By using Saferwall you consent to our Terms of Service and Privacy Policy and allow us to share your submission with the security community. Learn more

Summary

Analyse score

12/ 14

12 antivirus venders flagged
this file as malicious

Signature

File is not signed

Last scanned

First submission

File type

exe

exe

Basic properties

CRC32

0x7017fca6

MD5

6468ee100d88c71d55dfdcf4e30f991e

Magic

PE32+ executable (GUI) x86-64, for MS Windows

SHA1

5c520d2d7dc4c9e5d536d3aff998185657d40ac8

SHA256

b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801

SHA512

41913eb5adaab42c7ebff547421c0faedede5a3356cb2aa8b92ab20320f73766101056853f450435281cf31e7f32603c62fbd88fa3a680b19abda5d8cc9a98ae

SSDeep

768:QzG3EG0IUJrd6dQar/MjfW33AMar6q3Fu:QKEG4Jx6Ky/Mjo3AMa13U

Size

32.00KB

TLSH

f9e25b52a2fa190cf5b6b6b49db111355ab63896debdf39e5580100c4af2ed08e38b13

Packer
  • PE+(64): compiler: FASM(1.73)[EXE64]
TrID
  • 33.4% (.EXE) OS/2 Executable (generic) (2029/13)
  • 33.0% (.EXE) Generic Win/DOS Executable (2002/3)
  • 33.0% (.EXE) DOS Executable Generic (2000/1)
  • 0.4% (.VXD) VXD Driver (29/21)
Tags

ExifTool File Metadata

CodeSize

31.50KB

EntryPoint

0x1000

ExifToolVersionNumber

12.76

FileSize

33 kB

FileType

Win64 EXE

FileTypeExtension

exe

ImageFileCharacteristics

No relocs, Executable, No line numbers, No symbols, Large address aware

ImageVersion

0.0

InitializedDataSize

0B

LinkerVersion

1.73

MachineType

AMD AMD64

MimeType

application/octet-stream

OsVersion

1.0

PeType

PE32+

Subsystem

Windows GUI

SubsystemVersion

5.0

UninitializedDataSize

0

Submissions

Published Name Source Country
b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801 api
Australia

Indicators

Description Severity Category Module
Creates ransom notes
high
Ransomware behavior