WanaCrypt0r Ransomware
Posted: May 12, 2017
Threat Metric
The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to
give every identifiable malware threat. Our Threat Meter includes several criteria based off of
specific malware threats to value their severity, reach and volume. The Threat Meter is able to give
you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count,
Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic
breakdown of how all threats are ranked within our own extensive malware database. The scoring for
each specific malware threat can be easily compared to other emerging threats to draw a contrast in
its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to
remove a threat or pursue additional analytical research for all types of computer users.
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Ranking: | 7,031 |
|---|---|
| Threat Level: | 10/10 |
| Infected PCs: | 35,347 |
| First Seen: | May 12, 2017 |
|---|---|
| Last Seen: | March 10, 2025 |
| OS(es) Affected: | Windows |
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:e7a39735ee8777473c7405a70f470a0e00d6266d3126d3af59660e6a78dab2cf.exe
File name: e7a39735ee8777473c7405a70f470a0e00d6266d3126d3af59660e6a78dab2cf.exeSize: 262.14 KB (262144 bytes)
MD5: e8d2d6925c5581cff64670c829e5a473
Detection count: 96
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 15, 2017
e5b9bfe333ee11538ae62cd9f34023d23e943970e771f74e088166e7c471166f.exe
File name: e5b9bfe333ee11538ae62cd9f34023d23e943970e771f74e088166e7c471166f.exeSize: 84.9 KB (84901 bytes)
MD5: 1eba841f8cb1d7703cecd5112bb2a3ea
Detection count: 94
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 15, 2017
e498f936eb56fb1f4300d973c1c869fa65e0ae368c74285dfc2feae3ae1a4f4e.exe
File name: e498f936eb56fb1f4300d973c1c869fa65e0ae368c74285dfc2feae3ae1a4f4e.exeSize: 83.11 KB (83112 bytes)
MD5: c1b5e18f78b644d5d59e8958fcfa8b0d
Detection count: 92
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 15, 2017
e28f2ee59621e1d9269213e2b5557b5066945774392b16bde3df9ad077bff107.exe
File name: e28f2ee59621e1d9269213e2b5557b5066945774392b16bde3df9ad077bff107.exeSize: 1.72 MB (1720320 bytes)
MD5: 03f75fc504c9845aaed29fdf66c13238
Detection count: 90
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 15, 2017
0a73291ab5607aef7db23863cf8e72f55bcb3c273bb47f00edf011515aeb5894.exe
File name: 0a73291ab5607aef7db23863cf8e72f55bcb3c273bb47f00edf011515aeb5894.exeSize: 84.32 KB (84326 bytes)
MD5: d5c0caf39de29dc769204d33e76c21fc
Detection count: 84
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 15, 2017
d849067bf9365d99088cbb935a98477cd38519e3ab8ac1bfe662588f8177d22d.exe
File name: d849067bf9365d99088cbb935a98477cd38519e3ab8ac1bfe662588f8177d22d.exeSize: 245.76 KB (245760 bytes)
MD5: ae72a3d3b9ee295436ba281171c50538
Detection count: 80
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 15, 2017
cd53771c1aa9d8b91d362feec69a03a02fbfcc8c922e2ed538854b77f9d806f2.exe
File name: cd53771c1aa9d8b91d362feec69a03a02fbfcc8c922e2ed538854b77f9d806f2.exeSize: 425.98 KB (425984 bytes)
MD5: 994cfca9f4a14921684bd6a65997e22c
Detection count: 76
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 15, 2017
cd049fa3d5c193b82b13bc5c141696e7f862b448b9008a21c3c84030d5b00597.exe
File name: cd049fa3d5c193b82b13bc5c141696e7f862b448b9008a21c3c84030d5b00597.exeSize: 245.76 KB (245760 bytes)
MD5: d539b514ca46f0b33838a67778a4c92c
Detection count: 75
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 15, 2017
ca29de1dc8817868c93e54b09f557fe14e40083c0955294df5bd91f52ba469c8.exe
File name: ca29de1dc8817868c93e54b09f557fe14e40083c0955294df5bd91f52ba469c8.exeSize: 237.56 KB (237568 bytes)
MD5: b0ad5902366f860f85b892867e5b1e87
Detection count: 71
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 15, 2017
c4291ec3eacfd145bbe75d7e7991753f4ea141768f6701e4bef4ca902ed58554.exe
File name: c4291ec3eacfd145bbe75d7e7991753f4ea141768f6701e4bef4ca902ed58554.exeSize: 3.56 MB (3566796 bytes)
MD5: aed6ed89e62f1cb059b5db200f30d203
Detection count: 66
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 15, 2017
c26e5eb8ec5b72e2c6368156f112f78906a57b393845233e727a8b2e3df790a4.exe
File name: c26e5eb8ec5b72e2c6368156f112f78906a57b393845233e727a8b2e3df790a4.exeSize: 68.7 KB (68704 bytes)
MD5: 0590e4be096701e650797f8969e3c2cf
Detection count: 62
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 15, 2017
bc8136b40b4164afcbcb4e14f6fd54ca02275ff75b674eb6fd0a8f436f9b1181.exe
File name: bc8136b40b4164afcbcb4e14f6fd54ca02275ff75b674eb6fd0a8f436f9b1181.exeSize: 262.14 KB (262144 bytes)
MD5: 05480f5a3237cb12416459c2660367b0
Detection count: 54
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 15, 2017
bbf16aa9e9c3b697c1f4008a9087e2b3ed4298dbf62a607900d3b95324100327.exe
File name: bbf16aa9e9c3b697c1f4008a9087e2b3ed4298dbf62a607900d3b95324100327.exeSize: 27.72 KB (27726 bytes)
MD5: d2f5b8921d8b0ec80ca9d12a4628f4a0
Detection count: 53
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 15, 2017
bb829a0394fb865eed381eb77ac9de039ad19e0f2318baaf9483b4f817250021.exe
File name: bb829a0394fb865eed381eb77ac9de039ad19e0f2318baaf9483b4f817250021.exeSize: 3.58 MB (3587493 bytes)
MD5: cf7d967cf7f37075b74ae1956609f33b
Detection count: 52
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 15, 2017
%LOCALAPPDATA%\@WanaDecryptor@.exe.lnk
File name: @WanaDecryptor@.exe.lnkSize: 519B (519 bytes)
MD5: da694aa92d06c170e9bcebc540e3290f
Detection count: 43
File type: Shortcut
Mime Type: unknown/lnk
Path: %LOCALAPPDATA%
Group: Malware file
Last Updated: May 18, 2017
home.exe
File name: home.exeSize: 933.52 KB (933520 bytes)
MD5: 4e259c5a7afe86eb08b45eead12d4af3
Detection count: 32
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
fecfd70406cbcd17fd17ccf4c635172249df13383d7f02fc9f0d3173da04a209.exe
File name: fecfd70406cbcd17fd17ccf4c635172249df13383d7f02fc9f0d3173da04a209.exeSize: 22.01 KB (22016 bytes)
MD5: a2592f41e67f1d0b9b795a3f4c71ad14
Detection count: 23
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 15, 2017
f029548806c8074a36435241d5f5586cd7b37fc651dd2a9178e915d2cef27bae.exe
File name: f029548806c8074a36435241d5f5586cd7b37fc651dd2a9178e915d2cef27bae.exeSize: 249.85 KB (249856 bytes)
MD5: ac29e5bbe740c883baf1e83ba99eba85
Detection count: 11
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 15, 2017
%ALLUSERSPROFILE%\cmgqbluncnykgm824\@WanaDecryptor@.exe
File name: @WanaDecryptor@.exeSize: 307.2 KB (307200 bytes)
MD5: d724ea744f9056565c1dc235b8a37d3a
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\cmgqbluncnykgm824
Group: Malware file
Last Updated: May 16, 2017
ec82b602d6389c4586730bd45302acf3366132ed63667cf8cfb24c7e72419fac.exe
File name: ec82b602d6389c4586730bd45302acf3366132ed63667cf8cfb24c7e72419fac.exeSize: 3.48 MB (3481372 bytes)
MD5: b881c16467d6c3dbcb0b5a4db4d283ad
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 15, 2017
ea7974484b788d4c91044f32130159e1542bf079329179f4b1d42e93168dfdde.exe
File name: ea7974484b788d4c91044f32130159e1542bf079329179f4b1d42e93168dfdde.exeSize: 7.01 MB (7013139 bytes)
MD5: 9873afd7cf2e1eb9e94bcbfc2dd74f40
Detection count: 4
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 15, 2017
ea428033152445a507f4c1afb7734c8f801f27a687d8cb62bd8f393a2b0c466c.exe
File name: ea428033152445a507f4c1afb7734c8f801f27a687d8cb62bd8f393a2b0c466c.exeSize: 3.51 MB (3515904 bytes)
MD5: 38a92fa34353ecb8777a8044248f56f2
Detection count: 2
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 15, 2017
More files
Registry Modifications
The following newly produced Registry Values are:
File name without path!Please Read Me!.txt!WannaCryptor!.bmp!WannaDecryptor!.exe!WannaDecryptor!.exe.lnk@WanaDecryptor@.bmp@WanaDecryptor@.exe@WanaDecryptor@.exe.lnkPlease Read Me!.txtRegexp file mask%temp%\[NUMBERS].wcryt%windir%\00000000.eky%windir%\00000000.pky%windir%\00000000.res%windir%\b.wnry%windir%\b.wry%windir%\c.wnry%windir%\c.wry%windir%\f.wry%windir%\m.wry%windir%\msg\m_[RANDOM CHARACTERS].wnry%WINDIR%\mssecsvc.exe%WINDIR%\mssecsvr.exe%windir%\r.wnry%windir%\r.wry%windir%\s.wnry%windir%\t.wry%windir%\u.wryHKEY..\..\..\..{RegistryKeys}SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Update Task SchedulerSOFTWARE\WanaCrypt0rSOFTWARE\WannaCryptorSOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Microsoft Update Task SchedulerSOFTWARE\Wow6432Node\WanaCrypt0rSOFTWARE\Wow6432Node\WannaCryptor
File name without path!Please Read Me!.txt!WannaCryptor!.bmp!WannaDecryptor!.exe!WannaDecryptor!.exe.lnk@WanaDecryptor@.bmp@WanaDecryptor@.exe@WanaDecryptor@.exe.lnkPlease Read Me!.txtRegexp file mask%temp%\[NUMBERS].wcryt%windir%\00000000.eky%windir%\00000000.pky%windir%\00000000.res%windir%\b.wnry%windir%\b.wry%windir%\c.wnry%windir%\c.wry%windir%\f.wry%windir%\m.wry%windir%\msg\m_[RANDOM CHARACTERS].wnry%WINDIR%\mssecsvc.exe%WINDIR%\mssecsvr.exe%windir%\r.wnry%windir%\r.wry%windir%\s.wnry%windir%\t.wry%windir%\u.wryHKEY..\..\..\..{RegistryKeys}SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Update Task SchedulerSOFTWARE\WanaCrypt0rSOFTWARE\WannaCryptorSOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Microsoft Update Task SchedulerSOFTWARE\Wow6432Node\WanaCrypt0rSOFTWARE\Wow6432Node\WannaCryptor
Additional Information
The following directories were created:
%WINDIR%\taskhost%userprofile%\desktop\WannaCry%userprofile%\downloads\WannaCry
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.