File 86a5a0133bfa9baa4c59f4e9964b473afd3bc1e5a6decc8124737d67aad40795 Summary
Like

Analyse score

4 / 14

4 antivirus venders flagged
this file as malicious

Signature

File is not signed

Last scanned

First submission

File type

exe

exe

Basic properties

CRC32

0x7702e081

MD5

4593c5798296de49381eb8e60452a80f

Magic

PE32 executable (GUI) Intel 80386, for MS Windows

SHA1

de4e77a10ae4ecfddfb7611c4880fca8fcdfa1c1

SHA256

86a5a0133bfa9baa4c59f4e9964b473afd3bc1e5a6decc8124737d67aad40795

SHA512

36a6abc8392e9d4dfe788cef3c7b3d6294641b3f398a1e888c51752d258541b4a63e47ed7fb2f8f104f3c68d537e8dd41632e5178b3dce0abc08fedf3a64ee21

SSDeep

1536:yi0h2omUmOK7xpkqQF2tiicjlIW7aie6x0wi/MOgA1OFPvNXRWXHrE:ypdmOK7j7Qvicja2smdi/MOhP3

Size

169.50KB

Packer
  • PE: compiler: Microsoft Visual C/C++(2008 SP1)[msvcrt]
  • PE: linker: Microsoft Linker(9.0)[EXE32]
TrID
  • 37.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
  • 20.0% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
  • 12.7% (.EXE) Win64 Executable (generic) (10523/12/4)
  • 7.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
  • 6.1% (.EXE) Win16 NE executable (generic) (5038/12/1)
Tags

ExifTool File Metadata

CharacterSet

Unicode

CodeSize

52.50KB

CompanyName

Microsoft Corporation

EntryPoint

0xc8e0

ExifToolVersionNumber

12.62

FileDescription

Character Map

FileFlags

Private build

FileFlagsMask

0x003f

FileOs

Windows NT 32-bit

FileSize

174 kB

FileSubtype

0

FileType

Win32 EXE

FileTypeExtension

exe

FileVersion

5.2.3668.0

FileVersionNumber

5.2.3668.0

ImageFileCharacteristics

Executable, 32-bit

ImageVersion

6.1

InitializedDataSize

249.00KB

InternalName

charmap.exe

LanguageCode

English (U.S.)

LegalCopyright

© Microsoft Corporation. All rights reserved.

LinkerVersion

9.0

MachineType

Intel 386 or later, and compatibles

MimeType

application/octet-stream

ObjectFileType

Executable application

OriginalFileName

charmap.exe

OsVersion

6.1

PeType

PE32

ProductName

Microsoft® Windows® Operating System

ProductVersion

5.2.3668.0

ProductVersionNumber

5.2.3668.0

Subsystem

Windows GUI

SubsystemVersion

6.1

UninitializedDataSize

0

Show all

Submissions

Published Name Source Country
王子凌薪资证明1.scr web US

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!