× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 86963c4751030168f7ebba58a99cf567ab7dd56ec4ff22ba785101aea45cd97e
File name: 017f63d0be693e53bc5b8edd426cfbd1
Detection ratio: 30 / 61
Analysis date: 2017-05-27 11:57:17 UTC ( 4 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.238432 20170527
AhnLab-V3 Trojan/Win32.WannaCryptor.R200894 20170527
ALYac Gen:Variant.Zusy.238432 20170527
Arcabit Trojan.Zusy.D3A360 20170527
Avast Win32:WanaCry-A [Trj] 20170527
Avira (no cloud) TR/Ransom.Gen 20170527
Baidu Win32.Worm.Rbot.a 20170527
BitDefender Gen:Variant.Zusy.238432 20170527
CAT-QuickHeal Ransom.WannaCrypt.A4 20170527
ClamAV Win.Ransomware.WannaCry-6313787-0 20170527
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170420
DrWeb Trojan.Encoder.11432 20170527
Emsisoft Gen:Variant.Zusy.238432 (B) 20170527
Endgame malicious (high confidence) 20170515
ESET-NOD32 Win32/Exploit.CVE-2017-0147.A 20170527
F-Secure Gen:Variant.Zusy.238432 20170527
Fortinet W32/WannaCryptor.H!tr 20170527
GData Win32.Exploit.CVE-2017-0147.A 20170527
Sophos ML generic.a 20170519
K7GW Hacktool ( 655367771 ) 20170527
McAfee Ransomware-FMOR!017F63D0BE69 20170527
McAfee-GW-Edition Ransomware-FMOR!017F63D0BE69 20170526
Microsoft Ransom:Win32/WannaCrypt.A!rsm 20170527
eScan Gen:Variant.Zusy.238432 20170527
NANO-Antivirus Trojan.Win32.Wanna.epclsl 20170527
nProtect Ransom/W32.WannaCry.5267459 20170527
Panda Trj/GdSda.A 20170527
Sophos AV Mal/Wanna-A 20170527
Symantec Ransom.Wannacry 20170527
VBA32 suspected of Trojan.Downloader.gen.h 20170526
AegisLab 20170527
Alibaba 20170527
Antiy-AVL 20170527
AVG 20170527
AVware 20170527
Bkav 20170526
CMC 20170526
Comodo 20170527
Cyren 20170527
F-Prot 20170527
Ikarus 20170527
Jiangmin 20170527
K7AntiVirus 20170527
Kaspersky 20170527
Kingsoft 20170527
Malwarebytes 20170527
Palo Alto Networks (Known Signatures) 20170527
Qihoo-360 20170527
Rising 20170523
SentinelOne (Static ML) 20170516
SUPERAntiSpyware 20170527
Symantec Mobile Insight 20170526
Tencent 20170527
TheHacker 20170525
TrendMicro 20170527
TrendMicro-HouseCall 20170525
Trustlook 20170527
VIPRE 20170527
ViRobot 20170527
Webroot 20170527
WhiteArmor 20170524
Yandex 20170526
Zillya 20170527
ZoneAlarm by Check Point 20170527
Zoner 20170527
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-05-11 12:21:37
Entry Point 0x000011E9
Number of sections 5
PE sections
Overlays
MD5 693e9af84d3dfcc71e640e005bdc5e2e
File type ASCII text
Offset 5267456
Size 3
Entropy 0.00
PE imports
CreateProcessA
SizeofResource
LoadResource
LockResource
WriteFile
CloseHandle
CreateFileA
FindResourceA
_adjust_fdiv
_initterm
malloc
free
sprintf
PE exports
Number of PE resources by type
W 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2017:05:11 13:21:37+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
4096

LinkerVersion
6.0

EntryPoint
0x11e9

InitializedDataSize
5259264

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 017f63d0be693e53bc5b8edd426cfbd1
SHA1 1d02de42b8278a5865ba9d8f8c0ce5d9212d5236
SHA256 86963c4751030168f7ebba58a99cf567ab7dd56ec4ff22ba785101aea45cd97e
ssdeep
98304:+DqPoBhz1aRxcSUDk36SAEdhvxWa9P5UBSa:+DqPe1Cxcxk3ZAEUaduBSa

authentihash 780be3fb0f624ab870348c58818962ebcb08ad5cf0bce9d36b74149f653e29f2
imphash 2e5708ae5fed0403e8117c645fb23e5b
File size 5.0 MB ( 5267459 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
exploit cve-2017-0147 pedll overlay

VirusTotal metadata
First submission 2017-05-27 11:57:17 UTC ( 4 months, 3 weeks ago )
Last submission 2017-09-25 23:49:35 UTC ( 3 weeks, 1 day ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!