× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2956f1fe69c37ac74344e981c2e3894445edbbab46ebf219fbd4b0e034f15194
File name: c58cfd8008e739547bdd8bef601b3ce8
Detection ratio: 50 / 64
Analysis date: 2019-03-01 16:16:19 UTC ( 1 month, 3 weeks ago )
Antivirus Result Update
Acronis suspicious 20190222
Ad-Aware Trojan.GenericKD.40267082 20190301
ALYac Trojan.GenericKD.40267082 20190301
Antiy-AVL Trojan[Ransom]/Win32.Wanna 20190301
Arcabit Trojan.Generic.D2666D4A 20190301
Avast Sf:WNCryLdr-A [Trj] 20190301
AVG Sf:WNCryLdr-A [Trj] 20190301
Avira (no cloud) TR/WannaCrypt.zvmfv 20190301
Baidu Win32.Worm.Rbot.a 20190215
BitDefender Trojan.GenericKD.40267082 20190301
CAT-QuickHeal Ransom.Zenshirsh.SL8 20190228
ClamAV Win.Ransomware.WannaCry-6313787-0 20190228
CMC Trojan-Ransom.Win32.Wanna!O 20190301
Comodo TrojWare.Win32.Eqtonex.A@7kqnsi 20190301
CrowdStrike Falcon (ML) win/malicious_confidence_100% (D) 20190212
Cyren W32/WannaCrypt.A.gen!Eldorado 20190301
DrWeb Trojan.Encoder.11432 20190301
eGambit Trojan.Generic 20190301
Emsisoft Trojan.GenericKD.40267082 (B) 20190301
ESET-NOD32 Win32/Exploit.CVE-2017-0147.A 20190301
F-Prot W32/S-2b52222d!Eldorado 20190301
Fortinet W32/Wanna.M!tr 20190301
GData Win32.Exploit.CVE-2017-0147.A 20190301
Ikarus Trojan-Ransom.WannaCry 20190301
Sophos ML heuristic 20181128
Jiangmin Trojan.Wanna.k 20190301
K7AntiVirus Exploit ( 0050d7a31 ) 20190301
K7GW Exploit ( 0050d7a31 ) 20190301
Kaspersky Trojan-Ransom.Win32.Wanna.m 20190301
Malwarebytes Ransom.WannaCrypt 20190301
MAX malware (ai score=83) 20190301
McAfee GenericRXFL-OG!C58CFD8008E7 20190301
McAfee-GW-Edition BehavesLike.Win32.RansomWannaCry.tt 20190301
Microsoft Ransom:Win32/CVE-2017-0147.A 20190301
eScan Trojan.GenericKD.40267082 20190301
NANO-Antivirus Trojan.Win32.Wanna.epxkni 20190301
Panda Trj/Genetic.gen 20190301
Qihoo-360 QVM26.1.Malware.Gen 20190301
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Mal/Wanna-A 20190301
SUPERAntiSpyware Trojan.Agent/Gen-WannaCrypt 20190227
Symantec Ransom.Wannacry 20190301
TACHYON Ransom/W32.WannaCry.5267459.F 20190301
TheHacker Trojan/Exploit.CVE-2017-0147.a 20190225
Trapmine malicious.high.ml.score 20190301
VBA32 Hoax.Wanna 20190301
VIPRE Trojan.Win32.Generic!BT 20190226
ViRobot Trojan.Win32.WannaCry.5267459 20190301
Webroot W32.Trojan.Gen 20190301
ZoneAlarm by Check Point Trojan-Ransom.Win32.Wanna.m 20190301
AegisLab 20190301
AhnLab-V3 20190301
Alibaba 20180921
Avast-Mobile 20190301
Babable 20180918
Bkav 20190301
Cybereason 20190109
Endgame 20190215
F-Secure 20190301
Kingsoft 20190301
Palo Alto Networks (Known Signatures) 20190301
Symantec Mobile Insight 20190220
Tencent 20190301
TotalDefense 20190301
Trustlook 20190301
Yandex 20190228
Zoner 20190228
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-05-11 12:21:37
Entry Point 0x000011E9
Number of sections 5
PE sections
Overlays
MD5 693e9af84d3dfcc71e640e005bdc5e2e
File type ASCII text
Offset 5267456
Size 3
Entropy 0.00
PE imports
CreateProcessA
SizeofResource
LoadResource
LockResource
WriteFile
CloseHandle
CreateFileA
FindResourceA
_adjust_fdiv
_initterm
malloc
free
sprintf
PE exports
Number of PE resources by type
W 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2017:05:11 14:21:37+02:00

FileType
Win32 DLL

PEType
PE32

CodeSize
4096

LinkerVersion
6.0

FileTypeExtension
dll

InitializedDataSize
5259264

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit, DLL

EntryPoint
0x11e9

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 c58cfd8008e739547bdd8bef601b3ce8
SHA1 f41310f997020d396e88b84ded9e10cf44a54e2a
SHA256 2956f1fe69c37ac74344e981c2e3894445edbbab46ebf219fbd4b0e034f15194
ssdeep
49152:RnnMSPbcBVK/1ICRx+TSqTdX1HkQo6SAARdhnv:1nPoB41hRxcSUDk36SAEdhv

authentihash 2441cda429bba9ed4d62d8307b14b14bcc45b724b9f435c5bc64f5bc278f6d57
imphash 2e5708ae5fed0403e8117c645fb23e5b
File size 5.0 MB ( 5267459 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (33.7%)
Win64 Executable (generic) (29.8%)
Microsoft Visual C++ compiled executable (generic) (17.8%)
Win32 Dynamic Link Library (generic) (7.1%)
Win32 Executable (generic) (4.8%)
Tags
honeypot cve-2017-0147 exploit pedll overlay

VirusTotal metadata
First submission 2019-03-01 16:16:19 UTC ( 1 month, 3 weeks ago )
Last submission 2019-03-01 16:16:19 UTC ( 1 month, 3 weeks ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!