File 7db9709a28664b72ccb106fb5474722a58e2248427c55abd0327d2ae73434cc2 Summary
Like

Analyse score

2 / 14

2 antivirus venders flagged
this file as malicious

Signature

File is not signed

Last scanned

First submission

Basic properties

CRC32

0x6df74fa5

MD5

32383b7b56013eb9920deb1c479d1c3f

Magic

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

SHA1

592a6fe4256a18e041619b8198e0c77f46a2e764

SHA256

7db9709a28664b72ccb106fb5474722a58e2248427c55abd0327d2ae73434cc2

SHA512

67cd871a20e695f35e049ef69813af59505857524b06e3ac993bc9975634474aef2097e681532e595e97897e0039d3e781b031194a20edf9b33496fce2955581

SSDeep

12288:iyQaMFM0Mvxv96lPGfGAS3aczHjOpJ5bX9Ek1GgO5vcJX32n4DVRTIwEhbWy:iyjv9olufGasDO1JkgkcJ2nyVRTAhb

Size

1.05MB

Packer
  • PE: library: .NET(v4.0.30319)[-]
  • PE: linker: Microsoft Linker(48.0)[EXE32]
TrID
  • 63.0% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
  • 11.2% (.SCR) Windows screen saver (13097/50/3)
  • 9.0% (.EXE) Win64 Executable (generic) (10523/12/4)
  • 5.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
  • 3.8% (.EXE) Win32 Executable (generic) (4505/5/1)
Tags

ExifTool File Metadata

AssemblyVersion

1.0.0.0

CharacterSet

Unicode

CodeSize

1.04MB

Comments

CompanyName

EntryPoint

0x10d30e

ExifToolVersionNumber

12.62

FileDescription

DLPK

FileFlags

(none)

FileFlagsMask

0x003f

FileOs

Win32

FileSize

1097 kB

FileSubtype

0

FileType

Win32 EXE

FileTypeExtension

exe

FileVersion

1.0.0.0

FileVersionNumber

1.0.0.0

ImageFileCharacteristics

Executable, 32-bit

ImageVersion

0.0

InitializedDataSize

2.00KB

InternalName

UnmxRI.exe

LanguageCode

Neutral

LegalCopyright

Copyright © 2019

LegalTrademarks

LinkerVersion

48.0

MachineType

Intel 386 or later, and compatibles

MimeType

application/octet-stream

ObjectFileType

Executable application

OriginalFileName

UnmxRI.exe

OsVersion

4.0

PeType

PE32

ProductName

DLPK

ProductVersion

1.0.0.0

ProductVersionNumber

1.0.0.0

Subsystem

Windows GUI

SubsystemVersion

4.0

UninitializedDataSize

0

Show all

Submissions

Published Name Source Country
7db9709a28664b72ccb106fb5474722a58e2248427c55abd0327d2ae73434cc2.exe web EE

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!