File 3a2e4987a57da673ea4c118ac3b071c01d5f5702fcbd37e9598179135f2711a4 Summary
Like

Analyse score

7 / 14

7 antivirus venders flagged
this file as malicious

Signature

File is not signed

Last scanned

First submission

Basic properties

CRC32

0xf7d95691

MD5

5c0caa58b9afd0eb9efcba356f2d264e

Magic

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

SHA1

838af550d0e6c5b47a0dd8b55807902ffad52907

SHA256

3a2e4987a57da673ea4c118ac3b071c01d5f5702fcbd37e9598179135f2711a4

SHA512

9b48fbe9d4ea736907e14f6b2d7590da33f72385d2f1a79b30178c837c0bc7c57d4b956471367e6c329be39778b4a52e373436e2a88463ff712980505caffda9

SSDeep

1536:qcSP4c58ocxxHOKNnYLyBefLVj2V8pqKmY7:qcSP4c5jcxxHbBefLp2VXz

Size

60.50KB

Packer
  • PE: library: .NET(v4.0.30319)[-]
  • PE: compiler: VB.NET(-)[-]
  • PE: linker: Microsoft Linker(8.0)[EXE32]
TrID
  • 60.4% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
  • 10.8% (.SCR) Windows screen saver (13097/50/3)
  • 8.7% (.EXE) Win64 Executable (generic) (10523/12/4)
  • 5.4% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
  • 4.1% (.EXE) Win16 NE executable (generic) (5038/12/1)
Tags

ExifTool File Metadata

AssemblyVersion

1.0.7.0

CharacterSet

Unicode

CodeSize

56.00KB

Comments

CompanyName

EntryPoint

0xfee6

ExifToolVersionNumber

12.62

FileDescription

FileFlags

(none)

FileFlagsMask

0x003f

FileOs

Win32

FileSize

62 kB

FileSubtype

0

FileType

Win32 EXE

FileTypeExtension

exe

FileVersion

1.0.7.0

FileVersionNumber

1.0.7.0

ImageFileCharacteristics

Executable

ImageVersion

0.0

InitializedDataSize

4.00KB

InternalName

Client.exe

LanguageCode

Neutral

LegalCopyright

LegalTrademarks

LinkerVersion

8.0

MachineType

Intel 386 or later, and compatibles

MimeType

application/octet-stream

ObjectFileType

Executable application

OriginalFileName

Client.exe

OsVersion

4.0

PeType

PE32

ProductName

ProductVersion

1.0.7.0

ProductVersionNumber

1.0.7.0

Subsystem

Windows GUI

SubsystemVersion

4.0

UninitializedDataSize

0

Show all

Submissions

Published Name Source Country
Client.exe web DZ

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!