File 30ea4a416e9f1446990d8d73e912e98f3ea2ea0f84d793dc4f2de14926411f66 Summary

11 / 14

11 antivirus venders flagged
this file as malicious

Signature

File is not signed

Last scanned

1 year ago

First submission

undefined

exe

exe

Basic properties

CRC32	0xcc603799
MD5	ae959ad6c3af14e6e58393c1b9d38856
Magic	PE32 executable (GUI) Intel 80386, for MS Windows
SHA1	390c4ee3c6ff3429538e0b1f2e9abbc064843797
SHA256	30ea4a416e9f1446990d8d73e912e98f3ea2ea0f84d793dc4f2de14926411f66
SHA512	6138c287a69b7c584f7c315aa10ab3ab802a65806c0259b668bfb4e9e226bfd6554ca551db45864fef1f8bddd408e98ae7374588ebcec1f632db94a42c272097
SSDeep	3072:Erb3W/L+b7BGLRovjUA5tswxR1saSBGBhYjYYetzrxciC4Q:ErzW/L+b7BGy7UCswqBG0Nuc
Size	152.00KB
Packer	PE: linker: unknown(10.0)[EXE32]
TrID	30.2% (.EXE) Win64 Executable (generic) (10523/12/4) 18.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 14.5% (.EXE) Win16 NE executable (generic) (5038/12/1) 12.9% (.EXE) Win32 Executable (generic) (4505/5/1) 5.9% (.ICL) Windows Icons Library (generic) (2059/9)
Tags	Agent Emotet exe

ExifTool File Metadata

CodeSize	12.00KB
EntryPoint	0x1502
ExifToolVersionNumber	12.49
FileSize	156 kB
FileType	Win32 EXE
FileTypeExtension	exe
ImageFileCharacteristics	Executable, 32-bit
ImageVersion	0.0
InitializedDataSize	0B
LinkerVersion	10.0
MachineType	Intel 386 or later, and compatibles
MimeType	application/octet-stream
OsVersion	5.0
PeType	PE32
Subsystem	Windows GUI
SubsystemVersion	4.0
UninitializedDataSize	143360

Show all

Submissions

Published	Name	Source	Country
2020-03-11 21:40:27	xxxxx	web	US

Indicators

Description	Severity	Category	Module
Malware detection of a yara signature: Win32/WannaCry	malicious	Sandbox Detection	Behavior
Communicates over HTTP with a low reputation domain	informational	C2	Behavior
Deletes itself after process termination	suspicious	Stealth	Behavior
Write a file to the startup folder	suspicious	Persistence	Behavior
Check for the existence of Virtual Machines	suspicious	Signature	Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!