File 63c2c1ad4286dbad927358f62a449d6e1f9b1aa6436c92a2f6031e9554bed940 Summary
Like

Analyse score

8 / 14

8 antivirus venders flagged
this file as malicious

Signature

File is not signed

Last scanned

First submission

File type

exe

exe

Basic properties

CRC32

0x62be874d

MD5

26e46fc3dff7635d2f538545e8fe5209

Magic

PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows

SHA1

edda359ef29f0a2c93353ea0d3cb5af995d72a05

SHA256

63c2c1ad4286dbad927358f62a449d6e1f9b1aa6436c92a2f6031e9554bed940

SHA512

985c3d179fd21d4dd0ef88b9b2fbebd4972ff2e8b8b035a003757d585ea18a4593a35059107d9d545e55809828dd969322db18b7702ddff675d68d3089baed03

SSDeep

98304:aHCEZY+nX012v0vfQXYF4GkxxOqbISnCABxz8OaIXiReLRx:ABYOk12zakx1FCA/zZyReV

Size

4.58MB

Packer
  • PE+(64): packer: UPX(3.95)[NRV,brute]
  • PE+(64): linker: unknown(3.0)[EXE64]
TrID
  • 86.3% (.EXE) UPX compressed Win64 Executable (70117/5/12)
  • 6.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
  • 2.4% (.EXE) OS/2 Executable (generic) (2029/13)
  • 2.4% (.EXE) Generic Win/DOS Executable (2002/3)
  • 2.4% (.EXE) DOS Executable Generic (2000/1)
Tags

ExifTool File Metadata

CodeSize

4.59MB

EntryPoint

0xd1a460

ExifToolVersionNumber

12.49

FileSize

4.8 MB

FileType

Win64 EXE

FileTypeExtension

exe

ImageFileCharacteristics

No relocs, Executable, Large address aware, No debug

ImageVersion

1.0

InitializedDataSize

4.00KB

LinkerVersion

3.0

MachineType

AMD AMD64

MimeType

application/octet-stream

OsVersion

4.0

PeType

PE32+

Subsystem

Windows GUI

SubsystemVersion

4.0

UninitializedDataSize

8929280

Show all

Submissions

Published Name Source Country
z39hp8lv6.dll web CN

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!