File 2b4468994f1ecb950d7fd3ba286b475993af60adbd462e0dd4ad7614aa1305a5 Summary
Like

Analyse score

7 / 14

7 antivirus venders flagged
this file as malicious

Signature

File is not signed

Last scanned

First submission

File type

exe

exe

Basic properties

CRC32

0x42cb7ce6

MD5

ebd7e3dbf8841016c0391fdabab32106

Magic

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

SHA1

5aff0de88f6b7bb7132f08b23f8b18fcba9c987a

SHA256

2b4468994f1ecb950d7fd3ba286b475993af60adbd462e0dd4ad7614aa1305a5

SHA512

b614e816f6bd6263246e2cf286ae40fa76e459fb3230c3dfc3c31a14850df57f331e71601e7e1c1ccaba2771e4cf7d43c03b01a209f6ca65316ec40a563714fe

SSDeep

24576:vfED3p2kfFmGSz72WCM6Nfi2JIaNeU62wIXNdrBM/+HuN7HRAuKFrXE1o95cAspo:ifI65iGIi2/7VRXZifVFlu0GZUxHWpXY

Size

2.36MB

Packer
  • PE: library: .NET(v4.0.30319)[-]
  • PE: compiler: VB.NET(-)[-]
  • PE: linker: Microsoft Linker(11.0)[EXE32]
TrID
  • 49.0% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
  • 20.9% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
  • 8.7% (.SCR) Windows screen saver (13097/50/3)
  • 7.0% (.EXE) Win64 Executable (generic) (10523/12/4)
  • 4.4% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
Tags

ExifTool File Metadata

AssemblyVersion

1.0.0.0

CharacterSet

Unicode

CodeSize

91.00KB

EntryPoint

0x18bbe

ExifToolVersionNumber

12.62

FileDescription

FileFlags

(none)

FileFlagsMask

0x003f

FileOs

Win32

FileSize

2.5 MB

FileSubtype

0

FileType

Win32 EXE

FileTypeExtension

exe

FileVersion

1.0.0.0

FileVersionNumber

1.0.0.0

ImageFileCharacteristics

Executable, 32-bit

ImageVersion

0.0

InitializedDataSize

246.00KB

InternalName

protect.exe

LanguageCode

Neutral

LegalCopyright

Copyright © 2017

LinkerVersion

11.0

MachineType

Intel 386 or later, and compatibles

MimeType

application/octet-stream

ObjectFileType

Executable application

OriginalFileName

protect.exe

OsVersion

4.0

PeType

PE32

ProductVersion

1.0.0.0

ProductVersionNumber

1.0.0.0

Subsystem

Windows GUI

SubsystemVersion

4.0

UninitializedDataSize

0

Show all

Submissions

Published Name Source Country
PsychonixCrypter.exe web PH

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!