MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4fe2a41cf563fcf8f78c03e9c23cd3adb4d04e628aabc781b6bcaced0dbb9556. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

WannaCry

Vendor detections: 13

Intelligence 13 IOCs YARA 4 File information Comments

SHA256 hash:	4fe2a41cf563fcf8f78c03e9c23cd3adb4d04e628aabc781b6bcaced0dbb9556
SHA3-384 hash:	cc6791cb6fe0205aed639946cd000c46acea039cdf49c392d938e469edb362676744768c06449e122190f3f72ae94803
SHA1 hash:	3576a836e21959dbaeee1f61600420cb3d57e3b4
MD5 hash:	445c961def899fe67eebb4fb5695ea6e
humanhash:	may-bakerloo-dakota-emma
File name:	4fe2a41cf563fcf8f78c03e9c23cd3adb4d04e628aabc781b6bcaced0dbb9556
Download:	download sample
Signature	WannaCry Create hunting rule
File size:	5'298'176 bytes
First seen:	2026-06-08 09:15:20 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	0cdadfa1098d845dd3b4cf92625b5f04 (70 x WannaCry)
ssdeep	98304:DXDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8y:DXDqPe1Cxcxk3ZAEUadzR8y
Threatray	1'155 similar samples on MalwareBazaar
TLSH	T1DC363398726CD1BCE10609B484738D26E7737C6657BF5B0F8750866B0E13BABBB90712
TrID	39.7% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 21.0% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 8.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 8.3% (.EXE) Win64 Executable (generic) (6522/11/2) 6.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
Magika	pebin
Reporter	pawscobbler
Tags:	dionaea exe WannaCry

pawscobbler

Captured by Dionaea honeypot automation

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

No detections

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/69693/

Verdict:

Malicious

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6a2688733e9eff6a6b68b77a

Tags:

ransomware shellcode wannacry virus

Result

Verdict:

Malware

Maliciousness:

Behaviour

Launching a service

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-debug cmd crypto lolbin microsoft_visual_cc overlay packed ransomware reconnaissance smb wannacry wannacry

Link:

https://www.filescan.io/uploads/6a26884c1f652d68656db148/reports/d3c84528-9d8f-4941-970d-7652b0f637ae/overview

Verdict:

Malicious

Labled as:

CVE-2017-0147

Link:

https://www.hybrid-analysis.com/sample/4fe2a41cf563fcf8f78c03e9c23cd3adb4d04e628aabc781b6bcaced0dbb9556

Malware family:

Mimikatz

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/a74d892f-f142-41ab-b599-5d62f73a1cb4

Score:

74%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/4fe2a41cf563fcf8f78c03e9c23cd3adb4d04e628aabc781b6bcaced0dbb9556

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/4fe2a41cf563fcf8f78c03e9c23cd3adb4d04e628aabc781b6bcaced0dbb9556/

Verdict:

Malicious

Threat:

Family.WANNACRY

Link:

https://tip.neiki.dev/file/4fe2a41cf563fcf8f78c03e9c23cd3adb4d04e628aabc781b6bcaced0dbb9556

Threat name:

Win64.Ransomware.WannaCry

Status:

Malicious

First seen:

2026-06-08 12:37:29 UTC

AV detection:

31 of 38 (81.58%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=j7rkihhvmp6pr54mapu4epgtvw2nattcrkv4panwxswo2dn3svla._file

Verdict:

malicious

Label(s):

wannacryptor

WannaCry

85b9eb097c475325269c7146cc3052734ec2cdf4a79b7feb67b184ab725923fc

WannaCry

9487edf9b75f4c15e3ba6ccbae23588ee3dc9c4983417f1b469278af17fc3847

WannaCry

9e0e61dfd8783dce6bde57af2ad4c892f481149426b229ecfe20242ae6b88974

WannaCry

error

WannaCry

+ 1'145 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/260608-k8dqgaa19m/

Unpacked files

SH256 hash:

4fe2a41cf563fcf8f78c03e9c23cd3adb4d04e628aabc781b6bcaced0dbb9556

MD5 hash:

445c961def899fe67eebb4fb5695ea6e

SHA1 hash:

3576a836e21959dbaeee1f61600420cb3d57e3b4

Detections:

WannaCry

Link:

https://www.unpac.me/results/060cf759-dceb-4231-aa45-a6b86d3e0fba/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/4fe2a41cf563fcf8f78c03e9c23cd3adb4d04e628aabc781b6bcaced0dbb9556

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset

Rule name:	malware_shellcode_hash Create hunting rule
Author:	JPCERT/CC Incident Response Group
Description:	detect shellcode api hash value

Rule name:	WannaCry_Ransomware Create hunting rule
Author:	Florian Roth (Nextron Systems) (with the help of binar.ly)
Description:	Detects WannaCry Ransomware
Reference:	https://goo.gl/HG2j5T

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/69693/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample