× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3ce748cb1f1450f9ffff61253d91408e000a34780868c384b0627b035fd17554
File name: 1551603642543_azddf_dionaea-nyc1_204eef48c67e3f497696ad6504a6be8f
Detection ratio: 53 / 63
Analysis date: 2019-03-03 09:01:12 UTC ( 3 weeks, 1 day ago )
Antivirus Result Update
Acronis suspicious 20190222
Ad-Aware Trojan.GenericKD.40267082 20190303
AegisLab Trojan.Win32.Wanna.tpxd 20190303
AhnLab-V3 Trojan/Win32.WannaCryptor.R200894 20190302
ALYac Trojan.GenericKD.40267082 20190303
Antiy-AVL Trojan[Ransom]/Win32.Wanna 20190303
Arcabit Trojan.Generic.D2666D4A 20190303
Avast Sf:WNCryLdr-A [Trj] 20190303
AVG Sf:WNCryLdr-A [Trj] 20190303
Avira (no cloud) TR/Ransom.Gen 20190303
Baidu Win32.Worm.Rbot.a 20190215
BitDefender Trojan.GenericKD.40267082 20190303
CAT-QuickHeal Ransom.WannaCrypt.S1670344 20190228
ClamAV Win.Ransomware.WannaCry-6313787-0 20190302
CMC Trojan-Ransom.Win32.Wanna!O 20190303
Comodo TrojWare.Win32.Ransom.WannaCry.AB@75ge5e 20190303
CrowdStrike Falcon (ML) win/malicious_confidence_100% (D) 20190212
Cyren W32/WannaCrypt.A.gen!Eldorado 20190303
DrWeb Trojan.Encoder.11432 20190303
eGambit Trojan.Generic 20190303
Emsisoft Trojan.GenericKD.40267082 (B) 20190303
Endgame malicious (high confidence) 20190215
ESET-NOD32 Win32/Exploit.CVE-2017-0147.A 20190303
F-Secure Trojan.TR/Ransom.Gen 20190303
Fortinet W32/WannaCryptor.H!tr.ransom 20190303
GData Win32.Exploit.CVE-2017-0147.A 20190303
Ikarus Trojan-Ransom.WannaCry 20190302
Sophos ML heuristic 20181128
Jiangmin Trojan.Wanna.k 20190303
K7AntiVirus Exploit ( 0050d7a31 ) 20190303
K7GW Exploit ( 0050d7a31 ) 20190303
Kaspersky Trojan-Ransom.Win32.Wanna.m 20190303
Malwarebytes Ransom.WannaCrypt 20190303
MAX malware (ai score=80) 20190303
McAfee GenericRXFL-OG!204EEF48C67E 20190303
McAfee-GW-Edition BehavesLike.Win32.RansomWannaCry.tt 20190303
Microsoft Ransom:Win32/CVE-2017-0147.A 20190303
eScan Trojan.GenericKD.40267082 20190303
NANO-Antivirus Trojan.Win32.Wanna.epxkni 20190303
Panda Trj/Genetic.gen 20190303
Qihoo-360 HEUR/QVM26.1.97A7.Malware.Gen 20190303
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Mal/Wanna-A 20190303
Symantec Ransom.Wannacry 20190302
TACHYON Ransom/W32.WannaCry.5267459 20190303
Tencent Trojan-Ransom.Win32.Wanna.m 20190303
TheHacker Trojan/Exploit.CVE-2017-0147.a 20190225
Trapmine malicious.high.ml.score 20190301
VBA32 Hoax.Wanna 20190301
ViRobot Trojan.Win32.WannaCry.5267459 20190302
Webroot W32.Ransom.Wannacrypt 20190303
Yandex Exploit.CVE-2017-0147! 20190301
ZoneAlarm by Check Point Trojan-Ransom.Win32.Wanna.m 20190303
Alibaba 20180921
Avast-Mobile 20190303
Babable 20180918
Cybereason 20190109
Kingsoft 20190303
Palo Alto Networks (Known Signatures) 20190303
SUPERAntiSpyware 20190227
Symantec Mobile Insight 20190220
TotalDefense 20190303
Trustlook 20190303
VIPRE 20190303
Zoner 20190303
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-05-11 12:21:37
Entry Point 0x000011E9
Number of sections 5
PE sections
Overlays
MD5 693e9af84d3dfcc71e640e005bdc5e2e
File type ASCII text
Offset 5267456
Size 3
Entropy 0.00
PE imports
CreateProcessA
SizeofResource
LoadResource
LockResource
WriteFile
CloseHandle
CreateFileA
FindResourceA
_adjust_fdiv
_initterm
malloc
free
sprintf
PE exports
Number of PE resources by type
W 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2017:05:11 14:21:37+02:00

FileType
Win32 DLL

PEType
PE32

CodeSize
4096

LinkerVersion
6.0

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit, DLL

EntryPoint
0x11e9

InitializedDataSize
5259264

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 204eef48c67e3f497696ad6504a6be8f
SHA1 c968d9194ea840708d43b8c7f06405ad4d70cf2a
SHA256 3ce748cb1f1450f9ffff61253d91408e000a34780868c384b0627b035fd17554
ssdeep
49152:JnjQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnvxJM0H9:d8qPoBhz1aRxcSUDk36SAEdhvxWa9

authentihash 818f2213b23b05946d9006dacdb1235f82194c5aea7591c9a77c8537ca14017e
imphash 2e5708ae5fed0403e8117c645fb23e5b
File size 5.0 MB ( 5267459 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (33.7%)
Win64 Executable (generic) (29.8%)
Microsoft Visual C++ compiled executable (generic) (17.8%)
Win32 Dynamic Link Library (generic) (7.1%)
Win32 Executable (generic) (4.8%)
Tags
exploit cve-2017-0147 pedll overlay

VirusTotal metadata
First submission 2019-03-03 09:01:12 UTC ( 3 weeks, 1 day ago )
Last submission 2019-03-03 09:01:12 UTC ( 3 weeks, 1 day ago )
File names 1551603642543_azddf_dionaea-nyc1_204eef48c67e3f497696ad6504a6be8f
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!