File cf37935c943523c1cc0f6ced75a84c0d03c50f1e97883ee392db4759e42d6a0a Summary
Like

Analyse score

0 / 14

No antivirus venders flagged
this file as malicious

Signature

Signed file, invalid signature

Last scanned

First submission

File type

exe

exe

Basic properties

CRC32

0x7c8a3e1c

MD5

1e947f5232b4b539672ffb81c1220db8

Magic

PE32+ executable (GUI) x86-64, for MS Windows

SHA1

6d3c5c87a92ab79c72871886bd3c76b92e6b7871

SHA256

cf37935c943523c1cc0f6ced75a84c0d03c50f1e97883ee392db4759e42d6a0a

SHA512

aaaaaf62a054c241c654f6c7162678dd22c50fc7d96e2f22210f14616835c66ce0ecfe08d93b0991ad2c3d4bbfa829e2e4d634a3bc286329dad078ae0e539c51

SSDeep

786432:AUKl0l1ffDVfwrIxouPRemhb2k1vhczjaY1Nn:jpfD+IpRhikCuY3

Size

26.43MB

Packer
  • PE+(64): linker: Turbo Linker(8.0)[EXE64,signed]
TrID
  • 33.2% (.MZP) WinArchiver Mountable compressed Archive (3000/1)
  • 22.4% (.EXE) OS/2 Executable (generic) (2029/13)
  • 22.1% (.EXE) Generic Win/DOS Executable (2002/3)
  • 22.1% (.EXE) DOS Executable Generic (2000/1)
Tags

ExifTool File Metadata

CharacterSet

Windows, Latin1

CodeSize

44.41MB

CompanyName

Oxygen Forensics

EntryPoint

0x51ab058

ExifToolVersionNumber

12.62

FileDescription

Oxygen Forensic Viewer

FileFlags

(none)

FileFlagsMask

0x003f

FileOs

Win32

FileSize

28 MB

FileSubtype

0

FileType

Win64 EXE

FileTypeExtension

exe

FileVersion

14.6.0.51

FileVersionNumber

14.6.0.51

ImageFileCharacteristics

No relocs, Executable, Large address aware

ImageVersion

5.2

InitializedDataSize

22.19MB

InternalName

Oxygen Forensic Viewer

LanguageCode

English (U.S.)

LegalCopyright

Copyright (c) 2000-2022 Oxygen Forensics. All rights reserved.

LegalTrademarks

Oxygen Forensics

LinkerVersion

8.0

MachineType

AMD AMD64

MimeType

application/octet-stream

ObjectFileType

Executable application

OriginalFileName

OxyViewer.exe

OsVersion

5.2

PeType

PE32+

ProductName

Oxygen Forensic Viewer

ProductVersion

14.6.0.0

ProductVersionNumber

14.6.0.0

ProgramId

com.embarcadero.OxyForensicStudioViewer

Subsystem

Windows GUI

SubsystemVersion

5.2

UninitializedDataSize

0

Show all

Submissions

Published Name Source Country
OxyViewer.exe web VN

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!