File 2ff8286136c4d45484e3794d2c5be9aa51ec622153e00411234f64b51690cf45 Summary

Analyse score

6 / 14

6 antivirus venders flagged
this file as malicious

Signature

File is not signed

Last scanned

First submission

Basic properties

CRC32

0x83d3a79d

MD5

36853a411e87b41bbdc3a4e22865f501

Magic

PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows

SHA1

013183a64a3343be002f5c78d0cdb45b4885fbe1

SHA256

2ff8286136c4d45484e3794d2c5be9aa51ec622153e00411234f64b51690cf45

SHA512

be51347f28807fbd9133e33b65fdce52c4e450ed5631288703010ea07bb181fa721ac46c17ac0c48e1891a24b2703f8f9aabdc383fca2485316193f50a6057d2

SSDeep

24576:1q9//huelfYTuZu1S5a4yn3OPtAYJGiQ:yhrfidGLbPtLGiQ

Size

918.00KB

Packer
  • PE+(64): library: .NET(v4.0.30319)[-]
  • PE+(64): linker: Microsoft Linker(48.0)[EXE64]
TrID
  • 56.5% (.EXE) Win64 Executable (generic) (10523/12/4)
  • 11.0% (.ICL) Windows Icons Library (generic) (2059/9)
  • 10.9% (.EXE) OS/2 Executable (generic) (2029/13)
  • 10.7% (.EXE) Generic Win/DOS Executable (2002/3)
  • 10.7% (.EXE) DOS Executable Generic (2000/1)
Tags

ExifTool File Metadata

AssemblyVersion

1.0.0.0

CharacterSet

Unicode

CodeSize

916.00KB

Comments

CompanyName

EntryPoint

0x0000

ExifToolVersionNumber

12.64

FileDescription

Restorant

FileFlags

(none)

FileFlagsMask

0x003f

FileOs

Win32

FileSize

940 kB

FileSubtype

0

FileType

Win64 EXE

FileTypeExtension

exe

FileVersion

1.0.0.0

FileVersionNumber

1.0.0.0

ImageFileCharacteristics

Executable, Large address aware

ImageVersion

0.0

InitializedDataSize

1.50KB

InternalName

wnXg.exe

LanguageCode

Neutral

LegalCopyright

Copyright © 2022

LegalTrademarks

LinkerVersion

48.0

MachineType

AMD AMD64

MimeType

application/octet-stream

ObjectFileType

Executable application

OriginalFileName

wnXg.exe

OsVersion

4.0

PeType

PE32+

ProductName

Restorant

ProductVersion

1.0.0.0

ProductVersionNumber

1.0.0.0

Subsystem

Windows GUI

SubsystemVersion

4.0

UninitializedDataSize

0

Show all

Submissions

Published Name Source Country
darkCloud.exe web undefined

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!