File 1c8562fda7fe06c2a253c1e7ce9ec2e7f948db8ba40d18dc0217920ea00007f3 Summary

Analyse score

0 / 14

No antivirus venders flagged
this file as malicious

Signature

Signed file, invalid signature

Last scanned

First submission

Basic properties

CRC32

0xc7eca7f

MD5

5f8023137147b3f4770415f7592f03a9

Magic

PE32+ executable (native) x86-64, for MS Windows

SHA1

0cc13271ce885cc9656280d0ea1969d1b09d2285

SHA256

1c8562fda7fe06c2a253c1e7ce9ec2e7f948db8ba40d18dc0217920ea00007f3

SHA512

0ccb56ea36bfba9bfcb6fb7f945b18a1ee5df2a6ead98e01ef52b80aa706fb7eee250ae85663cc002ce3b8820e194fe9455c5edd18dd260b791f4821894ef108

SSDeep

12288:1ESdqkQt2XtcaXhzZ/ccb6uCDHrbYcmLZTCUqc356W8t:9qHt2Xtc25RcclCDHrUTCUqc3538t

Size

806.02KB

Packer
  • PE+(64): linker: Microsoft Linker(14.29**)[Driver64,signed]
TrID
  • 56.5% (.EXE) Win64 Executable (generic) (10523/12/4)
  • 11.0% (.ICL) Windows Icons Library (generic) (2059/9)
  • 10.9% (.EXE) OS/2 Executable (generic) (2029/13)
  • 10.7% (.EXE) Generic Win/DOS Executable (2002/3)
  • 10.7% (.EXE) DOS Executable Generic (2000/1)
Tags

ExifTool File Metadata

CodeSize

557.50KB

EntryPoint

0xc9000

ExifToolVersionNumber

12.62

FileSize

825 kB

FileType

Win64 EXE

FileTypeExtension

exe

ImageFileCharacteristics

Executable, Large address aware

ImageVersion

10.0

InitializedDataSize

246.00KB

LinkerVersion

14.29

MachineType

AMD AMD64

MimeType

application/octet-stream

OsVersion

10.0

PeType

PE32+

Subsystem

Native

SubsystemVersion

6.1

UninitializedDataSize

0

Warning

Error processing PE data dictionary

Show all

Submissions

Published Name Source Country
core_driver_x64.sys web undefined

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!