File 619795aa357e1eb36febf45b398ccccb289cb27b547814bfb422efb3e8f98e3d Summary

Analyse score

2 / 14

2 antivirus venders flagged
this file as malicious

Signature

File is not signed

Last scanned

First submission

Basic properties

CRC32

0x442b4891

MD5

15d52149536526ce75302897eaf74694

Magic

PE32+ executable (console) x86-64, for MS Windows

SHA1

0dceffbb8e9f67c7228d91a5c12e50e72698d3d5

SHA256

619795aa357e1eb36febf45b398ccccb289cb27b547814bfb422efb3e8f98e3d

SHA512

c18004d97450f0c4e4800137d0cd6e9279a6228cb57de66354c8098f35a5ca575783fb1aec46c2cfcb7ef9285feb52c25edf77425263ed6f3b1b6e6f74024c09

SSDeep

12288:25m8ZlWk6VT6qIm9qCZb5rTa8kdVXpPYHVytvXi5w:BO+DD9qCZb5rTa8UPPe+PiW

Size

449.50KB

Packer
  • PE+(64): packer: UPX(3.91)[NRV,brute]
  • PE+(64): library: AutoIt(-)[-]
  • PE+(64): linker: Microsoft Linker(12.0*)[EXE64,console]
TrID
  • 64.7% (.EXE) UPX compressed Win64 Executable (70117/5/12)
  • 25.0% (.EXE) UPX compressed Win32 Executable (27066/9/6)
  • 4.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
  • 1.8% (.EXE) OS/2 Executable (generic) (2029/13)
  • 1.8% (.EXE) Generic Win/DOS Executable (2002/3)
Tags

ExifTool File Metadata

CharacterSet

Unicode

CodeSize

380.00KB

Comments

Raw file copy

EntryPoint

0x106b30

ExifToolVersionNumber

12.64

FileDescription

Copy files from NTFS volumes by using low level disk access

FileFlags

(none)

FileFlagsMask

0x0000

FileOs

Win32

FileSize

460 kB

FileSubtype

0

FileType

Win64 EXE

FileTypeExtension

exe

FileVersion

1.0.0.22

FileVersionNumber

1.0.0.22

ImageFileCharacteristics

Executable, Large address aware

ImageVersion

0.0

InitializedDataSize

72.00KB

LanguageCode

English (British)

LegalCopyright

Joakim Schicht

LinkerVersion

12.0

MachineType

AMD AMD64

MimeType

application/octet-stream

ObjectFileType

Unknown

OsVersion

5.2

PeType

PE32+

ProductVersion

3.3.14.5

ProductVersionNumber

3.3.14.5

Subsystem

Windows command line

SubsystemVersion

5.2

UninitializedDataSize

684032

Show all

Submissions

Published Name Source Country
RawCopy64.exe web undefined

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!