By using Saferwall you consent to our Terms of Service and Privacy Policy and allow us to share your submission with the security community. Learn more

Summary

Analyse score

11/ 14

11 antivirus venders flagged
this file as malicious

Signature

File is not signed

Last scanned

First submission

File type

exe

exe

Basic properties

CRC32

0x173ef85b

MD5

72cec3ab7ff8520f7f3b230d8160fdaa

Magic

PE32 executable (GUI) Intel 80386, for MS Windows

SHA1

74797eee9390b9918b06faba0f08d6c3c7ee2160

SHA256

29eee4f8b088ec1cdac03a04ca834479fce9a0fdf696224c6f19d573f4e2a703

SHA512

f8e742b08af2c502233e187ca1b99fff6a310beb97967f2f8e4c7065e35e5fdcd9293a1308f3eb76a733ee576e015decd1e5ba3e18b6c5b69a48504089be13c2

SSDeep

3072:ufLnfk1mn7UVGhRXR9cEF3KGx/CgO9PcsibcbQLOEpTR5w1BNH50Idt:ufL8c4VQcEwGxagiPSbIyPKQIb

Size

225.00KB

TLSH

1334bf10b226c87bc447f17195d5dfd02e5962d13f7ea00e277807a9aad0db83d22f8a

Packer
  • PE: compiler: Microsoft Visual C/C++(2008)[libcmt,wWinMain]
  • PE: linker: Microsoft Linker(9.0*)[EXE32]
TrID
  • 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
  • 15.9% (.EXE) Win64 Executable (generic) (10523/12/4)
  • 9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
  • 7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
  • 6.8% (.EXE) Win32 Executable (generic) (4504/4/1)
Tags

ExifTool File Metadata

CodeSize

158.00KB

EntryPoint

0x21b1

ExifToolVersionNumber

12.88

FileSize

230 kB

FileType

Win32 EXE

FileTypeExtension

exe

ImageFileCharacteristics

Executable, 32-bit

ImageVersion

0.0

InitializedDataSize

73.50KB

LinkerVersion

9.0

MachineType

Intel 386 or later, and compatibles

MimeType

application/octet-stream

OsVersion

5.0

PeType

PE32

Subsystem

Windows GUI

SubsystemVersion

5.0

UninitializedDataSize

0

Submissions

Published Name Source Country
29eee4f8b088ec1cdac03a04ca834479fce9a0fdf696224c6f19d573f4e2a703 api
United States of America (the)

Indicators

Description Severity Category Module
Resolves API dynamically at runtime to obfuscate functionality
high
Anti-Analysis behavior
Enumerate system drives
low
Discovery behavior
Creates ransom notes
high
Ransomware behavior
Encrypt files on disk
high
Ransomware behavior
Hardcode a list of Antivirus' processes either for fingerprinting or termination
informative
info yara
Detect GandCrab ransomware family
high
malware yara