MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2bfb9742d15e8c2d1e01defd46d2f09e1d758e68e49a7c1c5dc1a4557b311c7d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

WannaCry

Vendor detections: 14

Intelligence 14 IOCs YARA 4 File information Comments

SHA256 hash:	2bfb9742d15e8c2d1e01defd46d2f09e1d758e68e49a7c1c5dc1a4557b311c7d
SHA3-384 hash:	cd5d04f8930a82c405ed5b5916e654599969b76f100c3fc6ed151a00f717282fc3dee7eaf9c41b5ffd5b28651c0e0bc2
SHA1 hash:	a5a71a601c41d8346a7279ec292fdbdc8dffea16
MD5 hash:	843b7d700d01adeb4eddeaaed20eae05
humanhash:	comet-single-mockingbird-fish
File name:	2bfb9742d15e8c2d1e01defd46d2f09e1d758e68e49a7c1c5dc1a4557b311c7d
Download:	download sample
Signature	WannaCry Create hunting rule
File size:	5'298'176 bytes
First seen:	2026-06-02 04:15:12 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	0cdadfa1098d845dd3b4cf92625b5f04 (48 x WannaCry)
ssdeep	49152:jnsnnMSPbcBVtRx+TSqTdX1HkQo6SAARdhnv:DMnPoB7RxcSUDk36SAEdhv
Threatray	1'075 similar samples on MalwareBazaar
TLSH	T19D36235932B881FCD1061874C4B78D22F3B37CBA52FE5B0F9B9049692E53B91B760B52
TrID	39.7% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 21.0% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 8.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 8.3% (.EXE) Win64 Executable (generic) (6522/11/2) 6.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
Magika	pebin
Reporter	pawscobbler
Tags:	dionaea exe WannaCry

pawscobbler

Captured by Dionaea honeypot automation

Intelligence

File Origin

# of uploads :

# of downloads :

199

Origin country :

Vendor Threat Intelligence

No detections

Malware family:

n/a

ID:

File name:

exe

Verdict:

No threats detected

Analysis date:

2026-06-02 04:17:26 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/23e74d99-c82e-45c2-a107-16b4823c6dfb

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/68747/

Verdict:

Malicious

Score:

97.4%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6a1e58ed5a2e3b5e58e5324d

Tags:

ransomware shellcode wannacry

Result

Verdict:

Malware

Maliciousness:

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-debug base64 cmd crypto lolbin microsoft_visual_cc obfuscated overlay overlay packed packed ransomware ransomware smb wannacry

Link:

https://www.filescan.io/uploads/6a1e58e6099ef368af14f193/reports/3fbd4cb0-f07e-4be0-9ffb-e33aa825d110/overview

Verdict:

Malicious

Labled as:

CVE-2017-0147

Link:

https://www.hybrid-analysis.com/sample/2bfb9742d15e8c2d1e01defd46d2f09e1d758e68e49a7c1c5dc1a4557b311c7d

Verdict:

Malicious

File Type:

dll x64

First seen:

2018-11-08T09:33:00Z UTC

Last seen:

2021-04-14T01:42:00Z UTC

Hits:

~10

Detections:

Exploit.Win32.MS17-010.kpn Trojan.Win32.Eb.a HEUR:Trojan.Win32.EquationDrug.gen HEUR:Trojan-Ransom.Win32.Wanna.gen HEUR:Exploit.Win32.MS17-010.gen Exploit.Win32.MS17-010.cb Trojan.Win32.Eb.b Trojan.Win32.EquationDrug.sb Trojan.Win32.Eb.s Trojan-Ransom.Win32.Wanna.sb Trojan-Ransom.Win32.Wanna.ak Trojan-Ransom.Win32.Wanna.apno HEUR:Worm.Win32.Generic Exploit.Win32.MS17-010.bf Trojan-Ransom.Win32.Wanna.m

Link:

https://opentip.kaspersky.com/2bfb9742d15e8c2d1e01defd46d2f09e1d758e68e49a7c1c5dc1a4557b311c7d/results?tab=lookup

Malware family:

Mimikatz

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/056d8ce9-80c0-4da2-86fe-1e6def117f38

Score:

78%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/2bfb9742d15e8c2d1e01defd46d2f09e1d758e68e49a7c1c5dc1a4557b311c7d

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/2bfb9742d15e8c2d1e01defd46d2f09e1d758e68e49a7c1c5dc1a4557b311c7d/

Verdict:

Malicious

Threat:

Family.WANNACRY

Link:

https://tip.neiki.dev/file/2bfb9742d15e8c2d1e01defd46d2f09e1d758e68e49a7c1c5dc1a4557b311c7d

Threat name:

Win64.Ransomware.WannaCry

Status:

Malicious

First seen:

2026-06-02 04:15:48 UTC

File Type:

PE+ (Dll)

Extracted files:

AV detection:

28 of 36 (77.78%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=fp5zoqwrl2gc2hqb336unuxqtyoxldti4snhyhc5ygsfk6zrdr6q._file

Verdict:

malicious

Label(s):

wannacryptor

WannaCry

85b9eb097c475325269c7146cc3052734ec2cdf4a79b7feb67b184ab725923fc

WannaCry

9487edf9b75f4c15e3ba6ccbae23588ee3dc9c4983417f1b469278af17fc3847

WannaCry

9e0e61dfd8783dce6bde57af2ad4c892f481149426b229ecfe20242ae6b88974

WannaCry

error

WannaCry

+ 1'065 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/260602-evjfxadw8z/

Unpacked files

SH256 hash:

2bfb9742d15e8c2d1e01defd46d2f09e1d758e68e49a7c1c5dc1a4557b311c7d

MD5 hash:

843b7d700d01adeb4eddeaaed20eae05

SHA1 hash:

a5a71a601c41d8346a7279ec292fdbdc8dffea16

Detections:

WannaCry

Link:

https://www.unpac.me/results/abc57e57-248c-49eb-9368-a6020f7ca3e0/

SH256 hash:

0148dbfdc337ff5e2336d30ff70a7773654d4ee35abae07cb1fbf8e535bc1880

MD5 hash:

c7d08f76b56c9c49cecd83e3ab46c0de

SHA1 hash:

5e96b2a29fc1e813529d8bbd87f744afbca2134e

Detections:

WannaCry

Link:

https://www.unpac.me/results/abc57e57-248c-49eb-9368-a6020f7ca3e0/

Parent samples :

62c9a15ea404a7c537028bcabcb5753c0e6c535981c38eef417e6db0611f3eb7
8d0c9d2e438f33dd7806ed8017baa1f114b6157f9f0eb1fb5d3b59351609120c
c5eeafb62d5b0fce524e12ad5a94f7e221636dc1bfc8622c8d7e0e61bc0950f8
89f0d1195df4ff42f0d0ff7726474b2ad6a135cbc78f255ff89b19903459bc67
1fc5e4c8809b39d79324848bceac749000ea572d050c81275ae3053a83ba7d12
40916f54c402abf22b13fa86ffc65a9a88ebc005ab10421fcdd39d9750e75b8d
2bfb9742d15e8c2d1e01defd46d2f09e1d758e68e49a7c1c5dc1a4557b311c7d

SH256 hash:

706d91f56491113c19f2538a2063c20eed1929d92998b4c83a6d4f4c3a7be61c

MD5 hash:

1f4732f11d5ffbe453618e4b772ecd21

SHA1 hash:

a5e6a8f7a007d4277d178641f60945fd93d2c5e4

Detections:

WannaCry

Link:

https://www.unpac.me/results/abc57e57-248c-49eb-9368-a6020f7ca3e0/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/2bfb9742d15e8c2d1e01defd46d2f09e1d758e68e49a7c1c5dc1a4557b311c7d

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset

Rule name:	malware_shellcode_hash Create hunting rule
Author:	JPCERT/CC Incident Response Group
Description:	detect shellcode api hash value

Rule name:	WannaCry_Ransomware Create hunting rule
Author:	Florian Roth (Nextron Systems) (with the help of binar.ly)
Description:	Detects WannaCry Ransomware
Reference:	https://goo.gl/HG2j5T

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/68747/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample