Analyse score
8 antivirus venders flagged
this file as malicious
Signature
File is not signed
Last scanned
First submission
File type
exe
8 antivirus venders flagged
this file as malicious
File is not signed
exe
CRC32 | 0x62be874d |
---|---|
MD5 | 26e46fc3dff7635d2f538545e8fe5209 |
Magic | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows |
SHA1 | edda359ef29f0a2c93353ea0d3cb5af995d72a05 |
SHA256 | 63c2c1ad4286dbad927358f62a449d6e1f9b1aa6436c92a2f6031e9554bed940 |
SHA512 | 985c3d179fd21d4dd0ef88b9b2fbebd4972ff2e8b8b035a003757d585ea18a4593a35059107d9d545e55809828dd969322db18b7702ddff675d68d3089baed03 |
SSDeep | 98304:aHCEZY+nX012v0vfQXYF4GkxxOqbISnCABxz8OaIXiReLRx:ABYOk12zakx1FCA/zZyReV |
Size | 4.58MB |
Packer |
|
TrID |
|
Tags |
CodeSize | 4.59MB |
---|---|
EntryPoint | 0xd1a460 |
ExifToolVersionNumber | 12.49 |
FileSize | 4.8 MB |
FileType | Win64 EXE |
FileTypeExtension | exe |
ImageFileCharacteristics | No relocs, Executable, Large address aware, No debug |
ImageVersion | 1.0 |
InitializedDataSize | 4.00KB |
LinkerVersion | 3.0 |
MachineType | AMD AMD64 |
Published | Name | Source | Country |
---|---|---|---|
z39hp8lv6.dll | web | CN |
Description | Severity | Category | Module |
---|---|---|---|
Malware detection of a yara signature: Win32/WannaCry | malicious
|
Sandbox Detection | Behavior |
Communicates over HTTP with a low reputation domain | informational
|
C2 | Behavior |
Deletes itself after process termination | suspicious
|
Stealth | Behavior |
Write a file to the startup folder | suspicious
|
Persistence | Behavior |
Check for the existence of Virtual Machines | suspicious
|
Signature | Yara |
🚀 Coming soon!
🚀 Coming soon!