× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8d1ecef30621154b4beb3e098b0076f538ef00c5cbf3c68d3df38b8f04ec4bb2
File name: 1550479340019_bpigt_dionaea-nyc1_e1b603be0715ffe695541115589d1eef
Detection ratio: 54 / 65
Analysis date: 2019-03-08 02:14:02 UTC ( 2 weeks, 4 days ago ) View latest
Antivirus Result Update
Acronis suspicious 20190222
Ad-Aware Trojan.GenericKD.40267082 20190308
AhnLab-V3 Trojan/Win32.WannaCryptor.R200894 20190307
ALYac Trojan.GenericKD.40267082 20190308
Antiy-AVL Trojan[Ransom]/Win32.Wanna 20190308
Arcabit Trojan.Generic.D2666D4A 20190308
Avast Sf:WNCryLdr-A [Trj] 20190308
AVG Sf:WNCryLdr-A [Trj] 20190308
Avira (no cloud) TR/AD.DPulsarShellcode.gkqib 20190307
Baidu Win32.Worm.Rbot.a 20190306
BitDefender Trojan.GenericKD.40267082 20190308
CAT-QuickHeal Ransom.Zenshirsh.SL8 20190306
ClamAV Win.Ransomware.WannaCry-6313787-0 20190307
CMC Trojan-Ransom.Win32.Wanna!O 20190307
Comodo TrojWare.Win32.Ransom.WannaCry.AB@75ge5e 20190308
CrowdStrike Falcon (ML) win/malicious_confidence_100% (D) 20190212
Cyren W32/WannaCrypt.A.gen!Eldorado 20190308
DrWeb Trojan.Encoder.11432 20190308
eGambit Trojan.Generic 20190308
Emsisoft Trojan.GenericKD.40267082 (B) 20190308
Endgame malicious (high confidence) 20190215
ESET-NOD32 Win32/Exploit.CVE-2017-0147.A 20190308
F-Prot W32/S-2b52222d!Eldorado 20190308
F-Secure Trojan.TR/AD.DPulsarShellcode.gkqib 20190307
Fortinet W32/WannaCryptor.H!tr.ransom 20190308
GData Win32.Exploit.CVE-2017-0147.A 20190308
Ikarus Trojan-Ransom.WannaCry 20190307
Sophos ML heuristic 20181128
Jiangmin Trojan.Wanna.k 20190307
K7AntiVirus Exploit ( 0050d7a31 ) 20190307
K7GW Exploit ( 0050d7a31 ) 20190307
Kaspersky Trojan-Ransom.Win32.Wanna.m 20190308
MAX malware (ai score=100) 20190308
McAfee GenericRXFL-OG!E1B603BE0715 20190308
McAfee-GW-Edition BehavesLike.Win32.RansomWannaCry.tz 20190307
Microsoft Ransom:Win32/CVE-2017-0147.A 20190307
eScan Trojan.GenericKD.40267082 20190308
NANO-Antivirus Trojan.Win32.Wanna.epxkni 20190308
Palo Alto Networks (Known Signatures) generic.ml 20190308
Panda Trj/Genetic.gen 20190307
Qihoo-360 Win32/Worm.WannaCrypt.W 20190308
Rising Exploit.EternalBlue!1.AAED (CLASSIC) 20190308
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Mal/Wanna-A 20190308
TACHYON Ransom/W32.WannaCry.5267459.DK 20190308
Tencent Trojan-Ransom.Win32.Wanna.m 20190308
TheHacker Trojan/Exploit.CVE-2017-0147.a 20190304
Trapmine malicious.high.ml.score 20190301
TrendMicro-HouseCall Ransom_WCRY.SMALYM 20190308
VBA32 Hoax.Wanna 20190307
VIPRE Trojan.Win32.Generic!BT 20190307
ViRobot Trojan.Win32.WannaCry.5267459 20190307
Yandex Exploit.CVE-2017-0147! 20190306
ZoneAlarm by Check Point Trojan-Ransom.Win32.Wanna.m 20190308
AegisLab 20190308
Alibaba 20190306
Avast-Mobile 20190307
Babable 20180918
Bkav 20190307
Cybereason 20190109
Kingsoft 20190308
Malwarebytes 20190308
SUPERAntiSpyware 20190307
Symantec Mobile Insight 20190220
TotalDefense 20190307
Trustlook 20190308
Zoner 20190308
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-05-11 12:21:37
Entry Point 0x000011E9
Number of sections 5
PE sections
Overlays
MD5 693e9af84d3dfcc71e640e005bdc5e2e
File type ASCII text
Offset 5267456
Size 3
Entropy 0.00
PE imports
CreateProcessA
SizeofResource
LoadResource
LockResource
WriteFile
CloseHandle
CreateFileA
FindResourceA
_adjust_fdiv
_initterm
malloc
free
sprintf
PE exports
Number of PE resources by type
W 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2017:05:11 14:21:37+02:00

FileType
Win32 DLL

PEType
PE32

CodeSize
4096

LinkerVersion
6.0

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit, DLL

EntryPoint
0x11e9

InitializedDataSize
5259264

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 e1b603be0715ffe695541115589d1eef
SHA1 9cb4ad3b1831eba37ed57d038dbcb6a70eea95a2
SHA256 8d1ecef30621154b4beb3e098b0076f538ef00c5cbf3c68d3df38b8f04ec4bb2
ssdeep
3072:cV+LydVaND9y/m3aILEVTCW5DgSglPcTcMXaDfldx0dFJtkoeV0XXg6:yE9l9yeqIYVTH5DgSg8ajldktM0XXr

authentihash cec084527a9459076db0c3239bdd3928c2b4654269af58491192b30c842e6485
imphash 2e5708ae5fed0403e8117c645fb23e5b
File size 5.0 MB ( 5267459 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (33.7%)
Win64 Executable (generic) (29.8%)
Microsoft Visual C++ compiled executable (generic) (17.8%)
Win32 Dynamic Link Library (generic) (7.1%)
Win32 Executable (generic) (4.8%)
Tags
exploit cve-2017-0147 pedll overlay

VirusTotal metadata
First submission 2017-10-03 09:06:29 UTC ( 1 year, 5 months ago )
Last submission 2019-02-18 08:54:51 UTC ( 1 month ago )
File names 1539251136257_fbqzh_dionaea-nyc1_e1b603be0715ffe695541115589d1eef
1542956920008_iwdwt_dionaea-fra1_e1b603be0715ffe695541115589d1eef
1549012886022_avamh_dionaea-sgp1_e1b603be0715ffe695541115589d1eef
1544615043542_onefk_dionaea-fra1_e1b603be0715ffe695541115589d1eef
1549093382629_zvapx_dionaea-sgp1_e1b603be0715ffe695541115589d1eef
1545984349134_ypjnf_dionaea-blr1_e1b603be0715ffe695541115589d1eef
1548347083437_gjcat_dionaea-nyc1_e1b603be0715ffe695541115589d1eef
e1b603be0715ffe695541115589d1eef
e1b603be0715ffe695541115589d1eef
8d1ecef30621154b4beb3e098b0076f538ef00c5cbf3c68d3df38b8f04ec4bb2.bin
1549086910226_tsflb_dionaea-nyc1_e1b603be0715ffe695541115589d1eef
e1b603be0715ffe695541115589d1eef
1550479340019_bpigt_dionaea-nyc1_e1b603be0715ffe695541115589d1eef
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!