File efa287c1f2c01eb6b0e4292eb1fedf3fd29492ebba64e13738878fb4f9000110 Summary
Like

Analyse score

5 / 14

5 antivirus venders flagged
this file as malicious

Signature

File is not signed

Last scanned

First submission

File type

exe

exe

Basic properties

CRC32

0xd5c9f0a6

MD5

864e453acde745eef43cbae68e7241eb

Magic

PE32 executable (console) Intel 80386, for MS Windows

SHA1

bd7e920d40a1086be9d3e91babb8b466fceb21f4

SHA256

efa287c1f2c01eb6b0e4292eb1fedf3fd29492ebba64e13738878fb4f9000110

SHA512

63926690d782d402c0c2750831161ce4d8710e89ccdc4a971f58480ef7f698b9471aca0f153a33ee4abae02bbb85d680d7a4fe8942234ddeee414f85847d81f7

SSDeep

768:P/EAAqxG0QqLccK+xL7scaOZ/IcGs8WbwnWh+6AXT2qEDnXbiPGEDUXnpT0rJmnU:0Ac0QqgHW7/ZwcF8c6jELX+PupTNj

Size

54.00KB

Packer
  • PE: compiler: Microsoft Visual C/C++(2010)[libcmt]
  • PE: linker: Microsoft Linker(10.0)[EXE32,console]
TrID
  • 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
  • 15.9% (.EXE) Win64 Executable (generic) (10523/12/4)
  • 9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
  • 7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
  • 6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
Tags

ExifTool File Metadata

CodeSize

36.00KB

EntryPoint

0x14ac

ExifToolVersionNumber

12.62

FileSize

55 kB

FileType

Win32 EXE

FileTypeExtension

exe

ImageFileCharacteristics

Executable, 32-bit

ImageVersion

5079.31435

InitializedDataSize

24.50KB

LinkerVersion

10.0

MachineType

Intel 386 or later, and compatibles

MimeType

application/octet-stream

OsVersion

5.1

PeType

PE32

Subsystem

Windows command line

SubsystemVersion

5.1

UninitializedDataSize

0

Warning

Error processing PE data dictionary

Show all

Submissions

Published Name Source Country
wildfire-test-pe-file (1).exe web SI

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!