File 406b001a1fe34628e6b76de07a30de32a87820ffd93778ea621804bc41072aaa Summary
Like

Analyse score

5 / 14

5 antivirus venders flagged
this file as malicious

Signature

File is not signed

Last scanned

First submission

File type

exe

exe

Basic properties

CRC32

0x4d5504b5

MD5

39b2104a82474558e5ae42e9c0a371c1

Magic

PE32 executable (GUI) Intel 80386, for MS Windows

SHA1

4b2805df6533e44de6891eaeac24749852c370bb

SHA256

406b001a1fe34628e6b76de07a30de32a87820ffd93778ea621804bc41072aaa

SHA512

eb59a20ce5df23b9db07dd6f52eea66faf4871edc2518aee63179fc7d86af65f50f7c5ebfb0dc47851ac34250b45a7110f077eb56ae00a23d34e2e40587a71e1

SSDeep

384:AoSaKbH7Xy9khmQ9M+NTFE4e6Ol2FcsUlmeU41Q6AjZmGOi4Q61tton5:7jKKmhmQmK7uycQt41Q6k/4Q8Y5

Size

55.50KB

Packer
  • PE: library: MFC(4.2)[-]
  • PE: compiler: Microsoft Visual C++(6.0)[msvcrt]
  • PE: linker: Microsoft Linker(6.0*)[EXE32]
TrID
  • 33.5% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
  • 21.3% (.EXE) Win64 Executable (generic) (10523/12/4)
  • 13.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
  • 10.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
  • 9.1% (.EXE) Win32 Executable (generic) (4505/5/1)
Tags

ExifTool File Metadata

CodeSize

54.50KB

EntryPoint

0x5718

ExifToolVersionNumber

12.62

FileSize

57 kB

FileType

Win32 EXE

FileTypeExtension

exe

ImageFileCharacteristics

No relocs, Executable, No line numbers, No symbols, 32-bit

ImageVersion

0.0

InitializedDataSize

0B

LinkerVersion

6.0

MachineType

Intel 386 or later, and compatibles

MimeType

application/octet-stream

OsVersion

4.0

PeType

PE32

Subsystem

Windows GUI

SubsystemVersion

4.0

UninitializedDataSize

0

Warning

Error processing PE data dictionary

Show all

Submissions

Published Name Source Country
406b001a1fe34628e6b76de07a30de32a87820ffd93778ea621804bc41072aaa api US

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!