File 17e036ff18cdd805951fec9107746492f582ae1eb46ca028544e37e517e8fc1f Summary
Like

Analyse score

0 / 14

No antivirus venders flagged
this file as malicious

Signature

File is not signed

Last scanned

First submission

File type

exe

exe

Basic properties

CRC32

0x4a14db9e

MD5

ef92c0915f06e5f3ddbfb096d1587b96

Magic

PE32 executable (GUI) Intel 80386, for MS Windows

SHA1

9bb857582bc924141fb3f7351468dfca9fa309d6

SHA256

17e036ff18cdd805951fec9107746492f582ae1eb46ca028544e37e517e8fc1f

SHA512

d6c8234630bbd2304d6ad92e387db655cd0fcc322ce79d690d7c701a14aaed1a4f51f433a2219aac679b68d9fe69f15402bab5656ba16c293f0d3209d6ae2646

SSDeep

24576:zyuClNkrDdYEA3k4RF3hA206xw/CcfzYBIIFGOA2HHdhnTOjKYSzqBXe+LIbF7+m:qbu0dA7fhe6dzfyBosp1HRmiI2VG

Size

2.27MB

Packer
  • PE: linker: Polink(2.50*)[EXE32]
TrID
  • 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
  • 15.9% (.EXE) Win64 Executable (generic) (10523/12/4)
  • 9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
  • 7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
  • 6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
Tags

ExifTool File Metadata

CodeSize

1.89MB

EntryPoint

0x1c2130

ExifToolVersionNumber

12.62

FileSize

2.4 MB

FileType

Win32 EXE

FileTypeExtension

exe

ImageFileCharacteristics

Executable, No line numbers, No symbols, 32-bit

ImageVersion

0.0

InitializedDataSize

384.00KB

LinkerVersion

2.50

MachineType

Intel 386 or later, and compatibles

MimeType

application/octet-stream

OsVersion

1.0

PeType

PE32

Subsystem

Windows GUI

SubsystemVersion

4.0

UninitializedDataSize

3391488

Show all

Submissions

Published Name Source Country
wawa3.exe web IN

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!