MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 22a49fd2468178e5b33cad08985adde50f0530a33260affc58bee6b2401005a9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 2

Intelligence 2 IOCs YARA File information Comments

SHA256 hash:	22a49fd2468178e5b33cad08985adde50f0530a33260affc58bee6b2401005a9
SHA3-384 hash:	22aeec29c5a180089e85f553535ce5f28f30001d66264418b75e0551b46e645df9b801c8ea1c2697cc20ef776288f497
SHA1 hash:	0ee594c8d687596f68a7b259097fe3296a86e6c4
MD5 hash:	9854723bf668c0303a966f2c282f72ea
humanhash:	monkey-spaghetti-neptune-foxtrot
File name:	wwlib.dll
Download:	download sample
File size:	6'209'536 bytes
First seen:	2020-04-08 10:42:44 UTC
Last seen:	2020-04-08 11:59:51 UTC
File type:	dll
MIME type:	application/x-dosexec
imphash	0b6da67c51876af686f6ec3bc486f883
ssdeep	98304:zjaCsPG1u0FP6abXVnTwAGxllKRtrNlESiT2jOPs+gNmbMVcnRTsUw1ISHEKiN:zjzR1u0FdbXVTElgRtnzJHOM6R4UzSk
Threatray	22 similar samples on MalwareBazaar
TLSH	A356337353691089D1F0C93A9427BDD531F74399CF82B47878EAEAC920679F9E207983
Reporter	Jirehlov
Tags:	dll Ransomware WannaRen

Intelligence

File Origin

# of uploads :

# of downloads :

148

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.Ransom.CDL.359.16001.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Wannaren

Status:

Malicious

First seen:

2020-04-08 03:52:26 UTC

File Type:

PE (Dll)

AV detection:

26 of 30 (86.67%)

Threat level:

5/5

Verdict:

suspicious

3e5bbf9fcae918011ec4eee75ac6402fddf20d09fef95b362d0e226d56b80f1d

4b1a2896d4203f63a22b95186b139b6fc02af494f60e33d796694f70cdb0f429

57cf4470348e3b5da0fa3152be84a81a5e2ce5d794976387be290f528fa419fd

84783081ade87f5a4a1902a275eb66c7fe8ebef9e43cdd2d4527bdb1a5a51f04

89d5d6a0436ed5e2e27c0f9cd1f7fa5b05fa342a082fc5d7ad2439ac75c7bf33

9fdf001f730abe9e97454ce266d79326fb6e7c02fa6f3c16a7bbf5485ef674c4

a3c2207806f9be710f3a1d1cbf1149a708bb080946e2368c8e826f5cef2293e4

a488990c82230074fdf4f22a014a8f05dbb2bdc055c096c4d4a28b3a8055a648

eeff7bc679bb93407730373e791ecfcb9669be2b6dcfafa3a00aed5d4e953b4e

+ 12 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Link

https://www.360.cn/n/11620.html

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
WIN_BASE_API	Uses Win Base API	KERNEL32.dll::LoadLibraryA
WIN_SVC_API	Can Manipulate Windows Services	ADVAPI32.dll::EnumDependentServicesA

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample