MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4c0aad4c85da91d98dfd73d58f1d2cfb5bff74a8464115f8107751905f75ca03. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


WannaCry


Vendor detections: 15


Intelligence 15 IOCs YARA 6 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4c0aad4c85da91d98dfd73d58f1d2cfb5bff74a8464115f8107751905f75ca03
SHA3-384 hash: c9484a5dc022fb5cdf09afb489316e1cc2c887570fd6227792b6d675e352ff9bffc77ab807c3116e9fc8fc2a4e96d1d1
SHA1 hash: dabcf014369a7f5017192e2a538358889ee850f7
MD5 hash: abff406810ad2584ad14c68092983e9c
humanhash: pizza-moon-montana-finch
File name:4c0aad4c85da91d98dfd73d58f1d2cfb5bff74a8464115f8107751905f75ca03.dll
Download: download sample
Signature WannaCry
Create hunting rule
File size:5'267'459 bytes
First seen:2026-06-24 15:53:51 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 2e5708ae5fed0403e8117c645fb23e5b (1'119 x WannaCry, 7 x Worm.Virut, 2 x Expiro)
ssdeep 49152:RnOMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnv:1OPoBhz1aRxcSUDk36SAEdhv
Threatray 1'603 similar samples on MalwareBazaar
TLSH T16136339A71BC81F8D205297484AB8E03F2B27C6A25FA6A0FDF4049752D53F56F790B43
TrID 39.7% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
21.0% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
8.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
8.3% (.EXE) Win64 Executable (generic) (6522/11/2)
6.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
Magika pebin
Reporter kejult
Tags:dll WannaCry


Avatar
Kejult
Found on Honeypot on 24.06.2026

Intelligence

File Origin
# of uploads :
1
# of downloads :
162
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/71864/
Verdict:
Malicious
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a3bfdbc86bc95245bf92adc
Tags:
ransomware shellcode virus madi
Result
Verdict:
Malware
Maliciousness:
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug base64 cmd crypto lolbin microsoft_visual_cc obfuscated overlay overlay packed packed ransomware ransomware smb wannacry
Link:
https://www.filescan.io/uploads/6a3bfdb4a419cb85d28f33c0/reports/fcaddb7a-56ae-4102-9b87-f91d0f560c01/overview
Verdict:
Malicious
Labled as:
CVE-2017-0147
Link:
https://www.hybrid-analysis.com/sample/4c0aad4c85da91d98dfd73d58f1d2cfb5bff74a8464115f8107751905f75ca03
Verdict:
Malicious
File Type:
dll x32
First seen:
2018-02-12T19:00:00Z UTC
Last seen:
2022-12-12T17:55:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/4c0aad4c85da91d98dfd73d58f1d2cfb5bff74a8464115f8107751905f75ca03/results?tab=lookup
Malware family:
Mimikatz
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/897ec176-e6f9-4263-a298-e18bfb279818
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/4c0aad4c85da91d98dfd73d58f1d2cfb5bff74a8464115f8107751905f75ca03
Verdict:
inconclusive
YARA:
5 match(es)
Tags:
Executable PE (Portable Executable) PE Memory-Mapped (Dump)
Link:
https://app.malva.re/file/abff406810ad2584ad14c68092983e9c
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4c0aad4c85da91d98dfd73d58f1d2cfb5bff74a8464115f8107751905f75ca03/
Threat name:
Win32.Ransomware.WannaCry
Create hunting rule
Status:
Malicious
First seen:
2018-02-04 16:35:07 UTC
File Type:
PE (Dll)
Extracted files:
3
AV detection:
33 of 36 (91.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jqfk2tef3ki5tdp5opky6hjm7nn765fiizarl6aqo5izax3vzibq._file
Verdict:
malicious
Label(s):
wannacryptor
Create hunting rule
Similar samples:
016b40a769d4d34da8cdf3bf08a166c3243b659c31c152d3c0899993a7aa8f07
WannaCry
0ca55fe01cf52696f424100ee6de4e8dd262ce1c83257d22bc3edc42c30fb944
WannaCry
0f1516a8c0600c59defcf96c87c27de6a81e732ecb2f64b5e48904c31ab2cbb2
WannaCry
3befcb73c9497db265428aa3dc0b0692fa5722344d4a772b25973e244b085266
WannaCry
499e277bcb0c1712223fe211751a00e56a9ab6580e96e27128877615aca811cb
WannaCry
540749acd2da3530292fed430ee05bd8752bd4f40499b987da31a24e67959352
WannaCry
8b51945ada866301cd583744f4363bbeac1b7ec84ee78c0135824a2dc57f7244
WannaCry
9782298315b127534cfb24720e76e4cc946f71a72126da11f9bcb738b94d6b49
WannaCry
b10225bfe75854f01b5f9aea098c2fde6f5fdc543f2a81aadafe389ae9a1dc94
WannaCry
error
WannaCry
f2cf2c68920d3812d76104aa8388cfa07934c53a39e8f48e098a282ddccbfbcf
WannaCry
+ 1'593 additional samples on MalwareBazaar
Result
Malware family:
wannacry
Create hunting rule
Score:
  10/10
Tags:
family:wannacry discovery ransomware worm
Link:
https://tria.ge/reports/260624-tcf1dsdv7j/
Behaviour
Modifies data under HKEY_USERS
Suspicious use of WriteProcessMemory
System Location Discovery: System Language Discovery
Drops file in Windows directory
Creates a large amount of network flows
Executes dropped EXE
Contacts a large (2187) amount of remote hosts
Family: Wannacry
Unpacked files
SH256 hash:
4c0aad4c85da91d98dfd73d58f1d2cfb5bff74a8464115f8107751905f75ca03
MD5 hash:
abff406810ad2584ad14c68092983e9c
SHA1 hash:
dabcf014369a7f5017192e2a538358889ee850f7
Detections:
WannaCry
Create hunting rule
Link:
https://www.unpac.me/results/158620fa-ab9d-438d-aef8-b92910e8e19f/
Malware family:
WannaCry
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/4c0aad4c85da/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4c0aad4c85da91d98dfd73d58f1d2cfb5bff74a8464115f8107751905f75ca03

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Armadillov1xxv2xx
Create hunting rule
Author:malware-lu
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:malware_shellcode_hash
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:detect shellcode api hash value
Rule name:SUSP_Imphash_Mar23_2
Create hunting rule
Author:Arnim Rupp (https://github.com/ruppde)
Description:Detects imphash often found in malware samples (Zero hits with with search for 'imphash:x p:0' on Virustotal)
Reference:Internal Research
Rule name:WannaCry_Ransomware
Create hunting rule
Author:Florian Roth (Nextron Systems) (with the help of binar.ly)
Description:Detects WannaCry Ransomware
Reference:https://goo.gl/HG2j5T

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/71864/

Comments