File aa9d96c271db8ec4a4893b079fd0f52350e1e68624744d0bcb6d9b2c49bc7316 Summary
Like

Analyse score

1 / 14

1 antivirus venders flagged
this file as malicious

Signature

Signed file, invalid signature

Last scanned

First submission

File type

exe

exe

Basic properties

CRC32

0xaeca890e

MD5

6b89ac1d26cf8656008851a62440b005

Magic

PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed

SHA1

e811b9b620c99de129311246df6d45b64366366c

SHA256

aa9d96c271db8ec4a4893b079fd0f52350e1e68624744d0bcb6d9b2c49bc7316

SHA512

f75d7c66de41c37ac4948324af398464cb1a9123b9ad16a8a6e49083f1930d77b66cf4c139157e6cdb7e60e1553a4924c2449d98c03d77a81e043ab8c29ce79c

SSDeep

12288:HNrhTLpMP+R+QDCfA832AtBYmz6af0F7Z1QVjSvPJINx:HthTiP+ffCfB5Lf0F7Z1EKPeNx

Size

476.48KB

Packer
  • PE: packer: UPX(3.91)[NRV,brute]
  • PE: linker: Microsoft Linker(6.0*)[EXE32,admin,signed]
TrID
  • 29.3% (.EXE) UPX compressed Win32 Executable (27066/9/6)
  • 28.7% (.EXE) Win32 EXE Yoda's Crypter (26569/9/4)
  • 17.9% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
  • 7.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
  • 5.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
Tags

ExifTool File Metadata

CharacterSet

ASCII

CodeSize

440.00KB

Comments

Created with TrueUpdate

CompanyName

Indigo Rose Corporation

EntryPoint

0x135f10

ExifToolVersionNumber

12.64

FileDescription

TrueUpdate Client

FileFlags

(none)

FileFlagsMask

0x0000

FileOs

Win32

FileSize

488 kB

FileSubtype

0

FileType

Win32 EXE

FileTypeExtension

exe

FileVersion

3.8.0.0

FileVersionNumber

3.8.0.0

ImageFileCharacteristics

No relocs, Executable, No line numbers, No symbols, 32-bit

ImageVersion

0.0

InitializedDataSize

32.00KB

InternalName

tu_rt

LanguageCode

English (U.S.)

LegalCopyright

Runtime Engine Copyright © 2005-2015 Indigo Rose Corporation (www.indigorose.com)

LegalTrademarks

TrueUpdate is a trademark of Indigo Rose Corporation

LinkerVersion

6.0

MachineType

Intel 386 or later, and compatibles

MimeType

application/octet-stream

ObjectFileType

Executable application

OriginalFileName

tu_rt.exe

OsVersion

4.0

PeType

PE32

PrivateBuild

ca09038b06919029a67884ff61748e61

ProductName

TrueUpdate Client

ProductVersion

3.8.0.0

ProductVersionNumber

3.8.0.0

Subsystem

Windows GUI

SubsystemVersion

4.0

UninitializedDataSize

819200

Show all

Submissions

Published Name Source Country
2wLgXx.exe web undefined

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!