Wana Decrypt0r 2.0 Ransomware
Posted: May 26, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Ranking: | 5,600 |
|---|---|
| Threat Level: | 10/10 |
| Infected PCs: | 34,799 |
| First Seen: | May 12, 2017 |
|---|---|
| Last Seen: | October 11, 2023 |
| OS(es) Affected: | Windows |
The Wana Decrypt0r 2.0 Ransomware is a fake file-encrypting Trojan that displays warning messages reminiscent of the WannaCryptor Ransomware but doesn't try to encode or delete your files. While not meant to harm your computer necessarily, this Trojan's pop-ups can mislead you into taking inappropriate actions to safeguard your computer, and real threat actors may exploit them for personal reasons. As usual, use your anti-malware programs for removing the Wana Decrypt0r 2.0 Ransomware and guaranteeing that no other worse threats were responsible for installing it.
A Case of Pop-Up Warnings with No Backup
With various threat actors more than happy to misuse the name of the WannaCryptor Ransomware for their personal extortion campaigns, a clear majority of programs resembling that black market brand are showing propensities for encrypting and damaging their victims' files. However, one can't judge every program from its symptoms accurately. The Wana Decrypt0r 2.0 Ransomware is a semi-benevolent example of how Trojans can be made with educational or informative intentions, although its lesson format also is invasive needlessly.
The Wana Decrypt0r 2.0 Ransomware's imitates one of the most visibly evident symptoms of the family referred to as WCry, WannaCry, or WannaCryptor Ransomware alternately: its lock-screen pop-up. This window loads HTML content that includes a live countdown, variable language configurations, general encryption alerts, and Bitcoin-based ransom demands using a modifiable wallet field along with a payment-checking. In a real attack, the Wana Decrypt0r 2.0 Ransomware's pop-up would include file scans and non-consensual encryption beforehand, which could block files from opening, including documents, pictures and archives, among other data types.
However, the Wana Decrypt0r 2.0 Ransomware's author designed the program as a 'scareware' without any real damage to support its pop-up. As a result, malware experts don't anticipate any file damage occurring without further modifications to the Trojan from other programmers.
Switching Gears from Decryption to Protection
The Wana Decrypt0r 2.0 Ransomware provides a clear case of how demoralization over your PC's security can be a potentially educational experience. However, by displaying fake information, it also may mislead you into trying to transfer ransom money for no reason or, otherwise, take actions that could damage your finances, computer or files. Perhaps most importantly, the resemblance between the Wana Decrypt0r 2.0 Ransomware's symptoms and those of real Trojans also could lead to your mistaking an attack for a fake one.
Backups still are the most direct means of protecting your files from real file-encrypting Trojans. For screen-locking threats like the Wana Decrypt0r 2.0 Ransomware, malware experts recommend restarting your computer with techniques that avoid launching the associated Trojan, such as booting into a Safe Mode environment. Although this Trojan is a low-level threat, using anti-malware programs for uninstalling the Wana Decrypt0r 2.0 Ransomware can help guarantee that no other Trojans responsible for its installation are present.
The Wana Decrypt0r 2.0 Ransomware's author made this facsimile of an extortionist Trojan only with good intentions in mind. On the other hand, for PC owners already doing their part to stay safe, any instructions or advice from the Wana Decrypt0r 2.0 Ransomware is likely to prove redundant.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%SystemDrive%\Users\<username>\AppData\Local\@WanaDecryptor@.exe.lnk
File name: @WanaDecryptor@.exe.lnkSize: 529B (529 bytes)
MD5: 205aa5292a4afce1c4f334aefcaa75a2
Detection count: 148
File type: Shortcut
Mime Type: unknown/lnk
Path: %SystemDrive%\Users\<username>\AppData\Local
Group: Malware file
Last Updated: May 16, 2017
%SystemDrive%\Users\<username>\AppData\Local\@WanaDecryptor@.exe.lnk
File name: @WanaDecryptor@.exe.lnkSize: 537B (537 bytes)
MD5: 6ab1ed45c558c94f6422c183bf3ac844
Detection count: 148
File type: Shortcut
Mime Type: unknown/lnk
Path: %SystemDrive%\Users\<username>\AppData\Local
Group: Malware file
Last Updated: May 16, 2017
%SystemDrive%\Users\<username>\AppData\Local\@WanaDecryptor@.exe.lnk
File name: @WanaDecryptor@.exe.lnkSize: 519B (519 bytes)
MD5: 1950672eb3c783acd2b7d8f486a9c4a1
Detection count: 115
File type: Shortcut
Mime Type: unknown/lnk
Path: %SystemDrive%\Users\<username>\AppData\Local
Group: Malware file
Last Updated: May 18, 2017
e498f936eb56fb1f4300d973c1c869fa65e0ae368c74285dfc2feae3ae1a4f4e.exe
File name: e498f936eb56fb1f4300d973c1c869fa65e0ae368c74285dfc2feae3ae1a4f4e.exeSize: 83.11 KB (83112 bytes)
MD5: c1b5e18f78b644d5d59e8958fcfa8b0d
Detection count: 92
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 15, 2017
e28f2ee59621e1d9269213e2b5557b5066945774392b16bde3df9ad077bff107.exe
File name: e28f2ee59621e1d9269213e2b5557b5066945774392b16bde3df9ad077bff107.exeSize: 1.72 MB (1720320 bytes)
MD5: 03f75fc504c9845aaed29fdf66c13238
Detection count: 90
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 15, 2017
%ALLUSERSPROFILE%\zsnfzbrerbpizph269\tasksche.exe
File name: tasksche.exeSize: 3.51 MB (3514368 bytes)
MD5: b20d0abbbd33b151075934a547cdd66c
Detection count: 80
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\zsnfzbrerbpizph269
Group: Malware file
Last Updated: June 6, 2017
%ALLUSERSPROFILE%\gqcktnehgednj257\tasksche.exe
File name: tasksche.exeSize: 3.57 MB (3575808 bytes)
MD5: 11b09e976815c41f4536967787d6c448
Detection count: 73
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\gqcktnehgednj257
Group: Malware file
Last Updated: June 6, 2017
%ALLUSERSPROFILE%\nwodxtflsnjsr033\tasksche.exe
File name: tasksche.exeSize: 3.51 MB (3514368 bytes)
MD5: ffa71e612521932ee898daed0a586f33
Detection count: 70
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\nwodxtflsnjsr033
Group: Malware file
Last Updated: June 6, 2017
c4291ec3eacfd145bbe75d7e7991753f4ea141768f6701e4bef4ca902ed58554.exe
File name: c4291ec3eacfd145bbe75d7e7991753f4ea141768f6701e4bef4ca902ed58554.exeSize: 3.56 MB (3566796 bytes)
MD5: aed6ed89e62f1cb059b5db200f30d203
Detection count: 66
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 15, 2017
%ALLUSERSPROFILE%\gwqpkjjkpwzc899\tasksche.exe
File name: tasksche.exeSize: 3.51 MB (3514368 bytes)
MD5: ba315bad9185efd995355b2753487792
Detection count: 62
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\gwqpkjjkpwzc899
Group: Malware file
Last Updated: June 6, 2017
%ALLUSERSPROFILE%\xauaixwtx885\tasksche.exe
File name: tasksche.exeSize: 3.51 MB (3514368 bytes)
MD5: 43b85807b900680859230a43287f39fd
Detection count: 50
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\xauaixwtx885
Group: Malware file
Last Updated: June 6, 2017
%LOCALAPPDATA%\@WanaDecryptor@.exe.lnk
File name: @WanaDecryptor@.exe.lnkSize: 519B (519 bytes)
MD5: da694aa92d06c170e9bcebc540e3290f
Detection count: 43
File type: Shortcut
Mime Type: unknown/lnk
Path: %LOCALAPPDATA%
Group: Malware file
Last Updated: May 18, 2017
%ALLUSERSPROFILE%\wkhhhoatfsn732\tasksche.exe
File name: tasksche.exeSize: 3.51 MB (3514368 bytes)
MD5: 56aeedfe9dbcdbfe6470551e5dbde017
Detection count: 43
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\wkhhhoatfsn732
Group: Malware file
Last Updated: June 6, 2017
home.exe
File name: home.exeSize: 933.52 KB (933520 bytes)
MD5: 4e259c5a7afe86eb08b45eead12d4af3
Detection count: 32
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%ALLUSERSPROFILE%\apmbfairn924\tasksche.exe
File name: tasksche.exeSize: 3.51 MB (3514368 bytes)
MD5: 6ed419b84d61aa05e6b37a89190059fe
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\apmbfairn924
Group: Malware file
Last Updated: June 6, 2017
%LOCALAPPDATA%\@WanaDecryptor@.exe.lnk
File name: @WanaDecryptor@.exe.lnkSize: 529B (529 bytes)
MD5: 53e70de220df3f2b4f9faf135072d276
Detection count: 13
File type: Shortcut
Mime Type: unknown/lnk
Path: %LOCALAPPDATA%
Group: Malware file
Last Updated: May 18, 2017
%ALLUSERSPROFILE%\yyibsxxiapw107\tasksche.exe
File name: tasksche.exeSize: 3.51 MB (3514368 bytes)
MD5: 627699c6661752da27be73f51b745b4f
Detection count: 13
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\yyibsxxiapw107
Group: Malware file
Last Updated: June 6, 2017
%ALLUSERSPROFILE%\cmgqbluncnykgm824\@WanaDecryptor@.exe
File name: @WanaDecryptor@.exeSize: 307.2 KB (307200 bytes)
MD5: d724ea744f9056565c1dc235b8a37d3a
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\cmgqbluncnykgm824
Group: Malware file
Last Updated: May 16, 2017
%ALLUSERSPROFILE%\vwgkuiulivycc453\tasksche.exe
File name: tasksche.exeSize: 3.51 MB (3514368 bytes)
MD5: b8610560190833fc897d8bd425402cde
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\vwgkuiulivycc453
Group: Malware file
Last Updated: May 16, 2017
%ALLUSERSPROFILE%\kdtzmjfktvlgcbn129\tasksche.exe
File name: tasksche.exeSize: 3.51 MB (3514368 bytes)
MD5: 0c64bb0a96f555146e2d031be2368305
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\kdtzmjfktvlgcbn129
Group: Malware file
Last Updated: June 6, 2017
%ALLUSERSPROFILE%\swjwogwnbof758\tasksche.exe
File name: tasksche.exeSize: 3.51 MB (3514368 bytes)
MD5: b7e9fda158093ef31ba48ab731e991c4
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\swjwogwnbof758
Group: Malware file
Last Updated: June 6, 2017
%LOCALAPPDATA%\@WanaDecryptor@.exe.lnk
File name: @WanaDecryptor@.exe.lnkSize: 519B (519 bytes)
MD5: 5937e9bde4fe727a9d9ba2655f3bf0bf
Detection count: 5
File type: Shortcut
Mime Type: unknown/lnk
Path: %LOCALAPPDATA%
Group: Malware file
Last Updated: May 18, 2017
%ALLUSERSPROFILE%\tpllbkhhclbt164\tasksche.exe
File name: tasksche.exeSize: 3.51 MB (3514368 bytes)
MD5: ca8a5a59e7b3d9518531beba68544370
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\tpllbkhhclbt164
Group: Malware file
Last Updated: June 6, 2017
More files
Registry Modifications
File name without path!Please Read Me!.txt!WannaCryptor!.bmp!WannaDecryptor!.exe!WannaDecryptor!.exe.lnk@WanaDecryptor@.bmp@WanaDecryptor@.exe@WanaDecryptor@.exe.lnkPlease Read Me!.txtRegexp file mask%temp%\[NUMBERS].wcryt%windir%\00000000.eky%windir%\00000000.pky%windir%\00000000.res%windir%\b.wnry%windir%\b.wry%windir%\c.wnry%windir%\c.wry%windir%\f.wry%windir%\m.wry%windir%\msg\m_[RANDOM CHARACTERS].wnry%WINDIR%\mssecsvc.exe%WINDIR%\mssecsvr.exe%windir%\r.wnry%windir%\r.wry%windir%\s.wnry%windir%\t.wry%windir%\u.wryHKEY..\..\..\..{RegistryKeys}SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Update Task SchedulerSOFTWARE\WanaCrypt0rSOFTWARE\WannaCryptorSOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Microsoft Update Task SchedulerSOFTWARE\Wow6432Node\WanaCrypt0rSOFTWARE\Wow6432Node\WannaCryptor
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.