MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d333cdb64c64ce3b9dd355dbaf16754708ec61bea2212da43ef171e7893e2d7c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


WannaCry


Vendor detections: 15


Intelligence 15 IOCs YARA 6 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d333cdb64c64ce3b9dd355dbaf16754708ec61bea2212da43ef171e7893e2d7c
SHA3-384 hash: 20eadd5ac04dbbbf8ceb4b73abc5b653b20138557155ee4a355bcaf389e33934bde842b616d908f047d5050328c90059
SHA1 hash: c8c8a457d65ac56180fc1349cc1bea7942d196f2
MD5 hash: 02695567732500a352fb607285d5e4e3
humanhash: fish-football-delaware-salami
File name:d333cdb64c64ce3b9dd355dbaf16754708ec61bea2212da43ef171e7893e2d7c
Download: download sample
Signature WannaCry
Create hunting rule
File size:5'267'459 bytes
First seen:2026-01-04 07:24:48 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 2e5708ae5fed0403e8117c645fb23e5b (1'108 x WannaCry, 7 x Worm.Virut, 2 x Expiro)
ssdeep 24576:zbLgddQhfdmMSirYbcMNgef0QeQjGA9XEk:znAQqMSPbcBVQejk
Threatray 1'108 similar samples on MalwareBazaar
TLSH T110362359366C90FCC15A627874A34A66A7B33C9A31BD970F9F8487620C13750BFB8B47
TrID 37.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
20.0% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
12.7% (.EXE) Win64 Executable (generic) (10522/11/4)
7.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
6.1% (.EXE) Win16 NE executable (generic) (5038/12/1)
Magika pebin
Reporter Butter1
Tags:dll eternalblue honeypot SMB WannaCry

Intelligence

File Origin
# of uploads :
1
# of downloads :
103
Origin country :
AU AU
Vendor Threat Intelligence
No detections
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/47445/
Detection(s):
Win.Ransomware.Wanna-9769986-0
Create hunting rule

Win.Ransomware.Wannacryptor-9940180-0
Create hunting rule

Win.Ransomware.Wanacryptor-9942127-1
Create hunting rule

Win.Ransomware.WannaCry-10011460-0
Create hunting rule

Win.Ransomware.WannaCry-6313787-0
Create hunting rule

Win.Malware.Djwy-6775897-0
Create hunting rule

Win.Ransomware.Wanna-6888027-0
Create hunting rule

Win.Ransomware.Wanna-6888334-0
Create hunting rule

Win.Malware.Djwy-6923377-0
Create hunting rule

BC.Win.Exploit.Exe_With_CVE_2017_0147-6316126-2
Create hunting rule

Win.Exploit.Doublepulsar-7427328-0
Create hunting rule

SecuriteInfo.com.Trojan.DownLoader46.24199.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
97.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=695a15ead2357cccc3df3ae1
Tags:
wannacry madi
Result
Verdict:
Malware
Maliciousness:
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
cmd crypto lolbin microsoft_visual_cc overlay overlay ransomware smb wannacry wannacry
Link:
https://www.filescan.io/uploads/695a15e58d1aa9829e29f6df/reports/7ec5c218-a02e-414d-b0c6-0a40774f2374/overview
Verdict:
Malicious
Labled as:
CVE-2017-0147
Link:
https://www.hybrid-analysis.com/sample/d333cdb64c64ce3b9dd355dbaf16754708ec61bea2212da43ef171e7893e2d7c
Verdict:
Malicious
File Type:
dll x32
First seen:
2018-07-17T01:44:00Z UTC
Last seen:
2026-01-04T08:31:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/d333cdb64c64ce3b9dd355dbaf16754708ec61bea2212da43ef171e7893e2d7c/results?tab=lookup
Malware family:
Mimikatz
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/4404e391-1cec-4591-a0a5-087926afb74a
Score:
99%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/d333cdb64c64ce3b9dd355dbaf16754708ec61bea2212da43ef171e7893e2d7c
Verdict:
inconclusive
YARA:
5 match(es)
Tags:
Executable PE (Portable Executable) PE Memory-Mapped (Dump)
Link:
https://app.malva.re/file/02695567732500a352fb607285d5e4e3
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d333cdb64c64ce3b9dd355dbaf16754708ec61bea2212da43ef171e7893e2d7c/
Verdict:
Malicious
Threat:
Family.WANNACRY
Link:
https://tip.neiki.dev/file/d333cdb64c64ce3b9dd355dbaf16754708ec61bea2212da43ef171e7893e2d7c
Threat name:
Win32.Ransomware.WannaCry
Create hunting rule
Status:
Malicious
First seen:
2018-10-22 03:35:50 UTC
File Type:
PE (Dll)
Extracted files:
4
AV detection:
34 of 36 (94.44%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2mz43nsmmthdxhotkxn26ftvi4eoyyn6uiqs3jb66fy6pcj6fv6a._file
Verdict:
malicious
Label(s):
wannacryptor
Create hunting rule
Similar samples:
016b40a769d4d34da8cdf3bf08a166c3243b659c31c152d3c0899993a7aa8f07
WannaCry
0ca55fe01cf52696f424100ee6de4e8dd262ce1c83257d22bc3edc42c30fb944
WannaCry
6247b0dfc220bc6d0a78f7dd02159ffb9ea4bfaddba26a4891cfc89044d74b2c
WannaCry
7ab0e9ddbab262e9d049de139e13f3ef8caefc72336dc2ff6575bb49044385f5
WannaCry
8b51945ada866301cd583744f4363bbeac1b7ec84ee78c0135824a2dc57f7244
WannaCry
aee6ea06bd64f629b2f5726c4060ee6ebe4137f6561fa8ceb4f16f08e326e4cd
WannaCry
c49b0554d235d4bead3f4d25d9ab9a38a9113d85f9f06891d15365e8270010f4
WannaCry
c9db9ce17eb23dd902c86fdf9190599718bb01572983cdb14e10f9c4d71a3977
WannaCry
d6c5d9c75c40e9f7c6bf19c254cfcb5914e2f00b75a4590f3c775c29ca991e18
WannaCry
error
WannaCry
f2cf2c68920d3812d76104aa8388cfa07934c53a39e8f48e098a282ddccbfbcf
WannaCry
+ 1'098 additional samples on MalwareBazaar
Result
Malware family:
wannacry
Create hunting rule
Score:
  10/10
Tags:
family:wannacry discovery ransomware worm
Link:
https://tria.ge/reports/260106-kmtvkaymcs/
Behaviour
Modifies data under HKEY_USERS
Suspicious use of WriteProcessMemory
System Location Discovery: System Language Discovery
Drops file in Windows directory
Creates a large amount of network flows
Executes dropped EXE
Contacts a large (3281) amount of remote hosts
Wannacry
Wannacry family
Unpacked files
SH256 hash:
d333cdb64c64ce3b9dd355dbaf16754708ec61bea2212da43ef171e7893e2d7c
MD5 hash:
02695567732500a352fb607285d5e4e3
SHA1 hash:
c8c8a457d65ac56180fc1349cc1bea7942d196f2
Detections:
WannaCry
Create hunting rule
Link:
https://www.unpac.me/results/6d6685e5-a38e-4eaa-9030-fdf42584c84d/
Malware family:
WannaCry
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/d333cdb64c64/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Armadillov1xxv2xx
Create hunting rule
Author:malware-lu
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:malware_shellcode_hash
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:detect shellcode api hash value
Rule name:SUSP_Imphash_Mar23_2
Create hunting rule
Author:Arnim Rupp (https://github.com/ruppde)
Description:Detects imphash often found in malware samples (Zero hits with with search for 'imphash:x p:0' on Virustotal)
Reference:Internal Research
Rule name:WannaCry_Ransomware
Create hunting rule
Author:Florian Roth (Nextron Systems) (with the help of binar.ly)
Description:Detects WannaCry Ransomware
Reference:https://goo.gl/HG2j5T

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/47445/

Comments