File b47f74ff4a5626041930e2af9ed945635401f1d25c131a066ae419190832b6be Summary
Like

Analyse score

1 / 14

1 antivirus venders flagged
this file as malicious

Signature

Signed file, invalid signature

Last scanned

First submission

File type

exe

exe

Basic properties

CRC32

0x83e2ad5

MD5

752c3df9c7928126a6bf136f44dbe889

Magic

PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed

SHA1

204c88435b9b35e1e35e482d9b2c09d4abe1f318

SHA256

b47f74ff4a5626041930e2af9ed945635401f1d25c131a066ae419190832b6be

SHA512

a9443d1598d5867708957a7b51f38f1943abde41890282e1de29ec844767d99e9df6b032eec5ae5e10137dc900315d1a061aac44011dc26b5d5c21d01c5aebb9

SSDeep

24576:m6GnSZ6ML4sdPi0IUh+e25NwDhuOTQ8dleuDZ1wbGOLLm4iglP+4NKm0KoVUUUUS:mcnPDh+eGNYuOTQ8bDkSKmYP+d8oVUUG

Size

1.39MB

Packer
  • PE: packer: UPX(3.08)[LZMA,brute]
  • PE: compiler: Borland Delphi(-)[-]
  • PE: linker: Turbo Linker(2.25*,Delphi)[EXE32,signed]
TrID
  • 38.2% (.EXE) UPX compressed Win32 Executable (27066/9/6)
  • 37.5% (.EXE) Win32 EXE Yoda's Crypter (26569/9/4)
  • 9.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
  • 6.3% (.EXE) Win32 Executable (generic) (4505/5/1)
  • 2.8% (.EXE) OS/2 Executable (generic) (2029/13)
Tags

ExifTool File Metadata

CharacterSet

Windows, Latin1

CodeSize

1.35MB

CompanyName

西西软件园

EntryPoint

0x4ee0a0

ExifToolVersionNumber

12.64

FileDescription

www.cr173.com

FileFlags

(none)

FileFlagsMask

0x003f

FileOs

Win32

FileSize

1458 kB

FileSubtype

0

FileType

Win32 EXE

FileTypeExtension

exe

FileVersion

1.6.0.0

FileVersionNumber

1.6.0.0

ImageFileCharacteristics

No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

ImageVersion

0.0

InitializedDataSize

36.00KB

LanguageCode

English (U.S.)

LinkerVersion

2.25

MachineType

Intel 386 or later, and compatibles

MimeType

application/octet-stream

ObjectFileType

Executable application

OsVersion

5.0

PeType

PE32

ProductName

西西服务器流量监控管家客户端

ProductVersion

1.6.0.0

ProductVersionNumber

1.6.0.0

Subsystem

Windows GUI

SubsystemVersion

5.0

UninitializedDataSize

3751936

Show all

Submissions

Published Name Source Country
xixiServerMonitor.exe web CN

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!