File 9c9b237462dcdc1b6f210280b44c9efedd34065f12a342c8fcf3a2eea65f18da Summary
Like

Analyse score

2 / 14

2 antivirus venders flagged
this file as malicious

Signature

File is not signed

Last scanned

First submission

File type

exe

exe

Basic properties

CRC32

0x36690151

MD5

bb1ac124ec1c90ea39810e67ddb97451

Magic

PE32 executable (GUI) Intel 80386, for MS Windows

SHA1

aaa0e1c642007620e9c2bf9b09248ab811b724d6

SHA256

9c9b237462dcdc1b6f210280b44c9efedd34065f12a342c8fcf3a2eea65f18da

SHA512

983934c74bbdbdb579812863486ca27aada9bf2c5b3d1509ee26fa3ab1c0f0ac48127e7c86f594e793ebfcd2faaf41e22cc68489d52a885990952a848b17abc0

SSDeep

196608:Qw/Aw/WtQlopet60UhwRlSEsRUcZ8/ehfa42YeC4k6fI4/:Qw/Aw/W7pet60DlGOgaqIj

Size

8.16MB

Packer
  • PE: sfx: WinRAR(-)[-]
  • PE: compiler: Microsoft Visual C/C++(2015 v.14.0)[-]
  • PE: linker: Microsoft Linker(14.0, Visual Studio 2015 14.0*)[EXE32]
  • PE: overlay: RAR archive(-)[-]
  • PE: archive: RAR(5)[-]
TrID
  • 40.3% (.EXE) Win64 Executable (generic) (10523/12/4)
  • 19.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
  • 17.2% (.EXE) Win32 Executable (generic) (4505/5/1)
  • 7.7% (.EXE) OS/2 Executable (generic) (2029/13)
  • 7.6% (.EXE) Generic Win/DOS Executable (2002/3)
Tags

ExifTool File Metadata

CodeSize

197.00KB

EntryPoint

0x1ed60

ExifToolVersionNumber

12.64

FileSize

8.6 MB

FileType

Win32 EXE

FileTypeExtension

exe

ImageFileCharacteristics

Executable, 32-bit

ImageVersion

0.0

InitializedDataSize

667.00KB

LinkerVersion

14.0

MachineType

Intel 386 or later, and compatibles

MimeType

application/octet-stream

OsVersion

5.1

PeType

PE32

Subsystem

Windows GUI

SubsystemVersion

5.1

UninitializedDataSize

0

Show all

Submissions

Published Name Source Country
fathe3.sfx.exe web undefined

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!