Upload files

By using Saferwall you consent to our Terms of Service and Privacy Policy and allow us to share your submission with the security community. Learn more

Summary
Like

Analyse score

7/ 14

7 antivirus venders flagged
this file as malicious

Signature

File is not signed

Last scanned

First submission

File type

exe

exe

Basic properties

CRC32

0x42661f2f

MD5

a276dfaee244f85a1926263fbcbf5a23

Magic

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

SHA1

3b19c84cc488d19093e22e1ec9272a6c160a1a96

SHA256

48a51ed7766daaba86274cb37a095cca6b5e732784bbb17470ef02be6c55d7c6

SHA512

22f79fc5f02b8a2feeec7e2a3323f4f839262c948c0230629a944a5f830c8ed698e9082491f2f44e4d59425a8e76df74e84b008a7bd17d0f6b6bc7cfa20aefda

SSDeep

384:Q3MLWHn3kI3fcSxlR2WpOAbW+ATTJSr91Crxb5Ye3:Yn3kIE69pvi1Sr9SxbGe3

Size

23.00KB

Packer
  • PE: library: .NET(v4.0.30319)[-]
  • PE: linker: Microsoft Linker(11.0)[EXE32]
TrID
  • 71.1% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
  • 10.2% (.EXE) Win64 Executable (generic) (10523/12/4)
  • 6.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
  • 4.3% (.EXE) Win32 Executable (generic) (4504/4/1)
  • 2.0% (.ICL) Windows Icons Library (generic) (2059/9)
Tags

ExifTool File Metadata

AssemblyVersion

0.0.0.0

CharacterSet

Unicode

CodeSize

20.50KB

EntryPoint

0x6ffe

ExifToolVersionNumber

12.76

FileDescription

FileFlags

(none)

FileFlagsMask

0x003f

FileOs

Win32

FileSize

24 kB

FileSubtype

0

FileType

Win32 EXE

FileTypeExtension

exe

FileVersion

0.0.0.0

FileVersionNumber

0.0.0.0

ImageFileCharacteristics

Executable, 32-bit

ImageVersion

0.0

InitializedDataSize

2.00KB

InternalName

ffgghgh.exe

LanguageCode

Neutral

LegalCopyright

LinkerVersion

11.0

MachineType

Intel 386 or later, and compatibles

MimeType

application/octet-stream

ObjectFileType

Executable application

OriginalFileName

ffgghgh.exe

OsVersion

4.0

PeType

PE32

ProductVersion

0.0.0.0

ProductVersionNumber

0.0.0.0

Subsystem

Windows GUI

SubsystemVersion

4.0

UninitializedDataSize

0

Submissions

Published Name Source Country
2024-07-04_a276dfaee244f85a1926263fbcbf5a23_chaos_destroyer_wannacry web
N/A

Indicators

Description Severity Category Module
Identify persistence via registry autorun keys
informative
technique yara
Identify persistence via registry autorun keys
informative
technique yara