Analyse score
6 antivirus venders flagged
this file as malicious
Signature
File is not signed
Last scanned
First submission
File type
exe
6 antivirus venders flagged
this file as malicious
File is not signed
exe
CRC32 | 0x83d3a79d |
---|---|
MD5 | 36853a411e87b41bbdc3a4e22865f501 |
Magic | PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows |
SHA1 | 013183a64a3343be002f5c78d0cdb45b4885fbe1 |
SHA256 | 2ff8286136c4d45484e3794d2c5be9aa51ec622153e00411234f64b51690cf45 |
SHA512 | be51347f28807fbd9133e33b65fdce52c4e450ed5631288703010ea07bb181fa721ac46c17ac0c48e1891a24b2703f8f9aabdc383fca2485316193f50a6057d2 |
SSDeep | 24576:1q9//huelfYTuZu1S5a4yn3OPtAYJGiQ:yhrfidGLbPtLGiQ |
Size | 918.00KB |
Packer |
|
TrID |
|
Tags |
AssemblyVersion | 1.0.0.0 |
---|---|
CharacterSet | Unicode |
CodeSize | 916.00KB |
Comments |
|
CompanyName |
|
EntryPoint | 0x0000 |
ExifToolVersionNumber | 12.64 |
FileDescription | Restorant |
FileFlags | (none) |
FileFlagsMask | 0x003f |
FileOs | Win32 |
Published | Name | Source | Country |
---|---|---|---|
darkCloud.exe | web | undefined |
Description | Severity | Category | Module |
---|---|---|---|
Malware detection of a yara signature: Win32/WannaCry | malicious
|
Sandbox Detection | Behavior |
Communicates over HTTP with a low reputation domain | informational
|
C2 | Behavior |
Deletes itself after process termination | suspicious
|
Stealth | Behavior |
Write a file to the startup folder | suspicious
|
Persistence | Behavior |
Check for the existence of Virtual Machines | suspicious
|
Signature | Yara |
🚀 Coming soon!
🚀 Coming soon!