× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2ffd9ba7b5dbccf734da02498fa2a6af8caaf8b9f98d4b32bc226516eee5c832
File name: WannaCry.exe
Detection ratio: 50 / 63
Analysis date: 2017-07-13 10:16:00 UTC ( 1 year, 5 months ago )
Antivirus Result Update
Ad-Aware Gen:Heur.Bodegun.3 20170713
AegisLab Troj.W32.Generic!c 20170713
AhnLab-V3 Trojan/Win32.FakeWanna.C1954224 20170713
ALYac Trojan.Ransom.DarkoderCryptor 20170713
Antiy-AVL Trojan/Win32.AGeneric 20170713
Arcabit Trojan.Bodegun.3 20170713
Avast MSIL:Filecoder-AC [Trj] 20170713
AVG MSIL:Filecoder-AC [Trj] 20170713
Avira (no cloud) TR/Bepush.aqwb 20170713
AVware Trojan.Win32.Generic!BT 20170713
BitDefender Gen:Heur.Bodegun.3 20170713
Bkav W32.Clodc8d.Trojan.0afc 20170713
CAT-QuickHeal Ransom.DarkCry 20170713
Comodo UnclassifiedMalware 20170713
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170420
Cylance Unsafe 20170713
Cyren W32/Trojan.CQBI-8844 20170713
DrWeb Trojan.Encoder.10598 20170713
Emsisoft Gen:Heur.Bodegun.3 (B) 20170713
Endgame malicious (moderate confidence) 20170706
ESET-NOD32 a variant of MSIL/Filecoder.AK 20170713
F-Secure Gen:Heur.Bodegun.3 20170713
Fortinet W32/Cryptear.A!tr 20170629
GData MSIL.Trojan-Ransom.Cryptear.R 20170713
Ikarus Trojan-Ransom.HiddenTear 20170713
Jiangmin Trojan.Generic.ayjou 20170713
K7AntiVirus Trojan ( 004de29f1 ) 20170713
K7GW Trojan ( 004de29f1 ) 20170713
Kaspersky HEUR:Trojan.Win32.Generic 20170713
Malwarebytes Ransom.Darkoder 20170713
McAfee Ransomware-FTD!7AC6DA4002FE 20170713
McAfee-GW-Edition Ransomware-FTD!7AC6DA4002FE 20170713
Microsoft Ransom:MSIL/Ryzerlo.A 20170713
eScan Gen:Heur.Bodegun.3 20170713
NANO-Antivirus Trojan.Win32.Encoder.eovwuj 20170713
Panda Trj/GdSda.A 20170712
Qihoo-360 Win32/Trojan.BO.c8b 20170713
Rising Ransom.FileCryptor!8.1A7 (cloud:s50H2Qq53YD) 20170713
SentinelOne (Static ML) static engine - malicious 20170516
Sophos AV Troj/Cryptear-A 20170713
Symantec Ransom.HiddenTear!g1 20170713
Tencent Win32.Trojan.Generic.Akze 20170713
TrendMicro Ransom_HIDDENTEARDARKCRY.A 20170713
TrendMicro-HouseCall Ransom_HIDDENTEARDARKCRY.A 20170713
VIPRE Trojan.Win32.Generic!BT 20170713
ViRobot Trojan.Win32.S.Cryptor.58880 20170713
Webroot W32.Malware.Gen 20170713
Yandex Trojan.Agent!23wmqSfeEoY 20170712
Zillya Trojan.Filecoder.Win32.5482 20170712
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20170713
Alibaba 20170713
Baidu 20170713
ClamAV 20170713
CMC 20170713
F-Prot 20170713
Sophos ML 20170607
Kingsoft 20170713
MAX 20170713
nProtect 20170713
Palo Alto Networks (Known Signatures) 20170713
SUPERAntiSpyware 20170713
Symantec Mobile Insight 20170713
TheHacker 20170712
Trustlook 20170713
VBA32 20170713
WhiteArmor 20170713
Zoner 20170713
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2017

Product WindowsFormsApplication1
Original name WindowsFormsApplication1.exe
Internal name WindowsFormsApplication1.exe
File version 1.0.0.0
Description WindowsFormsApplication1
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-05-14 17:28:06
Entry Point 0x0000F926
Number of sections 3
.NET details
Module Version ID 48becd12-7f9d-49b0-ab73-215453ce666e
TypeLib ID 49eef0db-5bc4-4ed9-957d-8a518df2861f
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
2560

ImageVersion
0.0

ProductName
WindowsFormsApplication1

FileVersionNumber
1.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
WindowsFormsApplication1

CharacterSet
Unicode

LinkerVersion
48.0

FileTypeExtension
exe

OriginalFileName
WindowsFormsApplication1.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.0

TimeStamp
2017:05:14 18:28:06+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
WindowsFormsApplication1.exe

ProductVersion
1.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright 2017

MachineType
Intel 386 or later, and compatibles

CodeSize
55808

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0xf926

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

File identification
MD5 7ac6da4002fe9a8003967836d256a367
SHA1 acfb1b9d3510060887a7fe34465da09cc1bf91c1
SHA256 2ffd9ba7b5dbccf734da02498fa2a6af8caaf8b9f98d4b32bc226516eee5c832
ssdeep
1536:FK2GWTXqkLuvvWAdXW6DwW6D1xfukxLJeFIeN0yg:E2GWOkLunVWQwWQrfD9emK0yg

authentihash f4f3beab972f433834789a7e9a03824444517257911a912a1cb8be4a04b165a1
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 57.5 KB ( 58880 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (82.9%)
Win32 Dynamic Link Library (generic) (7.4%)
Win32 Executable (generic) (5.1%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Tags
peexe assembly

VirusTotal metadata
First submission 2017-05-14 18:37:12 UTC ( 1 year, 7 months ago )
Last submission 2017-07-13 10:16:00 UTC ( 1 year, 5 months ago )
File names WindowsFormsApplication1.exe
@DaKryEncryptor@.exe
WannaCry.exe
DaKryEncryptor.exe
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!