Analyse score
11 antivirus venders flagged
this file as malicious
Signature
File is not signed
Last scanned
First submission
File type
exe
By using Saferwall you consent to our Terms of Service and Privacy Policy and allow us to share your submission with the security community. Learn more
11 antivirus venders flagged
this file as malicious
File is not signed
exe
CRC32 | 0x173ef85b |
---|---|
MD5 | 72cec3ab7ff8520f7f3b230d8160fdaa |
Magic | PE32 executable (GUI) Intel 80386, for MS Windows |
SHA1 | 74797eee9390b9918b06faba0f08d6c3c7ee2160 |
SHA256 | 29eee4f8b088ec1cdac03a04ca834479fce9a0fdf696224c6f19d573f4e2a703 |
SHA512 | f8e742b08af2c502233e187ca1b99fff6a310beb97967f2f8e4c7065e35e5fdcd9293a1308f3eb76a733ee576e015decd1e5ba3e18b6c5b69a48504089be13c2 |
SSDeep | 3072:ufLnfk1mn7UVGhRXR9cEF3KGx/CgO9PcsibcbQLOEpTR5w1BNH50Idt:ufL8c4VQcEwGxagiPSbIyPKQIb |
Size | 225.00KB |
TLSH | 1334bf10b226c87bc447f17195d5dfd02e5962d13f7ea00e277807a9aad0db83d22f8a |
Packer |
|
TrID |
|
Tags |
CodeSize | 158.00KB |
---|---|
EntryPoint | 0x21b1 |
ExifToolVersionNumber | 12.88 |
FileSize | 230 kB |
FileType | Win32 EXE |
FileTypeExtension | exe |
ImageFileCharacteristics | Executable, 32-bit |
ImageVersion | 0.0 |
InitializedDataSize | 73.50KB |
LinkerVersion | 9.0 |
MachineType | Intel 386 or later, and compatibles |
Published | Name | Source | Country |
---|---|---|---|
29eee4f8b088ec1cdac03a04ca834479fce9a0fdf696224c6f19d573f4e2a703 | api | United States of America (the) |
Description | Severity | Category | Module |
---|---|---|---|
Resolves API dynamically at runtime to obfuscate functionality | high | Anti-Analysis | behavior |
Enumerate system drives | low | Discovery | behavior |
Creates ransom notes | high | Ransomware | behavior |
Encrypt files on disk | high | Ransomware | behavior |
Hardcode a list of Antivirus' processes either for fingerprinting or termination | informative | info | yara |
Detect GandCrab ransomware family | high | malware | yara |