× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bff770c41be78e146a313a68ad1c80f9a0a4e48b1fb48ad4fb3cb6f7970a7b80
File name: bff770c41be78e146a313a68ad1c80f9a0a4e48b1fb48ad4fb3cb6f7970a7b80
Detection ratio: 55 / 68
Analysis date: 2019-02-03 15:03:03 UTC ( 2 weeks ago ) View latest
Antivirus Result Update
Acronis suspicious 20190130
Ad-Aware Trojan.GenericKD.40267082 20190203
AhnLab-V3 Trojan/Win32.WannaCryptor.R200894 20190203
ALYac Trojan.GenericKD.40267082 20190203
Antiy-AVL Trojan[Ransom]/Win32.Wanna 20190203
Avast Sf:WNCryLdr-A [Trj] 20190203
AVG Sf:WNCryLdr-A [Trj] 20190203
Avira (no cloud) TR/Ransom.Gen 20190203
Baidu Win32.Worm.Rbot.a 20190202
BitDefender Trojan.GenericKD.40267082 20190203
CAT-QuickHeal Ransom.WannaCrypt.A4 20190203
ClamAV Win.Ransomware.WannaCry-6313787-0 20190203
CMC Trojan-Ransom.Win32.Wanna!O 20190203
Comodo Malware@#y0f2zbur23hr 20190203
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181023
Cylance Unsafe 20190203
Cyren W32/WannaCrypt.A.gen!Eldorado 20190203
DrWeb Trojan.Encoder.11432 20190203
eGambit Trojan.Generic 20190203
Emsisoft Trojan.GenericKD.40267082 (B) 20190203
Endgame malicious (high confidence) 20181108
ESET-NOD32 Win32/Exploit.CVE-2017-0147.A 20190203
F-Prot W32/S-2b52222d!Eldorado 20190203
F-Secure Trojan.GenericKD.40267082 20190203
Fortinet W32/Wanna.M!tr 20190201
GData Win32.Exploit.CVE-2017-0147.A 20190203
Sophos ML heuristic 20181128
K7AntiVirus Exploit ( 0050d7a31 ) 20190203
K7GW Exploit ( 0050d7a31 ) 20190203
Kaspersky Trojan-Ransom.Win32.Wanna.m 20190203
Malwarebytes Ransom.WannaCrypt 20190203
MAX malware (ai score=100) 20190203
McAfee GenericRXFL-OG!A81E9F930D66 20190203
McAfee-GW-Edition BehavesLike.Win32.RansomWannaCry.tm 20190203
Microsoft Ransom:Win32/CVE-2017-0147.A 20190203
eScan Trojan.GenericKD.40267082 20190203
NANO-Antivirus Trojan.Win32.Wanna.epxkni 20190203
Palo Alto Networks (Known Signatures) generic.ml 20190203
Panda Trj/Genetic.gen 20190203
Qihoo-360 Win32/Worm.WannaCrypt.W 20190203
Rising Ransom.Wanna!8.E7B2 (TFE:dGZlOgUxA5JDnJz0dA) 20190203
SentinelOne (Static ML) static engine - malicious 20190124
Sophos AV Mal/Wanna-A 20190203
Symantec Ransom.Wannacry 20190203
TACHYON Ransom/W32.WannaCry.5267459 20190203
Tencent Win32.Trojan.Ransomlocker.Lkxi 20190203
TheHacker Trojan/Exploit.CVE-2017-0147.a 20190131
Trapmine malicious.high.ml.score 20190123
TrendMicro-HouseCall Ransom_WCRY.SMALYM 20190203
VBA32 Hoax.Wanna 20190201
ViRobot Trojan.Win32.WannaCry.5267459 20190203
Webroot W32.Trojan.Gen 20190203
Yandex Exploit.CVE-2017-0147! 20190201
Zillya Exploit.CVE.Win32.1764 20190201
ZoneAlarm by Check Point Trojan-Ransom.Win32.Wanna.m 20190203
AegisLab 20190203
Alibaba 20180921
Arcabit 20190203
Avast-Mobile 20190203
Babable 20180918
Bkav 20190201
Cybereason 20190109
Jiangmin 20190203
Kingsoft 20190203
SUPERAntiSpyware 20190130
TotalDefense 20190203
TrendMicro 20190203
Trustlook 20190203
Zoner 20190202
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-05-11 12:21:37
Entry Point 0x000011E9
Number of sections 5
PE sections
Overlays
MD5 693e9af84d3dfcc71e640e005bdc5e2e
File type ASCII text
Offset 5267456
Size 3
Entropy 0.00
PE imports
CreateProcessA
SizeofResource
LoadResource
LockResource
WriteFile
CloseHandle
CreateFileA
FindResourceA
_adjust_fdiv
_initterm
malloc
free
sprintf
PE exports
Number of PE resources by type
W 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2017:05:11 05:21:37-07:00

FileType
Win32 DLL

PEType
PE32

CodeSize
4096

LinkerVersion
6.0

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit, DLL

EntryPoint
0x11e9

InitializedDataSize
5259264

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 a81e9f930d6699f3fbb9c23a31b553a0
SHA1 098e433137bdd43c22da95398e7f000cb30cc4fd
SHA256 bff770c41be78e146a313a68ad1c80f9a0a4e48b1fb48ad4fb3cb6f7970a7b80
ssdeep
98304:nHqPoBheh1aRxcSUDk36SAEdhvxWa9P5:nHqPhh1Cxcxk3ZAEUad

authentihash 36a8fb5c17a6c6cf85c96c4f0d515cb276dc2e34252fd87a163b2cc8a7db3532
imphash 2e5708ae5fed0403e8117c645fb23e5b
File size 5.0 MB ( 5267459 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (33.7%)
Win64 Executable (generic) (29.8%)
Microsoft Visual C++ compiled executable (generic) (17.8%)
Win32 Dynamic Link Library (generic) (7.1%)
Win32 Executable (generic) (4.8%)
Tags
exploit cve-2017-0147 pedll overlay

VirusTotal metadata
First submission 2018-02-14 19:13:52 UTC ( 1 year ago )
Last submission 2019-02-13 15:41:40 UTC ( 4 days ago )
File names 1543636917189_ulnmv_dionaea-nyc1_a81e9f930d6699f3fbb9c23a31b553a0
1549016054065_yxosu_dionaea-nyc1_a81e9f930d6699f3fbb9c23a31b553a0
a81e9f930d6699f3fbb9c23a31b553a0
1545500602633_ultrh_dionaea-blr1_a81e9f930d6699f3fbb9c23a31b553a0
1544702671745_nrvfa_dionaea-sgp1_a81e9f930d6699f3fbb9c23a31b553a0
a81e9f930d6699f3fbb9c23a31b553a0
a81e9f930d6699f3fbb9c23a31b553a0
1550072466166_ccirr_dionaea-nyc1_a81e9f930d6699f3fbb9c23a31b553a0
a81e9f930d6699f3fbb9c23a31b553a0
1544562258800_jpqob_dionaea-blr1_a81e9f930d6699f3fbb9c23a31b553a0
1546373140172_fhzwg_dionaea-fra1_a81e9f930d6699f3fbb9c23a31b553a0
1539239588390_vxipg_dionaea-nyc1_a81e9f930d6699f3fbb9c23a31b553a0
1546514355321_dhghi_dionaea-blr1_a81e9f930d6699f3fbb9c23a31b553a0
1539377767555_qiiks_dionaea-nyc1_a81e9f930d6699f3fbb9c23a31b553a0
1546401811601_nuwxk_dionaea-nyc1_a81e9f930d6699f3fbb9c23a31b553a0
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!