File 168a7fd30817e07efecbd1805ff1e8629a62be137b74d0b77958472f0993d134 Summary
Like

Analyse score

0 / 14

No antivirus venders flagged
this file as malicious

Signature

File is not signed

Last scanned

First submission

File type

exe

exe

Basic properties

CRC32

0xb86c607b

MD5

8d47f1f9fbbbe4f61ed13a461f6bcb75

Magic

PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive

SHA1

7063d881ec2d0c7cf39aa5b2cb05beb18fa74c44

SHA256

168a7fd30817e07efecbd1805ff1e8629a62be137b74d0b77958472f0993d134

SHA512

8b0f245df208d5adf9298f92f1761b212234c59776cc23654a9f96963cc9ebf1394277e6c0293c8afa85f3d516b48f279821d3acdb55c407cc8cc5481d842400

SSDeep

49152:EgOEicVl+xMEnWv5S7lRXiqzLPmq3S3S3MNFl:JOEicVl+xQ03XFzyiSaO

Size

1.64MB

Packer
  • PE: installer: Nullsoft Scriptable Install System(3.06.1)[lzma,solid]
  • PE: linker: Microsoft Linker(6.0*)[EXE32,admin]
  • PE: overlay: NSIS data(-)[-]
TrID
  • 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
  • 15.9% (.EXE) Win64 Executable (generic) (10523/12/4)
  • 9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
  • 7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
  • 6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
Tags

ExifTool File Metadata

CharacterSet

Windows, Latin1

CodeSize

25.50KB

CompanyName

pendrivelinux.com

EntryPoint

0x35d8

ExifToolVersionNumber

12.64

FileDescription

YUMI

FileFlags

(none)

FileFlagsMask

0x0000

FileOs

Win32

FileSize

1719 kB

FileSubtype

0

FileType

Win32 EXE

FileTypeExtension

exe

FileVersion

2.0.9.4

FileVersionNumber

2.0.9.4

ImageFileCharacteristics

No relocs, Executable, No line numbers, No symbols, 32-bit

ImageVersion

6.0

InitializedDataSize

138.50KB

LanguageCode

English (U.S.)

LegalCopyright

Copyright © Pendrivelinux.com

License

GPL Version 2

LinkerVersion

6.0

MachineType

Intel 386 or later, and compatibles

MimeType

application/octet-stream

ObjectFileType

Executable application

OsVersion

4.0

PeType

PE32

ProductVersionNumber

2.0.9.4

Subsystem

Windows GUI

SubsystemVersion

4.0

UninitializedDataSize

2048

Show all

Submissions

Published Name Source Country
YUMI-2.0.9.4.exe web undefined

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!