× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a1e52a400b897766b8caaff87a34f78b6ea0827108c8b6df2f5d0b98ef7892b9
File name: 74e0b6c0690d2f48f2f161344570d3d0
Detection ratio: 54 / 70
Analysis date: 2019-01-10 23:29:07 UTC ( 6 days, 16 hours ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40267082 20190110
AhnLab-V3 Trojan/Win32.WannaCryptor.R200894 20190110
Antiy-AVL Trojan[Ransom]/Win32.Wanna 20190110
Arcabit Trojan.Generic.D2666D4A 20190110
Avast Sf:WNCryLdr-A [Trj] 20190110
AVG Sf:WNCryLdr-A [Trj] 20190110
Avira (no cloud) W32/Virut.Gen 20190110
Baidu Win32.Worm.Rbot.a 20190110
BitDefender Trojan.GenericKD.40267082 20190110
CAT-QuickHeal Ransom.WannaCrypt.S1670344 20190110
ClamAV Win.Ransomware.WannaCry-6313787-0 20190110
CMC Virus.Win32.Virut.1!O 20190110
Comodo TrojWare.Win32.Ransom.WannaCry.AB@75ge5e 20190110
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181023
Cylance Unsafe 20190111
Cyren W32/WannaCrypt.A.gen!Eldorado 20190110
DrWeb Trojan.Encoder.11432 20190110
eGambit Trojan.Generic 20190111
Emsisoft Trojan.GenericKD.40267082 (B) 20190110
Endgame malicious (high confidence) 20181108
ESET-NOD32 Win32/Exploit.CVE-2017-0147.A 20190110
F-Prot W32/S-2b52222d!Eldorado 20190110
F-Secure Trojan.GenericKD.40267082 20190110
Fortinet W32/Wanna.M!tr.ransom 20190110
GData Win32.Exploit.CVE-2017-0147.A 20190110
Ikarus Trojan-Ransom.WannaCry 20190110
Sophos ML heuristic 20181128
Jiangmin Trojan.Wanna.k 20190110
K7AntiVirus Exploit ( 0050d7a31 ) 20190110
K7GW Exploit ( 0050d7a31 ) 20190110
Kaspersky Trojan-Ransom.Win32.Wanna.m 20190110
Malwarebytes Ransom.WannaCrypt 20190110
MAX malware (ai score=80) 20190111
McAfee Ransom-WannaCry!74E0B6C0690D 20190110
McAfee-GW-Edition BehavesLike.Win32.RansomWannaCry.tm 20190110
Microsoft Ransom:Win32/CVE-2017-0147.A 20190110
eScan Trojan.GenericKD.40267082 20190110
NANO-Antivirus Trojan.Win32.Wanna.epxkni 20190110
Panda Trj/Genetic.gen 20190110
Qihoo-360 HEUR/QVM26.1.76A5.Malware.Gen 20190111
Rising Ransom.Wanna!8.E7B2 (TFE:dGZlOgUxA5JDnJz0dA) 20190110
SentinelOne (Static ML) static engine - malicious 20181223
Sophos AV Mal/Wanna-A 20190110
Symantec Ransom.Wannacry 20190110
Tencent Trojan-Ransom.Win32.Wanna.m 20190111
TheHacker Trojan/Exploit.CVE-2017-0147.a 20190106
Trapmine malicious.high.ml.score 20190103
TrendMicro Ransom_WCRY.SMALYM 20190110
TrendMicro-HouseCall Ransom_WCRY.SMALYM 20190110
VBA32 Hoax.Wanna 20190110
ViRobot Trojan.Win32.WannaCry.5267459 20190110
Webroot W32.Trojan.Gen 20190111
Yandex Exploit.CVE-2017-0147! 20190110
ZoneAlarm by Check Point Trojan-Ransom.Win32.Wanna.m 20190110
Acronis 20190110
AegisLab 20190110
Alibaba 20180921
Avast-Mobile 20190110
AVware 20180925
Babable 20180918
Bkav 20190108
Cybereason 20190109
Kingsoft 20190111
Palo Alto Networks (Known Signatures) 20190111
SUPERAntiSpyware 20190109
TACHYON 20190110
TotalDefense 20190110
Trustlook 20190111
VIPRE 20190110
Zillya 20190110
Zoner 20190110
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-05-11 12:21:37
Entry Point 0x000011E9
Number of sections 5
PE sections
Overlays
MD5 693e9af84d3dfcc71e640e005bdc5e2e
File type ASCII text
Offset 5267456
Size 3
Entropy 0.00
PE imports
CreateProcessA
SizeofResource
LoadResource
LockResource
WriteFile
CloseHandle
CreateFileA
FindResourceA
_adjust_fdiv
_initterm
malloc
free
sprintf
PE exports
Number of PE resources by type
W 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2017:05:11 14:21:37+02:00

FileType
Win32 DLL

PEType
PE32

CodeSize
4096

LinkerVersion
6.0

FileTypeExtension
dll

InitializedDataSize
5259264

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit, DLL

EntryPoint
0x11e9

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 74e0b6c0690d2f48f2f161344570d3d0
SHA1 ce34ca7194b53809c4de674e653501770d9343b1
SHA256 a1e52a400b897766b8caaff87a34f78b6ea0827108c8b6df2f5d0b98ef7892b9
ssdeep
49152:4nAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAA:oDqPoBhz1aRxcSUDk36SA

authentihash 2318379fa549a68d68e96970e56ab21dedecee81477845fc11965ed78ef59a4c
imphash 2e5708ae5fed0403e8117c645fb23e5b
File size 5.0 MB ( 5267459 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
honeypot cve-2017-0147 exploit pedll overlay

VirusTotal metadata
First submission 2019-01-10 23:29:07 UTC ( 6 days, 16 hours ago )
Last submission 2019-01-10 23:29:07 UTC ( 6 days, 16 hours ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!