× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3e6de9e2baacf930949647c399818e7a2caea2626df6a468407854aaa515eed9
File name: Message
Detection ratio: 57 / 67
Analysis date: 2018-10-16 09:06:12 UTC ( 1 month, 3 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.Ransom.BMC 20181016
AhnLab-V3 Trojan/Win32.Wannacryptor.R200578 20181016
ALYac Trojan.Ransom.WannaCryptor 20181016
Antiy-AVL Trojan/Win32.TSGeneric 20181016
Arcabit Trojan.Ransom.BMC 20181016
Avast Win32:Malware-gen 20181016
AVG Win32:Malware-gen 20181016
Avira (no cloud) TR/FileCoder.gafeo 20181016
Baidu Win32.Trojan.Ransom.c 20181015
BitDefender Trojan.Ransom.BMC 20181016
Bkav W32.WannaCryDBJ.Trojan 20181014
CAT-QuickHeal Ransom.FileCryptor.A4 20181013
ClamAV Win.Trojan.Agent-6319549-0 20181016
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180723
Cybereason malicious.9387a1 20180225
Cylance Unsafe 20181016
Cyren W32/Trojan.HMOH-6307 20181016
DrWeb Trojan.Encoder.10656 20181016
Emsisoft Trojan.FileCoder (A) 20181016
Endgame malicious (high confidence) 20180730
ESET-NOD32 Win32/Filecoder.WannaCryptor.B 20181016
F-Prot W32/WannaCrypt.K 20181016
F-Secure Trojan.Ransom.BMC 20181016
Fortinet W32/Generic.AC.3EE619!tr 20181016
GData Win32.Trojan-Ransom.Filecoder.AQ 20181016
Ikarus Trojan-Ransom.WannaCry 20181016
Sophos ML heuristic 20180717
Jiangmin Trojan.WanaCry.l 20181016
K7AntiVirus Riskware ( 0040eff71 ) 20181016
K7GW Riskware ( 0040eff71 ) 20181016
Kaspersky Trojan-Ransom.Win32.Wanna.al 20181016
MAX malware (ai score=100) 20181016
McAfee Ransom-O 20181016
McAfee-GW-Edition Ransom-O 20181016
Microsoft Ransom:Win32/FileCryptor 20181016
eScan Trojan.Ransom.BMC 20181016
NANO-Antivirus Trojan.Win32.Ransom.eowbkv 20181016
Palo Alto Networks (Known Signatures) generic.ml 20181016
Panda Trj/WLT.C 20181015
Qihoo-360 Trojan.Generic 20181016
Rising Ransom.WanaCrypt!1.AAEB (CLASSIC) 20181016
Sophos AV Troj/Wanna-K 20181016
SUPERAntiSpyware Ransom.WannaCrypt/Variant 20181015
Symantec Ransom.Wannacry 20181016
TACHYON Ransom/W32.WannaCry.184320 20181016
Tencent Trojan.Win32.WannaCry.l 20181016
TheHacker Trojan/Filecoder.WannaCryptor.b 20181015
TrendMicro Ransom_WCRY.SM 20181016
TrendMicro-HouseCall Ransom_WCRY.SM 20181016
VBA32 Trojan.Filecoder 20181016
VIPRE Trojan.Win32.Generic!BT 20181016
ViRobot Trojan.Win32.WannaCryptor.184324 20181016
Webroot W32.Trojan.Ransom 20181016
Yandex Trojan.Wanna! 20181015
Zillya Trojan.Filecoder.Win32.5026 20181015
ZoneAlarm by Check Point Trojan-Ransom.Win32.Wanna.al 20181016
Zoner Trojan.Filecoder 20181015
AegisLab 20181016
Alibaba 20180921
Avast-Mobile 20181016
CMC 20181015
Comodo 20181016
eGambit 20181016
Kingsoft 20181016
Malwarebytes 20181016
SentinelOne (Static ML) 20181011
Symantec Mobile Insight 20181001
TotalDefense 20181016
Trustlook 20181016
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2016

Product Message Application
Original name Message.EXE
Internal name Message
File version 1, 0, 0, 1
Description Message MFC Application
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-09 09:47:27
Entry Point 0x0000DFE8
Number of sections 4
PE sections
PE imports
CryptDestroyKey
CryptReleaseContext
CryptDecrypt
CryptAcquireContextA
CryptImportKey
Ord(8)
_TrackMouseEvent
GetObjectA
PatBlt
GetTextExtentPoint32A
CreateFontA
CreateFontIndirectA
CreateSolidBrush
BitBlt
CreateCompatibleDC
DeleteObject
CreateToolhelp32Snapshot
GetSystemTime
GetDriveTypeW
ReadFile
GetFileAttributesA
WaitForSingleObject
GetExitCodeThread
FindFirstFileW
CopyFileA
ExitProcess
SetFileTime
GlobalUnlock
GetModuleFileNameA
GetFileAttributesW
SystemTimeToTzSpecificLocalTime
GetStartupInfoA
SystemTimeToFileTime
GetCurrentDirectoryA
FindNextFileW
GetFileSize
Process32First
FindClose
CreateDirectoryA
DeleteFileA
WideCharToMultiByte
MultiByteToWideChar
Process32Next
GetLogicalDrives
DeleteFileW
GlobalLock
GetFileTime
SetFilePointer
SetFilePointerEx
CreateThread
GetModuleHandleA
FindFirstFileA
WriteFile
CloseHandle
GetTempFileNameA
GetComputerNameA
FindNextFileA
ExitThread
CreateProcessA
GetTimeZoneInformation
CreateFileW
LocalFileTimeToFileTime
GetDiskFreeSpaceExW
Sleep
MoveFileW
SetEndOfFile
CreateFileA
GetTickCount
SetCurrentDirectoryA
Ord(2023)
Ord(1775)
Ord(4129)
Ord(4080)
Ord(4710)
Ord(2414)
Ord(3597)
Ord(1641)
Ord(3136)
Ord(6375)
Ord(3626)
Ord(755)
Ord(3798)
Ord(6052)
Ord(3259)
Ord(5953)
Ord(5290)
Ord(2446)
Ord(2864)
Ord(6172)
Ord(5875)
Ord(5787)
Ord(795)
Ord(616)
Ord(815)
Ord(922)
Ord(641)
Ord(3698)
Ord(5277)
Ord(2514)
Ord(4425)
Ord(2554)
Ord(3092)
Ord(4441)
Ord(1134)
Ord(941)
Ord(4465)
Ord(2578)
Ord(2863)
Ord(5300)
Ord(1200)
Ord(4476)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(923)
Ord(4234)
Ord(3081)
Ord(4218)
Ord(5199)
Ord(5710)
Ord(567)
Ord(4424)
Ord(540)
Ord(6648)
Ord(4078)
Ord(3089)
Ord(6376)
Ord(1727)
Ord(1776)
Ord(5785)
Ord(2642)
Ord(283)
Ord(2379)
Ord(2725)
Ord(640)
Ord(4998)
Ord(800)
Ord(3749)
Ord(2512)
Ord(470)
Ord(4274)
Ord(6197)
Ord(5261)
Ord(6778)
Ord(1146)
Ord(3147)
Ord(2860)
Ord(2124)
Ord(2370)
Ord(4398)
Ord(3262)
Ord(1576)
Ord(3573)
Ord(4353)
Ord(5065)
Ord(4407)
Ord(4275)
Ord(3663)
Ord(3346)
Ord(858)
Ord(2411)
Ord(3831)
Ord(289)
Ord(6374)
Ord(5280)
Ord(6453)
Ord(3825)
Ord(2976)
Ord(323)
Ord(1089)
Ord(2985)
Ord(3922)
Ord(2818)
Ord(4376)
Ord(3402)
Ord(3582)
Ord(2621)
Ord(324)
Ord(2396)
Ord(3830)
Ord(2385)
Ord(4673)
Ord(3619)
Ord(3079)
Ord(6334)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(3721)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(4277)
Ord(4622)
Ord(561)
Ord(4079)
Ord(1640)
Ord(2302)
Ord(765)
Ord(4486)
Ord(5789)
Ord(4698)
Ord(613)
Ord(5163)
Ord(6055)
Ord(6199)
Ord(5265)
Ord(2405)
Ord(5731)
Ord(5307)
Ord(5302)
Ord(860)
Ord(940)
WNetAddConnection2A
WNetCancelConnection2A
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
?_Xran@std@@YAXXZ
?_Split@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
_purecall
__p__fmode
malloc
fseek
sscanf
rand
??0exception@@QAE@ABV0@@Z
__CxxFrameHandler
??1type_info@@UAE@XZ
fread
fclose
__dllonexit
_stricmp
srand
swprintf
wcsrchr
fgets
fopen
strncpy
strchr
??2@YAPAXI@Z
fwrite
??0exception@@QAE@ABQBD@Z
_mbscmp
_wcsicmp
_onexit
wcslen
wcscmp
exit
_XcptFilter
_ftol
strrchr
__setusermatherr
_local_unwind2
_adjust_fdiv
sprintf
free
_acmdln
_CxxThrowException
??1exception@@UAE@XZ
__p__commode
??3@YAXPAX@Z
__p___argc
wcscat
_mbsstr
__getmainargs
calloc
realloc
_initterm
_setmbcp
_except_handler3
memmove
wcscpy
time
_exit
_controlfp
__set_app_type
NetShareEnum
NetApiBufferFree
VariantTimeToSystemTime
SystemTimeToVariantTime
ShellExecuteA
RedrawWindow
GetSystemMetrics
EnableMenuItem
GetParent
IsIconic
wsprintfA
FillRect
OpenClipboard
GetClientRect
DrawIcon
SendMessageA
KillTimer
GetSystemMenu
LoadIconA
EnableWindow
SetTimer
CloseClipboard
SetCursor
GetClipboardData
InvalidateRect
DeleteUrlCacheEntry
__WSAFDIsSet
htonl
socket
setsockopt
bind
inet_addr
send
ioctlsocket
WSAStartup
gethostbyname
select
ntohs
recv
connect
shutdown
inet_ntoa
htons
closesocket
WSAGetLastError
URLDownloadToFileA
Number of PE resources by type
RT_ICON 9
RT_DIALOG 5
RT_BITMAP 3
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 20
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Message MFC Application

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
126976

EntryPoint
0xdfe8

OriginalFileName
Message.EXE

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2016

FileVersion
1, 0, 0, 1

TimeStamp
2017:02:09 10:47:27+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Message

ProductVersion
1, 0, 0, 1

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
57344

ProductName
Message Application

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 9c7c7149387a1c79679a87dd1ba755bc
SHA1 828001f20df60b6af286593c37644d39e5a6122a
SHA256 3e6de9e2baacf930949647c399818e7a2caea2626df6a468407854aaa515eed9
ssdeep
3072:HrtSNbR+u/AewFrE1lG4t29xWa82swnlOi81Vyn0lIIk:LodZ/rl1lG4odnlOi8Pyn0l+

authentihash bacd67dce7cfd19c76fb72c6cc41265d84d4893dfe40eea052558025f8eaa5b4
imphash a24763b450a37898ad6bdd11817354e0
File size 180.0 KB ( 184320 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (44.9%)
Win64 Executable (generic) (39.8%)
Win32 Executable (generic) (6.4%)
OS/2 Executable (generic) (2.9%)
Generic Win/DOS Executable (2.8%)
Tags
peexe

VirusTotal metadata
First submission 2017-02-10 13:33:54 UTC ( 1 year, 10 months ago )
Last submission 2018-06-06 23:46:24 UTC ( 6 months ago )
File names 3e6de9e2baacf930949647c399818e7a2caea2626df6a468407854aaa515eed9.bin
3e6de9e2baacf930949647c399818e7a2caea2626df6a468407854aaa515eed9-lazaruswannacry
3e6de9e2baacf930949647c399818e7a2caea2626df6a468407854aaa515eed9.exe
taskmsgr.exe
Wcry.malware
2.bin
wecry
localfile~
w.exe_
3c4614ee2d06c6b8f21f9fe6e96dbc99777bd4094d48b3507dd358915371c111
Message.EXE
Message
a.1.wannacrypt.exe
e429724f89a2ae495f1bfba53bc23532.safe
Win32.Ransom.FileLocker@3e6de9e2baacf930949647c399818e7a2caea2626df6a468407854aaa515eed9.bin
3e6de9e2baacf930949647c399818e7a2caea2626df6a468407854aaa515eed9
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
UDP communications