File 9e7d694ed87ae95f9c25af5f3a5cea76188cd7c1c91ce49c92e25585f232d98e Summary
Like

Analyse score

5 / 14

5 antivirus venders flagged
this file as malicious

Signature

File is not signed

Last scanned

First submission

File type

exe

exe

Basic properties

CRC32

0x9e936874

MD5

c5e430d78ff30617dd35e2e3d8195a89

Magic

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows

SHA1

9759d2aa1f554e59f60a7ca583ed474e3893cd0e

SHA256

9e7d694ed87ae95f9c25af5f3a5cea76188cd7c1c91ce49c92e25585f232d98e

SHA512

8160c01c817b55f823a10fc50a7543eda4407422a7f7f6cd0622b719f5bc771321b91346f9f21c953e6cb06bb477b83625605911f532a66b842c68fd34585105

SSDeep

3072:JQcpywWBS+F9TQw4cesrHyrOMGTkrNRD:JlY9T6cekMGTuNR

Size

116.00KB

Packer
  • PE: linker: unknown(2.35)[EXE32,console]
TrID
  • 43.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
  • 22.9% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
  • 9.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
  • 6.9% (.EXE) Win16 NE executable (generic) (5038/12/1)
  • 6.2% (.EXE) Win32 Executable (generic) (4505/5/1)
Tags

ExifTool File Metadata

CharacterSet

Windows, Latin1

CodeSize

45.50KB

CompanyName

EntryPoint

0x14c0

ExifToolVersionNumber

12.64

FileDescription

Paranoid Fish is paranoid

FileFlags

(none)

FileFlagsMask

0x0000

FileOs

Unknown (0)

FileSize

119 kB

FileSubtype

0

FileType

Win32 EXE

FileTypeExtension

exe

FileVersion

FileVersionNumber

0.6.0.0

ImageFileCharacteristics

No relocs, Executable, No line numbers, No symbols, 32-bit, No debug

ImageVersion

1.0

InitializedDataSize

115.00KB

InternalName

LanguageCode

English (U.S.)

LegalCopyright

LegalTrademarks

LinkerVersion

2.35

MachineType

Intel 386 or later, and compatibles

MimeType

application/octet-stream

ObjectFileType

Executable application

OriginalFileName

OsVersion

4.0

PeType

PE32

ProductName

Paranoid Fish

ProductVersion

ProductVersionNumber

0.6.0.0

Subsystem

Windows command line

SubsystemVersion

4.0

UninitializedDataSize

5120

Show all

Submissions

Published Name Source Country
pafish.exe web undefined

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!