× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e91679b1629e591960f240ff74c63ec72f27e585edf07ea2f354f5f605481a44
File name: 06a4ff0d573aadac9b29d1e765fd1cde
Detection ratio: 59 / 70
Analysis date: 2018-12-30 05:52:09 UTC ( 2 weeks, 6 days ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40267082 20181230
AegisLab Trojan.Win32.Wanna.tpxd 20181229
AhnLab-V3 Trojan/Win32.WannaCryptor.R200894 20181229
ALYac Trojan.GenericKD.40267082 20181230
Antiy-AVL Trojan[Ransom]/Win32.Wanna 20181229
Arcabit Trojan.Generic.D2666D4A 20181229
Avast Sf:WNCryLdr-A [Trj] 20181230
AVG Sf:WNCryLdr-A [Trj] 20181230
Avira (no cloud) TR/Ransom.Gen 20181229
Baidu Win32.Worm.Rbot.a 20181207
BitDefender Trojan.GenericKD.40267082 20181230
CAT-QuickHeal Ransom.Zenshirsh.SL8 20181229
ClamAV Win.Ransomware.WannaCry-6313787-0 20181230
CMC Trojan-Ransom.Win32.Wanna!O 20181229
Comodo TrojWare.Win32.Eqtonex.A@7kqnsi 20181230
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cylance Unsafe 20181230
Cyren W32/WannaCrypt.A.gen!Eldorado 20181230
DrWeb Trojan.Encoder.11432 20181230
eGambit Trojan.Generic 20181230
Emsisoft Trojan.GenericKD.40267082 (B) 20181230
Endgame malicious (high confidence) 20181108
ESET-NOD32 Win32/Exploit.CVE-2017-0147.A 20181230
F-Prot W32/S-2b52222d!Eldorado 20181230
F-Secure Trojan.GenericKD.40267082 20181230
Fortinet W32/Wanna.M!tr 20181230
GData Win32.Exploit.CVE-2017-0147.A 20181230
Ikarus Trojan-Ransom.WannaCry 20181229
Sophos ML heuristic 20181128
Jiangmin Trojan.Wanna.k 20181230
K7AntiVirus Exploit ( 0050d7a31 ) 20181230
K7GW Exploit ( 0050d7a31 ) 20181229
Kaspersky Trojan-Ransom.Win32.Wanna.m 20181229
Malwarebytes Ransom.WannaCrypt 20181230
MAX malware (ai score=89) 20181230
McAfee GenericRXFL-OG!06A4FF0D573A 20181230
McAfee-GW-Edition BehavesLike.Win32.RansomWannaCry.tz 20181230
Microsoft Ransom:Win32/CVE-2017-0147.A 20181230
eScan Trojan.GenericKD.40267082 20181230
NANO-Antivirus Trojan.Win32.Wanna.epxkni 20181230
Panda Trj/Genetic.gen 20181229
Qihoo-360 QVM26.1.Malware.Gen 20181230
Rising Ransom.Wanna!8.E7B2 (TFE:dGZlOgUxA5JDnJz0dA) 20181230
SentinelOne (Static ML) static engine - malicious 20181223
Sophos AV Mal/Wanna-A 20181230
SUPERAntiSpyware Trojan.Agent/Gen-WannaCrypt 20181226
Symantec Ransom.Wannacry 20181229
TACHYON Ransom/W32.WannaCry.5267459.AN 20181230
TheHacker Trojan/Exploit.CVE-2017-0147.a 20181230
Trapmine malicious.high.ml.score 20181205
TrendMicro Ransom_WCRY.SMALYM 20181230
TrendMicro-HouseCall Ransom_WCRY.SMALYM 20181230
VBA32 Hoax.Wanna 20181229
VIPRE Trojan.Win32.Generic!BT 20181230
ViRobot Trojan.Win32.WannaCry.5267459 20181230
Webroot W32.Trojan.Gen 20181230
Yandex Exploit.CVE-2017-0147! 20181229
Zillya Trojan.GenericKD.Win32.118959 20181228
ZoneAlarm by Check Point Trojan-Ransom.Win32.Wanna.m 20181230
Acronis 20181227
Alibaba 20180921
Avast-Mobile 20181229
Babable 20180918
Bkav 20181227
Cybereason 20180225
Kingsoft 20181230
Palo Alto Networks (Known Signatures) 20181230
Symantec Mobile Insight 20181225
Tencent 20181230
TotalDefense 20181229
Trustlook 20181230
Zoner 20181230
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-05-11 12:21:37
Entry Point 0x000011E9
Number of sections 5
PE sections
Overlays
MD5 693e9af84d3dfcc71e640e005bdc5e2e
File type ASCII text
Offset 5267456
Size 3
Entropy 0.00
PE imports
CreateProcessA
SizeofResource
LoadResource
LockResource
WriteFile
CloseHandle
CreateFileA
FindResourceA
_adjust_fdiv
_initterm
malloc
free
sprintf
PE exports
Number of PE resources by type
W 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2017:05:11 13:21:37+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
4096

LinkerVersion
6.0

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit, DLL

EntryPoint
0x11e9

InitializedDataSize
5259264

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 06a4ff0d573aadac9b29d1e765fd1cde
SHA1 d8fab10f6d08bdb1127d0a87f744cb00ce02d705
SHA256 e91679b1629e591960f240ff74c63ec72f27e585edf07ea2f354f5f605481a44
ssdeep
24576:MbLguVQhfdmMSirYbcMNgef0QeQjG/D8kIq:MnFQqMSPbcBVQej/

authentihash 7ce190a268aa41f5b8b28568cc758fa8102927bd8ea014fcea1f051013365990
imphash 2e5708ae5fed0403e8117c645fb23e5b
File size 5.0 MB ( 5267459 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
exploit cve-2017-0147 pedll overlay

VirusTotal metadata
First submission 2018-12-30 05:52:09 UTC ( 2 weeks, 6 days ago )
Last submission 2018-12-30 05:52:09 UTC ( 2 weeks, 6 days ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!