File 90a887450c07d3b5df2682d01b62b6346ff2805fd096e22c3a19792a45ec1ad5 Summary
Like

Analyse score

1 / 14

1 antivirus venders flagged
this file as malicious

Signature

File is not signed

Last scanned

First submission

File type

exe

exe

Basic properties

CRC32

0x1470ed0e

MD5

8cf07f5a5e34234b6b191199c92b90ee

Magic

PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows

SHA1

5ccf768700b1fea25e472e03171e3db634028832

SHA256

90a887450c07d3b5df2682d01b62b6346ff2805fd096e22c3a19792a45ec1ad5

SHA512

d70e94110a77fed2d464966ee1468f1ec617c8fc080c7f991e8ec00dd0fa1f286c6ce313d94d1fe5477b2053e5fa480132135dec7ee433a021011df5b07d7d4c

SSDeep

98304:IR3vUAwAOLum0lQvNuFTa+1r7Fk24fMXliCK:qciKvATa+1Nx4fMXlo

Size

7.05MB

Packer
  • PE+(64): compiler: MinGW(GCC: (x86_64-posix-seh-rev0, Built by MinGW-W64 pr)[-]
  • PE+(64): linker: GNU linker ld (GNU Binutils)(2.30)[EXE64,console]
TrID
  • 41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
  • 26.1% (.EXE) Win64 Executable (generic) (10523/12/4)
  • 12.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
  • 5.1% (.ICL) Windows Icons Library (generic) (2059/9)
  • 5.0% (.EXE) OS/2 Executable (generic) (2029/13)
Tags

ExifTool File Metadata

CodeSize

3.46MB

EntryPoint

0x14e0

ExifToolVersionNumber

12.62

FileSize

7.4 MB

FileType

Win64 EXE

FileTypeExtension

exe

ImageFileCharacteristics

Executable, No line numbers, No symbols, Large address aware, No debug

ImageVersion

0.0

InitializedDataSize

7.05MB

LinkerVersion

2.30

MachineType

AMD AMD64

MimeType

application/octet-stream

OsVersion

6.1

PeType

PE32+

Subsystem

Windows command line

SubsystemVersion

6.1

UninitializedDataSize

385024

Show all

Submissions

Published Name Source Country
searchall64.exe web HK

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!