× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1a94621d772e89776dd8d6b1f3c216c51a8a14f5a11e7cd1d5dd62affe6397c7
File name: 5fb27cd8351225c5195016c878fb6a03
Detection ratio: 51 / 63
Analysis date: 2019-03-13 12:08:22 UTC ( 1 week, 5 days ago )
Antivirus Result Update
Acronis suspicious 20190313
Ad-Aware Trojan.GenericKD.40267082 20190313
AegisLab Trojan.Win32.Wanna.tpxd 20190313
AhnLab-V3 Trojan/Win32.WannaCryptor.R200894 20190313
ALYac Trojan.GenericKD.40267082 20190313
Antiy-AVL Trojan[Ransom]/Win32.Wanna 20190313
Arcabit Trojan.Generic.D2666D4A 20190313
Avast Sf:WNCryLdr-A [Trj] 20190313
AVG Sf:WNCryLdr-A [Trj] 20190313
Avira (no cloud) W32/Virut.Gen 20190313
Baidu Win32.Worm.Rbot.a 20190306
BitDefender Trojan.GenericKD.40267082 20190313
CAT-QuickHeal Ransom.WannaCrypt.S1670344 20190312
ClamAV Win.Ransomware.WannaCry-6313787-0 20190312
CMC Virus.Win32.Virut.1!O 20190313
Comodo TrojWare.Win32.Ransom.WannaCry.AB@75ge5e 20190313
CrowdStrike Falcon (ML) win/malicious_confidence_100% (D) 20190212
Cyren W32/WannaCrypt.A.gen!Eldorado 20190313
DrWeb Trojan.Encoder.11432 20190313
Emsisoft Trojan.GenericKD.40267082 (B) 20190313
Endgame malicious (high confidence) 20190215
ESET-NOD32 Win32/Exploit.CVE-2017-0147.A 20190313
F-Secure Malware.W32/Virut.Gen 20190313
Fortinet W32/WannaCryptor.H!tr.ransom 20190313
GData Win32.Exploit.CVE-2017-0147.A 20190313
Ikarus Trojan-Ransom.WannaCry 20190313
Sophos ML heuristic 20181128
Jiangmin Trojan.Wanna.k 20190313
K7AntiVirus Exploit ( 0050d7a31 ) 20190313
K7GW Exploit ( 0050d7a31 ) 20190313
Kaspersky Trojan-Ransom.Win32.Wanna.m 20190313
Malwarebytes Ransom.WannaCrypt 20190313
MAX malware (ai score=80) 20190313
McAfee GenericRXFL-OG!5FB27CD83512 20190313
McAfee-GW-Edition BehavesLike.Win32.RansomWannaCry.th 20190313
Microsoft Ransom:Win32/CVE-2017-0147.A 20190313
eScan Trojan.GenericKD.40267082 20190313
NANO-Antivirus Trojan.Win32.Wanna.epxkni 20190313
Panda Trj/Genetic.gen 20190312
Qihoo-360 HEUR/QVM26.1.D09B.Malware.Gen 20190313
Rising Ransom.Wanna!8.E7B2 (TFE:dGZlOgUxA5JDnJz0dA) 20190313
SentinelOne (Static ML) DFI - Malicious PE 20190311
Sophos AV Mal/Wanna-A 20190313
Tencent Trojan-Ransom.Win32.Wanna.m 20190313
TheHacker Trojan/Exploit.CVE-2017-0147.a 20190308
Trapmine malicious.high.ml.score 20190301
TrendMicro-HouseCall Ransom_WCRY.SMALYM 20190313
VBA32 Hoax.Wanna 20190313
ViRobot Trojan.Win32.WannaCry.5267459 20190313
Yandex Exploit.CVE-2017-0147! 20190312
ZoneAlarm by Check Point Trojan-Ransom.Win32.Wanna.m 20190313
Alibaba 20190306
Avast-Mobile 20190313
Babable 20180918
Bkav 20190313
Cybereason 20180308
Kingsoft 20190313
Palo Alto Networks (Known Signatures) 20190313
SUPERAntiSpyware 20190307
Symantec Mobile Insight 20190220
TACHYON 20190313
TotalDefense 20190313
Trustlook 20190313
Zillya 20190313
Zoner 20190312
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-05-11 12:21:37
Entry Point 0x000011E9
Number of sections 5
PE sections
Overlays
MD5 693e9af84d3dfcc71e640e005bdc5e2e
File type ASCII text
Offset 5267456
Size 3
Entropy 0.00
PE imports
CreateProcessA
SizeofResource
LoadResource
LockResource
WriteFile
CloseHandle
CreateFileA
FindResourceA
_adjust_fdiv
_initterm
malloc
free
sprintf
PE exports
Number of PE resources by type
W 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2017:05:11 14:21:37+02:00

FileType
Win32 DLL

PEType
PE32

CodeSize
4096

LinkerVersion
6.0

FileTypeExtension
dll

InitializedDataSize
5259264

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit, DLL

EntryPoint
0x11e9

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 5fb27cd8351225c5195016c878fb6a03
SHA1 5fc5e151b5529a4a5cd12cb03fc5c5c9a1e086a6
SHA256 1a94621d772e89776dd8d6b1f3c216c51a8a14f5a11e7cd1d5dd62affe6397c7
ssdeep
98304:FDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2H:FDqPe1Cxcxk3ZAEUadzR8yc4H

authentihash fd2b3a21e62a4d314ceb274de4e12355bc3cb0f829d0deb5809d036d27b0cf16
imphash 2e5708ae5fed0403e8117c645fb23e5b
File size 5.0 MB ( 5267459 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (33.7%)
Win64 Executable (generic) (29.8%)
Microsoft Visual C++ compiled executable (generic) (17.8%)
Win32 Dynamic Link Library (generic) (7.1%)
Win32 Executable (generic) (4.8%)
Tags
exploit cve-2017-0147 pedll overlay honeypot

VirusTotal metadata
First submission 2019-03-13 12:08:22 UTC ( 1 week, 5 days ago )
Last submission 2019-03-13 12:08:22 UTC ( 1 week, 5 days ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!