File d2213b8064a9b4b64d6b7627f01ba648e012d3d38187f27598910641e82e9701 Summary

Analyse score

9 / 14

9 antivirus venders flagged
this file as malicious

Signature

File is not signed

Last scanned

First submission

Basic properties

CRC32

0xa3da0902

MD5

a7071b90da33e20a404e2c302643eb2f

Magic

PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive

SHA1

0662de5e2770b23d90e9d41e516e0ec055b30b5a

SHA256

d2213b8064a9b4b64d6b7627f01ba648e012d3d38187f27598910641e82e9701

SHA512

30153c1ff151aa2ce774e2d7f3d121fc288e0e48e06bd1e6f28af0fa92dbc6bce21241d8217c797f2f7f948ac93fca1c261a755dad64ba1de9219eff67ecf26b

SSDeep

1536:bpgpHzb9dZVX9fHMvG0D3XJH4Romu/TpUl5t+RAg362Cy:FgXdZt9P6D3XJH45gd62F

Size

72.07KB

Packer
  • PE: installer: Nullsoft Scriptable Install System(2.46)[zlib]
  • PE: linker: Microsoft Linker(6.0*)[EXE32]
  • PE: overlay: NSIS data(-)[-]
TrID
  • 92.7% (.EXE) NSIS - Nullsoft Scriptable Install System (846567/2/133)
  • 3.4% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
  • 1.1% (.EXE) Win64 Executable (generic) (10523/12/4)
  • 0.7% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
  • 0.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
Tags

ExifTool File Metadata

CodeSize

23.50KB

EntryPoint

0x30fa

ExifToolVersionNumber

12.62

FileSize

74 kB

FileType

Win32 EXE

FileTypeExtension

exe

ImageFileCharacteristics

No relocs, Executable, No line numbers, No symbols, 32-bit

ImageVersion

6.0

InitializedDataSize

161.00KB

LinkerVersion

6.0

MachineType

Intel 386 or later, and compatibles

MimeType

application/octet-stream

OsVersion

4.0

PeType

PE32

Subsystem

Windows GUI

SubsystemVersion

4.0

UninitializedDataSize

1024

Show all

Submissions

Published Name Source Country
sample web FR

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!