE64,signed]
TrID
  • 41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
  • 26.1% (.EXE) Win64 Executable (generic) (10523/12/4)
  • 12.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
  • 5.1% (.ICL) Windows Icons Library (generic) (2059/9)
  • 5.0% (.EXE) OS/2 Executable (generic) (2029/13)
Tags

ExifTool File Metadata

CharacterSet

Unicode

CodeSize

132.00KB

CompanyName

Microsoft Corporation

EntryPoint

0xa960

ExifToolVersionNumber

12.57

FileDescription

Inspect Object (64-bit UNICODE Release)

FileFlags

Pre-release, Special build

FileFlagsMask

0x003f

FileOs

Windows 32-bit

FileSize

332 kB

FileSubtype

0

FileType

Win64 EXE

FileTypeExtension

exe

FileVersion

7.2.0.0

FileVersionNumber

7.2.0.0

ImageFileCharacteristics

Executable, Large address aware

ImageVersion

10.0

InitializedDataSize

180.00KB

InternalName

INSPECT

LanguageCode

English (U.S.)

LegalCopyright

© 2012 Microsoft Corporation. All rights reserved.

LinkerVersion

14.28

MachineType

AMD AMD64

MimeType

application/octet-stream

ObjectFileType

Executable application

OriginalFileName

INSPECT.EXE

OsVersion

10.0

PeType

PE32+

ProductName

Microsoft Active Accessibility

ProductVersion

7.2.0.0

ProductVersionNumber

7.2.0.0

SpecialBuild

Subsystem

Windows GUI

SubsystemVersion

6.0

UninitializedDataSize

0

Show all

Submissions

Published Name Source Country
inspect.exe web undefined

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!