Signature

File is not signed

Last scanned

2 weeks ago

2 weeks ago

exe

CRC32	0xb0b5f3
MD5	845624a4d4809b76ce383fe15c415f62
Magic	PE32 executable (GUI) Intel 80386, for MS Windows
SHA1	d5920ecd609e6b403bfa5c0a0e03025616eb0cad
SHA256	e8cebc231087a5a797f00ef5308fac823a797198c099236789aebe3f96c2fdff
SHA512	4ee5724a8f2cef7a41c1f69c441d9a3b2fc6b57f90ebd8ee143998f082e89faf0a7eb17be50b725d7ed9937637f65fd57adaeb0aa11e3f4280328b071c8075bc
SSDeep	1536:Iy/ANZGw2j+s+EC/zYvtmmZX1k6Mb+KR0Nc8QsJq39:r/Ari+EC/kFRX1k6e0Nc8QsC9
Size	72.07KB
Packer	PE: linker: Microsoft Linker(6.0*)[EXE32] PE: overlay: PDB 2.0 file link(-)[-]
TrID	37.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 20.0% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 12.7% (.EXE) Win64 Executable (generic) (10523/12/4) 7.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 6.1% (.EXE) Win16 NE executable (generic) (5038/12/1)
Tags	EPACK Rozena exe Meterpreter

CharacterSet	Unicode
CodeSize	44.00KB
CompanyName	Apache Software Foundation
EntryPoint	0x148b
ExifToolVersionNumber	12.64
FileDescription	ApacheBench command line utility
FileFlags	(none)
FileFlagsMask	0x003f
FileOs	Win32
FileSize	74 kB
FileSubtype	0
FileType	Win32 EXE
FileTypeExtension	exe
FileVersion	2.2.14
FileVersionNumber	2.2.14.0
ImageFileCharacteristics	No relocs, Executable, No line numbers, No symbols, 32-bit
ImageVersion	0.0
InitializedDataSize	40.00KB
InternalName	ab.exe
LanguageCode	English (U.S.)
LegalCopyright	Copyright 2009 The Apache Software Foundation.
LinkerVersion	6.0
MachineType	Intel 386 or later, and compatibles
MimeType	application/octet-stream
ObjectFileType	Executable application
OriginalFileName	ab.exe
OsVersion	4.0
PeType	PE32
ProductName	Apache HTTP Server
ProductVersion	2.2.14
ProductVersionNumber	2.2.14.0
Subsystem	Windows GUI
SubsystemVersion	4.0
UninitializedDataSize	0

Show all

Published	Name	Source	Country
2024-04-19 23:06:37	win10.exe	web	undefined

Description	Severity	Category	Module
Malware detection of a yara signature: Win32/WannaCry	malicious	Sandbox Detection	Behavior
Communicates over HTTP with a low reputation domain	informational	C2	Behavior
Deletes itself after process termination	suspicious	Stealth	Behavior
Write a file to the startup folder	suspicious	Persistence	Behavior
Check for the existence of Virtual Machines	suspicious	Signature	Yara

🚀 Coming soon!

🚀 Coming soon!