MIFR-10124171
Malware Characterization
//node() | //@*
This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is marked TLP:WHITE. Disclosure is not limited. Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
US-CERT
2017-05-14T22:11:48.442946+00:00
bmachine
F694.F694.F694
6.4.17
5bef35496fcbdbe841c82f4d1ab8b7c2
3723264
PE32 executable (GUI) Intel 80386, for MS Windows
MD5
5bef35496fcbdbe841c82f4d1ab8b7c2
SHA1
50049556b3406e07347411767d6d01a704b6fee6
SHA256
4186675cb6706f9d51167fb0f14cd3f8fcfb0065093f62b10a15f7d9a6c8d982
SHA512
874424429d6aaac293717ad6d5deadb4227cc5e3c6376bdd362b2f1bee3d28a819c5e9aae991179c6702a0c4fbb7ec5c4a64297b8e9587c3b6cbae0bd0d98225
SSDEEP
98304:wDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3R:wDqPu1Cxcxk3ZAEUadzR8yc4gB
Microsoft Visual C++ v6.0
7.9642512073
5
2010-11-20T09:03:08Z
4096
MD5
2ed157e77d0d2252c36eedfb2e2d3784
0.726699793774
.text
36864
6.13459082812
MD5
c7613102e2ecec5dcefc144f83189153
.rdata
4096
3.50361558618
MD5
d8037d744b539326c06e897625751cc9
.data
159744
6.10031814517
MD5
22a8598dc29cad7078c291e94612ce26
.rsrc
3518464
7.99522172756
MD5
aa250ba035b78129d983f27904848732
Connected_To
Dropped
iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
Related_To
Related_To
Related_To
Characterized_By
Connected_From
"
--End registry key--
The file "tasksche.exe" contains a password protected zip archive in its resource section named "XIA". During runtime, the malware extracts the archive contents using the password "WNcry@2ol7" and installs the files on the victim's hard drive. Displayed below are the files in the archive and their functionality:
-- Begin archive file list --
msg folder: == Contains multiple user manuals on different languages in RTF file format
b.wnry == Ransom message image file used to replace user’s wallpaper
c.wnry == It contains the C2 servers hidden in the network TOR:
r.wnry == It explains what has happened and how to pay the ransom
t.wnry == It has AES encrypted plug-in which is responsible for encrypting the victim users files.
s.wnry == TOR library that is imported by u.wnry
u.wnry == Interactive TOR client that will enable a victim user to submit payment to the hackers via a secure TOR session.
taskdl.exe == supportive file used to search for the string "\$RECYCLE\*.WNCRYT"
taskse.exe == supportive file for Remote Desktop Services
--End archive files--]]>
tasksche.exe
3514368
PE32 executable (GUI) Intel 80386, for MS Windows
MD5
86721e64ffbd69aa6944b9672bcabb6d
SHA1
8897c658c0373be54eeac23bbd4264687a141ae1
SHA256
c365ddaa345cfcaff3d629505572a484cff5221933d68e4a52130b8bb7badaf9
SHA512
f1183abc511211b104adc1cb2586c4996ef2277621745b4e4e233f56534514b507ff26aa5be9776f91197a5c3ab4ba855a04e934bd56d39e779cbbbd40c9fe84
SSDEEP
98304:QqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3x:QqPu1Cxcxk3ZAEUadzR8yc4gB
Microsoft Visual C++ v6.0
7.99546693739
5
2010-11-20T09:05:05Z
4096
MD5
d95b2ee2a80c00ca7d29c40b18c99393
0.708880451742
.text
28672
6.4042351061
MD5
920e964050a1a5dd60dd00083fd541a2
.rdata
24576
6.66357096841
MD5
2c42611802d585e6eed68595876d1a15
.data
8192
4.45574950787
MD5
83506e37bd8b50cacabd480f8eb3849b
.rsrc
3448832
7.99986707519
MD5
7e152ea77186bbe06de1f254ecd4e02e
Related_To
Related_To
Related_To
Related_To
Related_To
Related_To
Related_To
Related_To
Related_To
Related_To
Related_To
Related_To
Related_To
Related_To
Related_To
Related_To
Related_To
Related_To
Related_To
Related_To
Related_To
Related_To
Related_To
Related_To
Related_To
Related_To
Related_To
Related_To
Related_To
Related_To
Related_To
Related_To
Related_To
Related_To
Related_To
Related_To
Related_To
Dropped_By
4da1f312a214c07143abeeafb695d904
4497408
PE32 executable (GUI) Intel 80386, for MS Windows
MD5
4da1f312a214c07143abeeafb695d904
SHA1
b629f072c9241fd2451f1cbca2290197e72a8f5e
SHA256
aee20f9188a5c3954623583c6b0e6623ec90d5cd3fdec4e1001646e27664002c
SHA512
0b3281132890039638bed1bd815261b6f6d6bc8bf63467d6a1cdd41f4de89e1d10b241a273378e5f5a1401ea10c0b2974f44a585c92ba15639d80c0501b258c9
SSDEEP
98304:zcI8HbSxeeqe5hXlpIyS+PiwTNl/iZ102q7O3cOtgP5HYPNtNO8/I04miT4RTMpK:zD28tqeDNPLTmZR4Ou5H8NbOR04g5MpK
Microsoft Visual C++ v6.0
7.99683684716
5
2017-04-08T21:36:48Z
4096
MD5
c4af8d472d9b961126c879510fc137a1
0.710572941802
.text
28672
6.11147819166
MD5
d09045cdfcf8ee598beaf3391623aec5
.rdata
24576
6.54607243406
MD5
9ec77c0e054f493084d66f0939e94d7e
.data
8192
4.0949667335
MD5
297a4b644479ae0224207d6a96b81c49
.rsrc
4431872
7.9999601862
MD5
f4b80cdf5638bcabc3292ee19e7e528f
Related_To
Related_To
Related_To
Related_To
Related_To
Related_To
Related_To
b.wnry
1440054
PC bitmap, Windows 3.x format, 800 x 600 x 24
MD5
c17170262312f3be7027bc2ca825bf0c
SHA1
f19eceda82973239a1fdc5826bce7691e5dcb4fb
SHA256
d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa
SHA512
c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c
SSDEEP
384:zYzuP4tiuOub2WuzvqOFgjexqO5XgYWTIWv/+:sbL+
0.336339312356
Related_To
Related_To
Related_To
Ooops.PNG
Related_To
res11.PNG
Related_To
res22.PNG
Related_To
c.wnry
780
data
MD5
ae08f79a0d800b82fcbe1b43cdbdbefc
SHA1
f6b08523b1a836e2112875398ffefffde98ad3ca
SHA256
055c7760512c98c8d51e4427227fe2a7ea3b34ee63178fe78631fa8aa6d15622
SHA512
df999e20886cb0bde678eaea375ae4f730580798fe545b05c3f909d75acf3db3e9199191bfd2ad9a295f388082a892371a80c28fd96722aa68a52adb66960d31
SSDEEP
6:cL+qaHqHgVcKKfF9mHRMMPRGS37LlN/sUQqGUSGeTsdEC:cjaRVcKKfm2MYS3sUQqGLGeTEV
1.9906166083
Related_To
Related_To
Contains
Contains
Contains
Contains
Contains
gx7ekbenv2riucmf.onion
Contained_Within
57g7spgrzlojinas.onion
Contained_Within
xxlvbrloxvriy2c5.onion
Contained_Within
76jdd2ir2embyv47.onion
Contained_Within
cwwnhwhlz52maqm7.onion
Contained_Within
t.wnry
65816
data
MD5
5dcaac857e695a65f5c3ef1441a73a8f
SHA1
7b10aaeee05e7a1efb43d9f837e9356ad55c07dd
SHA256
97ebce49b14c46bebc9ec2448d00e1e397123b256e2be9eba5140688e7bc0ae6
SHA512
06eb5e49d19b71a99770d1b11a5bb64a54bf3352f36e39a153469e54205075c203b08128dc2317259db206ab5323bdd93aaa252a066f57fb5c52ff28deedb5e2
SSDEEP
1536:am+vLII5ygV8/tuH+P9zxqDKvARpmKiRMkTERU:a9LAg4tXPTEKvADmFgRU
7.99727613788
Related_To
Related_To
m_bulgarian.wnry
47879
Rich Text Format data, version 1, unknown character set
MD5
95673b0f968c0f55b32204361940d184
SHA1
81e427d15a1a826b93e91c3d2fa65221c8ca9cff
SHA256
40b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd
SHA512
7601f1883edbb4150a9dc17084012323b3bfa66f6d19d3d0355cf82b6a1c9dce475d758da18b6d17a8b321bf6fca20915224dbaedcb3f4d16abfaf7a5fc21b92
SSDEEP
768:Shef3jHdCG28Eb1tyci8crbEw6/5+3xFkbP0vyzbZrS14e:SheU5De
4.95061166753
Related_To
m_chinese (simplified).wnry
54359
Rich Text Format data, version 1, unknown character set
MD5
0252d45ca21c8e43c9742285c48e91ad
SHA1
5c14551d2736eef3a1c1970cc492206e531703c1
SHA256
845d0e178aeebd6c7e2a2e9697b2bf6cf02028c50c288b3ba88fe2918ea2834a
SHA512
1bfcf6c0e7c977d777f12bd20ac347630999c4d99bd706b40de7ff8f2f52e02560d68093142cc93722095657807a1480ce3fb6a2e000c488550548c497998755
SSDEEP
768:SWjkSFwwlUdcUG2HAmDTzpXtgmDNQ8qD7DHDqMtgDdLDMaDoKMGzD0DWJQ8/QoZ4:SWcwiqDB
5.01509344454
Related_To
m_chinese (traditional).wnry
79346
Rich Text Format data, version 1, unknown character set
MD5
2efc3690d67cd073a9406a25005f7cea
SHA1
52c07f98870eabace6ec370b7eb562751e8067e9
SHA256
5c7f6ad1ec4bc2c8e2c9c126633215daba7de731ac8b12be10ca157417c97f3a
SHA512
0766c58e64d9cda5328e00b86f8482316e944aa2c26523a3c37289e22c34be4b70937033bebdb217f675e40db9fecdce0a0d516f9065a170e28286c2d218487c
SSDEEP
768:SDwtkzjHdLG2xN1fyvnywUKB5lylYlzlJpsbuEWeM/yDRu9uCuwyInIwDOHEhm/v:SDnz5Rt4D4
4.90189108744
Related_To
m_croatian.wnry
39070
Rich Text Format data, version 1, unknown character set
MD5
17194003fa70ce477326ce2f6deeb270
SHA1
e325988f68d327743926ea317abb9882f347fa73
SHA256
3f33734b2d34cce83936ce99c3494cd845f1d2c02d7f6da31d42dfc1ca15a171
SHA512
dcf4ccf0b352a8b271827b3b8e181f7d6502ca0f8c9dda3dc6e53441bb4ae6e77b49c9c947cc3ede0bf323f09140a0c068a907f3c23ea2a8495d1ad96820051c
SSDEEP
384:SheftipUENLFsPzy3EFHjHdb2YG2+d18Scgn8c8/868H1F8E8/8Z3m8VdAm86a8n:Shef3jHd3G2n+p/mZrS14A
5.03796878473
Related_To
m_czech.wnry
40512
Rich Text Format data, version 1, unknown character set
MD5
537efeecdfa94cc421e58fd82a58ba9e
SHA1
3609456e16bc16ba447979f3aa69221290ec17d0
SHA256
5afa4753afa048c6d6c39327ce674f27f5f6e5d3f2a060b7a8aed61725481150
SHA512
e007786ffa09ccd5a24e5c6504c8de444929a2faaafad3712367c05615b7e1b0fbf7fbfff7028ed3f832ce226957390d8bf54308870e9ed597948a838da1137b
SSDEEP
384:SheftipUENLFsPzy3EFHjHdg2yG2gv8n8+8zfB8k8F8i8k1Z8M8I818E838C8A8s:Shef3jHd2G26nyMZrS14g
5.03594913469
Related_To
m_danish.wnry
37045
Rich Text Format data, version 1, unknown character set
MD5
2c5a3b81d5c4715b7bea01033367fcb5
SHA1
b548b45da8463e17199daafd34c23591f94e82cd
SHA256
a75bb44284b9db8d702692f84909a7e23f21141866adf3db888042e9109a1cb6
SHA512
490c5a892fac801b853c348477b1140755d4c53ca05726ac19d3649af4285c93523393a3667e209c71c80ac06ffd809f62dd69ae65012dcb00445d032f1277b3
SSDEEP
384:SheftipUENLFsPzy3EFHjHd02wG2roqni2Jeo75Y3kmA31dv61QyU:Shef3jHd4G2M5bZrS14Q
5.02868302371
Related_To
m_dutch.wnry
36987
Rich Text Format data, version 1, unknown character set
MD5
7a8d499407c6a647c03c4471a67eaad7
SHA1
d573b6ac8e7e04a05cbbd6b7f6a9842f371d343b
SHA256
2c95bef914da6c50d7bdedec601e589fbb4fda24c4863a7260f4f72bd025799c
SHA512
608ef3ff0a517fe1e70ff41aeb277821565c5a9bee5103aa5e45c68d4763fce507c2a34d810f4cd242d163181f8341d9a69e93fe32aded6fbc7f544c55743f12
SSDEEP
384:Sw3BHSj2cLeT+sPzy3EFHjHdp2oG2/CzhReo75Y3kmA31dv61Qyz:Sw3BHSWjHdBG2/UhsZrS14f
5.03616020597
Related_To
.
But if you want to decrypt all your files, you need to pay.You only have 3 days to submit the payment.
After that the price will be doubled. Also, if you don't pay in 7 days, you won't be able to
recover your files forever.We will have free events for users who are so poor that they couldn't pay in 6 months.
How Do I Pay?
Payment is accepted in Bitcoin only. For more information, click .Please check
the current price of Bitcoin and buy some bitcoins. For more information, click .
And send the correct amount to the address specified in this window. After your payment,
click . Best time to check: 9:00am - 11:00am GMT from Monday to Friday. Once the payment
is checked, you can start decrypting your files immediately.
Contact
If you need our assistance, send a message by clicking .We strongly recommend you to not
remove this software, and disable your anti-virus for a while, until you pay and the payment gets processed.
If your anti-virus gets updated and removes this software automatically, it will not be able to recover
your files even if you pay!]]>
m_english.wnry
36973
Rich Text Format data, version 1, unknown character set
MD5
fe68c2dc0d2419b38f44d83f2fcf232e
SHA1
6c6e49949957215aa2f3dfb72207d249adf36283
SHA256
26fd072fda6e12f8c2d3292086ef0390785efa2c556e2a88bd4673102af703e5
SHA512
941fa0a1f6a5756ed54260994db6158a7ebeb9e18b5c8ca2f6530c579bc4455918df0b38c609f501ca466b3cc067b40e4b861ad6513373b483b36338ae20a810
SSDEEP
384:S93BHSj2cguALeT+sPzy3EFHjHdM2EG2YLC7O3eo75Y3kmA31dv61QyW:S93BHSTjHd0G2YLCZrS14y
5.04061161642
Related_To
m_filipino.wnry
37580
Rich Text Format data, version 1, unknown character set
MD5
08b9e69b57e4c9b966664f8e1c27ab09
SHA1
2da1025bbbfb3cd308070765fc0893a48e5a85fa
SHA256
d8489f8c16318e524b45de8b35d7e2c3cd8ed4821c136f12f5ef3c9fc3321324
SHA512
966b5ed68be6b5ccd46e0de1fa868cfe5432d9bf82e1e2f6eb99b2aef3c92f88d96f4f4eec5e16381b9c6db80a68071e7124ca1474d664bdd77e1817ec600cb4
SSDEEP
384:Sw3BHSj2cLeT+sPzy3EFHjHdi2MG2AGsi6p07i/eo75Y3kmA31dv61QyR:Sw3BHSWjHdGG2Axa7iGZrS14N
5.04581932168
Related_To
m_finnish.wnry
38377
Rich Text Format data, version 1, unknown character set
MD5
35c2f97eea8819b1caebd23fee732d8f
SHA1
e354d1cc43d6a39d9732adea5d3b0f57284255d2
SHA256
1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e
SHA512
908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf
SSDEEP
384:SheftipUENLFsPzy3EFHjHdg2oG2l1glOmeo75Y3kmA31dv61QyB:Shef3jHdMG2l1AO3ZrS14l
5.03093847336
Related_To
m_french.wnry
38437
Rich Text Format data, version 1, unknown character set
MD5
4e57113a6bf6b88fdd32782a4a381274
SHA1
0fccbc91f0f94453d91670c6794f71348711061d
SHA256
9bd38110e6523547aed50617ddc77d0920d408faeed2b7a21ab163fda22177bc
SHA512
4f1918a12269c654d44e9d394bc209ef0bc32242be8833a2fba437b879125177e149f56f2fb0c302330dec328139b34982c04b3fefb045612b6cc9f83ec85aa9
SSDEEP
384:SheftipUENLFsPzy3EFHjHdtW2IG2sjqMeo75Y3kmA31dv61Qyg:Shef3jHd0G2smJZrS14M
5.03112667661
Related_To
m_german.wnry
37181
Rich Text Format data, version 1, unknown character set
MD5
3d59bbb5553fe03a89f817819540f469
SHA1
26781d4b06ff704800b463d0f1fca3afd923a9fe
SHA256
2adc900fafa9938d85ce53cb793271f37af40cf499bcc454f44975db533f0b61
SHA512
95719ae80589f71209bb3cb953276538040e7111b994d757b0a24283aefe27aadbbe9eef3f1f823ce4cabc1090946d4a2a558607ac6cac6faca5971529b34dac
SSDEEP
384:SheftipUENLFsPzy3EFHjHdN26G2VSA1Ieo75Y3kmA31dv61QyU:Shef3jHdfG2oe1ZrS14w
5.03973926795
Related_To
m_greek.wnry
49044
Rich Text Format data, version 1, unknown character set
MD5
fb4e8718fea95bb7479727fde80cb424
SHA1
1088c7653cba385fe994e9ae34a6595898f20aeb
SHA256
e13cc9b13aa5074dc45d50379eceb17ee39a0c2531ab617d93800fe236758ca9
SHA512
24db377af1569e4e2b2ebccec42564cea95a30f1ff43bcaf25a692f99567e027bcef4aacef008ec5f64ea2eef0c04be88d2b30bcadabb3919b5f45a6633940cb
SSDEEP
384:SheftipUENLFsPzy3EFHjHdc2oG2WWDFFG5BwKeo75Y3kmA31dv61QyM:Shef3jHdoG2NHG5BwLZrS14Q
4.91009563462
Related_To
m_indonesian.wnry
37196
Rich Text Format data, version 1, unknown character set
MD5
3788f91c694dfc48e12417ce93356b0f
SHA1
eb3b87f7f654b604daf3484da9e02ca6c4ea98b7
SHA256
23e5e738aad10fb8ef89aa0285269aff728070080158fd3e7792fe9ed47c51f4
SHA512
b7dd9e6dc7c2d023ff958caf132f0544c76fae3b2d8e49753257676cc541735807b4befdf483bcae94c2dcde3c878c783b4a89dca0fecbc78f5bbf7c356f35cd
SSDEEP
384:Sw3BHSj2cLeT+sPzy3EFHjHdY2oG2pq32eo75Y3kmA31dv61Qys:Sw3BHSWjHdUG2pq3nZrS14I
5.03926854193
Related_To
m_italian.wnry
36883
Rich Text Format data, version 1, unknown character set
MD5
30a200f78498990095b36f574b6e8690
SHA1
c4b1b3c087bd12b063e98bca464cd05f3f7b7882
SHA256
49f2c739e7d9745c0834dc817a71bf6676ccc24a4c28dcddf8844093aab3df07
SHA512
c0da2aae82c397f6943a0a7b838f60eeef8f57192c5f498f2ecf05db824cfeb6d6ca830bf3715da7ee400aa8362bd64dc835298f3f0085ae7a744e6e6c690511
SSDEEP
384:SheftipUENLFsPzy3EFHjHdR2AG2c/EnByeo75Y3kmA31dv61Qy9:Shef3jHdJG2cQZrS14R
5.02804819173
Related_To
m_japanese.wnry
81844
Rich Text Format data, version 1, unknown character set
MD5
b77e1221f7ecd0b5d696cb66cda1609e
SHA1
51eb7a254a33d05edf188ded653005dc82de8a46
SHA256
7e491e7b48d6e34f916624c1cda9f024e86fcbec56acda35e27fa99d530d017e
SHA512
f435fd67954787e6b87460db026759410fbd25b2f6ea758118749c113a50192446861a114358443a129be817020b50f21d27b1ebd3d22c7be62082e8b45223fc
SSDEEP
384:SXZ0j2cKKwd1lksPzy3EFHjHdI2MG275rQeo75Y3kmA31dv61Qyr:SXZ0qbjHd4G2RNZrS14P
4.8502578701
Related_To
m_korean.wnry
91501
Rich Text Format data, version 1, unknown character set
MD5
6735cb43fe44832b061eeb3f5956b099
SHA1
d636daf64d524f81367ea92fdafa3726c909bee1
SHA256
552aa0f82f37c9601114974228d4fc54f7434fe3ae7a276ef1ae98a0f608f1d0
SHA512
60272801909dbba21578b22c49f6b0ba8cd0070f116476ff35b3ac8347b987790e4cc0334724244c4b13415a246e77a577230029e4561ae6f04a598c3f536c7e
SSDEEP
768:Shef3jHdUG2NQcbxfSVZiG9jvi3//ZVrMQr7pEKCHSI2DsY78piTDtTa6BxzBwdY:SheiaDq
4.84183050451
Related_To
m_latvian.wnry
41169
Rich Text Format data, version 1, unknown character set
MD5
c33afb4ecc04ee1bcc6975bea49abe40
SHA1
fbea4f170507cde02b839527ef50b7ec74b4821f
SHA256
a0356696877f2d94d645ae2df6ce6b370bd5c0d6db3d36def44e714525de0536
SHA512
0d435f0836f61a5ff55b78c02fa47b191e5807a79d8a6e991f3115743df2141b3db42ba8bdad9ad259e12f5800828e9e72d7c94a6a5259312a447d669b03ec44
SSDEEP
384:SheftipUENLFsPzy3EFHjHdcqH24G2ZN1EDCv3Apb0WD5gYV/S4L3rnzdeo75Y3f:Shef3jHdcMG2NpZrS14F
5.0306952962
Related_To
m_norwegian.wnry
37577
Rich Text Format data, version 1, unknown character set
MD5
ff70cc7c00951084175d12128ce02399
SHA1
75ad3b1ad4fb14813882d88e952208c648f1fd18
SHA256
cb5da96b3dfcf4394713623dbf3831b2a0b8be63987f563e1c32edeb74cb6c3a
SHA512
f01df3256d49325e5ec49fd265aa3f176020c8ffec60eb1d828c75a3fa18ff8634e1de824d77dfdd833768acff1f547303104620c70066a2708654a07ef22e19
SSDEEP
384:SheftipUENLFsPzy3EFHjHdy2MG2D7mgwroXeo75Y3kmA31dv61Qy5:Shef3jHdGG23KrDZrS14N
5.02583682362
Related_To
m_polish.wnry
39896
Rich Text Format data, version 1, unknown character set
MD5
e79d7f2833a9c2e2553c7fe04a1b63f4
SHA1
3d9f56d2381b8fe16042aa7c4feb1b33f2baebff
SHA256
519ad66009a6c127400c6c09e079903223bd82ecc18ad71b8e5cd79f5f9c053e
SHA512
e0159c753491cac7606a7250f332e87bc6b14876bc7a1cf5625fa56ab4f09c485f7b231dd52e4ff0f5f3c29862afb1124c0efd0741613eb97a83cbe2668af5de
SSDEEP
384:SheftipUENLFsPzy3EFHjHdD2SG2gA8w8OJ6868jy8/8w8m8T848f8y858l8j8yv:Shef3jHdxG2KhuZrS14G
5.04854100247
Related_To
m_portuguese.wnry
37917
Rich Text Format data, version 1, unknown character set
MD5
fa948f7d8dfb21ceddd6794f2d56b44f
SHA1
ca915fbe020caa88dd776d89632d7866f660fc7a
SHA256
bd9f4b3aedf4f81f37ec0a028aabcb0e9a900e6b4de04e9271c8db81432e2a66
SHA512
0d211bfb0ae953081dca00cd07f8c908c174fd6c47a8001fadc614203f0e55d9fbb7fa9b87c735d57101341ab36af443918ee00737ed4c19ace0a2b85497f41a
SSDEEP
384:SheftipUENLFsPzy3EFHjHdy2QG2xgk5eo75Y3kmA31dv61QyV:Shef3jHdCG2EZrS14p
5.02787228176
Related_To
m_romanian.wnry
52161
Rich Text Format data, version 1, unknown character set
MD5
313e0ececd24f4fa1504118a11bc7986
SHA1
e1b9ae804c7fb1d27f39db18dc0647bb04e75e9d
SHA256
70c0f32ed379ae899e5ac975e20bbbacd295cf7cd50c36174d2602420c770ac1
SHA512
c7500363c61baf8b77fce796d750f8f5e6886ff0a10f81c3240ea3ad4e5f101b597490dea8ab6bd9193457d35d8fd579fce1b88a1c8d85ebe96c66d909630730
SSDEEP
768:Shef3jHdXG2Cz2/vBAOZsQO0cLfnF/Zhcz7sDsYZBB/0gBjL+IU/hbhMVDtsR49P:ShehlrGR1m4dx9mjVyAvg7ouDT
4.96430694991
Related_To
m_russian.wnry
47108
Rich Text Format data, version 1, unknown character set
MD5
452615db2336d60af7e2057481e4cab5
SHA1
442e31f6556b3d7de6eb85fbac3d2957b7f5eac6
SHA256
02932052fafe97e6acaaf9f391738a3a826f5434b1a013abbfa7a6c1ade1e078
SHA512
7613dc329abe7a3f32164c9a6b660f209a84b774ab9c008bf6503c76255b30ea9a743a6dc49a8de8df0bcb9aea5a33f7408ba27848d9562583ff51991910911f
SSDEEP
384:SheftipUENLFsPzy3EFHjHdg2qG2aUGs0K6lyZqmfGGHRblldORZeo75Y3kmA31L:Shef3jHdeG2lGsDOcZxbP7ZrS14K
4.95277769168
Related_To
m_slovak.wnry
41391
Rich Text Format data, version 1, unknown character set
MD5
c911aba4ab1da6c28cf86338ab2ab6cc
SHA1
fee0fd58b8efe76077620d8abc7500dbfef7c5b0
SHA256
e64178e339c8e10eac17a236a67b892d0447eb67b1dcd149763dad6fd9f72729
SHA512
3491ed285a091a123a1a6d61aafbb8d5621ccc9e045a237a2f9c2cf6049e7420eb96ef30fdcea856b50454436e2ec468770f8d585752d73fafd676c4ef5e800a
SSDEEP
384:SheftipUENLFsPzy3EFHjHd4Yb2YG2gNZ8a8zV/8j8U8l8x838Z8Q808m8d8T8hw:Shef3jHdZvG23AZrS14f
5.02773096628
Related_To
m_spanish.wnry
37381
Rich Text Format data, version 1, unknown character set
MD5
8d61648d34cba8ae9d1e2a219019add1
SHA1
2091e42fc17a0cc2f235650f7aad87abf8ba22c2
SHA256
72f20024b2f69b45a1391f0a6474e9f6349625ce329f5444aec7401fe31f8de1
SHA512
68489c33ba89edfe2e3aebaacf8ef848d2ea88dcbef9609c258662605e02d12cfa4ffdc1d266fc5878488e296d2848b2cb0bbd45f1e86ef959bab6162d284079
SSDEEP
384:SheftipUENLFsPzy3EFHjHdf24G2/ezV6YQUdZYlujeMQ9RXmhRweo75Y3kmA31S:Shef3jHdrG2fuhZrS14T
5.02443306661
Related_To
m_swedish.wnry
38483
Rich Text Format data, version 1, unknown character set
MD5
c7a19984eb9f37198652eaf2fd1ee25c
SHA1
06eafed025cf8c4d76966bf382ab0c5e1bd6a0ae
SHA256
146f61db72297c9c0facffd560487f8d6a2846ecec92ecc7db19c8d618dbc3a4
SHA512
43dd159f9c2eac147cbff1dda83f6a83dd0c59d2d7acac35ba8b407a04ec9a1110a6a8737535d060d100ede1cb75078cf742c383948c9d4037ef459d150f6020
SSDEEP
384:SheftipUENLFsPzy3EFHjHdb24G2ZKLVdDeo75Y3kmA31dv61QyE:Shef3jHd/G2w6ZrS14w
5.02297273663
Related_To
m_turkish.wnry
42582
Rich Text Format data, version 1, unknown character set
MD5
531ba6b1a5460fc9446946f91cc8c94b
SHA1
cc56978681bd546fd82d87926b5d9905c92a5803
SHA256
6db650836d64350bbde2ab324407b8e474fc041098c41ecac6fd77d632a36415
SHA512
ef25c3cf4343df85954114f59933c7cc8107266c8bcac3b5ea7718eb74dbee8ca8a02da39057e6ef26b64f1dfccd720dd3bf473f5ae340ba56941e87d6b796c9
SSDEEP
384:SheftipUENLFsPzy3EFHjHds42WG2mzGu/eo75Y3kmA31dv61QyZ:Shef3jHdsiG2moZrS149
5.01072237707
Related_To
m_vietnamese.wnry
93778
Rich Text Format data, version 1, unknown character set
MD5
8419be28a0dcec3f55823620922b00fa
SHA1
2e4791f9cdfca8abf345d606f313d22b36c46b92
SHA256
1f21838b244c80f8bed6f6977aa8a557b419cf22ba35b1fd4bf0f98989c5bdf8
SHA512
8fca77e54480aea3c0c7a705263ed8fb83c58974f5f0f62f12cc97c8e0506ba2cdb59b70e59e9a6c44dd7cde6adeeec35b494d31a6a146ff5ba7006136ab9386
SSDEEP
384:SheftipUENLFsPzy3EFHjHdW2YG22cViQj3KiG8dpcH8iEriG8E8O83Jz52sxG8h:Shef3jHdWG2+oPZrS14i
4.762061349
Related_To
r.wnry
864
ASCII text, with CRLF line terminators
MD5
3e0020fc529b1c2a061016dd2469ba96
SHA1
c3a91c22b63f6fe709e7c29cafb29a2ee83e6ade
SHA256
402751fa49e0cb68fe052cb3db87b05e71c1d950984d339940cf6b29409f2a7c
SHA512
5ca3c134201ed39d96d72911c0498bae6f98701513fd7f1dc8512819b673f0ea580510fa94ed9413ccc73da18b39903772a7cbfa3478176181cee68c896e14cf
SSDEEP
24:ptrPzDVR5Gi3OzGm0Ei5bnBR7brW8PNAi0eEprY+Ai75wRZce/:DZD36W5/vWmMo+m
4.53351847801
Related_To
Related_To
s.wnry
22667
Zip archive data, at least v1.0 to extract
MD5
025ac29fc5b5257ca0a031de71f201bf
SHA1
55edb34545871def9a4b6599484ad781fa583407
SHA256
58a6680d1add564146308cd9c2f9ee8d4ff794a9c91094f2b44c1cfcb30e61de
SHA512
baff019987d82ca2c1169ef6722f38684044baaaedb9d1889d1d103aeb94a652901f3086bddd3a420983e5cb0f240d2b69957fa3f07eeebe4b6833187cefd778
SSDEEP
384:RpyPhUnOidCa1feM+Oyua4nMmK4kOW2JpHLHBOQnbNOMLlk:7yaJnFe9uaq7W2JdBOQpOM5k
7.98860680988
Related_To
Related_To
taskdl.exe
20480
PE32 executable (GUI) Intel 80386, for MS Windows
MD5
4fef5e34143e646dbf9907c4374276f5
SHA1
47a9ad4125b6bd7c55e4e7da251e23f089407b8f
SHA256
4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79
SHA512
4550dd1787deb353ebd28363dd2cdccca861f6a5d9358120fa6aa23baa478b2a9eb43cef5e3f6426f708a0753491710ac05483fac4a046c26bec4234122434d5
SSDEEP
96:Udocv5e0e1wWtaLYjJN0yDGgI2u9+w5eOIMviS0jPtboyn15EWBwwWwT:6oL0edtJN7qvAZM6S0jP1oynkWBwwWg
Microsoft Visual C++ v6.0
3.16648454088
5
2009-07-14T00:12:07Z
4096
MD5
517be0783885b48f9e129f76f2906642
0.647544716167
.text
4096
4.92282748815
MD5
c9aa64fe8d9efc3e7be627442c0172f0
.rdata
4096
2.66441166404
MD5
e98eaa78f8b3d90a99454c5d64db86ba
.data
4096
0.105612474489
MD5
d71c25cb529fed9abe0ee5d3d6264cd5
.rsrc
4096
3.71611137019
MD5
a5fbafb18686e9366dc75c2e1920c441
Related_To
taskse.exe
20480
PE32 executable (GUI) Intel 80386, for MS Windows
MD5
8495400f199ac77853c53b5a3f278f3e
SHA1
be5d6279874da315e3080b06083757aad9b32c23
SHA256
2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d
SHA512
0669c524a295a049fa4629b26f89788b2a74e1840bcdc50e093a0bd40830dd1279c9597937301c0072db6ece70adee4ace67c3c8a4fb2db6deafd8f1e887abe4
SSDEEP
96:UjpvOHheaCDCNIOgTegoddPtboyX7cvp0EWy1HlWwr:UjVWEam7ofP1oyX7olWUHlW0
Microsoft Visual C++ v6.0
2.52525096181
5
2009-07-13T23:15:28Z
4096
MD5
bf20072e3afa57f58ac8c40e0f9d162b
0.627317954157
.text
4096
3.29976908335
MD5
27ba7eebe222f1f600c05d356fdd3f20
.rdata
4096
1.05105359822
MD5
95ab42776493299c34c1e0c609c3d165
.data
4096
0.79975850341
MD5
5a849268f8bc1bf35214e328323b8793
.rsrc
4096
3.72171470037
MD5
f7bd6aed27ba347f17f0fa5893d895d6
Related_To
u.wnry
245760
PE32 executable (GUI) Intel 80386, for MS Windows
MD5
7bf2b57f2a205768755c07f238fb32cc
SHA1
45356a9dd616ed7161a3b9192e2f318d0ab5ad10
SHA256
b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25
SHA512
91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9
SSDEEP
3072:Rmrhd5U1eigWcR+uiUg6p4FLlG4tlL8z+mmCeHFZjoHEo3m:REd5+IZiZhLlG4AimmCo
Microsoft Visual C++ v6.0
6.27892040839
5
2009-07-13T23:19:35Z
4096
MD5
143b3fc179777c5b2f2e0ff974ebd7b7
0.763356728671
.text
81920
6.24100602272
MD5
c9ede1054fef33720f9fa97f5e8abe49
.rdata
40960
5.87183534271
MD5
5a89aac6c8259abbba2fa2ad3fcefc6e
.data
12288
4.72665302653
MD5
05da32043b1e3a147de634c550f1954d
.rsrc
106496
5.63519234495
MD5
8e97637474ab77441ae5add3f3325753
Related_To
Related_To
http[:]//www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
Related_To
80
TCP
Related_To
Related_To
Domain Name: IUQERFSODP9IFJAPOSDFJHGOSURIJFAEWRWERGWEA.COM
Registrar: NAMECHEAP INC.
Sponsoring Registrar IANA ID: 1068
Whois Server: whois.namecheap.com
Referral URL: http://www.namecheap.com
Name Server: NS1.SINKHOLE.TECH
Name Server: NS2.SINKHOLE.TECH
Name Server: NS3.SINKHOLE.TECH
Name Server: NS4.SINKHOLE.TECH
Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Updated Date: 12-may-2017
Creation Date: 12-may-2017
Domain name: iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
Registry Domain ID: 2123519849_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2017-05-12T15:08:10.00Z
Creation Date: 2017-05-12T15:08:04.00Z
Registrar Registration Expiration Date: 2018-05-12T15:08:04.00Z
Registrar: NAMECHEAP INC
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.6613102107
Reseller: NAMECHEAP INC
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: addPeriod https://icann.org/epp#addPeriod
Registry Registrant ID:
Registrant Name: Botnet Sinkhole
Registrant Organization:
Registrant Street: Botnet Sinkhole
Registrant City: Los Angeles
Registrant State/Province: CA
Registrant Postal Code: 00000
Registrant Country: US
Registrant Phone: +0.00000000000
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: BotnetSinkhole@gmail.com
Registry Admin ID:
Admin Name: Botnet Sinkhole
Admin Organization:
Admin Street: Botnet Sinkhole
Admin City: Los Angeles
Admin State/Province: CA
Admin Postal Code: 00000
Admin Country: US
Admin Phone: +0.00000000000
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: BotnetSinkhole@gmail.com
Registry Tech ID:
Tech Name: Botnet Sinkhole
Tech Organization:
Tech Street: Botnet Sinkhole
Tech City: Los Angeles
Tech State/Province: CA
Tech Postal Code: 00000
Tech Country: US
Tech Phone: +0.00000000000
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: BotnetSinkhole@gmail.com
Name Server: ns1.sinkhole.tech
Name Server: ns2.sinkhole.tech
Name Server: ns3.sinkhole.tech
Name Server: ns4.sinkhole.tech
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2017-05-14T11:56:55.96Z <<<
Characterizes
MD5
5bef35496fcbdbe841c82f4d1ab8b7c2
SHA1
50049556b3406e07347411767d6d01a704b6fee6
MD5
86721e64ffbd69aa6944b9672bcabb6d
SHA1
8897c658c0373be54eeac23bbd4264687a141ae1
MD5
4da1f312a214c07143abeeafb695d904
SHA1
b629f072c9241fd2451f1cbca2290197e72a8f5e
MD5
c17170262312f3be7027bc2ca825bf0c
SHA1
f19eceda82973239a1fdc5826bce7691e5dcb4fb
wannacry malware - MD5
Malware Artifacts
US-CERT
2017-05-15T15:59:57.144244+00:00
wannacry malware - SHA1
Malware Artifacts
US-CERT
2017-05-15T15:59:57.145057+00:00
Wannacrypt ransomware component - MD5
Malware Artifacts
US-CERT
2017-05-15T16:13:58.093183+00:00
Wannacrypt ransomware component - SHA1
Malware Artifacts
US-CERT
2017-05-15T16:13:58.094090+00:00
WannaCrypt ransomware component - MD5
Malware Artifacts
US-CERT
2017-05-16T11:58:10.233296+00:00
WannaCrypt ransomware component - SHA1
Malware Artifacts
US-CERT
2017-05-16T11:58:10.234331+00:00
"Ooops - Your files are encrypted" message - MD5
Malware Artifacts
US-CERT
2017-05-16T12:14:09.668522+00:00
"Ooops - Your files are encrypted" message - SHA1
Malware Artifacts
US-CERT
2017-05-16T12:14:09.669741+00:00
MAEC Characterization of 4e57113a6bf6b88fdd32782a4a381274
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
MAEC Characterization of 8419be28a0dcec3f55823620922b00fa
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
TrendMicro-HouseCall
TROJ_RANSOMNOTE.RTF
TrendMicro
TROJ_RANSOMNOTE.RTF
Microsoft
Ransom:Win32/WannaCrypt.A!rsm
Tencent
Win32.Trojan.Filecoder.Dxmn
Ikarus
Trojan.Win32.Filecoder
GData
Script.Trojan.Agent.54KIMR
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
TrendMicro-HouseCall
TROJ_RANSOMNOTE.RTF
TrendMicro
TROJ_RANSOMNOTE.RTF
Microsoft
Ransom:Win32/WannaCrypt.A!rsm
Tencent
Win32.Trojan.Filecoder.Dxmn
Ikarus
Trojan.Win32.Filecoder
GData
Script.Trojan.Agent.54KIMR
MAEC Characterization of 35c2f97eea8819b1caebd23fee732d8f
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
MAEC Characterization of 3d59bbb5553fe03a89f817819540f469
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
MAEC Characterization of 2c5a3b81d5c4715b7bea01033367fcb5
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
MAEC Characterization of 4fef5e34143e646dbf9907c4374276f5
MicroWorld-eScan
Trojan.GenericKD.5057554
nProtect
Ransom/W32.WannaCry.20480
CAT-QuickHeal
TrojanRansom.Agent
McAfee
Ransom-O
Malwarebytes
Ransom.WanaCrypt0r
VIPRE
Trojan.Win32.Generic!BT
K7GW
Trojan ( 0001140e1 )
K7AntiVirus
Trojan ( 0001140e1 )
TrendMicro
Ransom_WCRY.I
F-Prot
W32/WannaCrypt.C
Symantec
Ransom.Wannacry
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
TrendMicro-HouseCall
Ransom_WCRY.I
Paloalto
generic.ml
Kaspersky
Trojan-Ransom.Win32.Agent.aapw
BitDefender
Trojan.GenericKD.5057554
NANO-Antivirus
Trojan.Win32.Agent.eopwdw
ViRobot
Trojan.Win32.S.WannaCry.20480[h]
Avast
Win32:WannaCry-B [Trj]
Ad-Aware
Trojan.GenericKD.5057554
Sophos
Troj/Wanna-C
Comodo
UnclassifiedMalware
F-Secure
Trojan.GenericKD.5057554
DrWeb
Trojan.Encoder.11432
McAfee-GW-Edition
Ransom-O
Emsisoft
Trojan.GenericKD.5057554 (B)
Cyren
W32/Trojan.NFAB-4202
Jiangmin
Trojan.WanaCry.j
Webroot
W32.Ransom.Wanacryptor
Avira
TR/FileCoder.724611
Fortinet
W32/Agent.AAPW!tr
Antiy-AVL
Trojan/Win32.TGeneric
Arcabit
Trojan.Generic.D4D2C12
AegisLab
Troj.Ransom.W32.Agent!c
ZoneAlarm
Trojan-Ransom.Win32.Agent.aapw
Microsoft
Ransom:Win32/WannaCrypt
AhnLab-V3
Trojan/Win32.HDC.C61115
ALYac
Trojan.Ransom.WannaCryptor
AVware
Trojan.Win32.Generic!BT
Tencent
Win32.Trojan.Ransomlocker.Nmmb
Ikarus
Trojan.Win32.Filecoder
GData
Trojan.GenericKD.5057554
AVG
FileCryptor.OYG
Panda
Trj/RansomCrypt.I
Qihoo-360
Trojan.Generic
MicroWorld-eScan
Trojan.GenericKD.5057554
nProtect
Ransom/W32.WannaCry.20480
CAT-QuickHeal
TrojanRansom.Agent
McAfee
Ransom-O
Malwarebytes
Ransom.WanaCrypt0r
VIPRE
Trojan.Win32.Generic!BT
K7GW
Trojan ( 0001140e1 )
K7AntiVirus
Trojan ( 0001140e1 )
TrendMicro
Ransom_WCRY.I
F-Prot
W32/WannaCrypt.C
Symantec
Ransom.Wannacry
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
TrendMicro-HouseCall
Ransom_WCRY.I
Paloalto
generic.ml
Kaspersky
Trojan-Ransom.Win32.Agent.aapw
BitDefender
Trojan.GenericKD.5057554
NANO-Antivirus
Trojan.Win32.Agent.eopwdw
ViRobot
Trojan.Win32.S.WannaCry.20480[h]
Avast
Win32:WannaCry-B [Trj]
Ad-Aware
Trojan.GenericKD.5057554
Sophos
Troj/Wanna-C
Comodo
UnclassifiedMalware
F-Secure
Trojan.GenericKD.5057554
DrWeb
Trojan.Encoder.11432
McAfee-GW-Edition
Ransom-O
Emsisoft
Trojan.GenericKD.5057554 (B)
Cyren
W32/Trojan.NFAB-4202
Jiangmin
Trojan.WanaCry.j
Webroot
W32.Ransom.Wanacryptor
Avira
TR/FileCoder.724611
Fortinet
W32/Agent.AAPW!tr
Antiy-AVL
Trojan/Win32.TGeneric
Arcabit
Trojan.Generic.D4D2C12
AegisLab
Troj.Ransom.W32.Agent!c
ZoneAlarm
Trojan-Ransom.Win32.Agent.aapw
Microsoft
Ransom:Win32/WannaCrypt
AhnLab-V3
Trojan/Win32.HDC.C61115
ALYac
Trojan.Ransom.WannaCryptor
AVware
Trojan.Win32.Generic!BT
Tencent
Win32.Trojan.Ransomlocker.Nmmb
Ikarus
Trojan.Win32.Filecoder
GData
Trojan.GenericKD.5057554
AVG
FileCryptor.OYG
Panda
Trj/RansomCrypt.I
Qihoo-360
Trojan.Generic
MAEC Characterization of 86721e64ffbd69aa6944b9672bcabb6d
MicroWorld-eScan
Trojan.Ransom.WannaCryptor.A
nProtect
Ransom/W32.Wanna.3514368
CAT-QuickHeal
Ransom.WannaCryBot
ALYac
Trojan.Ransom.WannaCryptor
Malwarebytes
Ransom.WanaCrypt0r
K7GW
Trojan ( 0050d7171 )
K7AntiVirus
Trojan ( 0050d7171 )
Arcabit
Trojan.Ransom.WannaCryptor.A
Baidu
Win32.Trojan.WisdomEyes.16070401.9500.9973
F-Prot
W32/WannaCrypt.D
Symantec
Ransom.Wannacry
TrendMicro-HouseCall
Ransom_WCRY.J
Paloalto
generic.ml
ClamAV
Win.Ransomware.WannaCry-6313787-0
GData
Win32.Trojan-Ransom.WannaCry.A
Kaspersky
Trojan-Ransom.Win32.Wanna.b
BitDefender
Trojan.Ransom.WannaCryptor.A
NANO-Antivirus
Trojan.Win32.Wanna.eorfmq
AegisLab
Dropped.Generic.Ransom.Hydracrypt!c
Avast
Win32:WanaCry-A [Trj]
Tencent
Win32.Trojan.Ransome.Vdfa
Ad-Aware
Trojan.Ransom.WannaCryptor.A
Emsisoft
Trojan.Ransom.WannaCryptor.A (B)
Comodo
TrojWare.Win32.Ransom.WannaCryptor.a
F-Secure
Trojan.Ransom.WannaCryptor.A
DrWeb
Trojan.Encoder.11432
VIPRE
Trojan.Win32.Generic!BT
TrendMicro
Ransom_WCRY.J
McAfee-GW-Edition
BehavesLike.Win32.Backdoor.wc
Sophos
Mal/Wanna-A
Cyren
W32/Trojan.AHAZ-1193
Jiangmin
Trojan.WanaCry.b
Webroot
W32.Ransomware.Wcry
Avira
TR/AD.RansomHeur.aexdn
Antiy-AVL
Trojan[Ransom]/Win32.Scatter
ViRobot
Trojan.Win32.S.WannaCry.3514368.O[h]
ZoneAlarm
Trojan-Ransom.Win32.Wanna.b
Microsoft
Ransom:Win32/WannaCrypt
AhnLab-V3
Trojan/Win32.WannaCryptor.R200571
McAfee
Ransom-WannaCry!86721E64FFBD
AVware
Trojan.Win32.Generic!BT
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
Rising
Malware.Heuristic!ET#89% (cloud:vZkqDj6QDKF)
Ikarus
Trojan.Win32.Filecoder
Fortinet
W32/WannaCryptor.D!tr
AVG
Ransom_r.CFY
Panda
Trj/RansomCrypt.F
CrowdStrike
malicious_confidence_69% (W)
Qihoo-360
Win32/Trojan.Ransom.50f
MicroWorld-eScan
Trojan.Ransom.WannaCryptor.A
nProtect
Ransom/W32.Wanna.3514368
CAT-QuickHeal
Ransom.WannaCryBot
ALYac
Trojan.Ransom.WannaCryptor
Malwarebytes
Ransom.WanaCrypt0r
K7GW
Trojan ( 0050d7171 )
K7AntiVirus
Trojan ( 0050d7171 )
Arcabit
Trojan.Ransom.WannaCryptor.A
Baidu
Win32.Trojan.WisdomEyes.16070401.9500.9973
F-Prot
W32/WannaCrypt.D
Symantec
Ransom.Wannacry
TrendMicro-HouseCall
Ransom_WCRY.J
Paloalto
generic.ml
ClamAV
Win.Ransomware.WannaCry-6313787-0
GData
Win32.Trojan-Ransom.WannaCry.A
Kaspersky
Trojan-Ransom.Win32.Wanna.b
BitDefender
Trojan.Ransom.WannaCryptor.A
NANO-Antivirus
Trojan.Win32.Wanna.eorfmq
AegisLab
Dropped.Generic.Ransom.Hydracrypt!c
Avast
Win32:WanaCry-A [Trj]
Tencent
Win32.Trojan.Ransome.Vdfa
Ad-Aware
Trojan.Ransom.WannaCryptor.A
Emsisoft
Trojan.Ransom.WannaCryptor.A (B)
Comodo
TrojWare.Win32.Ransom.WannaCryptor.a
F-Secure
Trojan.Ransom.WannaCryptor.A
DrWeb
Trojan.Encoder.11432
VIPRE
Trojan.Win32.Generic!BT
TrendMicro
Ransom_WCRY.J
McAfee-GW-Edition
BehavesLike.Win32.Backdoor.wc
Sophos
Mal/Wanna-A
Cyren
W32/Trojan.AHAZ-1193
Jiangmin
Trojan.WanaCry.b
Webroot
W32.Ransomware.Wcry
Avira
TR/AD.RansomHeur.aexdn
Antiy-AVL
Trojan[Ransom]/Win32.Scatter
ViRobot
Trojan.Win32.S.WannaCry.3514368.O[h]
ZoneAlarm
Trojan-Ransom.Win32.Wanna.b
Microsoft
Ransom:Win32/WannaCrypt
AhnLab-V3
Trojan/Win32.WannaCryptor.R200571
McAfee
Ransom-WannaCry!86721E64FFBD
AVware
Trojan.Win32.Generic!BT
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
Rising
Malware.Heuristic!ET#89% (cloud:vZkqDj6QDKF)
Ikarus
Trojan.Win32.Filecoder
Fortinet
W32/WannaCryptor.D!tr
AVG
Ransom_r.CFY
Panda
Trj/RansomCrypt.F
CrowdStrike
malicious_confidence_69% (W)
Qihoo-360
Win32/Trojan.Ransom.50f
MAEC Characterization of c33afb4ecc04ee1bcc6975bea49abe40
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
MAEC Characterization of 5dcaac857e695a65f5c3ef1441a73a8f
MicroWorld-eScan
Trojan.GenericKD.5057663
Symantec
Trojan.Gen.8!cloud
TrendMicro-HouseCall
Suspicious_GEN.F47V0513
BitDefender
Trojan.GenericKD.5057663
Ad-Aware
Trojan.GenericKD.5057663
F-Secure
Trojan.GenericKD.5057663
Emsisoft
Trojan.GenericKD.5057663 (B)
Arcabit
Trojan.Generic.D4D2C7F
Microsoft
Ransom:Win32/WannaCrypt.A!rsm
Ikarus
Ransom.Win32.WannaCrypt
GData
Trojan.GenericKD.5057663
Qihoo-360
Trojan.Generic
MicroWorld-eScan
Trojan.GenericKD.5057663
Symantec
Trojan.Gen.8!cloud
TrendMicro-HouseCall
Suspicious_GEN.F47V0513
BitDefender
Trojan.GenericKD.5057663
Ad-Aware
Trojan.GenericKD.5057663
F-Secure
Trojan.GenericKD.5057663
Emsisoft
Trojan.GenericKD.5057663 (B)
Arcabit
Trojan.Generic.D4D2C7F
Microsoft
Ransom:Win32/WannaCrypt.A!rsm
Ikarus
Ransom.Win32.WannaCrypt
GData
Trojan.GenericKD.5057663
Qihoo-360
Trojan.Generic
MAEC Characterization of fb4e8718fea95bb7479727fde80cb424
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
MAEC Characterization of 08b9e69b57e4c9b966664f8e1c27ab09
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
MAEC Characterization of c7a19984eb9f37198652eaf2fd1ee25c
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
MAEC Characterization of 17194003fa70ce477326ce2f6deeb270
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
MAEC Characterization of 3788f91c694dfc48e12417ce93356b0f
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
MAEC Characterization of 2efc3690d67cd073a9406a25005f7cea
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
MAEC Characterization of 531ba6b1a5460fc9446946f91cc8c94b
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
MAEC Characterization of 7bf2b57f2a205768755c07f238fb32cc
MicroWorld-eScan
Trojan.GenericKD.5057856
nProtect
Ransom/W32.Wanna.245760
CAT-QuickHeal
TrojanRansom.Wanna
McAfee
Ransom-O
Malwarebytes
Ransom.WanaCrypt0r
VIPRE
Trojan.Win32.Generic!BT
CrowdStrike
malicious_confidence_60% (D)
K7GW
Trojan ( 0001140e1 )
K7AntiVirus
Trojan ( 0001140e1 )
Cyren
W32/Trojan.FSSE-8992
Symantec
Ransom.Wannacry
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
TrendMicro-HouseCall
RANSOM_WCRY.I
Avast
Win32:WanaCry-A [Trj]
ClamAV
Win.Trojan.Agent-6312824-0
Kaspersky
Trojan-Ransom.Win32.Wanna.c
BitDefender
Trojan.GenericKD.5057856
NANO-Antivirus
Trojan.Win32.Wanna.eottwl
Paloalto
generic.ml
ViRobot
Trojan.Win32.S.WannaCry.245760[h]
Tencent
Win32.Trojan.Ransomlocker.Mvmh
Ad-Aware
Trojan.GenericKD.5057856
Emsisoft
Trojan.GenericKD.5057856 (B)
Comodo
TrojWare.Win32.Ransom.WannaCryptor.~
F-Secure
Trojan.GenericKD.5057856
DrWeb
Trojan.Encoder.11432
TrendMicro
RANSOM_WCRY.I
McAfee-GW-Edition
Ransom-O
F-Prot
W32/WannaCrypt.A
Jiangmin
Trojan.WanaCry.a
Webroot
W32.Ransom.Wannacry
Avira
TR/FileCoder.724645
Fortinet
W32/GenKryptik.1C25!tr
Antiy-AVL
Trojan/Win32.Deshacop
Arcabit
Trojan.Generic.D4D2D40
AegisLab
Uds.Dangerousobject.Multi!c
ZoneAlarm
Trojan-Ransom.Win32.Wanna.c
Microsoft
Ransom:Win32/WannaCrypt
Sophos
Troj/Wanna-D
AhnLab-V3
Trojan/Win32.WannaCryptor.R200589
ALYac
Trojan.Ransom.WannaCryptor
AVware
Trojan.Win32.Generic!BT
Rising
Malware.Generic.5!tfe (cloud:7SfzBq30iMV)
Ikarus
Trojan.Win32.Filecoder
GData
Win32.Trojan-Ransom.WannaCry.E
AVG
Generic_r.SSZ
Panda
Trj/RansomCrypt.K
Qihoo-360
Win32/Trojan.Multi.daf
MicroWorld-eScan
Trojan.GenericKD.5057856
nProtect
Ransom/W32.Wanna.245760
CAT-QuickHeal
TrojanRansom.Wanna
McAfee
Ransom-O
Malwarebytes
Ransom.WanaCrypt0r
VIPRE
Trojan.Win32.Generic!BT
CrowdStrike
malicious_confidence_60% (D)
K7GW
Trojan ( 0001140e1 )
K7AntiVirus
Trojan ( 0001140e1 )
Cyren
W32/Trojan.FSSE-8992
Symantec
Ransom.Wannacry
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
TrendMicro-HouseCall
RANSOM_WCRY.I
Avast
Win32:WanaCry-A [Trj]
ClamAV
Win.Trojan.Agent-6312824-0
Kaspersky
Trojan-Ransom.Win32.Wanna.c
BitDefender
Trojan.GenericKD.5057856
NANO-Antivirus
Trojan.Win32.Wanna.eottwl
Paloalto
generic.ml
ViRobot
Trojan.Win32.S.WannaCry.245760[h]
Tencent
Win32.Trojan.Ransomlocker.Mvmh
Ad-Aware
Trojan.GenericKD.5057856
Emsisoft
Trojan.GenericKD.5057856 (B)
Comodo
TrojWare.Win32.Ransom.WannaCryptor.~
F-Secure
Trojan.GenericKD.5057856
DrWeb
Trojan.Encoder.11432
TrendMicro
RANSOM_WCRY.I
McAfee-GW-Edition
Ransom-O
F-Prot
W32/WannaCrypt.A
Jiangmin
Trojan.WanaCry.a
Webroot
W32.Ransom.Wannacry
Avira
TR/FileCoder.724645
Fortinet
W32/GenKryptik.1C25!tr
Antiy-AVL
Trojan/Win32.Deshacop
Arcabit
Trojan.Generic.D4D2D40
AegisLab
Uds.Dangerousobject.Multi!c
ZoneAlarm
Trojan-Ransom.Win32.Wanna.c
Microsoft
Ransom:Win32/WannaCrypt
Sophos
Troj/Wanna-D
AhnLab-V3
Trojan/Win32.WannaCryptor.R200589
ALYac
Trojan.Ransom.WannaCryptor
AVware
Trojan.Win32.Generic!BT
Rising
Malware.Generic.5!tfe (cloud:7SfzBq30iMV)
Ikarus
Trojan.Win32.Filecoder
GData
Win32.Trojan-Ransom.WannaCry.E
AVG
Generic_r.SSZ
Panda
Trj/RansomCrypt.K
Qihoo-360
Win32/Trojan.Multi.daf
MAEC Characterization of ae08f79a0d800b82fcbe1b43cdbdbefc
Microsoft
Ransom:Win32/WannaCrypt.A!rsm
Microsoft
Ransom:Win32/WannaCrypt.A!rsm
MAEC Characterization of 8495400f199ac77853c53b5a3f278f3e
MicroWorld-eScan
Trojan.GenericKD.5057859
nProtect
Ransom/W32.Zapchast.20480.B
CAT-QuickHeal
Trojanransom.Zapchast
McAfee
Ransom-O
Malwarebytes
Ransom.WanaCrypt0r
K7GW
Trojan ( 0001140e1 )
K7AntiVirus
Trojan ( 0001140e1 )
TrendMicro
Ransom_WCRY.I
F-Prot
W32/WannaCrypt.B
Symantec
Ransom.Wannacry
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
TrendMicro-HouseCall
Ransom_WCRY.I
Paloalto
generic.ml
GData
Trojan.GenericKD.5057859
Kaspersky
Trojan-Ransom.Win32.Zapchast.i
BitDefender
Trojan.GenericKD.5057859
NANO-Antivirus
Trojan.Win32.Zapchast.eopvwc
ViRobot
Trojan.Win32.S.WannaCry.20480.A[h]
AegisLab
Troj.Ransom.W32!c
Sophos
Troj/Wanna-C
Comodo
UnclassifiedMalware
F-Secure
Trojan.GenericKD.5057859
DrWeb
Trojan.Encoder.11432
VIPRE
Trojan.Win32.Generic!BT
McAfee-GW-Edition
Ransom-O
Emsisoft
Trojan.GenericKD.5057859 (B)
Cyren
W32/Trojan.FXSJ-2552
Jiangmin
Trojan.Zapchast.eo
Webroot
W32.Ransom.Wanacryptor
Avira
TR/FileCoder.724649
Antiy-AVL
Trojan/Win32.TGeneric
Arcabit
Trojan.Generic.D4D2D43
ZoneAlarm
Trojan-Ransom.Win32.Zapchast.i
Microsoft
Ransom:Win32/WannaCrypt
AVG
FileCryptor.OYH
AhnLab-V3
Trojan/Win32.WannaCryptor.C1951306
ALYac
Trojan.Ransom.WannaCryptor
AVware
Trojan.Win32.Generic!BT
Ad-Aware
Trojan.GenericKD.5057859
Panda
Trj/RansomCrypt.C
Tencent
Win32.Trojan.Ransomlocker.Ozmy
Ikarus
Trojan.Win32.Filecoder
Fortinet
W32/Zapchast.D!tr
Avast
Win32:WannaCry-A [Trj]
Qihoo-360
Trojan.Generic
MicroWorld-eScan
Trojan.GenericKD.5057859
nProtect
Ransom/W32.Zapchast.20480.B
CAT-QuickHeal
Trojanransom.Zapchast
McAfee
Ransom-O
Malwarebytes
Ransom.WanaCrypt0r
K7GW
Trojan ( 0001140e1 )
K7AntiVirus
Trojan ( 0001140e1 )
TrendMicro
Ransom_WCRY.I
F-Prot
W32/WannaCrypt.B
Symantec
Ransom.Wannacry
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
TrendMicro-HouseCall
Ransom_WCRY.I
Paloalto
generic.ml
GData
Trojan.GenericKD.5057859
Kaspersky
Trojan-Ransom.Win32.Zapchast.i
BitDefender
Trojan.GenericKD.5057859
NANO-Antivirus
Trojan.Win32.Zapchast.eopvwc
ViRobot
Trojan.Win32.S.WannaCry.20480.A[h]
AegisLab
Troj.Ransom.W32!c
Sophos
Troj/Wanna-C
Comodo
UnclassifiedMalware
F-Secure
Trojan.GenericKD.5057859
DrWeb
Trojan.Encoder.11432
VIPRE
Trojan.Win32.Generic!BT
McAfee-GW-Edition
Ransom-O
Emsisoft
Trojan.GenericKD.5057859 (B)
Cyren
W32/Trojan.FXSJ-2552
Jiangmin
Trojan.Zapchast.eo
Webroot
W32.Ransom.Wanacryptor
Avira
TR/FileCoder.724649
Antiy-AVL
Trojan/Win32.TGeneric
Arcabit
Trojan.Generic.D4D2D43
ZoneAlarm
Trojan-Ransom.Win32.Zapchast.i
Microsoft
Ransom:Win32/WannaCrypt
AVG
FileCryptor.OYH
AhnLab-V3
Trojan/Win32.WannaCryptor.C1951306
ALYac
Trojan.Ransom.WannaCryptor
AVware
Trojan.Win32.Generic!BT
Ad-Aware
Trojan.GenericKD.5057859
Panda
Trj/RansomCrypt.C
Tencent
Win32.Trojan.Ransomlocker.Ozmy
Ikarus
Trojan.Win32.Filecoder
Fortinet
W32/Zapchast.D!tr
Avast
Win32:WannaCry-A [Trj]
Qihoo-360
Trojan.Generic
MAEC Characterization of 8d61648d34cba8ae9d1e2a219019add1
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
MAEC Characterization of fa948f7d8dfb21ceddd6794f2d56b44f
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
Ikarus
Win32.Outbreak
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
Ikarus
Win32.Outbreak
MAEC Characterization of 7a8d499407c6a647c03c4471a67eaad7
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
MAEC Characterization of ff70cc7c00951084175d12128ce02399
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
MAEC Characterization of c911aba4ab1da6c28cf86338ab2ab6cc
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
MAEC Characterization of e79d7f2833a9c2e2553c7fe04a1b63f4
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
MAEC Characterization of c17170262312f3be7027bc2ca825bf0c
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
Microsoft
Ransom:Win32/WannaCrypt.A!rsm
Ikarus
Trojan.Win32.Filecoder
GData
Generic.Trojan.Agent.TFW01J
Qihoo-360
Trojan.Generic
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
Microsoft
Ransom:Win32/WannaCrypt.A!rsm
Ikarus
Trojan.Win32.Filecoder
GData
Generic.Trojan.Agent.TFW01J
Qihoo-360
Trojan.Generic
MAEC Characterization of 313e0ececd24f4fa1504118a11bc7986
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
MAEC Characterization of 95673b0f968c0f55b32204361940d184
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
MAEC Characterization of 30a200f78498990095b36f574b6e8690
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
MAEC Characterization of 3e0020fc529b1c2a061016dd2469ba96
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
TrendMicro-HouseCall
TROJ_RANSOMNOTE.AUSCQT
TrendMicro
TROJ_RANSOMNOTE.AUSCQT
AegisLab
Troj.Ransomnote.Auscqt!c
Microsoft
Ransom:Win32/WannaCrypt.A!rsm
Tencent
Win32.Trojan.Filecoder.Lkds
Ikarus
Trojan.Win32.Filecoder
GData
Script.Trojan.Agent.98XDFC
Qihoo-360
Trojan.Generic
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
TrendMicro-HouseCall
TROJ_RANSOMNOTE.AUSCQT
TrendMicro
TROJ_RANSOMNOTE.AUSCQT
AegisLab
Troj.Ransomnote.Auscqt!c
Microsoft
Ransom:Win32/WannaCrypt.A!rsm
Tencent
Win32.Trojan.Filecoder.Lkds
Ikarus
Trojan.Win32.Filecoder
GData
Script.Trojan.Agent.98XDFC
Qihoo-360
Trojan.Generic
MAEC Characterization of fe68c2dc0d2419b38f44d83f2fcf232e
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
MAEC Characterization of 452615db2336d60af7e2057481e4cab5
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
TrendMicro-HouseCall
TROJ_RANSOMNOTE.RTF
TrendMicro
TROJ_RANSOMNOTE.RTF
Microsoft
Ransom:Win32/WannaCrypt.A!rsm
Tencent
Win32.Trojan.Filecoder.Palq
Ikarus
Trojan.Win32.Filecoder
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
TrendMicro-HouseCall
TROJ_RANSOMNOTE.RTF
TrendMicro
TROJ_RANSOMNOTE.RTF
Microsoft
Ransom:Win32/WannaCrypt.A!rsm
Tencent
Win32.Trojan.Filecoder.Palq
Ikarus
Trojan.Win32.Filecoder
MAEC Characterization of 5bef35496fcbdbe841c82f4d1ab8b7c2
MicroWorld-eScan
Trojan.GenericKD.5055387
nProtect
Ransom/W32.Wanna.3723264
CAT-QuickHeal
Ransom.WannaCryBot
ALYac
Trojan.Ransom.WannaCryptor
Malwarebytes
Ransom.WanaCrypt0r
AegisLab
Ml.Attribute.Gen!c
K7GW
Exploit ( 0050d7a31 )
K7AntiVirus
Exploit ( 0050d7a31 )
Arcabit
Trojan.Generic.D4D239B
Invincea
virtool.win32.injector.eg
Baidu
Win32.Worm.Rbot.a
Cyren
W32/Trojan.AHAZ-1193
Symantec
Ransom.Wannacry
Paloalto
generic.ml
ClamAV
Win.Trojan.Agent-6313878-0
GData
Win32.Trojan-Ransom.WannaCry.D
Kaspersky
Trojan-Ransom.Win32.Wanna.m
BitDefender
Trojan.GenericKD.5055387
NANO-Antivirus
Trojan.Win32.Wanna.eorfmq
Avast
Win32:WanaCry-A [Trj]
Rising
Ransom.FileCryptor!8.1A7 (cloud:pN1yUsg5xNU)
Ad-Aware
Trojan.GenericKD.5055387
Emsisoft
Trojan-Ransom.WanaCrypt0r (A)
Comodo
TrojWare.Win32.Ransom.WannaCryptor.a
F-Secure
Trojan.GenericKD.5055387
DrWeb
Trojan.Encoder.11432
VIPRE
Trojan.Win32.Generic!BT
TrendMicro
WORM_WCRY.A
McAfee-GW-Edition
Ransom-WannaCry!86721E64FFBD
Sophos
Troj/Wanna-E
Ikarus
Trojan.Win32.Filecoder
F-Prot
W32/WannaCrypt.D
Jiangmin
Trojan.WanaCry.i
Webroot
W32.Ransom.Wannacry
Avira
BDS/Agent.ilyda
Endgame
malicious (high confidence)
ViRobot
Trojan.Win32.S.WannaCry.3723264.I[h]
ZoneAlarm
Trojan-Ransom.Win32.Wanna.m
Microsoft
Ransom:Win32/WannaCrypt.A!rsm
AhnLab-V3
Trojan/Win32.WannaCryptor.R200572
McAfee
GenericR-JTA!5BEF35496FCB
AVware
Trojan.Win32.Generic!BT
VBA32
suspected of Trojan.Downloader.gen.h
ESET-NOD32
Win32/Exploit.CVE-2017-0147.A
Tencent
Win32.Trojan.Ransomware.Auto
SentinelOne
static engine - malicious
Fortinet
W32/WannaCryptor.D!tr
AVG
Ransom_r.CGA
Panda
Trj/RansomCrypt.I
CrowdStrike
malicious_confidence_100% (W)
Qihoo-360
Win32/Trojan.Ransom.50f
MicroWorld-eScan
Trojan.GenericKD.5055387
nProtect
Ransom/W32.Wanna.3723264
CAT-QuickHeal
Ransom.WannaCryBot
ALYac
Trojan.Ransom.WannaCryptor
Malwarebytes
Ransom.WanaCrypt0r
AegisLab
Ml.Attribute.Gen!c
K7GW
Exploit ( 0050d7a31 )
K7AntiVirus
Exploit ( 0050d7a31 )
Arcabit
Trojan.Generic.D4D239B
Invincea
virtool.win32.injector.eg
Baidu
Win32.Worm.Rbot.a
Cyren
W32/Trojan.AHAZ-1193
Symantec
Ransom.Wannacry
Paloalto
generic.ml
ClamAV
Win.Trojan.Agent-6313878-0
GData
Win32.Trojan-Ransom.WannaCry.D
Kaspersky
Trojan-Ransom.Win32.Wanna.m
BitDefender
Trojan.GenericKD.5055387
NANO-Antivirus
Trojan.Win32.Wanna.eorfmq
Avast
Win32:WanaCry-A [Trj]
Rising
Ransom.FileCryptor!8.1A7 (cloud:pN1yUsg5xNU)
Ad-Aware
Trojan.GenericKD.5055387
Emsisoft
Trojan-Ransom.WanaCrypt0r (A)
Comodo
TrojWare.Win32.Ransom.WannaCryptor.a
F-Secure
Trojan.GenericKD.5055387
DrWeb
Trojan.Encoder.11432
VIPRE
Trojan.Win32.Generic!BT
TrendMicro
WORM_WCRY.A
McAfee-GW-Edition
Ransom-WannaCry!86721E64FFBD
Sophos
Troj/Wanna-E
Ikarus
Trojan.Win32.Filecoder
F-Prot
W32/WannaCrypt.D
Jiangmin
Trojan.WanaCry.i
Webroot
W32.Ransom.Wannacry
Avira
BDS/Agent.ilyda
Endgame
malicious (high confidence)
ViRobot
Trojan.Win32.S.WannaCry.3723264.I[h]
ZoneAlarm
Trojan-Ransom.Win32.Wanna.m
Microsoft
Ransom:Win32/WannaCrypt.A!rsm
AhnLab-V3
Trojan/Win32.WannaCryptor.R200572
McAfee
GenericR-JTA!5BEF35496FCB
AVware
Trojan.Win32.Generic!BT
VBA32
suspected of Trojan.Downloader.gen.h
ESET-NOD32
Win32/Exploit.CVE-2017-0147.A
Tencent
Win32.Trojan.Ransomware.Auto
SentinelOne
static engine - malicious
Fortinet
W32/WannaCryptor.D!tr
AVG
Ransom_r.CGA
Panda
Trj/RansomCrypt.I
CrowdStrike
malicious_confidence_100% (W)
Qihoo-360
Win32/Trojan.Ransom.50f
MAEC Characterization of 537efeecdfa94cc421e58fd82a58ba9e
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
MAEC Characterization of 6735cb43fe44832b061eeb3f5956b099
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
MAEC Characterization of 0252d45ca21c8e43c9742285c48e91ad
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
MAEC Characterization of b77e1221f7ecd0b5d696cb66cda1609e
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
TrendMicro-HouseCall
TROJ_RANSOMNOTE.RTF
Tencent
Win32.Trojan.Filecoder.Pfte
Ikarus
Trojan.Win32.Filecoder
ESET-NOD32
Win32/Filecoder.WannaCryptor.D
TrendMicro-HouseCall
TROJ_RANSOMNOTE.RTF
Tencent
Win32.Trojan.Filecoder.Pfte
Ikarus
Trojan.Win32.Filecoder
MAEC Characterization of 4da1f312a214c07143abeeafb695d904
Bkav
W32.Clod284.Trojan.e098
MicroWorld-eScan
Trojan.GenericKD.4829301
CAT-QuickHeal
Ransom.Genasom
ALYac
Trojan.Ransom.WannaCryptor
Malwarebytes
Ransom.WannaCrypt
AegisLab
Backdoor.W32.Farfli!c
K7AntiVirus
Riskware ( 0040eff71 )
K7GW
Riskware ( 0040eff71 )
Baidu
Win32.Trojan.WisdomEyes.16070401.9500.9995
Cyren
W32/Trojan.ZEBS-1630
Symantec
Ransom.Wannacry
ESET-NOD32
a variant of Win32/Filecoder.WannaCryptor.D
TrendMicro-HouseCall
Ransom_WCRY.F117DB
Paloalto
generic.ml
ClamAV
Win.Trojan.Agent-6258665-0
Kaspersky
Backdoor.Win32.Farfli.atmr
BitDefender
Trojan.GenericKD.4829301
NANO-Antivirus
Trojan.Win32.Farfli.enstjk
Avast
Win32:Malware-gen
Ad-Aware
Trojan.GenericKD.4829301
Sophos
Mal/Wanna-A
Comodo
TrojWare.JS.Trojan.Download.~
F-Secure
Trojan.GenericKD.4829301
DrWeb
Trojan.Encoder.10718
VIPRE
Trojan.Win32.Generic!BT
TrendMicro
Ransom_WCRY.F117DB
McAfee-GW-Edition
BehavesLike.Win32.Downloader.rc
Emsisoft
Trojan-Ransom.WannaCryptor (A)
F-Prot
W32/WannaCrypt.H
Jiangmin
Backdoor.Farfli.bde
Webroot
W32.Trojan.Gen
Avira
TR/Dropper.gafex
Fortinet
W32/Filecoder_WannaCryptor.B!tr
Antiy-AVL
Trojan[Backdoor]/Win32.Farfli
Endgame
malicious (high confidence)
Arcabit
Trojan.Generic.D49B075
ViRobot
Trojan.Win32.WannaCryptor.4497408[h]
ZoneAlarm
Backdoor.Win32.Farfli.atmr
Microsoft
Ransom:Win32/Genasom
AhnLab-V3
Trojan/Win32.WCrypto.R199610
McAfee
Ransom-WannaCry!4DA1F312A214
AVware
Trojan.Win32.Generic!BT
VBA32
Backdoor.Farfli
Tencent
Win32.Trojan.Raas.Auto
Yandex
Trojan.Filecoder!gRTNEfeDeo4
Ikarus
Trojan.Win32.Filecoder
GData
Trojan.GenericKD.4829301
AVG
FileCryptor.OUA
Panda
Trj/CI.A
CrowdStrike
malicious_confidence_62% (W)
10124171
Malicious Code
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected