CryptoWire Claims to be WanaCry4 | VTI by Score
Try VMRay Analyzer
VTI Information
VTI Score
100 / 100
VTI Database Version 2.6
VTI Rule Match Count 19
VTI Rule Type Default (PE, ...)
Detected Threats
Arrow File System Encrypt content of user files
Encrypt the content of multiple user files. This is an indicator for ransomware.
Arrow Device Write master boot record (MBR)
Write 512 bytes to master boot record (MBR).
Arrow File System Handle with malicious files
File "c:\progra~1\common~1\wanacry6.malware.exe" is a known malicious file.
Arrow OS Disable system tool
Disable startup repair by executing "C:\Windows\system32\cmd.exe /C title 9538298|bcdedit /set {default} recoveryenabled No".
Disable startup repair by executing "C:\Windows\system32\cmd.exe /C title 8997147|bcdedit /set {default} bootstatuspolicy ignoreallfailures".
Arrow Kernel Execute code with kernel privileges
Execute code with kernel privileges.
Arrow Anti Analysis Try to detect debugger
Check via API "IsDebuggerPresent".
Arrow Process Create process with hidden window
The process "C:\Windows\system32\cmd.exe /c schtasks /create /sc onlogon /tn 3123635631 /rl highest /tr C:\PROGRA~1\COMMON~1\WANACR~1.EXE" starts with hidden window.
The process "C:\Windows\system32\cmd.exe /C title 4180649|vssadmin.exe Delete Shadows /All /Quiet" starts with hidden window.
The process "C:\Windows\system32\cmd.exe /C title 9538298|bcdedit /set {default} recoveryenabled No" starts with hidden window.
The process "C:\Windows\system32\cmd.exe /C title 8997147|bcdedit /set {default} bootstatuspolicy ignoreallfailures" starts with hidden window.
Arrow Anti Analysis Dynamic API usage
Resolve above average number of APIs.
Arrow File System Modify operating system directory
Modify "c:\windows\system32\spp\store\2.0\data.dat.tmp".
Modify "c:\windows\system32\spp\store\2.0\data.dat.bak".
Modify "c:\windows\system32\spp\store\2.0\data.dat".
Arrow File System Create many files
Create above average number of files.
Arrow Network Download data
Url "blockchain.info/tobtc?currency=USD&value=1500".
Arrow Network Connect to HTTP server
Remote address "blockchain.info/tobtc?currency=USD&value=1500".
Arrow Persistence Install system service
Install service "3123635631" by using the sc.exe utility.
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefox with deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image