File a3f9e7787a1b07383b16a9deba1e2e34620eb2d5319fb612146a63fcc8106ab5 Summary
Like

Analyse score

0 / 14

No antivirus venders flagged
this file as malicious

Signature

Signed file, invalid signature

Last scanned

First submission

File type

exe

exe

Basic properties

CRC32

0xc80e3c15

MD5

4220c3d2309bb4880293653e677a87c3

Magic

PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed

SHA1

0f19938b50db179aa965c11ce19a60384664f998

SHA256

a3f9e7787a1b07383b16a9deba1e2e34620eb2d5319fb612146a63fcc8106ab5

SHA512

36c05e2187b488b064f1b22ffcb15200ef371b7eb9a41e08351d54bbef8a12182ede2525f11ca4867b7bcbcec25b64d9110e041da7348aef476b62fecbb8fd36

SSDeep

98304:uk1WROxfTXTFXOEpaBK2Qxm/AVomfmTomST06FOznLo0+Dd6uxcBnE3RJXYopemu:DX3F6n80W6uGyBJYopUIJUozjOc8Kqca

Size

5.40MB

Packer
  • PE: packer: UPX(3.08)[LZMA,brute]
  • PE: compiler: Microsoft Visual C/C++(2010 SP1)[-]
  • PE: linker: Microsoft Linker(10.0)[EXE32,admin,signed]
  • PE: overlay: Setup Factory installer data(8.x, 9.x)[-]
TrID
  • 30.6% (.EXE) UPX compressed Win32 Executable (27066/9/6)
  • 30.0% (.EXE) Win32 EXE Yoda's Crypter (26569/9/4)
  • 11.9% (.EXE) Win64 Executable (generic) (10523/12/4)
  • 7.4% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
  • 5.7% (.EXE) Win16 NE executable (generic) (5038/12/1)
Tags

ExifTool File Metadata

CharacterSet

Windows, Latin1

CodeSize

28.00KB

Comments

Created with Setup Factory

EntryPoint

0x6eae0

ExifToolVersionNumber

12.62

FileDescription

Setup Application

FileFlags

Private build

FileFlagsMask

0x003f

FileOs

Windows NT 32-bit

FileSize

5.7 MB

FileSubtype

0

FileType

Win32 EXE

FileTypeExtension

exe

FileVersion

9.1.0.0

FileVersionNumber

9.1.0.0

ImageFileCharacteristics

Executable, 32-bit

ImageVersion

0.0

InitializedDataSize

368.00KB

InternalName

suf_launch

LanguageCode

English (U.S.)

LegalCopyright

Setup Engine Copyright © 2004-2012 Indigo Rose Corporation

LegalTrademarks

Setup Factory is a trademark of Indigo Rose Corporation.

LinkerVersion

10.0

MachineType

Intel 386 or later, and compatibles

MimeType

application/octet-stream

ObjectFileType

Executable application

OriginalFileName

suf_launch.exe

OsVersion

5.1

PeType

PE32

ProductName

Setup Factory Runtime

ProductVersion

9.1.0.0

ProductVersionNumber

9.1.0.0

Subsystem

Windows GUI

SubsystemVersion

5.1

UninitializedDataSize

425984

Show all

Submissions

Published Name Source Country
Decrap_Setup.exe web NL

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!