File 58b85da914d473c278f9a5f857920087a5405c5a1abb1292934772152dce7eca Summary
Like

Analyse score

9 / 14

9 antivirus venders flagged
this file as malicious

Signature

File is not signed

Last scanned

First submission

File type

exe

exe

Basic properties

CRC32

0xee49887e

MD5

4b3cb5fa27ecd7e789169ddd479b4639

Magic

PE32 executable (GUI) Intel 80386, for MS Windows

SHA1

5f85c9e51cb55edc370709cf84b65f562983b34f

SHA256

58b85da914d473c278f9a5f857920087a5405c5a1abb1292934772152dce7eca

SHA512

0c1f8b96be7d0cee6382608042686b41207246b9d1487446ea8cdcc6ff97410dcf152cda9eb1f748607c2a142806fc7edc3dfad7d0e94c51b476e8f9f37643e0

SSDeep

24576:kJQuZwGk+UWwKl2mc5mcKIwmjcCWO0LOBKqzOvJf:vuZZk+UFUD43ljcVX

Size

1.20MB

Packer
  • PE: compiler: Microsoft Visual C/C++(2012)[-]
  • PE: linker: Microsoft Linker(8.0 or 11.0)[EXE32]
TrID
  • 48.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
  • 16.4% (.EXE) Win64 Executable (generic) (10523/12/4)
  • 10.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
  • 7.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
  • 7.0% (.EXE) Win32 Executable (generic) (4505/5/1)
Tags

ExifTool File Metadata

CodeSize

344.50KB

EntryPoint

0x19fea

ExifToolVersionNumber

12.44

FileSize

1258 kB

FileType

Win32 EXE

FileTypeExtension

exe

ImageFileCharacteristics

Executable, 32-bit

ImageVersion

5.1

InitializedDataSize

889.50KB

LinkerVersion

11.0

MachineType

Intel 386 or later, and compatibles

MimeType

application/octet-stream

OsVersion

5.1

PeType

PE32

Subsystem

Windows GUI

SubsystemVersion

5.1

UninitializedDataSize

0

Show all

Submissions

Published Name Source Country
VirusShare_4b3cb5fa27ecd7e789169ddd479b4639 api CN

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!