Signature

Signed file, valid signature

Last scanned

2 weeks ago

2 weeks ago

exe

CRC32	0xbe2e9643
MD5	3e7203695c8c844a764fd79274d46e6b
Magic	PE32+ executable (GUI), for MS Windows
SHA1	9645eb4c3f659663d49830f3153a743fd0fb2415
SHA256	d58c8ae1a54a68486918d595d02c533eb3baf0daa19b4f3cbf6283b95b89c0af
SHA512	7f668f1f87b45a2495d564b67dcdf803dc691287fb31f6d1245362afa4487450d4298aaacf4e3de00462c3169f08cb57ee5a024f7078e5849390213ce38bf907
SSDeep	49152:EYmcbl68QvkylFjNJljIQn95Ig9hivXxSGgAOEL+5Kqvr9v:EYPg8kIAIfDVLyN
Size	4.61MB
Packer	PE: linker: Microsoft Linker(14.37**)[EXE64,admin,signed]
TrID	80.0% (.CPL) Windows Control Panel Item (generic) (197083/11/60) 6.7% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 4.2% (.EXE) Win64 Executable (generic) (10523/12/4) 2.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 2.0% (.EXE) Win16 NE executable (generic) (5038/12/1)
Tags	exe

CharacterSet	Unicode
CodeSize	1.54MB
CompanyName	Akeo Consulting
EntryPoint	0xe7318
ExifToolVersionNumber	12.64
FileDescription	Rufus
FileFlags	(none)
FileFlagsMask	0x003f
FileOs	Windows NT 32-bit
FileSize	4.8 MB
FileSubtype	0
FileType	Win32 EXE
FileTypeExtension	exe
FileVersion	4.4.2103
FileVersionNumber	4.4.2103.0
ImageFileCharacteristics	Executable, Large address aware
ImageVersion	0.0
InitializedDataSize	3.36MB
InternalName	Rufus
LanguageCode	Neutral
LegalCopyright	© 2011-2024 Pete Batard (GPL v3)
LinkerVersion	14.37
MachineType	Unknown (0xaa64)
MimeType	application/octet-stream
ObjectFileType	Executable application
OriginalFileName	rufus-4.4.exe
OsVersion	6.2
PeType	PE32+
ProductName	Rufus
ProductVersion	4.4.2103
ProductVersionNumber	4.4.2103.0
Subsystem	Windows GUI
SubsystemVersion	6.2
UninitializedDataSize	0

Show all

Published	Name	Source	Country
2024-04-19 03:06:36	rufus-4.4_arm64.exe	web	undefined

Description	Severity	Category	Module
Malware detection of a yara signature: Win32/WannaCry	malicious	Sandbox Detection	Behavior
Communicates over HTTP with a low reputation domain	informational	C2	Behavior
Deletes itself after process termination	suspicious	Stealth	Behavior
Write a file to the startup folder	suspicious	Persistence	Behavior
Check for the existence of Virtual Machines	suspicious	Signature	Yara

🚀 Coming soon!

🚀 Coming soon!