Signature

File is not signed

Last scanned

1 year ago

2 years ago

exe

CRC32	0xab369dda
MD5	28e2720dd44dea7b5b64c7712ec3e863
Magic	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
SHA1	0f7ad92c57e73b69234fa454b27c9931b2c1c0c8
SHA256	e4b24a98d38285445fdbbe1ca8de09b073b7b512bb982591753e5cb26499652b
SHA512	ba1b59fcac45f8a1403b90f4857d59301f75eb5ce6090ee5a84e087533bacb26d9883c4f902d04cbdef7b93575345405dab5db3b7c0685cd3397b4b1849e204e
SSDeep	3072:+ICAVrmdPKqdEteRiMNRWiAn3tldXzBBhP/YXYtRRw99TorOR8hu9zfSvCRfNA0:5rlq+7biAdldjPJvGUrk6ehfuUk6
Size	658.00KB
Packer	PE: protector: .NET Reactor(4.8-4.9)[-] PE: library: .NET(v4.0.30319)[-] PE: linker: Microsoft Linker(6.0)[EXE32]
TrID	59.4% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13) 10.6% (.SCR) Windows screen saver (13097/50/3) 8.5% (.EXE) Win64 Executable (generic) (10523/12/4) 5.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 4.0% (.EXE) Win16 NE executable (generic) (5038/12/1)
Tags	AGEN Filecoder dotnet-reactor exe

AssemblyVersion	1.0.0.0
CharacterSet	Unicode
CodeSize	492.00KB
Comments	ZaszyfrowanePliki
CompanyName	ZaszyfrowanePliki
EntryPoint	0x7cece
ExifToolVersionNumber	12.49
FileDescription	ZaszyfrowanePliki
FileFlags	(none)
FileFlagsMask	0x003f
FileOs	Win32
FileSize	674 kB
FileSubtype	0
FileType	Win32 EXE
FileTypeExtension	exe
FileVersion	1.0.0.0
FileVersionNumber	1.0.0.0
ImageFileCharacteristics	Executable, No line numbers, No symbols, 32-bit
ImageVersion	0.0
InitializedDataSize	165.00KB
InternalName	ZaszyfrowanePliki.exe
LanguageCode	Neutral
LegalCopyright	Copyright © 2018
LegalTrademarks
LinkerVersion	6.0
MachineType	Intel 386 or later, and compatibles
MimeType	application/octet-stream
ObjectFileType	Executable application
OriginalFileName	ZaszyfrowanePliki.exe
OsVersion	4.0
PeType	PE32
ProductName	ZaszyfrowanePliki
ProductVersion	1.0.0.0
ProductVersionNumber	1.0.0.0
Subsystem	Windows GUI
SubsystemVersion	4.0
UninitializedDataSize	0

Show all

Published	Name	Source	Country
2021-12-30 22:19:42	Internet Download Manager 6.34 pre-crackedByGmBH.exe	web	AU

Description	Severity	Category	Module
Malware detection of a yara signature: Win32/WannaCry	malicious	Sandbox Detection	Behavior
Communicates over HTTP with a low reputation domain	informational	C2	Behavior
Deletes itself after process termination	suspicious	Stealth	Behavior
Write a file to the startup folder	suspicious	Persistence	Behavior
Check for the existence of Virtual Machines	suspicious	Signature	Yara

🚀 Coming soon!

🚀 Coming soon!