× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 96e5877b9f7e9def4362293fa9ccfc75188e3f75c198c80214820b95febcee9c
File name: d2195ff17f865a339117cd3515abd4f2
Detection ratio: 57 / 69
Analysis date: 2019-01-29 09:42:52 UTC ( 2 weeks, 5 days ago ) View latest
Antivirus Result Update
Acronis suspicious 20190128
Ad-Aware Trojan.GenericKD.40267082 20190129
AhnLab-V3 Trojan/Win32.WannaCryptor.R200894 20190129
ALYac Trojan.GenericKD.40267082 20190129
Antiy-AVL Trojan[Ransom]/Win32.Wanna 20190129
Arcabit Trojan.Generic.D2666D4A 20190129
Avast Sf:WNCryLdr-A [Trj] 20190129
AVG Sf:WNCryLdr-A [Trj] 20190129
Avira (no cloud) TR/Ransom.Gen 20190129
Baidu Win32.Worm.Rbot.a 20190129
BitDefender Trojan.GenericKD.40267082 20190129
CAT-QuickHeal Ransom.Zenshirsh.SL8 20190128
ClamAV Win.Ransomware.WannaCry-6313787-0 20190129
CMC Trojan-Ransom.Win32.Wanna!O 20190128
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181023
Cylance Unsafe 20190129
Cyren W32/WannaCrypt.A.gen!Eldorado 20190129
DrWeb Trojan.Encoder.11432 20190129
eGambit Trojan.Generic 20190129
Emsisoft Trojan.GenericKD.40267082 (B) 20190129
Endgame malicious (high confidence) 20181108
ESET-NOD32 Win32/Exploit.CVE-2017-0147.A 20190129
F-Prot W32/S-2b52222d!Eldorado 20190129
F-Secure Trojan.GenericKD.40267082 20190129
Fortinet W32/Wanna.M!tr 20190129
GData Win32.Exploit.CVE-2017-0147.A 20190129
Ikarus Trojan-Ransom.WannaCry 20190129
Sophos ML heuristic 20181128
Jiangmin Trojan.Wanna.k 20190129
K7AntiVirus Exploit ( 0050d7a31 ) 20190129
K7GW Exploit ( 0050d7a31 ) 20190129
Kaspersky Trojan-Ransom.Win32.Wanna.m 20190129
Malwarebytes Ransom.WannaCrypt 20190129
MAX malware (ai score=83) 20190129
McAfee GenericRXFL-OG!D2195FF17F86 20190129
McAfee-GW-Edition BehavesLike.Win32.Generic.tt 20190129
Microsoft Ransom:Win32/CVE-2017-0147.A 20190129
eScan Trojan.GenericKD.40267082 20190129
NANO-Antivirus Trojan.Win32.Wanna.epxkni 20190129
Panda Trj/Genetic.gen 20190128
Qihoo-360 QVM26.1.Malware.Gen 20190129
Rising Ransom.Wanna!8.E7B2 (TFE:dGZlOgUxA5JDnJz0dA) 20190129
SentinelOne (Static ML) static engine - malicious 20190124
Sophos AV Mal/Wanna-A 20190129
SUPERAntiSpyware Trojan.Agent/Gen-WannaCrypt 20190123
Symantec Ransom.Wannacry 20190129
TACHYON Ransom/W32.WannaCry.5267459.F 20190129
TheHacker Trojan/Exploit.CVE-2017-0147.a 20190125
Trapmine malicious.high.ml.score 20190123
TrendMicro Ransom_WCRY.SMALYM 20190129
TrendMicro-HouseCall Ransom_WCRY.SMALYM 20190129
VBA32 Hoax.Wanna 20190129
ViRobot Trojan.Win32.WannaCry.5267459 20190129
Webroot W32.Trojan.Gen 20190129
Yandex Exploit.CVE-2017-0147! 20190129
Zillya Trojan.GenericKD.Win32.118959 20190128
ZoneAlarm by Check Point Trojan-Ransom.Win32.Wanna.m 20190129
AegisLab 20190129
Alibaba 20180921
Avast-Mobile 20190129
Babable 20180918
Bkav 20190125
Comodo 20190129
Cybereason 20190109
Kingsoft 20190129
Palo Alto Networks (Known Signatures) 20190129
Tencent 20190129
TotalDefense 20190129
Trustlook 20190129
Zoner 20190128
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-05-11 12:21:37
Entry Point 0x000011E9
Number of sections 5
PE sections
Overlays
MD5 693e9af84d3dfcc71e640e005bdc5e2e
File type ASCII text
Offset 5267456
Size 3
Entropy 0.00
PE imports
CreateProcessA
SizeofResource
LoadResource
LockResource
WriteFile
CloseHandle
CreateFileA
FindResourceA
_adjust_fdiv
_initterm
malloc
free
sprintf
PE exports
Number of PE resources by type
W 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2017:05:11 05:21:37-07:00

FileType
Win32 DLL

PEType
PE32

CodeSize
4096

LinkerVersion
6.0

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit, DLL

EntryPoint
0x11e9

InitializedDataSize
5259264

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 d2195ff17f865a339117cd3515abd4f2
SHA1 aa2a4689b23b90d09c73a2e09e1b858a94f00b3f
SHA256 96e5877b9f7e9def4362293fa9ccfc75188e3f75c198c80214820b95febcee9c
ssdeep
49152:MnjQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnv:s8qPoBhz1aRxcSUDk36SAEdhv

authentihash d8ac98d9a59dcaa33311a1b836b55003c9cd122d0acf65ccbb7d0f1bc448a953
imphash 2e5708ae5fed0403e8117c645fb23e5b
File size 5.0 MB ( 5267459 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (33.7%)
Win64 Executable (generic) (29.8%)
Microsoft Visual C++ compiled executable (generic) (17.8%)
Win32 Dynamic Link Library (generic) (7.1%)
Win32 Executable (generic) (4.8%)
Tags
honeypot cve-2017-0147 exploit pedll overlay

VirusTotal metadata
First submission 2019-01-29 09:42:52 UTC ( 2 weeks, 5 days ago )
Last submission 2019-02-02 15:21:47 UTC ( 2 weeks, 1 day ago )
File names 1549120888556_syzgn_dionaea-sgp1_d2195ff17f865a339117cd3515abd4f2
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!