MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 980373db2260f6c8e54ab0bda5aedd4df2ee7ddd92f5e4c3dc899b925a4b4db0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

WannaCry

Vendor detections: 14

Intelligence 14 IOCs YARA 4 File information Comments

SHA256 hash:	980373db2260f6c8e54ab0bda5aedd4df2ee7ddd92f5e4c3dc899b925a4b4db0
SHA3-384 hash:	feac0043689a2ad4862104c24d074498adc569a83e29377f4257e040368f43edba911161c463a7ee888d75a991e7bfb4
SHA1 hash:	55eebf365f0ab5188243f18289b9c8c2ce7ee2d4
MD5 hash:	0433f205b2f4cd3880478bcc259564a9
humanhash:	freddie-echo-yankee-pizza
File name:	980373db2260f6c8e54ab0bda5aedd4df2ee7ddd92f5e4c3dc899b925a4b4db0
Download:	download sample
Signature	WannaCry Create hunting rule
File size:	5'298'176 bytes
First seen:	2026-06-08 06:15:28 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	0cdadfa1098d845dd3b4cf92625b5f04 (75 x WannaCry)
ssdeep	98304:DXDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2H:DXDqPe1Cxcxk3ZAEUadzR8yc4H
Threatray	1'155 similar samples on MalwareBazaar
TLSH	T1F1363358226991BCF0410EB484B38D56B7B73C5777BB5B1FCB80426A0D53B8BABD0B61
TrID	39.7% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 21.0% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 8.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 8.3% (.EXE) Win64 Executable (generic) (6522/11/2) 6.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
Magika	pebin
Reporter	pawscobbler
Tags:	dionaea exe WannaCry

pawscobbler

Captured by Dionaea honeypot automation

Intelligence

File Origin

# of uploads :

# of downloads :

149

Origin country :

Vendor Threat Intelligence

No detections

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/69484/

Verdict:

Malicious

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6a265e3dae2f98c00a68b42e

Tags:

ransomware shellcode wannacry virus

Result

Verdict:

Malware

Maliciousness:

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-debug cmd crypto CVE-2017-0147 exploit lolbin microsoft_visual_cc overlay packed ransomware ransomware reconnaissance smb wannacry

Link:

https://www.filescan.io/uploads/6a265e0446e44aecc0d48029/reports/cd75dcaf-e974-4946-a33b-8c11c6fa6a35/overview

Verdict:

Malicious

Labled as:

CVE-2017-0147

Link:

https://www.hybrid-analysis.com/sample/980373db2260f6c8e54ab0bda5aedd4df2ee7ddd92f5e4c3dc899b925a4b4db0

Verdict:

Malicious

File Type:

dll x64

First seen:

2018-09-06T12:14:00Z UTC

Last seen:

2026-06-08T17:30:00Z UTC

Hits:

~10000

Detections:

Trojan-Ransom.Win32.Wanna.zbu Trojan-Ransom.Win32.Wanna.sb HEUR:Exploit.Win32.MS17-010.gen Exploit.Win32.MS17-010.cb Trojan.Win32.EquationDrug.sb HEUR:Worm.Win32.Generic HEUR:Trojan-Ransom.Win32.Wanna.gen Exploit.Win32.MS17-010.bf Trojan.Win32.Eb.b Trojan-Ransom.Win32.Wanna.ak HEUR:Trojan.Win32.Generic Trojan.Win32.Eb.a Trojan-Ransom.Win32.Wanna.m HEUR:Trojan.Win32.EquationDrug.gen Trojan.Win32.Eb.s

Link:

https://opentip.kaspersky.com/980373db2260f6c8e54ab0bda5aedd4df2ee7ddd92f5e4c3dc899b925a4b4db0/results?tab=lookup

Malware family:

WannaCry

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/55ba65f6-5a48-400a-b0d7-4d0767824f74

Score:

73%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/980373db2260f6c8e54ab0bda5aedd4df2ee7ddd92f5e4c3dc899b925a4b4db0

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/980373db2260f6c8e54ab0bda5aedd4df2ee7ddd92f5e4c3dc899b925a4b4db0/

Verdict:

Malicious

Threat:

Family.WANNACRY

Link:

https://tip.neiki.dev/file/980373db2260f6c8e54ab0bda5aedd4df2ee7ddd92f5e4c3dc899b925a4b4db0

Threat name:

Win64.Ransomware.WannaCry

Status:

Malicious

First seen:

2026-01-11 18:31:23 UTC

AV detection:

21 of 24 (87.50%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=tabxhwzcmd3mrzkkwc62llw5jxzo47o5sl26jq64rgnzewsljwya._file

Verdict:

malicious

Label(s):

wannacryptor

WannaCry

85b9eb097c475325269c7146cc3052734ec2cdf4a79b7feb67b184ab725923fc

WannaCry

9487edf9b75f4c15e3ba6ccbae23588ee3dc9c4983417f1b469278af17fc3847

WannaCry

9e0e61dfd8783dce6bde57af2ad4c892f481149426b229ecfe20242ae6b88974

WannaCry

error

WannaCry

+ 1'145 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/260608-gz8ygahx6t/

Unpacked files

SH256 hash:

980373db2260f6c8e54ab0bda5aedd4df2ee7ddd92f5e4c3dc899b925a4b4db0

MD5 hash:

0433f205b2f4cd3880478bcc259564a9

SHA1 hash:

55eebf365f0ab5188243f18289b9c8c2ce7ee2d4

Detections:

WannaCry

Link:

https://www.unpac.me/results/1d2c43aa-3ebd-43e8-a344-200254808339/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/980373db2260f6c8e54ab0bda5aedd4df2ee7ddd92f5e4c3dc899b925a4b4db0

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset

Rule name:	malware_shellcode_hash Create hunting rule
Author:	JPCERT/CC Incident Response Group
Description:	detect shellcode api hash value

Rule name:	WannaCry_Ransomware Create hunting rule
Author:	Florian Roth (Nextron Systems) (with the help of binar.ly)
Description:	Detects WannaCry Ransomware
Reference:	https://goo.gl/HG2j5T

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/69484/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample