× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 925b3acaa3252bf4d660eab22856fff155f3106c2fee7567711cb34374b499f3
File name: WannaCry.exe
Detection ratio: 44 / 68
Analysis date: 2018-08-10 13:13:35 UTC ( 4 months, 1 week ago )
Antivirus Result Update
Ad-Aware Trojan.Ransom.WannaCryptor.J 20180810
AegisLab Trojan.MSIL.Manna.j!c 20180810
AhnLab-V3 Trojan/Win32.FakeWanna.C1954223 20180810
ALYac Misc.Hoax 20180810
Antiy-AVL Trojan[Ransom]/MSIL.Manna 20180810
Arcabit Trojan.Ransom.WannaCryptor.J 20180810
AVware Trojan.Win32.Generic!BT 20180810
BitDefender Trojan.Ransom.WannaCryptor.J 20180810
CAT-QuickHeal Ransom.WannaCry.A3 20180810
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20180723
Cybereason malicious.258b8c 20180225
Cylance Unsafe 20180810
Cyren W32/Ransom.RDYA-2699 20180810
Emsisoft Trojan.Ransom.WannaCryptor.J (B) 20180810
ESET-NOD32 a variant of MSIL/Hoax.FakeFilecoder.N 20180810
F-Secure Trojan.Ransom.WannaCryptor.J 20180810
Fortinet W32/WannaCryptor.A!tr 20180810
GData MSIL.Application.FakeWannaCry.B 20180810
Ikarus Trojan-Ransom.WannaCry 20180810
Jiangmin Trojan.MSIL.gdez 20180810
K7AntiVirus Riskware ( 0040eff71 ) 20180810
K7GW Riskware ( 0040eff71 ) 20180810
Kaspersky Trojan-Ransom.MSIL.Manna.a 20180810
MAX malware (ai score=100) 20180810
McAfee Ransom-WannaCry!24F32DA258B8 20180810
McAfee-GW-Edition Ransom-WannaCry!24F32DA258B8 20180810
Microsoft Ransom:Win32/WannaCrypt 20180810
eScan Trojan.Ransom.WannaCryptor.J 20180810
NANO-Antivirus Trojan.Win32.Ransom.epbzou 20180810
Palo Alto Networks (Known Signatures) generic.ml 20180810
Panda Trj/GdSda.A 20180810
Qihoo-360 Trojan.Generic 20180810
Rising Ransom.Manna!8.E7C3 (CLOUD) 20180810
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Troj/FakeWana-A 20180810
Symantec Ransom.Wannacry 20180810
Tencent Win32.Trojan.Wannacry.Xxgc 20180810
TrendMicro TROJ_FRS.0NA003EH17 20180810
TrendMicro-HouseCall TROJ_FRS.0NA003EH17 20180810
VBA32 Hoax.MSIL.Manna 20180810
VIPRE Trojan.Win32.Generic!BT 20180810
ViRobot Hoax.WannaCry.812544 20180810
Webroot W32.Trojan.Ransom.WannaCryptor 20180810
ZoneAlarm by Check Point Trojan-Ransom.MSIL.Manna.a 20180810
Alibaba 20180713
Avast 20180810
Avast-Mobile 20180810
AVG 20180810
Avira (no cloud) 20180810
Babable 20180725
Baidu 20180810
Bkav 20180810
ClamAV 20180810
CMC 20180810
Comodo 20180810
DrWeb 20180810
eGambit 20180810
Endgame 20180730
F-Prot 20180810
Sophos ML 20180717
Kingsoft 20180810
Malwarebytes 20180810
SUPERAntiSpyware 20180810
Symantec Mobile Insight 20180809
TACHYON 20180810
TheHacker 20180807
TotalDefense 20180810
Trustlook 20180810
Yandex 20180810
Zillya 20180809
Zoner 20180810
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2017

Product WindowsFormsApp7
Original name WannaCry.exe
Internal name WannaCry.exe
File version 1.0.0.0
Description WindowsFormsApp7
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-05-14 14:00:08
Entry Point 0x00099082
Number of sections 3
.NET details
Module Version ID 48f46fa3-0c88-4912-822a-99da3414e7a4
TypeLib ID 9e33c9d1-a89a-438a-96a8-6045f9ddcb39
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 10
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 13
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
48.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
WindowsFormsApp7

ImageFileCharacteristics
Executable, Large address aware

CharacterSet
Unicode

InitializedDataSize
193024

EntryPoint
0x99082

OriginalFileName
WannaCry.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2017

FileVersion
1.0.0.0

TimeStamp
2017:05:14 15:00:08+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
WannaCry.exe

ProductVersion
1.0.0.0

SubsystemVersion
6.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
619008

ProductName
WindowsFormsApp7

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

File identification
MD5 24f32da258b8c42c71abfb7577fb35a8
SHA1 762764822ea195640455e0cef916a0772db58686
SHA256 925b3acaa3252bf4d660eab22856fff155f3106c2fee7567711cb34374b499f3
ssdeep
12288:acKRDx4AAluXBMxhgui+Hr4FF14tFGRD:FKR8Q+gui+Hr43KGR

authentihash 84147d76bcc5b11c98a003d7d12e20ac4d4735630fc035ccbe2587c3093ed1bc
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 793.5 KB ( 812544 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (81.0%)
Win32 Dynamic Link Library (generic) (7.2%)
Win32 Executable (generic) (4.9%)
OS/2 Executable (generic) (2.2%)
Generic Win/DOS Executable (2.2%)
Tags
peexe assembly

VirusTotal metadata
First submission 2017-05-14 15:57:30 UTC ( 1 year, 7 months ago )
Last submission 2017-05-16 12:13:33 UTC ( 1 year, 7 months ago )
File names 183571869.exe
WannaCry.exe
366182108.exe
1.exe
95579890.exe
213784489.exe
244955558.exe
204488124.exe
925b3acaa3252bf4d660eab22856fff155f3106c2fee7567711cb34374b499f3.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!