× Cookie が無効になっています。 このサイトを正しく動作させるには、Cookie を有効にする必要があります
SHA256: 1be0b96d502c268cb40da97a16952d89674a9329cb60bac81a96e01cf7356830
ファイル名: CYBER.exe
検出率: 47 / 61
分析日時: 2017-05-15 13:10:01 UTC (2 ヶ月, 1 週間前) 最新を表示
ウイルス対策ソフト 結果 更新日
Ad-Aware Trojan.GenericKD.5057874 20170515
AegisLab Virus.Malware.Shtk!c 20170515
AhnLab-V3 Trojan/Win32.WannaCryptor.C1951351 20170515
ALYac Trojan.Ransom.WannaCryptor 20170515
Antiy-AVL Trojan[Ransom]/Win32.Wanna 20170515
Arcabit Trojan.Generic.D4D2D52 20170515
Avast Win32:Trojan-gen 20170515
AVG FileCryptor.OYB 20170515
Avira (no cloud) TR/FileCoder.hlwro 20170515
AVware Trojan.Win32.Generic!BT 20170515
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170503
BitDefender Trojan.GenericKD.5057874 20170515
CAT-QuickHeal Trojan.Agent 20170515
ClamAV Win.Ransomware.WannaCry-6313053-0 20170515
Comodo TrojWare.Win32.Ransom.WannaCryptor.a 20170515
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Cyren W32/Trojan.IEZD-7861 20170515
DrWeb Trojan.Encoder.11432 20170515
Emsisoft Trojan.GenericKD.5057874 (B) 20170515
ESET-NOD32 a variant of Win32/Filecoder.WannaCryptor.D 20170515
F-Prot W32/WannaCrypt.O 20170515
F-Secure Trojan.GenericKD.5057874 20170515
Fortinet W32/Filecoder_WannaCryptor.A!tr 20170515
GData Win32.Trojan-Ransom.WannaCry.F 20170515
Ikarus Trojan-Ransom.WanaCrypt 20170515
K7AntiVirus Trojan ( 0050d7171 ) 20170515
K7GW Trojan ( 0050d7171 ) 20170515
Kaspersky Trojan-Ransom.Win32.Wanna.r 20170515
Malwarebytes Ransom.WanaCrypt0r 20170515
McAfee Ransom-O 20170515
McAfee-GW-Edition BehavesLike.Win32.Backdoor.kh 20170515
Microsoft Ransom:Win32/WannaCrypt.A!rsm 20170515
eScan Trojan.GenericKD.5057874 20170515
nProtect Ransom/W32.Wanna.65536 20170515
Palo Alto Networks (Known Signatures) generic.ml 20170515
Panda Trj/RansomCrypt.I 20170514
Rising Malware.Generic.6!tfe (cloud:okhkd3pyewB) 20170515
Sophos AV Mal/Wanna-A 20170515
Symantec Ransom.Wannacry 20170515
Tencent Win32.Trojan.Ransome.wannacry.vvmj 20170515
TrendMicro Ransom_WCRY.J 20170515
TrendMicro-HouseCall Ransom_WCRY.J 20170515
VBA32 Trojan.Filecoder 20170515
VIPRE Trojan.Win32.Generic!BT 20170515
ViRobot Trojan.Win32.S.WannaCry.65536[h] 20170515
Webroot W32.Trojan.GenKD 20170515
ZoneAlarm by Check Point Trojan-Ransom.Win32.Wanna.r 20170515
Alibaba 20170515
Bkav 20170515
CMC 20170515
Endgame 20170503
Sophos ML 20170413
Jiangmin 20170515
Kingsoft 20170515
NANO-Antivirus 20170515
Qihoo-360 20170515
SentinelOne (Static ML) 20170330
SUPERAntiSpyware 20170515
Symantec Mobile Insight 20170514
TheHacker 20170514
Trustlook 20170515
WhiteArmor 20170512
Yandex 20170512
Zillya 20170511
Zoner 20170515
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name kbdlv.dll
Internal name kbdlv (3.13)
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Latvia Keyboard Layout
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-07-14 01:12:55
Entry Point 0x00006CDF
Number of sections 5
PE sections
PE imports
GetTokenInformation
CryptReleaseContext
CryptGetKeyParam
OpenProcessToken
GetUserNameW
FreeSid
CryptExportKey
AllocateAndInitializeSid
CheckTokenMembership
CryptGenRandom
SetEntriesInAclA
GetSecurityInfo
SetSecurityInfo
OpenMutexA
GetLastError
SetCurrentDirectoryW
CopyFileW
EnterCriticalSection
GetFileAttributesA
CreateMutexA
WaitForSingleObject
GetExitCodeProcess
GetCurrentDirectoryA
CopyFileA
GetTickCount
FlushFileBuffers
GetFileAttributesW
LoadLibraryA
DeleteCriticalSection
GetCurrentProcess
GetDriveTypeW
GetWindowsDirectoryW
GetFileSize
GetDiskFreeSpaceExW
SetFileTime
DeleteFileA
WideCharToMultiByte
MultiByteToWideChar
GetLogicalDrives
CreateDirectoryW
DeleteFileW
CloseHandle
GetTempFileNameW
GetComputerNameW
GetFileTime
InterlockedExchangeAdd
GetFileSizeEx
CreateThread
GetModuleFileNameW
MoveFileExW
SetFilePointer
ReadFile
GlobalFree
InterlockedExchange
WriteFile
FindNextFileW
FindFirstFileW
ExitThread
GetProcAddress
GetFullPathNameA
LocalFree
TerminateProcess
CreateProcessA
InitializeCriticalSection
GetTempPathW
CreateFileW
GlobalAlloc
FindClose
Sleep
SetFileAttributesW
CreateFileA
LeaveCriticalSection
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
?_Xran@std@@YAXXZ
?_Split@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
strncmp
rand
malloc
??0exception@@QAE@ABV0@@Z
_ftol
fread
_wcsnicmp
_wcsicmp
swprintf
fprintf
fopen
_except_handler3
??2@YAPAXI@Z
fwrite
??0exception@@QAE@ABQBD@Z
fclose
wcslen
wcscmp
sprintf
??1exception@@UAE@XZ
??1type_info@@UAE@XZ
_local_unwind2
wcsrchr
_adjust_fdiv
__CxxFrameHandler
srand
wcschr
wcsncpy
??3@YAXPAX@Z
free
wcscat
_CxxThrowException
_wfopen
wcscpy
time
wcsstr
_initterm
SHGetFolderPathW
SystemParametersInfoW
PE exports
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
2

FileVersionNumber
6.1.7600.16385

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
36864

EntryPoint
0x6cdf

OriginalFileName
kbdlv.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2009:07:14 02:12:55+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
kbdlv (3.13)

ProductVersion
6.1.7600.16385

FileDescription
Latvia Keyboard Layout

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
24576

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
dll

ObjectFileType
Dynamic link library

File identification
MD5 f351e1fcca0c4ea05fc44d15a17f8b36
SHA1 7d36a6aa8cb6b504ee9213c200c831eb8d4ef26b
SHA256 1be0b96d502c268cb40da97a16952d89674a9329cb60bac81a96e01cf7356830
ssdeep
768:edWOTdghGl7Lu/qGrN5r5UF9sBaho9S4AJKqBz8MZK8IgpkCamlniZfO:PGdghGleSGh5resN9S4A3jHaqniZfO

authentihash 8724b6fc2b537f63b4afbd50acd63bca4c386b2b8812589812cc028e3b978e93
imphash 95f63d1f0a290b1bf8251e7fdeafd080
File size 64.0 KB ( 65536 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.8%)
Win64 Executable (generic) (31.7%)
Windows screen saver (15.0%)
Win32 Dynamic Link Library (generic) (7.5%)
Win32 Executable (generic) (5.1%)
Tags
attachment pedll via-tor

VirusTotal metadata
First submission 2017-05-12 12:18:50 UTC (2 ヶ月, 2 週間前)
Last submission 2017-07-12 23:27:04 UTC (2 週間前)
ファイル名 wannacrydll.EXE
WcryCoreDll
kbdlv.dll
Main DLL - CYBER1be0b96d502c268cb40da97a16952d89674a9329cb60bac81a96e01cf7356830.EXE
CYBER1be0b96d502c268cb40da97a16952d89674a9329cb60bac81a96e01cf7356830.EXE
localfile~
CYBER1be0b96d502c268cb40da97a16952d89674a9329cb60bac81a96e01cf7356830 (1).EXE
1be0b96d502c268cb40da97a16952d89674a9329cb60bac81a96e01cf7356830.bin
wanacryptor.EXE
wanna1.EXE
CYBER1be0b96d502c268cb40da97a16952d89674a9329cb60bac81a96e01cf7356830.EXE
kbdlv (3.13)
CYBER1be0b96d502c268cb40da97a16952d89674a9329cb60bac81a96e01cf7356830.xxb
1be0b96d502c268cb40da97a16952d89674a9329cb60bac81a96e01cf7356830.EXE
decrypted.dll
68A4j7TKcX
1be0b96d502c268cb40da97a16952d89674a9329cb60bac81a96e01cf7356830 (2).bin
CYBER1be0b96d502c268cb40da97a16952d89674a9329cb60bac81a96e01cf7356830.bin
WannaCry_RansomWare_DLL.EXE
1be0b96d502c268cb40da97a16952d89674a9329cb60bac81a96e01cf7356830.exe
CYBER1be0b96d502c268cb40da97a16952d89674a9329cb60bac81a96e01cf7356830.EXE.infected
cyber1be0b96d502c268cb40da97a16952d89674a9329cb60bac81a96e01cf7356830.exe
=?UTF-8?B?656o7ISs7Juo7Ja0X3dhbm5hY3J5?=
WannaCrypt0r.EXE
CYBER1be0b96d502c268cb40da97a16952d89674a9329cb60bac81a96e01cf7356830.EXE.XXX
Behaviour characterization
Zemana
dll-injection

コメントはありません. この項目について、VirusTotal コミュニティのメンバーはまだ誰もコメントしていません。是非、コメントしてください。

コメントを投稿してください...

?
コメントを投稿

サインインしていません。登録ユーザーのみがコメントを投稿できます。サインインして意見をお聞かせください。

投票はありません. この項目に対してまだ誰も投票していません。是非、投票してください。