× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9a70e18cebf1b4f1cc6c770f887b3677fc1f58d357d5e4683fe1084a2892db9c
File name: 1546142028048_ncoll_dionaea-fra1_4e451b79c763719e4bb90e43e998b7fe
Detection ratio: 59 / 70
Analysis date: 2018-12-30 03:55:57 UTC ( 2 weeks, 4 days ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40267082 20181230
AhnLab-V3 Trojan/Win32.WannaCryptor.R200894 20181229
ALYac Trojan.GenericKD.40267082 20181230
Antiy-AVL Trojan[Ransom]/Win32.Wanna 20181229
Arcabit Trojan.Generic.D2666D4A 20181229
Avast Sf:WNCryLdr-A [Trj] 20181230
AVG Sf:WNCryLdr-A [Trj] 20181230
Avira (no cloud) TR/Ransom.Gen 20181229
Baidu Win32.Worm.Rbot.a 20181207
BitDefender Trojan.GenericKD.40267082 20181230
CAT-QuickHeal Ransom.WannaCrypt.S1670344 20181229
ClamAV Win.Ransomware.WannaCry-6313787-0 20181230
CMC Trojan-Ransom.Win32.Wanna!O 20181229
Comodo TrojWare.Win32.Ransom.WannaCry.AB@75ge5e 20181230
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cylance Unsafe 20181230
Cyren W32/WannaCrypt.A.gen!Eldorado 20181230
DrWeb Trojan.Encoder.11432 20181230
eGambit Trojan.Generic 20181230
Emsisoft Trojan.GenericKD.40267082 (B) 20181230
Endgame malicious (high confidence) 20181108
ESET-NOD32 Win32/Exploit.CVE-2017-0147.A 20181229
F-Prot W32/S-2b52222d!Eldorado 20181230
F-Secure Trojan.GenericKD.40267082 20181230
Fortinet W32/Wanna.M!tr.ransom 20181230
GData Win32.Exploit.CVE-2017-0147.A 20181230
Ikarus Trojan-Ransom.WannaCry 20181229
Sophos ML heuristic 20181128
Jiangmin Trojan.Wanna.k 20181230
K7AntiVirus Exploit ( 0050d7a31 ) 20181230
K7GW Exploit ( 0050d7a31 ) 20181229
Kaspersky Trojan-Ransom.Win32.Wanna.m 20181229
Malwarebytes Ransom.WannaCrypt 20181230
MAX malware (ai score=100) 20181230
McAfee Ransom-WannaCry!4E451B79C763 20181230
McAfee-GW-Edition BehavesLike.Win32.RansomWannaCry.th 20181230
Microsoft Ransom:Win32/CVE-2017-0147.A 20181230
eScan Trojan.GenericKD.40267082 20181230
NANO-Antivirus Trojan.Win32.Wanna.epxkni 20181229
Palo Alto Networks (Known Signatures) generic.ml 20181230
Panda Trj/CI.A 20181229
Qihoo-360 Win32/Worm.WannaCrypt.W 20181230
Rising Ransom.WanaCrypt!1.AAED (C64:YzY0OmipJIH8AO+V) 20181229
SentinelOne (Static ML) static engine - malicious 20181223
Sophos AV Mal/Wanna-A 20181229
Symantec Ransom.Wannacry 20181229
TACHYON Ransom/W32.WannaCry.5267459 20181229
Tencent Trojan-Ransom.Win32.Wanna.m 20181230
TheHacker Trojan/Exploit.CVE-2017-0147.a 20181225
Trapmine malicious.high.ml.score 20181205
TrendMicro Ransom_WCRY.SMALYM 20181229
TrendMicro-HouseCall Ransom_WCRY.SMALYM 20181229
VBA32 Hoax.Wanna 20181229
VIPRE Trojan.Win32.Generic!BT 20181229
ViRobot Trojan.Win32.WannaCry.5267459 20181230
Webroot W32.Ransom.Wannacrypt 20181230
Yandex Exploit.CVE-2017-0147! 20181229
Zillya Exploit.CVE.Win32.1766 20181228
ZoneAlarm by Check Point Trojan-Ransom.Win32.Wanna.m 20181230
Acronis 20181227
AegisLab 20181229
Alibaba 20180921
Avast-Mobile 20181229
Babable 20180918
Bkav 20181227
Cybereason 20180225
Kingsoft 20181230
SUPERAntiSpyware 20181226
Symantec Mobile Insight 20181225
TotalDefense 20181229
Trustlook 20181230
Zoner 20181230
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-05-11 12:21:37
Entry Point 0x000011E9
Number of sections 5
PE sections
Overlays
MD5 693e9af84d3dfcc71e640e005bdc5e2e
File type ASCII text
Offset 5267456
Size 3
Entropy 0.00
PE imports
CreateProcessA
SizeofResource
LoadResource
LockResource
WriteFile
CloseHandle
CreateFileA
FindResourceA
_adjust_fdiv
_initterm
malloc
free
sprintf
PE exports
Number of PE resources by type
W 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2017:05:11 13:21:37+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
4096

LinkerVersion
6.0

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit, DLL

EntryPoint
0x11e9

InitializedDataSize
5259264

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 4e451b79c763719e4bb90e43e998b7fe
SHA1 97c89276df0dec92b33c7e27ed903dbe4921c37a
SHA256 9a70e18cebf1b4f1cc6c770f887b3677fc1f58d357d5e4683fe1084a2892db9c
ssdeep
98304:+DqP4i9yqRxcSUDk36SAEdhvxWa9P593R8yAVp2H:+DqPsSxcxk3ZAEUadzR8yc4H

authentihash 85a772249293a4817a7304a61d50a3a098e81fc0b7ee4ae53b4a8bfd8858c4b3
imphash 2e5708ae5fed0403e8117c645fb23e5b
File size 5.0 MB ( 5267459 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
exploit cve-2017-0147 pedll overlay

VirusTotal metadata
First submission 2017-06-16 13:11:32 UTC ( 1 year, 7 months ago )
Last submission 2018-12-30 03:55:57 UTC ( 2 weeks, 4 days ago )
File names 1543868009806_nwujk_dionaea-nyc1_4e451b79c763719e4bb90e43e998b7fe
1546142028048_ncoll_dionaea-fra1_4e451b79c763719e4bb90e43e998b7fe
smb-0e13z6u7.tmp
1543405597541_zeipy_dionaea-nyc1_4e451b79c763719e4bb90e43e998b7fe
4e451b79c763719e4bb90e43e998b7fe
4e451b79c763719e4bb90e43e998b7fe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!