File 2b15a4e9618a75af28a0e58d5aac4cd3e58140d7af020a072e51318f2a8c3778 Summary
Like

Analyse score

0 / 14

No antivirus venders flagged
this file as malicious

Signature

File is not signed

Last scanned

First submission

Basic properties

CRC32

0xc5568873

MD5

c16faa91027466b2f8529330c11a88d4

Magic

PE32+ executable (console) x86-64, for MS Windows

SHA1

080ab40a248b9c0ab83f3dd9c7d78824f0e56d35

SHA256

2b15a4e9618a75af28a0e58d5aac4cd3e58140d7af020a072e51318f2a8c3778

SHA512

d250d8d572ec650a1c9d6a4dedf6a9db2665f436d659bc6f79a7accdd124724b68047e29771e515ffc2b548f9d691e4d54242218a679976796e498090d45294c

SSDeep

393216:bJzSufOlCTmam3+MVbbZeSARD5lwLFJMVqwifF5ETWAg:tSufI2kuMVbUXwLLvwiwTg

Size

15.79MB

Packer
  • PE+(64): linker: unknown(14.0)[EXE64,console]
TrID
  • 33.6% (.EXE) OS/2 Executable (generic) (2029/13)
  • 33.1% (.EXE) Generic Win/DOS Executable (2002/3)
  • 33.1% (.EXE) DOS Executable Generic (2000/1)
Tags

ExifTool File Metadata

CodeSize

1.35MB

EntryPoint

0x2077058

ExifToolVersionNumber

12.62

FileSize

17 MB

FileType

Win64 EXE

FileTypeExtension

exe

ImageFileCharacteristics

Executable, Large address aware

ImageVersion

0.0

InitializedDataSize

3.89MB

LinkerVersion

14.0

MachineType

AMD AMD64

MimeType

application/octet-stream

OsVersion

6.0

PeType

PE32+

Subsystem

Windows command line

SubsystemVersion

6.0

UninitializedDataSize

0

Show all

Submissions

Published Name Source Country
loader_protected.exe web SK

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!