ScreenShot
| Created | 2023.11.05 12:41 | Machine | s1_win7_x6403 |
| Filename | TrueCrypt_CQTwbm.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | d77ff29db2a60bfadf7d453323aa90c4 | ||
| sha256 | 0ad788b94e12c0d6df2aa4457b2c0cfc477fb23092232a11e6c54e990ca5ce0d | ||
| ssdeep | 98304:CIY4EMqNv619SRUZAHGuY2oNWwy3vtQfyrQd8VjJT:Cw7kY2MWwUv | ||
| imphash | e6efb84c997b145566619aa9dc9a7eef | ||
| impfuzzy | 96:qB0x8CxX7+CJS5pmeT1qHs4OxQ/0XiX1Pg3ZTJGQ6d61mcqtVS:qKiCJ77JS5dT1on0SFomQ6d+StVS | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| info | One or more processes crashed |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1406cc5fc AddAtomA
0x1406cc604 AddVectoredExceptionHandler
0x1406cc60c AreFileApisANSI
0x1406cc614 CloseHandle
0x1406cc61c CreateEventA
0x1406cc624 CreateFileA
0x1406cc62c CreateFileMappingA
0x1406cc634 CreateFileMappingW
0x1406cc63c CreateFileW
0x1406cc644 CreateIoCompletionPort
0x1406cc64c CreateMutexA
0x1406cc654 CreateMutexW
0x1406cc65c CreateSemaphoreA
0x1406cc664 CreateThread
0x1406cc66c CreateWaitableTimerA
0x1406cc674 CreateWaitableTimerExW
0x1406cc67c DeleteAtom
0x1406cc684 DeleteCriticalSection
0x1406cc68c DeleteFileA
0x1406cc694 DeleteFileW
0x1406cc69c DuplicateHandle
0x1406cc6a4 EnterCriticalSection
0x1406cc6ac ExitProcess
0x1406cc6b4 FindAtomA
0x1406cc6bc FlushFileBuffers
0x1406cc6c4 FlushViewOfFile
0x1406cc6cc FormatMessageA
0x1406cc6d4 FormatMessageW
0x1406cc6dc FreeEnvironmentStringsW
0x1406cc6e4 FreeLibrary
0x1406cc6ec GetAtomNameA
0x1406cc6f4 GetConsoleMode
0x1406cc6fc GetCurrentProcess
0x1406cc704 GetCurrentProcessId
0x1406cc70c GetCurrentThread
0x1406cc714 GetCurrentThreadId
0x1406cc71c GetDiskFreeSpaceA
0x1406cc724 GetDiskFreeSpaceW
0x1406cc72c GetEnvironmentStringsW
0x1406cc734 GetFileAttributesA
0x1406cc73c GetFileAttributesExW
0x1406cc744 GetFileAttributesW
0x1406cc74c GetFileSize
0x1406cc754 GetFullPathNameA
0x1406cc75c GetFullPathNameW
0x1406cc764 GetHandleInformation
0x1406cc76c GetLastError
0x1406cc774 GetProcAddress
0x1406cc77c GetProcessAffinityMask
0x1406cc784 GetProcessHeap
0x1406cc78c GetQueuedCompletionStatusEx
0x1406cc794 GetStartupInfoA
0x1406cc79c GetStdHandle
0x1406cc7a4 GetSystemDirectoryA
0x1406cc7ac GetSystemInfo
0x1406cc7b4 GetSystemTime
0x1406cc7bc GetSystemTimeAsFileTime
0x1406cc7c4 GetTempPathA
0x1406cc7cc GetTempPathW
0x1406cc7d4 GetThreadContext
0x1406cc7dc GetThreadPriority
0x1406cc7e4 GetTickCount
0x1406cc7ec GetVersionExA
0x1406cc7f4 GetVersionExW
0x1406cc7fc HeapAlloc
0x1406cc804 HeapCompact
0x1406cc80c HeapCreate
0x1406cc814 HeapDestroy
0x1406cc81c HeapFree
0x1406cc824 HeapReAlloc
0x1406cc82c HeapSize
0x1406cc834 HeapValidate
0x1406cc83c InitializeCriticalSection
0x1406cc844 IsDBCSLeadByteEx
0x1406cc84c IsDebuggerPresent
0x1406cc854 LeaveCriticalSection
0x1406cc85c LoadLibraryA
0x1406cc864 LoadLibraryW
0x1406cc86c LocalFree
0x1406cc874 LockFile
0x1406cc87c LockFileEx
0x1406cc884 MapViewOfFile
0x1406cc88c MultiByteToWideChar
0x1406cc894 OpenProcess
0x1406cc89c OutputDebugStringA
0x1406cc8a4 OutputDebugStringW
0x1406cc8ac PostQueuedCompletionStatus
0x1406cc8b4 QueryPerformanceCounter
0x1406cc8bc QueryPerformanceFrequency
0x1406cc8c4 RaiseException
0x1406cc8cc ReadFile
0x1406cc8d4 ReleaseMutex
0x1406cc8dc ReleaseSemaphore
0x1406cc8e4 RemoveVectoredExceptionHandler
0x1406cc8ec ResetEvent
0x1406cc8f4 ResumeThread
0x1406cc8fc SetConsoleCtrlHandler
0x1406cc904 SetEndOfFile
0x1406cc90c SetErrorMode
0x1406cc914 SetEvent
0x1406cc91c SetFilePointer
0x1406cc924 SetLastError
0x1406cc92c SetProcessAffinityMask
0x1406cc934 SetProcessPriorityBoost
0x1406cc93c SetThreadContext
0x1406cc944 SetThreadPriority
0x1406cc94c SetUnhandledExceptionFilter
0x1406cc954 SetWaitableTimer
0x1406cc95c Sleep
0x1406cc964 SuspendThread
0x1406cc96c SwitchToThread
0x1406cc974 SystemTimeToFileTime
0x1406cc97c TlsAlloc
0x1406cc984 TlsGetValue
0x1406cc98c TlsSetValue
0x1406cc994 TryEnterCriticalSection
0x1406cc99c UnlockFile
0x1406cc9a4 UnlockFileEx
0x1406cc9ac UnmapViewOfFile
0x1406cc9b4 VirtualAlloc
0x1406cc9bc VirtualFree
0x1406cc9c4 VirtualProtect
0x1406cc9cc VirtualQuery
0x1406cc9d4 WaitForMultipleObjects
0x1406cc9dc WaitForSingleObject
0x1406cc9e4 WaitForSingleObjectEx
0x1406cc9ec WideCharToMultiByte
0x1406cc9f4 WriteConsoleW
0x1406cc9fc WriteFile
0x1406cca04 __C_specific_handler
msvcrt.dll
0x1406cca14 ___lc_codepage_func
0x1406cca1c ___mb_cur_max_func
0x1406cca24 __getmainargs
0x1406cca2c __initenv
0x1406cca34 __iob_func
0x1406cca3c __lconv_init
0x1406cca44 __set_app_type
0x1406cca4c __setusermatherr
0x1406cca54 _acmdln
0x1406cca5c _amsg_exit
0x1406cca64 _beginthread
0x1406cca6c _beginthreadex
0x1406cca74 _cexit
0x1406cca7c _commode
0x1406cca84 _endthreadex
0x1406cca8c _errno
0x1406cca94 _fmode
0x1406cca9c _initterm
0x1406ccaa4 _localtime64
0x1406ccaac _lock
0x1406ccab4 _memccpy
0x1406ccabc _onexit
0x1406ccac4 _setjmp
0x1406ccacc _strdup
0x1406ccad4 _ultoa
0x1406ccadc _unlock
0x1406ccae4 abort
0x1406ccaec calloc
0x1406ccaf4 exit
0x1406ccafc fprintf
0x1406ccb04 fputc
0x1406ccb0c free
0x1406ccb14 fwrite
0x1406ccb1c localeconv
0x1406ccb24 longjmp
0x1406ccb2c malloc
0x1406ccb34 memcmp
0x1406ccb3c memcpy
0x1406ccb44 memmove
0x1406ccb4c memset
0x1406ccb54 printf
0x1406ccb5c qsort
0x1406ccb64 realloc
0x1406ccb6c signal
0x1406ccb74 strcmp
0x1406ccb7c strcspn
0x1406ccb84 strerror
0x1406ccb8c strlen
0x1406ccb94 strncmp
0x1406ccb9c strrchr
0x1406ccba4 vfprintf
0x1406ccbac wcslen
EAT(Export Address Table) Library
0x1406c9720 _cgo_dummy_export
0x140243400 authorizerTrampoline
0x140243120 callbackTrampoline
0x1402432e0 commitHookTrampoline
0x140243240 compareTrampoline
0x1402431f0 doneTrampoline
0x140243480 preUpdateHookTrampoline
0x140243340 rollbackHookTrampoline
0x140243180 stepTrampoline
0x140243390 updateHookTrampoline
KERNEL32.dll
0x1406cc5fc AddAtomA
0x1406cc604 AddVectoredExceptionHandler
0x1406cc60c AreFileApisANSI
0x1406cc614 CloseHandle
0x1406cc61c CreateEventA
0x1406cc624 CreateFileA
0x1406cc62c CreateFileMappingA
0x1406cc634 CreateFileMappingW
0x1406cc63c CreateFileW
0x1406cc644 CreateIoCompletionPort
0x1406cc64c CreateMutexA
0x1406cc654 CreateMutexW
0x1406cc65c CreateSemaphoreA
0x1406cc664 CreateThread
0x1406cc66c CreateWaitableTimerA
0x1406cc674 CreateWaitableTimerExW
0x1406cc67c DeleteAtom
0x1406cc684 DeleteCriticalSection
0x1406cc68c DeleteFileA
0x1406cc694 DeleteFileW
0x1406cc69c DuplicateHandle
0x1406cc6a4 EnterCriticalSection
0x1406cc6ac ExitProcess
0x1406cc6b4 FindAtomA
0x1406cc6bc FlushFileBuffers
0x1406cc6c4 FlushViewOfFile
0x1406cc6cc FormatMessageA
0x1406cc6d4 FormatMessageW
0x1406cc6dc FreeEnvironmentStringsW
0x1406cc6e4 FreeLibrary
0x1406cc6ec GetAtomNameA
0x1406cc6f4 GetConsoleMode
0x1406cc6fc GetCurrentProcess
0x1406cc704 GetCurrentProcessId
0x1406cc70c GetCurrentThread
0x1406cc714 GetCurrentThreadId
0x1406cc71c GetDiskFreeSpaceA
0x1406cc724 GetDiskFreeSpaceW
0x1406cc72c GetEnvironmentStringsW
0x1406cc734 GetFileAttributesA
0x1406cc73c GetFileAttributesExW
0x1406cc744 GetFileAttributesW
0x1406cc74c GetFileSize
0x1406cc754 GetFullPathNameA
0x1406cc75c GetFullPathNameW
0x1406cc764 GetHandleInformation
0x1406cc76c GetLastError
0x1406cc774 GetProcAddress
0x1406cc77c GetProcessAffinityMask
0x1406cc784 GetProcessHeap
0x1406cc78c GetQueuedCompletionStatusEx
0x1406cc794 GetStartupInfoA
0x1406cc79c GetStdHandle
0x1406cc7a4 GetSystemDirectoryA
0x1406cc7ac GetSystemInfo
0x1406cc7b4 GetSystemTime
0x1406cc7bc GetSystemTimeAsFileTime
0x1406cc7c4 GetTempPathA
0x1406cc7cc GetTempPathW
0x1406cc7d4 GetThreadContext
0x1406cc7dc GetThreadPriority
0x1406cc7e4 GetTickCount
0x1406cc7ec GetVersionExA
0x1406cc7f4 GetVersionExW
0x1406cc7fc HeapAlloc
0x1406cc804 HeapCompact
0x1406cc80c HeapCreate
0x1406cc814 HeapDestroy
0x1406cc81c HeapFree
0x1406cc824 HeapReAlloc
0x1406cc82c HeapSize
0x1406cc834 HeapValidate
0x1406cc83c InitializeCriticalSection
0x1406cc844 IsDBCSLeadByteEx
0x1406cc84c IsDebuggerPresent
0x1406cc854 LeaveCriticalSection
0x1406cc85c LoadLibraryA
0x1406cc864 LoadLibraryW
0x1406cc86c LocalFree
0x1406cc874 LockFile
0x1406cc87c LockFileEx
0x1406cc884 MapViewOfFile
0x1406cc88c MultiByteToWideChar
0x1406cc894 OpenProcess
0x1406cc89c OutputDebugStringA
0x1406cc8a4 OutputDebugStringW
0x1406cc8ac PostQueuedCompletionStatus
0x1406cc8b4 QueryPerformanceCounter
0x1406cc8bc QueryPerformanceFrequency
0x1406cc8c4 RaiseException
0x1406cc8cc ReadFile
0x1406cc8d4 ReleaseMutex
0x1406cc8dc ReleaseSemaphore
0x1406cc8e4 RemoveVectoredExceptionHandler
0x1406cc8ec ResetEvent
0x1406cc8f4 ResumeThread
0x1406cc8fc SetConsoleCtrlHandler
0x1406cc904 SetEndOfFile
0x1406cc90c SetErrorMode
0x1406cc914 SetEvent
0x1406cc91c SetFilePointer
0x1406cc924 SetLastError
0x1406cc92c SetProcessAffinityMask
0x1406cc934 SetProcessPriorityBoost
0x1406cc93c SetThreadContext
0x1406cc944 SetThreadPriority
0x1406cc94c SetUnhandledExceptionFilter
0x1406cc954 SetWaitableTimer
0x1406cc95c Sleep
0x1406cc964 SuspendThread
0x1406cc96c SwitchToThread
0x1406cc974 SystemTimeToFileTime
0x1406cc97c TlsAlloc
0x1406cc984 TlsGetValue
0x1406cc98c TlsSetValue
0x1406cc994 TryEnterCriticalSection
0x1406cc99c UnlockFile
0x1406cc9a4 UnlockFileEx
0x1406cc9ac UnmapViewOfFile
0x1406cc9b4 VirtualAlloc
0x1406cc9bc VirtualFree
0x1406cc9c4 VirtualProtect
0x1406cc9cc VirtualQuery
0x1406cc9d4 WaitForMultipleObjects
0x1406cc9dc WaitForSingleObject
0x1406cc9e4 WaitForSingleObjectEx
0x1406cc9ec WideCharToMultiByte
0x1406cc9f4 WriteConsoleW
0x1406cc9fc WriteFile
0x1406cca04 __C_specific_handler
msvcrt.dll
0x1406cca14 ___lc_codepage_func
0x1406cca1c ___mb_cur_max_func
0x1406cca24 __getmainargs
0x1406cca2c __initenv
0x1406cca34 __iob_func
0x1406cca3c __lconv_init
0x1406cca44 __set_app_type
0x1406cca4c __setusermatherr
0x1406cca54 _acmdln
0x1406cca5c _amsg_exit
0x1406cca64 _beginthread
0x1406cca6c _beginthreadex
0x1406cca74 _cexit
0x1406cca7c _commode
0x1406cca84 _endthreadex
0x1406cca8c _errno
0x1406cca94 _fmode
0x1406cca9c _initterm
0x1406ccaa4 _localtime64
0x1406ccaac _lock
0x1406ccab4 _memccpy
0x1406ccabc _onexit
0x1406ccac4 _setjmp
0x1406ccacc _strdup
0x1406ccad4 _ultoa
0x1406ccadc _unlock
0x1406ccae4 abort
0x1406ccaec calloc
0x1406ccaf4 exit
0x1406ccafc fprintf
0x1406ccb04 fputc
0x1406ccb0c free
0x1406ccb14 fwrite
0x1406ccb1c localeconv
0x1406ccb24 longjmp
0x1406ccb2c malloc
0x1406ccb34 memcmp
0x1406ccb3c memcpy
0x1406ccb44 memmove
0x1406ccb4c memset
0x1406ccb54 printf
0x1406ccb5c qsort
0x1406ccb64 realloc
0x1406ccb6c signal
0x1406ccb74 strcmp
0x1406ccb7c strcspn
0x1406ccb84 strerror
0x1406ccb8c strlen
0x1406ccb94 strncmp
0x1406ccb9c strrchr
0x1406ccba4 vfprintf
0x1406ccbac wcslen
EAT(Export Address Table) Library
0x1406c9720 _cgo_dummy_export
0x140243400 authorizerTrampoline
0x140243120 callbackTrampoline
0x1402432e0 commitHookTrampoline
0x140243240 compareTrampoline
0x1402431f0 doneTrampoline
0x140243480 preUpdateHookTrampoline
0x140243340 rollbackHookTrampoline
0x140243180 stepTrampoline
0x140243390 updateHookTrampoline