MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 40916f54c402abf22b13fa86ffc65a9a88ebc005ab10421fcdd39d9750e75b8d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


WannaCry


Vendor detections: 16


Intelligence 16 IOCs YARA 7 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 40916f54c402abf22b13fa86ffc65a9a88ebc005ab10421fcdd39d9750e75b8d
SHA3-384 hash: 3cbc19c1c1f5aa8a68ef77e61abbfc68620507e9cd62484e4eef75471e9103072d00a0c198331ccad04a07c146e5a66a
SHA1 hash: e4055c5a34cd1c121b347d5a5cdafb09361dacdd
MD5 hash: 4c50e407de345c5544d27fa28315519a
humanhash: lake-rugby-equal-lake
File name:4c50e407de345c5544d27fa28315519a
Download: download sample
Signature WannaCry
Create hunting rule
File size:5'267'459 bytes
First seen:2025-09-24 23:41:09 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 2e5708ae5fed0403e8117c645fb23e5b (1'108 x WannaCry, 7 x Worm.Virut, 2 x Expiro)
ssdeep 49152:RnnMSPbcBVQej/1INRx+TSqTdcHkQWRdhnv:1nPoBhz1aRxcSUgkzdhv
Threatray 1'061 similar samples on MalwareBazaar
TLSH T15836239931BC92FCD2092AB4947BCE23E2B37C7961FD6A0B9B4085751C03B56B790B53
TrID 37.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
20.0% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
12.7% (.EXE) Win64 Executable (generic) (10522/11/4)
7.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
6.1% (.EXE) Win16 NE executable (generic) (5038/12/1)
Magika pebin
Reporter malcoding
Tags:dll WannaCry

Intelligence

File Origin
# of uploads :
1
# of downloads :
254
Origin country :
US US
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/28879/
Detection(s):
no reply from clamd
Create hunting rule

Verdict:
Malicious
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68d54ab71e4783989051e8ca
Tags:
wannacry madi
Result
Verdict:
Malware
Maliciousness:
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
cmd crypto crypto lolbin microsoft_visual_cc overlay overlay packed ransomware smb wanna wannacry wannacry wannacrypt wannacryptor
Link:
https://www.filescan.io/uploads/68d481ad674d5fd6aa0bc42b/reports/403232b1-810d-4abb-af78-c087ad2c80a1/overview
Verdict:
Malicious
Labled as:
CVE-2017-0147
Link:
https://www.hybrid-analysis.com/sample/40916f54c402abf22b13fa86ffc65a9a88ebc005ab10421fcdd39d9750e75b8d
Verdict:
Malicious
File Type:
dll x32
First seen:
2018-06-02T11:06:00Z UTC
Last seen:
2018-06-02T11:06:00Z UTC
Hits:
~10
Detections:
Trojan-Ransom.Win32.Wanna.sb Trojan-Ransom.Win32.Wanna.m Trojan.Win32.Eb.a HEUR:Worm.Win32.Generic HEUR:Trojan.Win32.EquationDrug.gen HEUR:Exploit.Win32.MS17-010.gen Trojan-Ransom.Wanna.UDP.C&C PDM:Trojan.Win32.Generic Exploit.Win32.MS17-010.kpn Trojan-Ransom.Win32.Wanna.apno Trojan.Win32.EquationDrug.sb Trojan.Win32.Eb.b HEUR:Trojan-Ransom.Win32.Wanna.gen
Link:
https://opentip.kaspersky.com/40916f54c402abf22b13fa86ffc65a9a88ebc005ab10421fcdd39d9750e75b8d/results?tab=lookup
Malware family:
Mimikatz
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/c3a33207-5635-4c80-9e20-449bfed52319
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/40916f54c402abf22b13fa86ffc65a9a88ebc005ab10421fcdd39d9750e75b8d
Verdict:
inconclusive
YARA:
5 match(es)
Tags:
Executable PE (Portable Executable) PE Memory-Mapped (Dump)
Link:
https://app.malva.re/file/4c50e407de345c5544d27fa28315519a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/40916f54c402abf22b13fa86ffc65a9a88ebc005ab10421fcdd39d9750e75b8d/
Verdict:
Malicious
Threat:
Family.WANNACRY
Link:
https://tip.neiki.dev/file/40916f54c402abf22b13fa86ffc65a9a88ebc005ab10421fcdd39d9750e75b8d
Threat name:
Win32.Ransomware.WannaCry
Create hunting rule
Status:
Malicious
First seen:
2018-05-11 20:06:24 UTC
File Type:
PE (Dll)
Extracted files:
3
AV detection:
35 of 38 (92.11%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=iciw6vgeakv7ekyt7kdp7rs2tkeoxqafvmieeh6n2oozouhhlogq._file
Verdict:
malicious
Label(s):
wannacryptor
Create hunting rule
Similar samples:
016b40a769d4d34da8cdf3bf08a166c3243b659c31c152d3c0899993a7aa8f07
WannaCry
0ca55fe01cf52696f424100ee6de4e8dd262ce1c83257d22bc3edc42c30fb944
WannaCry
0f1516a8c0600c59defcf96c87c27de6a81e732ecb2f64b5e48904c31ab2cbb2
WannaCry
3befcb73c9497db265428aa3dc0b0692fa5722344d4a772b25973e244b085266
WannaCry
499e277bcb0c1712223fe211751a00e56a9ab6580e96e27128877615aca811cb
WannaCry
540749acd2da3530292fed430ee05bd8752bd4f40499b987da31a24e67959352
WannaCry
8b51945ada866301cd583744f4363bbeac1b7ec84ee78c0135824a2dc57f7244
WannaCry
9782298315b127534cfb24720e76e4cc946f71a72126da11f9bcb738b94d6b49
WannaCry
b10225bfe75854f01b5f9aea098c2fde6f5fdc543f2a81aadafe389ae9a1dc94
WannaCry
error
WannaCry
f2cf2c68920d3812d76104aa8388cfa07934c53a39e8f48e098a282ddccbfbcf
WannaCry
+ 1'051 additional samples on MalwareBazaar
Result
Malware family:
wannacry
Create hunting rule
Score:
  10/10
Tags:
family:wannacry discovery ransomware worm
Link:
https://tria.ge/reports/250924-3pqvsszpv3/
Behaviour
Modifies data under HKEY_USERS
Suspicious use of WriteProcessMemory
Program crash
System Location Discovery: System Language Discovery
Drops file in Windows directory
Creates a large amount of network flows
Executes dropped EXE
Contacts a large (3358) amount of remote hosts
Wannacry
Wannacry family
Unpacked files
SH256 hash:
40916f54c402abf22b13fa86ffc65a9a88ebc005ab10421fcdd39d9750e75b8d
MD5 hash:
4c50e407de345c5544d27fa28315519a
SHA1 hash:
e4055c5a34cd1c121b347d5a5cdafb09361dacdd
Detections:
WannaCry
Create hunting rule
Link:
https://www.unpac.me/results/80bb4a08-c2af-4800-b0ce-107234de83b5/
SH256 hash:
daddca24bd07407f5c1e2b4639101c29c6aa81795239528dd403ce6de318c96a
MD5 hash:
ae688f5768dd2fe66ff047fc0111566b
SHA1 hash:
3fa5090ec13fc30dc561edc91486d60bae66754a
Detections:
WannaCry
Create hunting rule
ransomware_windows_wannacry
Create hunting rule
WannaCry_Ransomware
Create hunting rule
WannaCry_Ransomware_Gen
Create hunting rule
Link:
https://www.unpac.me/results/80bb4a08-c2af-4800-b0ce-107234de83b5/
SH256 hash:
0148dbfdc337ff5e2336d30ff70a7773654d4ee35abae07cb1fbf8e535bc1880
MD5 hash:
c7d08f76b56c9c49cecd83e3ab46c0de
SHA1 hash:
5e96b2a29fc1e813529d8bbd87f744afbca2134e
Detections:
WannaCry
Create hunting rule
ransomware_windows_wannacry
Create hunting rule
WannaCry_Ransomware
Create hunting rule
Link:
https://www.unpac.me/results/80bb4a08-c2af-4800-b0ce-107234de83b5/
Parent samples :
62c9a15ea404a7c537028bcabcb5753c0e6c535981c38eef417e6db0611f3eb7
8d0c9d2e438f33dd7806ed8017baa1f114b6157f9f0eb1fb5d3b59351609120c
c5eeafb62d5b0fce524e12ad5a94f7e221636dc1bfc8622c8d7e0e61bc0950f8
89f0d1195df4ff42f0d0ff7726474b2ad6a135cbc78f255ff89b19903459bc67
1fc5e4c8809b39d79324848bceac749000ea572d050c81275ae3053a83ba7d12
40916f54c402abf22b13fa86ffc65a9a88ebc005ab10421fcdd39d9750e75b8d
2bfb9742d15e8c2d1e01defd46d2f09e1d758e68e49a7c1c5dc1a4557b311c7d
Malware family:
WannaCry
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/40916f54c402/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/40916f54c402abf22b13fa86ffc65a9a88ebc005ab10421fcdd39d9750e75b8d

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Armadillov1xxv2xx
Create hunting rule
Author:malware-lu
Rule name:CP_AllMal_Detector
Create hunting rule
Author:DiegoAnalytics
Description:CrossPlatform All Malwares Detector: Detect PE, ELF, Mach-O, scripts, archives; overlay, obfuscation, encryption, spoofing, hiding, high entropy, network communication
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:malware_shellcode_hash
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:detect shellcode api hash value
Rule name:SUSP_Imphash_Mar23_2
Create hunting rule
Author:Arnim Rupp (https://github.com/ruppde)
Description:Detects imphash often found in malware samples (Zero hits with with search for 'imphash:x p:0' on Virustotal)
Reference:Internal Research
Rule name:WannaCry_Ransomware
Create hunting rule
Author:Florian Roth (Nextron Systems) (with the help of binar.ly)
Description:Detects WannaCry Ransomware
Reference:https://goo.gl/HG2j5T

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/28879/

Comments