File 2ab0b1bc9caec9ffb7ce4a6f3c25616fcf0b23d5bf1936ce61dba41ada5137ee Summary
Like

Analyse score

8 / 14

8 antivirus venders flagged
this file as malicious

Signature

File is not signed

Last scanned

First submission

File type

exe

exe

Basic properties

CRC32

0x7868784e

MD5

64bdf513659ed4689b12609c536124bf

Magic

PE32 executable (GUI) Intel 80386, for MS Windows

SHA1

213ef403675c1ae7b3cb75f228d5d187d2aa49d2

SHA256

2ab0b1bc9caec9ffb7ce4a6f3c25616fcf0b23d5bf1936ce61dba41ada5137ee

SHA512

d3ec0dbd345e874f5ecbabf350dffd13c6ec91b0b027e96bd86adb3bb6063f64633be8cda245c2602ba74c28cf135b54f64943372b4efacc47c48d193e10036a

SSDeep

12288:9MWgti3uE3XjGehrU+dXjhSl+mhSx9yiJODCWQwilKZUF50+ujV/iDf8cLI:2WxD7w+dXjcl+8W9vtdvlD/l2HcLI

Size

804.50KB

Packer
  • PE: compiler: Microsoft Visual C/C++(2012 update 3)[-]
  • PE: linker: Microsoft Linker(11.0)[EXE32]
TrID
  • 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
  • 15.9% (.EXE) Win64 Executable (generic) (10523/12/4)
  • 9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
  • 7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
  • 6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
Tags

ExifTool File Metadata

CodeSize

102.50KB

EntryPoint

0x11772

ExifToolVersionNumber

12.64

FileSize

824 kB

FileType

Win32 EXE

FileTypeExtension

exe

ImageFileCharacteristics

Executable, 32-bit

ImageVersion

5.1

InitializedDataSize

710.50KB

LinkerVersion

11.0

MachineType

Intel 386 or later, and compatibles

MimeType

application/octet-stream

OsVersion

5.1

PeType

PE32

Subsystem

Windows GUI

SubsystemVersion

5.1

UninitializedDataSize

0

Show all

Submissions

Published Name Source Country
VirusShare_64bdf513659ed4689b12609c536124bf api CN

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!