File f0de75d7a7d33b681b21930a8bbfd18b62a783d76eeebedd454d9b6f33b1a0f6 Summary
Like

Analyse score

1 / 14

1 antivirus venders flagged
this file as malicious

Signature

File is not signed

Last scanned

First submission

Basic properties

CRC32

0x6b41cfa7

MD5

a3286735892ff7b09dde0d42e7e85f17

Magic

PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows

SHA1

aabeff63bfbeb3b7a758ea0b68d7a3f519f5fe8c

SHA256

f0de75d7a7d33b681b21930a8bbfd18b62a783d76eeebedd454d9b6f33b1a0f6

SHA512

f650f8c0ce096e7965b04c8a9ce4e51293bf02333675f5e67395c021d6792d5de4c3f7842a0913afb1dc2a50443aaa7f0ca86dc37690380c41e39e4f5447332e

SSDeep

24576:Ly6i11/4fAWwVwxGvTm/czkVpwfqQQsmpMXdyJPNmPoLxVx+hVoDfqobOIonuZMn:LbSdWuKc6KSQQfpBXd/+h8f+p++

Size

1.79MB

Packer
  • PE+(64): library: .NET(v4.0.30319)[-]
  • PE+(64): linker: Microsoft Linker(11.0)[EXE64]
TrID
  • 44.4% (.EXE) Win64 Executable (generic) (10523/12/4)
  • 21.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
  • 8.7% (.ICL) Windows Icons Library (generic) (2059/9)
  • 8.5% (.EXE) OS/2 Executable (generic) (2029/13)
  • 8.4% (.EXE) Generic Win/DOS Executable (2002/3)
Tags

ExifTool File Metadata

AssemblyVersion

0.0.0.0

CharacterSet

Unicode

CodeSize

1.75MB

EntryPoint

0x0000

ExifToolVersionNumber

12.62

FileDescription

Windows-Befehlsprozessor

FileFlags

(none)

FileFlagsMask

0x003f

FileOs

Win32

FileSize

1873 kB

FileSubtype

0

FileType

Win64 EXE

FileTypeExtension

exe

FileVersion

0.0.0.0

FileVersionNumber

0.0.0.0

ImageFileCharacteristics

Executable, Large address aware

ImageVersion

0.0

InitializedDataSize

33.00KB

InternalName

Cmd.Exe.MUI

LanguageCode

Neutral

LegalCopyright

© Microsoft Corporation. Alle Rechte vorbehalten.

LinkerVersion

11.0

MachineType

AMD AMD64

MimeType

application/octet-stream

ObjectFileType

Executable application

OriginalFileName

Cmd.Exe.MUI

OsVersion

4.0

PeType

PE32+

ProductName

Betriebssystem Microsoft® Windows®

ProductVersion

10.0.22621.2428

ProductVersionNumber

10.0.22621.2428

Subsystem

Windows GUI

SubsystemVersion

4.0

UninitializedDataSize

0

Show all

Submissions

Published Name Source Country
QiUZ2.exe web DE

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!