Analyse score
4 antivirus venders flagged
this file as malicious
Signature
File is not signed
Last scanned
First submission
File type
exe
4 antivirus venders flagged
this file as malicious
File is not signed
exe
CRC32 | 0xd0cf9bbf |
---|---|
MD5 | a9568d43ae35af375764d9502356272d |
Magic | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
SHA1 | 16190394f652022d547363b50de2267083301675 |
SHA256 | a09e1814358a26642fd7a5080553d3f09aeccf99bcacb39d7cdf2e8453bad508 |
SHA512 | da0a5a73f88ef4bf13655512fe6a9e09b88bb22fdf0b8afcf701c12a17a22fdfe28029213fa36fd1cfa0dea777bf075e4632b9c5ce13b6c2e81661a3be2bc69c |
SSDeep | 98304:Q+S9bgfBprGf3oVqFP/rCNqQ5jNEmQoVMRuT7mGfVmH68EeOq8:zMcXrGf3oYR2zjCoVLnmKVma8xP8 |
Size | 4.58MB |
Packer |
|
TrID |
|
Tags |
CharacterSet | Unicode |
---|---|
CodeSize | 376.00KB |
Comments | KMS/数字权利/KMS38/OEM激活 |
CompanyName | 知彼而知己 |
EntryPoint | 0x51cd80 |
ExifToolVersionNumber | 12.64 |
FileDescription | HEU KMS Activator™ |
FileFlags | (none) |
FileFlagsMask | 0x0000 |
FileOs | Win32 |
FileSize | 4.8 MB |
Published | Name | Source | Country |
---|---|---|---|
系统与office激活.exe | web | CA |
Description | Severity | Category | Module |
---|---|---|---|
Malware detection of a yara signature: Win32/WannaCry | malicious
|
Sandbox Detection | Behavior |
Communicates over HTTP with a low reputation domain | informational
|
C2 | Behavior |
Deletes itself after process termination | suspicious
|
Stealth | Behavior |
Write a file to the startup folder | suspicious
|
Persistence | Behavior |
Check for the existence of Virtual Machines | suspicious
|
Signature | Yara |
🚀 Coming soon!
🚀 Coming soon!