File ca4bed0330558829a5b642a63ea28bceb62def74b6a3e309460eea4e185da106 Summary
Like

Analyse score

6 / 14

6 antivirus venders flagged
this file as malicious

Signature

File is not signed

Last scanned

First submission

Basic properties

CRC32

0x736e8467

MD5

e2132d123382278c9646ae2ebbe3b3a7

Magic

PE32 executable (console) Intel 80386, for MS Windows

SHA1

f2b257bb84b29ba0c73faf854e39470ace9801a7

SHA256

ca4bed0330558829a5b642a63ea28bceb62def74b6a3e309460eea4e185da106

SHA512

c703eb197ae7abcd3f1cd53d82f832de24e4263dfdc018bb573f895d1d507585d0944225d9ad510e8abbb757ffd8beba1d74084a3ffd2afd40dc2d550080991a

SSDeep

6144:3kvY9W2QcboLKCwSuo0/WdjEXCNVDLNU3mxcK3PnXvBHkyEXq:3kw9XbCwSuo0/EEXCNJprX1kyEXq

Size

333.50KB

Packer
  • PE: compiler: Microsoft Visual C/C++(-)[-]
  • PE: linker: Microsoft Linker(14.36**)[EXE32,console]
TrID
  • 32.2% (.EXE) Win64 Executable (generic) (10523/12/4)
  • 20.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
  • 15.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
  • 13.7% (.EXE) Win32 Executable (generic) (4505/5/1)
  • 6.2% (.EXE) OS/2 Executable (generic) (2029/13)
Tags

ExifTool File Metadata

CodeSize

244.00KB

EntryPoint

0x20018

ExifToolVersionNumber

12.62

FileSize

342 kB

FileType

Win32 EXE

FileTypeExtension

exe

ImageFileCharacteristics

Executable, 32-bit

ImageVersion

0.0

InitializedDataSize

88.50KB

LinkerVersion

14.36

MachineType

Intel 386 or later, and compatibles

MimeType

application/octet-stream

OsVersion

6.0

PeType

PE32

Subsystem

Windows command line

SubsystemVersion

6.0

UninitializedDataSize

0

Show all

Submissions

Published Name Source Country
protect143.exe web undefined

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!