File 8a0e22e51df135b17ef1cbd07b6004960c1e07ac604b2d83dd704141423f49e2 Summary
Like

Analyse score

6 / 14

6 antivirus venders flagged
this file as malicious

Signature

File is not signed

Last scanned

First submission

File type

exe

exe

Basic properties

CRC32

0x6d3cb937

MD5

1d4b7fcbcff6113f78163cdbbd85f41e

Magic

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

SHA1

07a6aa6ea11407235f673deed8c7eb088bf09b3b

SHA256

8a0e22e51df135b17ef1cbd07b6004960c1e07ac604b2d83dd704141423f49e2

SHA512

778dd788f24ed994090de82ced7853ded0c9aadd508f07705ec7ade98cbfac934e1460a54253122c162edd314db321dcb5b24a934539b463bf46825805c61cac

SSDeep

49152:ZWsTEkwghTKv4jysGUqgCoOtt1JKYOd73luXA:ZFEkwghTKv4jysGUqgCxttK+X

Size

2.67MB

Packer
  • PE: protector: Dotfuscator(-)[-]
  • PE: library: .NET(v4.0.30319)[-]
  • PE: compiler: VB.NET(-)[-]
  • PE: linker: Microsoft Linker(8.0)[EXE32]
TrID
  • 67.7% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
  • 9.7% (.EXE) Win64 Executable (generic) (10523/12/4)
  • 6.0% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
  • 4.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
  • 4.1% (.EXE) Win32 Executable (generic) (4505/5/1)
Tags

ExifTool File Metadata

AssemblyVersion

112.21.41.127

CharacterSet

Unicode

CodeSize

2.57MB

Comments

EbHwCJNNcKmWPDjnAWFyBZQtgGHLkXsK

CompanyName

ZeCPRyMbWtGQTaMNPfSsJrEBGk

EntryPoint

0x29411a

ExifToolVersionNumber

12.64

FileDescription

WyAiXTJwEeZSBmJkMAZ

FileFlags

(none)

FileFlagsMask

0x003f

FileOs

Win32

FileSize

2.8 MB

FileSubtype

0

FileType

Win32 EXE

FileTypeExtension

exe

FileVersion

112.21.41.127

FileVersionNumber

112.21.41.127

ImageFileCharacteristics

Executable, 32-bit

ImageVersion

0.0

InitializedDataSize

100.00KB

InternalName

MePaB

LanguageCode

Neutral

LegalCopyright

QjSEXmxZWHfGLCaiWGEnA

LinkerVersion

8.0

MachineType

Intel 386 or later, and compatibles

MimeType

application/octet-stream

ObjectFileType

Executable application

OriginalFileName

MePaB

OsVersion

4.0

PeType

PE32

ProductName

RqEmJBAJ

ProductVersion

112.21.41.127

ProductVersionNumber

112.21.41.127

Subsystem

Windows GUI

SubsystemVersion

4.0

UninitializedDataSize

0

Show all

Submissions

Published Name Source Country
8a0e22e51df135b17ef1cbd07b6004960c1e07ac604b2d83dd704141423f49e2.exe web undefined

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!