Analyse score
2 antivirus venders flagged
this file as malicious
Signature
File is not signed
Last scanned
First submission
File type
exe
2 antivirus venders flagged
this file as malicious
File is not signed
exe
CRC32 | 0x442b4891 |
---|---|
MD5 | 15d52149536526ce75302897eaf74694 |
Magic | PE32+ executable (console) x86-64, for MS Windows |
SHA1 | 0dceffbb8e9f67c7228d91a5c12e50e72698d3d5 |
SHA256 | 619795aa357e1eb36febf45b398ccccb289cb27b547814bfb422efb3e8f98e3d |
SHA512 | c18004d97450f0c4e4800137d0cd6e9279a6228cb57de66354c8098f35a5ca575783fb1aec46c2cfcb7ef9285feb52c25edf77425263ed6f3b1b6e6f74024c09 |
SSDeep | 12288:25m8ZlWk6VT6qIm9qCZb5rTa8kdVXpPYHVytvXi5w:BO+DD9qCZb5rTa8UPPe+PiW |
Size | 449.50KB |
Packer |
|
TrID |
|
Tags |
CharacterSet | Unicode |
---|---|
CodeSize | 380.00KB |
Comments | Raw file copy |
EntryPoint | 0x106b30 |
ExifToolVersionNumber | 12.64 |
FileDescription | Copy files from NTFS volumes by using low level disk access |
FileFlags | (none) |
FileFlagsMask | 0x0000 |
FileOs | Win32 |
FileSize | 460 kB |
FileSubtype | 0 |
Published | Name | Source | Country |
---|---|---|---|
RawCopy64.exe | web | undefined |
Description | Severity | Category | Module |
---|---|---|---|
Malware detection of a yara signature: Win32/WannaCry | malicious
|
Sandbox Detection | Behavior |
Communicates over HTTP with a low reputation domain | informational
|
C2 | Behavior |
Deletes itself after process termination | suspicious
|
Stealth | Behavior |
Write a file to the startup folder | suspicious
|
Persistence | Behavior |
Check for the existence of Virtual Machines | suspicious
|
Signature | Yara |
🚀 Coming soon!
🚀 Coming soon!