File e248b01e3ccde76b4d8e8077d4fcb4d0b70e5200bf4e738b45a0bd28fbc2cae6 Summary
Like

Analyse score

6 / 14

6 antivirus venders flagged
this file as malicious

Signature

Signed file, valid signature

Last scanned

First submission

File type

exe

exe

Basic properties

CRC32

0x729ff757

MD5

1e2a99ae43d6365148d412b5dfee0e1c

Magic

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

SHA1

33c02d70abb2f1f12a79cfd780d875a94e7fe877

SHA256

e248b01e3ccde76b4d8e8077d4fcb4d0b70e5200bf4e738b45a0bd28fbc2cae6

SHA512

d962f2e4bbeee0183a3b75f26ccc6de273c28fe5a191c83c1e4ea6c84c8f70b535273452e05c5e11e4df725cad3054e346ad0b3d98348718a00a350b87a5fa0c

SSDeep

24576:sWjYtbXSRxqO8m657w6ZBLmkitKqBCjC0PDgM5A6:sW8tbiJVV1BCjB

Size

1.04MB

Packer
  • PE: library: .NET(v4.0.30319)[-]
  • PE: linker: Microsoft Linker(48.0)[EXE32,signed]
TrID
  • 60.4% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
  • 10.8% (.SCR) Windows screen saver (13097/50/3)
  • 8.7% (.EXE) Win64 Executable (generic) (10523/12/4)
  • 5.4% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
  • 4.1% (.EXE) Win16 NE executable (generic) (5038/12/1)
Tags

ExifTool File Metadata

AssemblyVersion

4.0.1.0

CharacterSet

Unicode

CodeSize

1.01MB

Comments

CompanyName

EntryPoint

0x103c5e

ExifToolVersionNumber

12.64

FileDescription

PdfPower

FileFlags

(none)

FileFlagsMask

0x003f

FileOs

Win32

FileSize

1086 kB

FileSubtype

0

FileType

Win32 EXE

FileTypeExtension

exe

FileVersion

4.0.1.0

FileVersionNumber

4.0.1.0

ImageFileCharacteristics

Executable, Large address aware

ImageVersion

0.0

InitializedDataSize

19.00KB

InternalName

PdfPowerB2C.exe

LanguageCode

Neutral

LegalCopyright

Copyright © 2022

LegalTrademarks

LinkerVersion

48.0

MachineType

Intel 386 or later, and compatibles

MimeType

application/octet-stream

ObjectFileType

Executable application

OriginalFileName

PdfPowerB2C.exe

OsVersion

4.0

PeType

PE32

ProductName

PdfPower

ProductVersion

4.0.1.0

ProductVersionNumber

4.0.1.0

Subsystem

Windows GUI

SubsystemVersion

6.0

UninitializedDataSize

0

Show all

Submissions

Published Name Source Country
vRCVE6f7ztgu web undefined

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!