Signature

File is not signed

Last scanned

9 months ago

9 months ago

exe

CRC32	0x79538860
MD5	3a3596d2f3a63c950b9da559db9faacb
Magic	PE32+ executable (GUI) x86-64, for MS Windows
SHA1	737fd05940bf295230052114052ece37d0d56163
SHA256	8f6ead47d2f3f5bdfe442278c35f445147d840bd5954d10e67f12e8923d979f0
SHA512	99f64771a245784174a5fc74cce2535d14d4c4d68ff0d2109b2ee8f204e43b86bbf693bfa0c934b5a6f0c5b6abaddf4fd67f012bae56f208b6fc16a05d8f8375
SSDeep	24576:bUCrVUfXOsFUeK2cXgsnKkO7xr5Ua8cuLzPx4gjvb5SO:zSfYeH0gsnVO7Ma0zPxlv5L
Size	1.08MB
Packer	PE+(64): packer: UPX(4.02)[LZMA,brute] PE+(64): linker: Microsoft Linker(14.29**)[EXE64]
TrID	64.7% (.EXE) UPX compressed Win64 Executable (70117/5/12) 25.0% (.EXE) UPX compressed Win32 Executable (27066/9/6) 4.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 1.8% (.EXE) OS/2 Executable (generic) (2029/13) 1.8% (.EXE) Generic Win/DOS Executable (2002/3)
Tags	upx exe

CharacterSet	Unicode
CodeSize	972.00KB
EntryPoint	0x3848b0
ExifToolVersionNumber	12.62
FileFlags	(none)
FileFlagsMask	0x003f
FileOs	Windows NT 32-bit
FileSize	1134 kB
FileSubtype	0
FileType	Win64 EXE
FileTypeExtension	exe
FileVersion	1.0.0.1
FileVersionNumber	1.0.0.1
ImageFileCharacteristics	Executable, Large address aware
ImageVersion	0.0
InitializedDataSize	136.00KB
InternalName	logView.exe
LanguageCode	Chinese (Simplified)
LegalCopyright	Copyright (C) 2023
LinkerVersion	14.29
MachineType	AMD AMD64
MimeType	application/octet-stream
ObjectFileType	Executable application
OriginalFileName	logView.exe
OsVersion	6.0
PeType	PE32+
ProductName	调试日志查看
ProductVersion	1.0.0.1
ProductVersionNumber	1.0.0.1
Subsystem	Windows GUI
SubsystemVersion	6.0
UninitializedDataSize	2695168

Show all

Published	Name	Source	Country
2023-07-20 06:12:22	logView.exe	web	undefined

Description	Severity	Category	Module
Malware detection of a yara signature: Win32/WannaCry	malicious	Sandbox Detection	Behavior
Communicates over HTTP with a low reputation domain	informational	C2	Behavior
Deletes itself after process termination	suspicious	Stealth	Behavior
Write a file to the startup folder	suspicious	Persistence	Behavior
Check for the existence of Virtual Machines	suspicious	Signature	Yara

🚀 Coming soon!

🚀 Coming soon!