File f92ad1e92780a039397fd62d04affe97f1a65d04e7a41c9b5da6dd3fd265967e Summary

Analyse score

0 / 14

No antivirus venders flagged
this file as malicious

Signature

Signed file, invalid signature

Last scanned

First submission

Basic properties

CRC32

0xfb10aa47

MD5

d952d907646a522caf6ec5d00d114ce1

Magic

PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive

SHA1

75ad9bacb60ded431058a50a220e22a35e3d03f7

SHA256

f92ad1e92780a039397fd62d04affe97f1a65d04e7a41c9b5da6dd3fd265967e

SHA512

3bfaee91d161de09c66ef7a85ad402f180624293cdc13d048edbeec5a3c4ad2bc84d5fde92383feb9b9f2d83e40a3e9ff27e81a32e605513611b6001f284b9fe

SSDeep

393216:oZsfK4YUD12zS7SEOegn4j7BgNE9O+wcDGFdClu8ZLzzpC4:gsfKPUD1kS7249O3cDGvClnlC4

Size

15.65MB

Packer
  • PE: installer: Nullsoft Scriptable Install System(3.02)[lzma]
  • PE: linker: Microsoft Linker(6.0*)[EXE32,admin,signed]
  • PE: overlay: NSIS data(-)[-]
TrID
  • 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
  • 15.9% (.EXE) Win64 Executable (generic) (10523/12/4)
  • 9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
  • 7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
  • 6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
Tags

ExifTool File Metadata

CodeSize

24.00KB

EntryPoint

0x31bb

ExifToolVersionNumber

12.64

FileSize

16 MB

FileType

Win32 EXE

FileTypeExtension

exe

ImageFileCharacteristics

No relocs, Executable, No line numbers, No symbols, 32-bit

ImageVersion

6.0

InitializedDataSize

116.00KB

LinkerVersion

6.0

MachineType

Intel 386 or later, and compatibles

MimeType

application/octet-stream

OsVersion

4.0

PeType

PE32

Subsystem

Windows GUI

SubsystemVersion

4.0

UninitializedDataSize

1024

Show all

Submissions

Published Name Source Country
DroidCam.Setup.6.5.2.exe web undefined

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!