× الكوكيز معطل! هذا الموقع يتطلب تمكين الكوكيز للعمل بشكل صحيح
SHA256: b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25
إسم الملف: @WanaDecryptor@.exe
نسبة الفحص: 59 / 66
تاريخ الفحص 2018-04-17 03:28:18 UTC ( 2 يومان، 14 ساعة مضت )
مكافح الفيروسات النتيجة التحديث
Ad-Aware Trojan.Ransom.WannaCryptor.L 20180417
AegisLab Uds.Dangerousobject.Multi!c 20180417
AhnLab-V3 Trojan/Win32.WannaCryptor.R200589 20180416
ALYac Trojan.Ransom.WannaCryptor 20180417
Antiy-AVL Trojan/Win32.Deshacop 20180417
Arcabit Trojan.Ransom.WannaCryptor.L 20180417
Avast Win32:WanaCry-A [Trj] 20180417
AVG Win32:WanaCry-A [Trj] 20180417
Avira (no cloud) TR/FileCoder.724645 20180416
AVware Trojan.Win32.Generic!BT 20180417
BitDefender Trojan.Ransom.WannaCryptor.L 20180417
CAT-QuickHeal Ransom.WanaCry.S962568 20180416
ClamAV Win.Trojan.Agent-6312824-0 20180416
Comodo TrojWare.Win32.Ransom.WannaCryptor.~ 20180417
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170201
Cylance Unsafe 20180417
Cyren W32/Trojan.FMLA-6191 20180417
DrWeb Trojan.Encoder.11432 20180417
Emsisoft Trojan.Ransom.WannaCryptor.L (B) 20180417
Endgame malicious (high confidence) 20180403
ESET-NOD32 Win32/Filecoder.WannaCryptor.D 20180417
F-Prot W32/WannaCrypt.A 20180417
F-Secure Trojan.Ransom.WannaCryptor.L 20180417
Fortinet W32/GenKryptik.1C25!tr 20180417
GData Win32.Trojan-Ransom.WannaCry.E 20180417
Ikarus Trojan-Ransom.WannaCry 20180416
Sophos ML heuristic 20180121
Jiangmin Trojan.WanaCry.a 20180417
K7AntiVirus Trojan ( 0001140e1 ) 20180416
K7GW Trojan ( 0001140e1 ) 20180417
Kaspersky Trojan-Ransom.Win32.Wanna.c 20180417
Malwarebytes Ransom.WannaCrypt 20180417
MAX malware (ai score=100) 20180417
McAfee Ransom-O 20180417
McAfee-GW-Edition BehavesLike.Win32.Generic.dh 20180417
Microsoft Ransom:Win32/WannaCrypt 20180416
eScan Trojan.Ransom.WannaCryptor.L 20180417
NANO-Antivirus Trojan.Win32.Wanna.eottwl 20180416
nProtect Ransom/W32.Wanna.245760 20180417
Palo Alto Networks (Known Signatures) generic.ml 20180417
Panda Trj/RansomCrypt.K 20180416
Qihoo-360 Win32/Trojan.Multi.daf 20180417
Rising Trojan.Win32.WanaCrypt.d (CLASSIC) 20180417
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Troj/Wanna-D 20180417
SUPERAntiSpyware Ransom.WannaCrypt/Variant 20180417
Symantec Ransom.Wannacry 20180416
Tencent Trojan.Win32.WannaCry.d 20180417
TheHacker Trojan/Filecoder.WannaCryptor.d 20180415
TrendMicro RANSOM_WCRY.I 20180417
TrendMicro-HouseCall RANSOM_WCRY.I 20180417
VBA32 Trojan-Ransom.Wanna 20180414
VIPRE Trojan.Win32.Generic!BT 20180417
ViRobot Trojan.Win32.S.WannaCry.245760 20180417
Webroot W32.Ransom.Wannacry 20180417
Yandex Trojan.Filecoder!vJ8G5Dz20yg 20180414
Zillya Trojan.WannaCry.Win32.9 20180416
ZoneAlarm by Check Point Trojan-Ransom.Win32.Wanna.c 20180417
Zoner Trojan.Wannacry 20180416
Alibaba 20180417
Avast-Mobile 20180416
Baidu 20180416
Bkav 20180410
CMC 20180416
Cybereason None
eGambit 20180417
Kingsoft 20180417
Symantec Mobile Insight 20180412
Trustlook 20180417
WhiteArmor 20180408
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name LODCTR.EXE
Internal name LODCTR.EXE
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Load PerfMon Counters
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-07-13 23:19:35
Entry Point 0x00013102
Number of sections 4
PE sections
PE imports
CryptReleaseContext
RegCloseKey
RegSetValueExA
FreeSid
RegQueryValueExA
AllocateAndInitializeSid
RegCreateKeyW
GetUserNameA
CheckTokenMembership
Ord(8)
_TrackMouseEvent
GetDeviceCaps
GetObjectA
CreateCompatibleDC
CreateRectRgn
GetWindowOrgEx
PatBlt
GetTextExtentPoint32A
RectVisible
TextOutA
CreateFontIndirectA
ExtTextOutA
PtVisible
Escape
BitBlt
GetViewportOrgEx
DeleteObject
CreateCompatibleBitmap
CreateFontA
CreateSolidBrush
CopyFileW
SystemTimeToFileTime
GetUserDefaultLangID
ReadFile
TerminateThread
GetFileAttributesA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
FindNextFileA
EnterCriticalSection
CopyFileA
GetTickCount
SetFileTime
GlobalUnlock
LoadLibraryA
GetFileAttributesW
SystemTimeToTzSpecificLocalTime
DeleteCriticalSection
GetStartupInfoA
GetDriveTypeW
GetLocaleInfoA
GetFileSize
GetDiskFreeSpaceExW
CreateDirectoryA
DeleteFileA
GetCurrentDirectoryA
MultiByteToWideChar
SetFilePointerEx
GetModuleFileNameA
GetProcAddress
GetFileTime
SetFilePointer
GetLogicalDrives
CreateThread
GetModuleHandleA
FindNextFileW
WriteFile
FindFirstFileA
CloseHandle
GetTempFileNameA
GetComputerNameA
FindFirstFileW
WideCharToMultiByte
GlobalLock
TerminateProcess
CreateProcessA
GetTimeZoneInformation
GetExitCodeThread
InitializeCriticalSection
GlobalAlloc
LocalFileTimeToFileTime
FindClose
Sleep
SetEndOfFile
CreateFileA
ExitProcess
SetCurrentDirectoryA
LeaveCriticalSection
Ord(6197)
Ord(2023)
Ord(3998)
Ord(4080)
Ord(537)
Ord(4710)
Ord(2414)
Ord(3597)
Ord(2411)
Ord(939)
Ord(3136)
Ord(341)
Ord(665)
Ord(5678)
Ord(2124)
Ord(5736)
Ord(755)
Ord(3798)
Ord(2621)
Ord(3721)
Ord(5290)
Ord(940)
Ord(2864)
Ord(2446)
Ord(1979)
Ord(6438)
Ord(6215)
Ord(781)
Ord(4441)
Ord(5787)
Ord(5579)
Ord(795)
Ord(616)
Ord(815)
Ord(922)
Ord(641)
Ord(3698)
Ord(654)
Ord(1641)
Ord(5277)
Ord(2514)
Ord(4402)
Ord(3640)
Ord(3089)
Ord(5199)
Ord(3574)
Ord(1134)
Ord(941)
Ord(4465)
Ord(609)
Ord(5300)
Ord(1200)
Ord(2381)
Ord(3797)
Ord(4476)
Ord(5759)
Ord(4425)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(3402)
Ord(923)
Ord(4234)
Ord(825)
Ord(5781)
Ord(4218)
Ord(5571)
Ord(5710)
Ord(693)
Ord(567)
Ord(4424)
Ord(540)
Ord(6648)
Ord(6136)
Ord(4078)
Ord(2554)
Ord(289)
Ord(6376)
Ord(6194)
Ord(6021)
Ord(1727)
Ord(3370)
Ord(823)
Ord(5785)
Ord(2642)
Ord(283)
Ord(2379)
Ord(2725)
Ord(640)
Ord(3874)
Ord(2578)
Ord(4353)
Ord(6061)
Ord(6189)
Ord(2582)
Ord(3749)
Ord(2512)
Ord(470)
Ord(4274)
Ord(5261)
Ord(6876)
Ord(3259)
Ord(4079)
Ord(1146)
Ord(6663)
Ord(3147)
Ord(2860)
Ord(6375)
Ord(324)
Ord(2370)
Ord(4284)
Ord(4398)
Ord(3301)
Ord(3262)
Ord(2289)
Ord(5241)
Ord(1576)
Ord(2754)
Ord(1775)
Ord(5864)
Ord(6778)
Ord(2575)
Ord(5065)
Ord(4407)
Ord(4275)
Ord(3708)
Ord(3346)
Ord(858)
Ord(2396)
Ord(3831)
Ord(353)
Ord(6374)
Ord(5280)
Ord(6453)
Ord(6192)
Ord(2976)
Ord(4998)
Ord(323)
Ord(3825)
Ord(1089)
Ord(2985)
Ord(6140)
Ord(3663)
Ord(3922)
Ord(6052)
Ord(2818)
Ord(4376)
Ord(2405)
Ord(6734)
Ord(3582)
Ord(800)
Ord(535)
Ord(6172)
Ord(3830)
Ord(5794)
Ord(2385)
Ord(4278)
Ord(3706)
Ord(2971)
Ord(3619)
Ord(3092)
Ord(5875)
Ord(3079)
Ord(4396)
Ord(6334)
Ord(2055)
Ord(3996)
Ord(4837)
Ord(3571)
Ord(4129)
Ord(1776)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(4277)
Ord(4622)
Ord(561)
Ord(6186)
Ord(4330)
Ord(3596)
Ord(1640)
Ord(2302)
Ord(765)
Ord(924)
Ord(3573)
Ord(4486)
Ord(5789)
Ord(3081)
Ord(4698)
Ord(613)
Ord(5756)
Ord(3626)
Ord(5163)
Ord(6055)
Ord(6199)
Ord(5265)
Ord(4673)
Ord(5307)
Ord(5302)
Ord(6170)
Ord(860)
Ord(5731)
Ord(5873)
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
?_Xran@std@@YAXXZ
?_Split@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?_Xlen@std@@YAXXZ
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
_purecall
__p__fmode
malloc
srand
??0exception@@QAE@ABV0@@Z
_acmdln
??1type_info@@UAE@XZ
fread
_wcsnicmp
__dllonexit
swprintf
fgets
sscanf
fopen
strncpy
_except_handler3
strtok
fwrite
strncmp
??0exception@@QAE@ABQBD@Z
_mbscmp
_onexit
wcslen
wcscmp
??1exception@@UAE@XZ
exit
_XcptFilter
realloc
wcsrchr
__setusermatherr
rand
__p__commode
sprintf
__CxxFrameHandler
_wcsicmp
fclose
_adjust_fdiv
free
wcscat
_CxxThrowException
_mbsstr
__getmainargs
calloc
__p___argv
_exit
__p___argc
_setmbcp
memmove
_local_unwind2
wcscpy
strrchr
_ftol
wcsstr
time
_strnicmp
_initterm
_controlfp
__set_app_type
VariantTimeToSystemTime
SHGetFolderPathW
ShellExecuteExA
ShellExecuteA
SetFocus
RedrawWindow
GetParent
SystemParametersInfoA
OffsetRect
FindWindowW
KillTimer
ShowWindow
SetWindowPos
GetSystemMetrics
EnableWindow
DrawIcon
GrayStringA
GetSysColor
SetActiveWindow
DrawTextA
SetClipboardData
SendMessageA
CloseClipboard
SetWindowTextW
SystemParametersInfoW
BringWindowToTop
IsIconic
InvalidateRect
TabbedTextOutA
wsprintfA
SetTimer
LoadCursorA
LoadIconA
FillRect
GetClientRect
EmptyClipboard
SetForegroundWindow
OpenClipboard
SetCursor
DeleteUrlCacheEntry
__WSAFDIsSet
socket
setsockopt
bind
inet_addr
send
ioctlsocket
WSAStartup
gethostbyname
WSAGetLastError
connect
shutdown
closesocket
inet_ntoa
htons
recv
select
URLDownloadToFileA
Number of PE resources by type
RT_DIALOG 5
RT_ICON 3
RT_BITMAP 3
RT_GROUP_ICON 2
Struct(240) 1
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 16
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
159744

EntryPoint
0x13102

OriginalFileName
LODCTR.EXE

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2009:07:14 00:19:35+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
LODCTR.EXE

ProductVersion
6.1.7600.16385

FileDescription
Load PerfMon Counters

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
81920

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 7bf2b57f2a205768755c07f238fb32cc
SHA1 45356a9dd616ed7161a3b9192e2f318d0ab5ad10
SHA256 b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25
ssdeep
3072:Rmrhd5U1eigWcR+uiUg6p4FLlG4tlL8z+mmCeHFZjoHEo3m:REd5+IZiZhLlG4AimmCo

authentihash ba936082512d7f462df284097992e756bede1cae6146044f72519f8b4b4cff57
imphash dcac8383cc76738eecb5756694c4aeb2
File size 240.0 ك.ب ( 245760 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe via-tor

VirusTotal metadata
First submission 2017-05-12 07:32:47 UTC ( 11 شهر، 1 أسبوع مضت )
Last submission 2018-04-17 03:28:18 UTC ( 2 يومان، 14 ساعة مضت )
أسماء الملفات @WanaDecryptor@.exe
LODCTR.EXE
VirusShare_7bf2b57f2a205768755c07f238fb32cc
output.111378198.txt
wnry1.exe
WanaDecryptor.ex_
suspicious
@WanaDecryptor@.exe
ToolAntiWannaCRY.exe
localfile~
131
@WanaDecryptor@.exe
91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9
@WanaDecrypto r@.exe
b9c5d4339809e0ad_u.wnry
Ransom.HydraCrypt.exe
@WanaDecryptor@.exe
b9c5.bin
@WanaDecryptor@.exe
u.wnry
91A39E919296CB5C6ECCBA710B780519D90035175AA460EC6DBE631324E5E5753BD8D87F395B5481BCD7E1AD623B31A34382D81FAAE06BEF60EC28B49C3122A9.infected
b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25.bin.exe
@WanaDecryptor@.exe
_WanaDecryptor_ .exe.kkkk
7BF2B57F
Advanced heuristic and reputation engines
Behaviour characterization
Zemana
dll-injection

لا توجد تعليقات. لا يوجد أحد من أعضاء مجتمع فايروس توتال قام بالتعليق على هذا الملف حتى الآن، كٌن اول شخص يفعل ذلك!

أترك تعليقك...

?
إضافة تعليق

لم تقم بتسجيل الدخول.فقط الأعضاء المسجلون لدينا يملكون صلاحية الرد, قم بتسجيل الدخول وشارك بصوتك !

لا توجد تصويتات. لا احد صوت على هذا الملف من قبل، كٌن اول شخص يفعل ذلك!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
UDP communications