File bdc827cc3a5367cd6f87deb7ff4add252087a9fe541bc5e50e43b29fdd1a571d Summary

Analyse score

3 / 14

3 antivirus venders flagged
this file as malicious

Signature

File is not signed

Last scanned

First submission

Basic properties

CRC32

0x90235780

MD5

66532600ff8ff9031120ba007eb143d8

Magic

PE32 executable (console) Intel 80386, for MS Windows

SHA1

04bf488390149db57cb534d8e4d860d20515b295

SHA256

bdc827cc3a5367cd6f87deb7ff4add252087a9fe541bc5e50e43b29fdd1a571d

SHA512

de73f93e07be1904fdfac9bfc18fd363a49a569911e15eef4b257958617057f7de101487a3c08245403aa4d15f255dd430d6e88737e90c8a027dcc7b9016696d

SSDeep

6144:PqpDqM1Fc4DI5M6LA+ii6seld6Qu/i8harAOR+63dDcP2j:PqUoDIvLliiWpu/iKarz3drj

Size

270.00KB

Packer
  • PE: compiler: Microsoft Visual C/C++(-)[-]
  • PE: linker: Microsoft Linker(14.28**)[EXE32,console]
TrID
  • 32.2% (.EXE) Win64 Executable (generic) (10523/12/4)
  • 20.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
  • 15.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
  • 13.7% (.EXE) Win32 Executable (generic) (4505/5/1)
  • 6.2% (.EXE) OS/2 Executable (generic) (2029/13)
Tags

ExifTool File Metadata

CodeSize

162.00KB

EntryPoint

0xe199

ExifToolVersionNumber

12.62

FileSize

276 kB

FileType

Win32 EXE

FileTypeExtension

exe

ImageFileCharacteristics

Executable, 32-bit

ImageVersion

0.0

InitializedDataSize

111.00KB

LinkerVersion

14.28

MachineType

Intel 386 or later, and compatibles

MimeType

application/octet-stream

OsVersion

6.0

PeType

PE32

Subsystem

Windows command line

SubsystemVersion

6.0

UninitializedDataSize

0

Show all

Submissions

Published Name Source Country
Repo_Fucker.exe web PH

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!