File aa383d7bed26033596baa0812cff6dd2f50fd1495c56469c360d9cef1a1df75f Summary
Like

Analyse score

3 / 14

3 antivirus venders flagged
this file as malicious

Signature

File is not signed

Last scanned

First submission

Basic properties

CRC32

0x232663ed

MD5

98b41315868e0853e6bb980dc6486e2d

Magic

PE32+ executable (console) x86-64, for MS Windows

SHA1

abcbb50084f8629646417855e0e9ed1a030781f2

SHA256

aa383d7bed26033596baa0812cff6dd2f50fd1495c56469c360d9cef1a1df75f

SHA512

3787d536f13665fe7920fe0b545a1135aa6c4e911a87027ca1907522af8fffc4ccb4d303ed83c462bc3ae89cdda259303c8676d21cfe033bd9a9e1abf8c3c9f7

SSDeep

196608:tXMiR1auysa8MNzs/6ltLeHoCBipiXJlTCugsCbT4QCu0:tXMizauEN1xeHoCBgaJEX/p0

Size

6.51MB

Packer
  • PE+(64): linker: Polink(2.50*)[EXE64,console,admin]
TrID
  • 41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
  • 26.1% (.EXE) Win64 Executable (generic) (10523/12/4)
  • 12.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
  • 5.1% (.ICL) Windows Icons Library (generic) (2059/9)
  • 5.0% (.EXE) OS/2 Executable (generic) (2029/13)
Tags

ExifTool File Metadata

CharacterSet

Windows, Latin1

CodeSize

90.50KB

Comments

1

CompanyName

1

EntryPoint

0x1000

ExifToolVersionNumber

12.62

FileDescription

1

FileFlags

Debug, Pre-release, Private build

FileFlagsMask

0x003f

FileOs

Windows 16-bit

FileSize

6.8 MB

FileSubtype

0

FileType

Win64 EXE

FileTypeExtension

exe

FileVersion

1

FileVersionNumber

0.0.0.0

ImageFileCharacteristics

No relocs, Executable, No line numbers, No symbols, Large address aware

ImageVersion

0.0

InitializedDataSize

6.42MB

InternalName

1

LanguageCode

English (U.S.)

LegalCopyright

1

LegalTrademarks

1

LinkerVersion

2.50

MachineType

AMD AMD64

MimeType

application/octet-stream

ObjectFileType

Executable application

OriginalFileName

1

OsVersion

4.0

PeType

PE32+

PrivateBuild

1

ProductName

1

ProductVersion

1

ProductVersionNumber

0.0.0.0

SpecialBuild

1

Subsystem

Windows command line

SubsystemVersion

5.2

UninitializedDataSize

0

Show all

Submissions

Published Name Source Country
winppx.exe web undefined

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!