File b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801 Summary

10 / 14

10 antivirus venders flagged
this file as malicious

Signature

File is not signed

Last scanned

3 months ago

First submission

10 months ago

exe

exe

Basic properties

CRC32	0x7017fca6
MD5	6468ee100d88c71d55dfdcf4e30f991e
Magic	PE32+ executable (GUI) x86-64, for MS Windows
SHA1	5c520d2d7dc4c9e5d536d3aff998185657d40ac8
SHA256	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801
SHA512	41913eb5adaab42c7ebff547421c0faedede5a3356cb2aa8b92ab20320f73766101056853f450435281cf31e7f32603c62fbd88fa3a680b19abda5d8cc9a98ae
SSDeep	768:QzG3EG0IUJrd6dQar/MjfW33AMar6q3Fu:QKEG4Jx6Ky/Mjo3AMa13U
Size	32.00KB
Packer	PE+(64): compiler: FASM(1.73)[EXE64]
TrID	33.4% (.EXE) OS/2 Executable (generic) (2029/13) 33.0% (.EXE) Generic Win/DOS Executable (2002/3) 33.0% (.EXE) DOS Executable Generic (2000/1) 0.4% (.VXD) VXD Driver (29/21)
Tags	AGEN Filecoder fasm exe Tiggre

ExifTool File Metadata

CodeSize	31.50KB
EntryPoint	0x1000
ExifToolVersionNumber	12.64
FileSize	33 kB
FileType	Win64 EXE
FileTypeExtension	exe
ImageFileCharacteristics	No relocs, Executable, No line numbers, No symbols, Large address aware
ImageVersion	0.0
InitializedDataSize	0B
LinkerVersion	1.73
MachineType	AMD AMD64
MimeType	application/octet-stream
OsVersion	1.0
PeType	PE32+
Subsystem	Windows GUI
SubsystemVersion	5.0
UninitializedDataSize	0

Show all

Submissions

Published	Name	Source	Country
2023-07-09 03:59:26	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801	api	AU

Indicators

Description	Severity	Category	Module
Malware detection of a yara signature: Win32/WannaCry	malicious	Sandbox Detection	Behavior
Communicates over HTTP with a low reputation domain	informational	C2	Behavior
Deletes itself after process termination	suspicious	Stealth	Behavior
Write a file to the startup folder	suspicious	Persistence	Behavior
Check for the existence of Virtual Machines	suspicious	Signature	Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!