× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3e6de9e2baacf930949647c399818e7a2caea2626df6a468407854aaa515eed9
File name: Message
Detection ratio: 55 / 66
Analysis date: 2018-08-10 03:58:41 UTC ( 1 week, 4 days ago )
Antivirus Result Update
Ad-Aware Trojan.Ransom.BMC 20180810
AegisLab Trojan.Win32.Generic.4!c 20180810
AhnLab-V3 Trojan/Win32.Wannacryptor.R200578 20180809
ALYac Trojan.Ransom.WannaCryptor 20180810
Antiy-AVL Trojan/Win32.TSGeneric 20180810
Arcabit Trojan.Ransom.BMC 20180810
Avast Win32:Malware-gen 20180810
AVG Win32:Malware-gen 20180810
Avira (no cloud) TR/FileCoder.gafeo 20180809
AVware Trojan.Win32.Generic!BT 20180810
Baidu Win32.Trojan.Ransom.c 20180809
BitDefender Trojan.Ransom.BMC 20180810
Bkav W32.WannaCryDBJ.Trojan 20180807
CAT-QuickHeal Ransom.FileCryptor.A4 20180807
ClamAV Win.Trojan.Agent-6319549-0 20180810
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180723
Cybereason malicious.9387a1 20180225
Cylance Unsafe 20180810
Cyren W32/Trojan.HMOH-6307 20180810
DrWeb Trojan.Encoder.10656 20180810
Emsisoft Trojan.FileCoder (A) 20180810
Endgame malicious (high confidence) 20180730
ESET-NOD32 Win32/Filecoder.WannaCryptor.B 20180810
F-Prot W32/WannaCrypt.K 20180810
F-Secure Trojan.Ransom.BMC 20180810
Fortinet W32/Generic.AC.3EE619!tr 20180810
GData Win32.Trojan-Ransom.Filecoder.AQ 20180810
Jiangmin Trojan.WanaCry.l 20180810
K7AntiVirus Riskware ( 0040eff71 ) 20180809
K7GW Riskware ( 0040eff71 ) 20180810
Kaspersky Trojan-Ransom.Win32.Wanna.al 20180810
MAX malware (ai score=100) 20180810
McAfee Ransom-O 20180810
McAfee-GW-Edition Ransom-O 20180810
Microsoft Ransom:Win32/FileCryptor 20180810
eScan Trojan.Ransom.BMC 20180810
NANO-Antivirus Trojan.Win32.Ransom.eowbkv 20180810
Palo Alto Networks (Known Signatures) generic.ml 20180810
Panda Trj/WLT.C 20180809
Qihoo-360 Trojan.Generic 20180810
Rising Ransom.WanaCrypt!1.AAEB (CLOUD) 20180810
Sophos AV Troj/Wanna-K 20180809
SUPERAntiSpyware Ransom.WannaCrypt/Variant 20180810
Symantec Ransom.Wannacry 20180809
TACHYON Ransom/W32.WannaCry.184320 20180810
TheHacker Trojan/Filecoder.WannaCryptor.b 20180807
TrendMicro Ransom_WCRY.SM 20180810
TrendMicro-HouseCall Ransom_WCRY.SM 20180810
VBA32 Trojan.Filecoder 20180808
VIPRE Trojan.Win32.Generic!BT 20180810
ViRobot Trojan.Win32.WannaCryptor.184324 20180809
Webroot W32.Trojan.Ransom 20180810
Yandex Trojan.Wanna! 20180808
ZoneAlarm by Check Point Trojan-Ransom.Win32.Wanna.al 20180810
Zoner Trojan.Filecoder 20180809
Avast-Mobile 20180810
Babable 20180725
CMC 20180809
Comodo 20180810
eGambit 20180810
Sophos ML 20180717
Kingsoft 20180810
Malwarebytes 20180810
SentinelOne (Static ML) 20180701
Symantec Mobile Insight 20180809
TotalDefense 20180809
Trustlook 20180810
Zillya 20180809
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2016

Product Message Application
Original name Message.EXE
Internal name Message
File version 1, 0, 0, 1
Description Message MFC Application
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-09 09:47:27
Entry Point 0x0000DFE8
Number of sections 4
PE sections
PE imports
CryptDestroyKey
CryptReleaseContext
CryptDecrypt
CryptAcquireContextA
CryptImportKey
Ord(8)
_TrackMouseEvent
GetObjectA
PatBlt
GetTextExtentPoint32A
CreateFontA
CreateFontIndirectA
CreateSolidBrush
BitBlt
CreateCompatibleDC
DeleteObject
CreateToolhelp32Snapshot
GetSystemTime
GetDriveTypeW
ReadFile
GetFileAttributesA
WaitForSingleObject
GetExitCodeThread
FindFirstFileW
CopyFileA
ExitProcess
SetFileTime
GlobalUnlock
GetModuleFileNameA
GetFileAttributesW
SystemTimeToTzSpecificLocalTime
GetStartupInfoA
SystemTimeToFileTime
GetCurrentDirectoryA
FindNextFileW
GetFileSize
Process32First
FindClose
CreateDirectoryA
DeleteFileA
WideCharToMultiByte
MultiByteToWideChar
Process32Next
GetLogicalDrives
DeleteFileW
GlobalLock
GetFileTime
SetFilePointer
SetFilePointerEx
CreateThread
GetModuleHandleA
FindFirstFileA
WriteFile
CloseHandle
GetTempFileNameA
GetComputerNameA
FindNextFileA
ExitThread
CreateProcessA
GetTimeZoneInformation
CreateFileW
LocalFileTimeToFileTime
GetDiskFreeSpaceExW
Sleep
MoveFileW
SetEndOfFile
CreateFileA
GetTickCount
SetCurrentDirectoryA
Ord(2023)
Ord(1775)
Ord(4129)
Ord(4080)
Ord(4710)
Ord(2414)
Ord(3597)
Ord(1641)
Ord(3136)
Ord(6375)
Ord(3626)
Ord(755)
Ord(3798)
Ord(6052)
Ord(3259)
Ord(5953)
Ord(5290)
Ord(2446)
Ord(2864)
Ord(6172)
Ord(5875)
Ord(5787)
Ord(795)
Ord(616)
Ord(815)
Ord(922)
Ord(641)
Ord(3698)
Ord(5277)
Ord(2514)
Ord(4425)
Ord(2554)
Ord(3092)
Ord(4441)
Ord(1134)
Ord(941)
Ord(4465)
Ord(2578)
Ord(2863)
Ord(5300)
Ord(1200)
Ord(4476)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(923)
Ord(4234)
Ord(3081)
Ord(4218)
Ord(5199)
Ord(5710)
Ord(567)
Ord(4424)
Ord(540)
Ord(6648)
Ord(4078)
Ord(3089)
Ord(6376)
Ord(1727)
Ord(1776)
Ord(5785)
Ord(2642)
Ord(283)
Ord(2379)
Ord(2725)
Ord(640)
Ord(4998)
Ord(800)
Ord(3749)
Ord(2512)
Ord(470)
Ord(4274)
Ord(6197)
Ord(5261)
Ord(6778)
Ord(1146)
Ord(3147)
Ord(2860)
Ord(2124)
Ord(2370)
Ord(4398)
Ord(3262)
Ord(1576)
Ord(3573)
Ord(4353)
Ord(5065)
Ord(4407)
Ord(4275)
Ord(3663)
Ord(3346)
Ord(858)
Ord(2411)
Ord(3831)
Ord(289)
Ord(6374)
Ord(5280)
Ord(6453)
Ord(3825)
Ord(2976)
Ord(323)
Ord(1089)
Ord(2985)
Ord(3922)
Ord(2818)
Ord(4376)
Ord(3402)
Ord(3582)
Ord(2621)
Ord(324)
Ord(2396)
Ord(3830)
Ord(2385)
Ord(4673)
Ord(3619)
Ord(3079)
Ord(6334)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(3721)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(4277)
Ord(4622)
Ord(561)
Ord(4079)
Ord(1640)
Ord(2302)
Ord(765)
Ord(4486)
Ord(5789)
Ord(4698)
Ord(613)
Ord(5163)
Ord(6055)
Ord(6199)
Ord(5265)
Ord(2405)
Ord(5731)
Ord(5307)
Ord(5302)
Ord(860)
Ord(940)
WNetAddConnection2A
WNetCancelConnection2A
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
?_Xran@std@@YAXXZ
?_Split@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
_purecall
__p__fmode
malloc
fseek
sscanf
rand
??0exception@@QAE@ABV0@@Z
__CxxFrameHandler
??1type_info@@UAE@XZ
fread
fclose
__dllonexit
_stricmp
srand
swprintf
wcsrchr
fgets
fopen
strncpy
strchr
??2@YAPAXI@Z
fwrite
??0exception@@QAE@ABQBD@Z
_mbscmp
_wcsicmp
_onexit
wcslen
wcscmp
exit
_XcptFilter
_ftol
strrchr
__setusermatherr
_local_unwind2
_adjust_fdiv
sprintf
free
_acmdln
_CxxThrowException
??1exception@@UAE@XZ
__p__commode
??3@YAXPAX@Z
__p___argc
wcscat
_mbsstr
__getmainargs
calloc
realloc
_initterm
_setmbcp
_except_handler3
memmove
wcscpy
time
_exit
_controlfp
__set_app_type
NetShareEnum
NetApiBufferFree
VariantTimeToSystemTime
SystemTimeToVariantTime
ShellExecuteA
RedrawWindow
GetSystemMetrics
EnableMenuItem
GetParent
IsIconic
wsprintfA
FillRect
OpenClipboard
GetClientRect
DrawIcon
SendMessageA
KillTimer
GetSystemMenu
LoadIconA
EnableWindow
SetTimer
CloseClipboard
SetCursor
GetClipboardData
InvalidateRect
DeleteUrlCacheEntry
__WSAFDIsSet
htonl
socket
setsockopt
bind
inet_addr
send
ioctlsocket
WSAStartup
gethostbyname
select
ntohs
recv
connect
shutdown
inet_ntoa
htons
closesocket
WSAGetLastError
URLDownloadToFileA
Number of PE resources by type
RT_ICON 9
RT_DIALOG 5
RT_BITMAP 3
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 20
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Message MFC Application

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
126976

EntryPoint
0xdfe8

OriginalFileName
Message.EXE

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2016

FileVersion
1, 0, 0, 1

TimeStamp
2017:02:09 10:47:27+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Message

ProductVersion
1, 0, 0, 1

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
57344

ProductName
Message Application

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 9c7c7149387a1c79679a87dd1ba755bc
SHA1 828001f20df60b6af286593c37644d39e5a6122a
SHA256 3e6de9e2baacf930949647c399818e7a2caea2626df6a468407854aaa515eed9
ssdeep
3072:HrtSNbR+u/AewFrE1lG4t29xWa82swnlOi81Vyn0lIIk:LodZ/rl1lG4odnlOi8Pyn0l+

authentihash bacd67dce7cfd19c76fb72c6cc41265d84d4893dfe40eea052558025f8eaa5b4
imphash a24763b450a37898ad6bdd11817354e0
File size 180.0 KB ( 184320 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (44.9%)
Win64 Executable (generic) (39.8%)
Win32 Executable (generic) (6.4%)
OS/2 Executable (generic) (2.9%)
Generic Win/DOS Executable (2.8%)
Tags
peexe

VirusTotal metadata
First submission 2017-02-10 13:33:54 UTC ( 1 year, 6 months ago )
Last submission 2018-06-06 23:46:24 UTC ( 2 months, 2 weeks ago )
File names 3e6de9e2baacf930949647c399818e7a2caea2626df6a468407854aaa515eed9.bin
3e6de9e2baacf930949647c399818e7a2caea2626df6a468407854aaa515eed9-lazaruswannacry
3e6de9e2baacf930949647c399818e7a2caea2626df6a468407854aaa515eed9.exe
taskmsgr.exe
Wcry.malware
2.bin
wecry
localfile~
w.exe_
3c4614ee2d06c6b8f21f9fe6e96dbc99777bd4094d48b3507dd358915371c111
Message.EXE
Message
a.1.wannacrypt.exe
e429724f89a2ae495f1bfba53bc23532.safe
Win32.Ransom.FileLocker@3e6de9e2baacf930949647c399818e7a2caea2626df6a468407854aaa515eed9.bin
3e6de9e2baacf930949647c399818e7a2caea2626df6a468407854aaa515eed9
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
UDP communications