File db0d72bc7d10209f7fa354ec100d57abbb9fe2e57ce72789f5f88257c5d3ebd1 Summary
Like

Analyse score

8 / 14

8 antivirus venders flagged
this file as malicious

Signature

File is not signed

Last scanned

First submission

File type

exe

exe

Basic properties

CRC32

0x8eef2e7c

MD5

48d8f7bbb500af66baa765279ce58045

Magic

PE32 executable (console) Intel 80386, for MS Windows

SHA1

2cdb5fdeee4e9c7bd2e5f744150521963487eb71

SHA256

db0d72bc7d10209f7fa354ec100d57abbb9fe2e57ce72789f5f88257c5d3ebd1

SHA512

aef8aa8e0d16aab35b5cc19487e53583691e4471064bc556a2ee13e94a0546b54a33995739f0fa3c4de6ff4c6abf02014aef3efb0d93ca6847bad2220c3302bd

SSDeep

49152:bbevayZlMTWkygVy0nQZfVY2BtZzpPL4PuQ65+6Dv7m0KXTn:bbexZlMQcEVY2BtZzpPL4WQI9U

Size

2.67MB

Packer
  • PE: compiler: Microsoft Visual C/C++(2013)[-]
  • PE: linker: Microsoft Linker(12.0*)[EXE32,console]
TrID
  • 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
  • 15.9% (.EXE) Win64 Executable (generic) (10523/12/4)
  • 9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
  • 7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
  • 6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
Tags

ExifTool File Metadata

CodeSize

62.00KB

EntryPoint

0x3aa3

ExifToolVersionNumber

12.64

FileSize

2.8 MB

FileType

Win32 EXE

FileTypeExtension

exe

ImageFileCharacteristics

No relocs, Executable, 32-bit

ImageVersion

0.0

InitializedDataSize

6.61MB

LinkerVersion

12.0

MachineType

Intel 386 or later, and compatibles

MimeType

application/octet-stream

OsVersion

5.1

PeType

PE32

Subsystem

Windows command line

SubsystemVersion

5.1

UninitializedDataSize

0

Show all

Submissions

Published Name Source Country
DanaBot.exe web undefined

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!