File f8e73ff888cd0f8d492e7a51df0e747c55184f367702ec700a38c182c6828b7a Summary
Like

Analyse score

9 / 14

9 antivirus venders flagged
this file as malicious

Signature

File is not signed

Last scanned

First submission

File type

exe

exe

Basic properties

CRC32

0xc0678cd0

MD5

be8ae0cfbe8c093cf632ab8b1481019d

Magic

PE32 executable (GUI) Intel 80386, for MS Windows

SHA1

90c082396eef81ed87b38e4ebafc56f6ac814cfe

SHA256

f8e73ff888cd0f8d492e7a51df0e747c55184f367702ec700a38c182c6828b7a

SHA512

34616db5e9557078bce9730da458fb3c4a7dabaa7ab4bb6bb8f5d01b66ad976b274e919afdfb57d2fc8d88f2bb78b6fe08b025d8771d9ed31ecfab0596c619cf

SSDeep

1536:IPrbYQXh+BZiovlIMR51iglsWL4CpMb+KR0Nc8QsJq39:WYW0nvNggiwpe0Nc8QsC9

Size

72.07KB

Packer
  • PE: linker: Microsoft Linker(6.0*)[EXE32]
  • PE: overlay: PDB 2.0 file link(-)[-]
TrID
  • 37.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
  • 20.0% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
  • 12.7% (.EXE) Win64 Executable (generic) (10523/12/4)
  • 7.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
  • 6.1% (.EXE) Win16 NE executable (generic) (5038/12/1)
Tags

ExifTool File Metadata

CharacterSet

Unicode

CodeSize

44.00KB

CompanyName

Apache Software Foundation

EntryPoint

0x1d7f

ExifToolVersionNumber

12.64

FileDescription

ApacheBench command line utility

FileFlags

(none)

FileFlagsMask

0x003f

FileOs

Win32

FileSize

74 kB

FileSubtype

0

FileType

Win32 EXE

FileTypeExtension

exe

FileVersion

2.2.14

FileVersionNumber

2.2.14.0

ImageFileCharacteristics

No relocs, Executable, No line numbers, No symbols, 32-bit

ImageVersion

0.0

InitializedDataSize

40.00KB

InternalName

ab.exe

LanguageCode

English (U.S.)

LegalCopyright

Copyright 2009 The Apache Software Foundation.

LinkerVersion

6.0

MachineType

Intel 386 or later, and compatibles

MimeType

application/octet-stream

ObjectFileType

Executable application

OriginalFileName

ab.exe

OsVersion

4.0

PeType

PE32

ProductName

Apache HTTP Server

ProductVersion

2.2.14

ProductVersionNumber

2.2.14.0

Subsystem

Windows GUI

SubsystemVersion

4.0

UninitializedDataSize

0

Show all

Submissions

Published Name Source Country
payload.exe web undefined

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!