Categories: Malware

Win32:WannaCry-E [Trj] information

The Win32:WannaCry-E [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32:WannaCry-E [Trj] virus can do?

Behavioural detection: Executable code extraction – unpacking
A file was accessed within the Public folder.
Uses Windows utilities for basic functionality
Reads data out of its own binary image
CAPE extracted potentially suspicious content
Drops a binary and executes it
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Executable file is packed/obfuscated with Themida
Authenticode signature is invalid
A scripting utility was executed
Checks for the presence of known windows from debuggers and forensic tools
CAPE detected the WanaCry malware family
Checks the version of Bios, possibly for anti-virtualization
Detects VirtualBox through the presence of a registry key
Touches a file containing cookies, possibly for information gathering
Creates a known WannaCry ransomware decryption instruction / key file.
Anomalous binary characteristics
Uses suspicious command line tools or Windows utilities
Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Win32:WannaCry-E [Trj]?


File Info:
name: 309FD92C8BD6D3574675.mlwpath: /opt/CAPEv2/storage/binaries/82bbfb056ccae24c3ed4c3aa54e78801328b03d24cbd7e0ff7134b709d611a82crc32: BE4F1005md5: 309fd92c8bd6d3574675945d7e478ea7sha1: 0e8d902318f3a596e3c132124a7dd33ad71f8a9fsha256: 82bbfb056ccae24c3ed4c3aa54e78801328b03d24cbd7e0ff7134b709d611a82sha512: 5cfca50f09421e02a974feeed6aaf1e329f3b57a001087ea1786deab31dbff4105e14f7fb5b3a16039252a10fcda5ccda083a3b1fb9656bb3699fe7fe6e77b29ssdeep: 196608:Z6iFLq2jDu9sqA3WgNTBpZ6nlmViFqFwx1e4NgeFGsDVj7tRHM:Z6wvuSqYW0tpZ6nl7FI9egexJZtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1C8A633A724420F33D0F57536F5A34752974E8ADDB414AE33081329D06A8EDEA3A7D6E3sha3_384: eb680fa91d20414fa4489d8a7a652b6132402a04315123345e2a9ffd8c4bd1778888fc026783c39a1ad933307025b1b9ep_bytes: e84b0100005389e3538b73088b7b10fctimestamp: 2010-11-20 09:05:05
Version Info:
CompanyName: Microsoft CorporationFileDescription: DiskPartFileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)InternalName: diskpart.exeLegalCopyright: © Microsoft Corporation. All rights reserved.OriginalFilename: diskpart.exeProductName: Microsoft® Windows® Operating SystemProductVersion: 6.1.7601.17514Translation: 0x0409 0x04b0

Win32:WannaCry-E [Trj] also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Wanna.u!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Trojan.Heur.GM.0000436180
FireEye	Generic.mg.309fd92c8bd6d357
ALYac	Gen:Trojan.Heur.GM.0000436180
Malwarebytes	Ransom.WannaCrypt
Zillya	Trojan.Wanna.Win32.4929
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 0059b42a1 )
Alibaba	Packed:Win32/Themida.0dd21140
K7GW	Trojan ( 0059b42a1 )
Cybereason	malicious.318f3a
BitDefenderTheta	AI:Packer.DD91A5B51D
Cyren	W32/ABRisk.HUTP-6343
Symantec	ML.Attribute.HighConfidence
tehtris	Generic.Malware
ESET-NOD32	a variant of Win32/Packed.Themida.CL suspicious
Zoner	Probably Heur.ExeHeaderL
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	Trojan-Ransom.Win32.Wanna.ariv
BitDefender	Gen:Trojan.Heur.GM.0000436180
NANO-Antivirus	Virus.Win32.Gen-Crypt.ccnc
Avast	Win32:WannaCry-E [Trj]
Tencent	Malware.Win32.Gencirc.13ed5aec
Sophos	Mal/FakeMS-X
F-Secure	Trojan.TR/Crypt.XPACK.Gen2
DrWeb	Trojan.Siggen21.23337
VIPRE	Gen:Trojan.Heur.GM.0000436180
TrendMicro	TROJ_GEN.R002C0RHP23
McAfee-GW-Edition	BehavesLike.Win32.Generic.tc
Trapmine	malicious.high.ml.score
Emsisoft	Gen:Trojan.Heur.GM.0000436180 (B)
GData	Gen:Trojan.Heur.GM.0000436180
Webroot	W32.Ransomware.Wcry
Avira	TR/Crypt.XPACK.Gen2
Antiy-AVL	Trojan[Packed]/Win32.Themida
Arcabit	Trojan.Heur.GM.D6A7D4
ZoneAlarm	Trojan-Ransom.Win32.Wanna.ariv
Microsoft	Ransom:Win32/WannaCrypt.DA!MTB
Google	Detected
AhnLab-V3	Malware/Win32.RL_Generic.R350808
McAfee	Artemis!309FD92C8BD6
MAX	malware (ai score=81)
Cylance	unsafe
Panda	Trj/Chgt.AC
TrendMicro-HouseCall	TROJ_GEN.R002C0RHP23
Rising	Trojan.Generic@AI.100 (RDML:GXxzTNtJRsf7hRXsUnPQ4w)
Yandex	Riskware.Themida!zPDEuFBJaeU
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.216363047.susgen
Fortinet	W32/Kryptik.HQCZ!tr
AVG	Win32:WannaCry-E [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)