File 49d54d5c83609ba0f5dd558de757f8704c1e806dfa241aefe07a2be7d3c833cd Summary
Like

Analyse score

5 / 14

5 antivirus venders flagged
this file as malicious

Signature

File is not signed

Last scanned

First submission

File type

exe

exe

Basic properties

CRC32

0x4735bbb3

MD5

fb0eae8957668ce35168178db5a45d32

Magic

PE32 executable (GUI) Intel 80386, for MS Windows

SHA1

4ef5466771dc7eb760a91464147da80ad57aa013

SHA256

49d54d5c83609ba0f5dd558de757f8704c1e806dfa241aefe07a2be7d3c833cd

SHA512

15292d90a0bff31ebb25eaad1324e1b05eb92e8ec809086b701b2f16c58545cad21117777bf20d7df82029d233fd60d32f2aeaf80d3a61f774ce0d8b511a537d

SSDeep

98304:PvDsbsk3XwnAsZq3/tFq+Kn1qwOyQJRwIl:nD4gGq+K1qwOhSC

Size

7.68MB

Packer
  • PE: linker: unknown(14.2)[EXE32]
TrID
  • 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
  • 15.9% (.EXE) Win64 Executable (generic) (10523/12/4)
  • 9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
  • 7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
  • 6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
Tags

ExifTool File Metadata

CodeSize

4.72MB

EntryPoint

0x5c630

ExifToolVersionNumber

12.64

FileSize

8.1 MB

FileType

Win32 EXE

FileTypeExtension

exe

ImageFileCharacteristics

Executable, 32-bit

ImageVersion

1.0

InitializedDataSize

173.50KB

LinkerVersion

14.2

MachineType

Intel 386 or later, and compatibles

MimeType

application/octet-stream

OsVersion

6.1

PeType

PE32

Subsystem

Windows GUI

SubsystemVersion

6.1

UninitializedDataSize

0

Warning

Error processing PE data dictionary

Show all

Submissions

Published Name Source Country
49d54d5c83609ba0f5dd558de757f8704c1e806dfa241aefe07a2be7d3c833cd web MA

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!