MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 773186144282a63cc3502ad10a3d8fd781a6c83eaabf06de4369b4ef96d93178. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 773186144282a63cc3502ad10a3d8fd781a6c83eaabf06de4369b4ef96d93178
SHA3-384 hash: f320ebee316b453c98d8b46192440b936a11e80ae6d03d810b016adfa6086d403b4b9552e92e2d461952f6b857cd8d43
SHA1 hash: 69a8ba560ef1aad2b1bc7614c1de8ed22e19deb6
MD5 hash: 0805cb0e64e34711530c95e58e38c11f
humanhash: missouri-april-burger-lemon
File name:iec56w4ibovnb4wc.onion_Library__Ransomeware__WannaCry2.exe.malw
Download: download sample
File size:5'267'459 bytes
First seen:2020-03-18 22:43:22 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 2e5708ae5fed0403e8117c645fb23e5b (874 x WannaCry, 4 x Worm.Virut)
ssdeep 98304:1DqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2H:1DqPe1Cxcxk3ZAEUadzR8yc4H
Threatray 44 similar samples on MalwareBazaar
TLSH 76363394622CB1FCF0450EB44463896AB7B33C6967FA5F1F9BC0866A0D43B5BAFD0641
Reporter ov3rflow1
Tags:malw

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Ransomware.WannaCry-6313787-0
Create hunting rule

Win.Malware.Djwy-6775897-0
Create hunting rule

Win.Ransomware.Wanna-6888027-0
Create hunting rule

Win.Ransomware.Wanna-6888334-0
Create hunting rule

Win.Malware.Djwy-6923377-0
Create hunting rule

Win.Worm.Autorunvb-7053731-0
Create hunting rule

Win.Exploit.Doublepulsar-7427328-0
Create hunting rule

Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/117790
Behaviour
Behavior Graph:
n/a
Gathering data
Threat name:
Win32.Trojan.CVE-2017-0147
Create hunting rule
Status:
Malicious
First seen:
2017-12-01 00:37:00 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
38 of 42 (90.48%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
04f468bec220fa9dfd4897adf86f28f8ceb04a72806c473cd22e366f716389a3
07c44729e2c570b37db695323249474831f5861d45318bf49ccf5d2f5c8ea1cd
399712e038d1abc2f9df1c4786f75f3778549068262a8e149837338b25779e82
3d8567fb3b55c792b8ba70e2172726ae80805f1a1c858db29e13a5cd02d8634a
77867995d1e8388230c9f71fee5e835b346bfcfef3fde418c6a773eea11b4afd
7c9eba57cb8262a908dc10929cf38b8e4e0af9f5a3f69bdf226b151761580e91
e10c07621cbf12d95bfcb870835c10bbda376fd9e17e49f5caca6b3a3d239bdb
e9e099041f67a2d9aa3088393503bb566166e65fdf97447e48fe26b5447e6f61
f4221efa93b3ce5d8c92ba911661c246111653dd178bc239349cdfde8b39f7f0
fde7c52c166cd76fea454bbb539e7eba9ce704f5b442534bf5c4163213215426
+ 34 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Ransomware
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/773186144282a63cc3502ad10a3d8fd781a6c83eaabf06de4369b4ef96d93178

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CreateProcessA
KERNEL32.dll::CloseHandle
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CreateFileA

Comments