× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 10a714fe07df5e0201a1f4632d244a4868693e61caa26a81d44e754659d5887c
File name: e72cbd15a703383c013a65589361fee6
Detection ratio: 56 / 69
Analysis date: 2019-01-11 07:29:28 UTC ( 1 week, 1 day ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40267082 20190111
AhnLab-V3 Trojan/Win32.WannaCryptor.R200894 20190110
ALYac Trojan.GenericKD.40267082 20190111
Antiy-AVL Trojan[Ransom]/Win32.Wanna 20190111
Arcabit Trojan.Generic.D2666D4A 20190111
Avast Sf:WNCryLdr-A [Trj] 20190111
AVG Sf:WNCryLdr-A [Trj] 20190111
Avira (no cloud) TR/Wanna.grbmy 20190110
Baidu Win32.Worm.Rbot.a 20190110
BitDefender Trojan.GenericKD.40267082 20190111
CAT-QuickHeal Ransom.Zenshirsh.SL8 20190110
ClamAV Win.Ransomware.WannaCry-6313787-0 20190110
CMC Trojan-Ransom.Win32.Wanna!O 20190110
Comodo TrojWare.Win32.Eqtonex.A@7kqnsi 20190111
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181023
Cylance Unsafe 20190111
Cyren W32/WannaCrypt.A.gen!Eldorado 20190111
DrWeb Trojan.Encoder.11432 20190111
eGambit Trojan.Generic 20190111
Emsisoft Trojan.GenericKD.40267082 (B) 20190111
Endgame malicious (high confidence) 20181108
ESET-NOD32 Win32/Exploit.CVE-2017-0147.A 20190111
F-Prot W32/S-2b52222d!Eldorado 20190111
F-Secure Trojan.GenericKD.40267082 20190111
Fortinet W32/Wanna.M!tr 20190111
GData Win32.Exploit.CVE-2017-0147.A 20190111
Ikarus Exploit.CVE-2017-0147 20190110
Sophos ML heuristic 20181128
Jiangmin Trojan.Wanna.k 20190111
K7AntiVirus Exploit ( 0050d7a31 ) 20190111
K7GW Exploit ( 0050d7a31 ) 20190111
Kaspersky Trojan-Ransom.Win32.Wanna.m 20190111
Malwarebytes Ransom.WannaCrypt 20190111
MAX malware (ai score=84) 20190111
McAfee GenericRXFL-OG!E72CBD15A703 20190111
McAfee-GW-Edition BehavesLike.Win32.RansomWannaCry.th 20190111
Microsoft Ransom:Win32/CVE-2017-0147.A 20190111
eScan Trojan.GenericKD.40267082 20190111
NANO-Antivirus Trojan.Win32.Wanna.epxkni 20190111
Panda Trj/Genetic.gen 20190110
Qihoo-360 HEUR/QVM26.1.787F.Malware.Gen 20190111
Rising Ransom.Wanna!8.E7B2 (TFE:dGZlOgUxA5JDnJz0dA) 20190111
SentinelOne (Static ML) static engine - malicious 20181223
Sophos AV Mal/Wanna-A 20190111
Symantec Ransom.Wannacry 20190110
TACHYON Ransom/W32.WannaCry.5267459 20190111
TheHacker Trojan/Exploit.CVE-2017-0147.a 20190106
Trapmine malicious.high.ml.score 20190103
TrendMicro Ransom_WCRY.SMALYM 20190111
TrendMicro-HouseCall Ransom_WCRY.SMALYM 20190111
VBA32 Hoax.Wanna 20190110
ViRobot Trojan.Win32.WannaCry.5267459 20190111
Webroot W32.Trojan.Gen 20190111
Yandex Exploit.CVE-2017-0147! 20190110
Zillya Exploit.CVE.Win32.1766 20190110
ZoneAlarm by Check Point Trojan-Ransom.Win32.Wanna.m 20190111
Acronis 20190110
AegisLab 20190111
Alibaba 20180921
Avast-Mobile 20190110
Babable 20180918
Bkav 20190108
Cybereason 20190109
Kingsoft 20190111
Palo Alto Networks (Known Signatures) 20190111
SUPERAntiSpyware 20190109
Tencent 20190111
TotalDefense 20190111
Trustlook 20190111
Zoner 20190111
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-05-11 12:21:37
Entry Point 0x000011E9
Number of sections 5
PE sections
Overlays
MD5 693e9af84d3dfcc71e640e005bdc5e2e
File type ASCII text
Offset 5267456
Size 3
Entropy 0.00
PE imports
CreateProcessA
SizeofResource
LoadResource
LockResource
WriteFile
CloseHandle
CreateFileA
FindResourceA
_adjust_fdiv
_initterm
malloc
free
sprintf
PE exports
Number of PE resources by type
W 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2017:05:11 13:21:37+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
4096

LinkerVersion
6.0

FileTypeExtension
dll

InitializedDataSize
5259264

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit, DLL

EntryPoint
0x11e9

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 e72cbd15a703383c013a65589361fee6
SHA1 975a6cf818b0c58832edbe66790a9d42ae707dab
SHA256 10a714fe07df5e0201a1f4632d244a4868693e61caa26a81d44e754659d5887c
ssdeep
98304:awPoBhz1aRxcSUDk36SAEdhvxWa9h3RkAVp2H:awPe1Cxcxk3ZAEUaDRkc4H

authentihash 03651aaadcf978f4ff8833c05e08e1284f7a354b175f9dab126c32de7006eae3
imphash 2e5708ae5fed0403e8117c645fb23e5b
File size 5.0 MB ( 5267459 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
honeypot cve-2017-0147 exploit pedll overlay

VirusTotal metadata
First submission 2019-01-11 07:29:28 UTC ( 1 week, 1 day ago )
Last submission 2019-01-11 07:29:28 UTC ( 1 week, 1 day ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!