ScreenShot
| Created | 2023.11.05 12:36 | Machine | s1_win7_x6403 |
| Filename | TrueCrypt_UeKmSb.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 91dbace5bc17870685f7f8d87fad9965 | ||
| sha256 | c212ba48a109bd687a456421a87059d28673e59167fc72016cbf707dd08737a5 | ||
| ssdeep | 98304:8kUPS8Y0zONU+ic3cQfM2LshEcGYPrYq7+:zyOncQfM2LsiclPz | ||
| imphash | 85cddd6092e65c1a58dd1e6e9ab9fc63 | ||
| impfuzzy | 48:qJrKxMCy9cmVKeFR+2F42xQHpdXiX1PJOmSplTJGfYJ861k1vcqTjz:qJexMCyamXRHF42xQHPXiX1Pgb7TJGQA | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| info | One or more processes crashed |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14095045c AddAtomA
0x140950464 AddVectoredExceptionHandler
0x14095046c CloseHandle
0x140950474 CreateEventA
0x14095047c CreateFileA
0x140950484 CreateIoCompletionPort
0x14095048c CreateMutexA
0x140950494 CreateSemaphoreA
0x14095049c CreateThread
0x1409504a4 CreateWaitableTimerExW
0x1409504ac DeleteAtom
0x1409504b4 DeleteCriticalSection
0x1409504bc DuplicateHandle
0x1409504c4 EnterCriticalSection
0x1409504cc ExitProcess
0x1409504d4 FindAtomA
0x1409504dc FormatMessageA
0x1409504e4 FreeEnvironmentStringsW
0x1409504ec GetAtomNameA
0x1409504f4 GetConsoleMode
0x1409504fc GetCurrentProcess
0x140950504 GetCurrentProcessId
0x14095050c GetCurrentThread
0x140950514 GetCurrentThreadId
0x14095051c GetEnvironmentStringsW
0x140950524 GetHandleInformation
0x14095052c GetLastError
0x140950534 GetProcAddress
0x14095053c GetProcessAffinityMask
0x140950544 GetQueuedCompletionStatusEx
0x14095054c GetStartupInfoA
0x140950554 GetStdHandle
0x14095055c GetSystemDirectoryA
0x140950564 GetSystemInfo
0x14095056c GetSystemTimeAsFileTime
0x140950574 GetThreadContext
0x14095057c GetThreadPriority
0x140950584 GetTickCount
0x14095058c InitializeCriticalSection
0x140950594 IsDBCSLeadByteEx
0x14095059c IsDebuggerPresent
0x1409505a4 LeaveCriticalSection
0x1409505ac LoadLibraryA
0x1409505b4 LoadLibraryW
0x1409505bc LocalFree
0x1409505c4 MultiByteToWideChar
0x1409505cc OpenProcess
0x1409505d4 OutputDebugStringA
0x1409505dc PostQueuedCompletionStatus
0x1409505e4 QueryPerformanceCounter
0x1409505ec QueryPerformanceFrequency
0x1409505f4 RaiseException
0x1409505fc ReleaseMutex
0x140950604 ReleaseSemaphore
0x14095060c RemoveVectoredExceptionHandler
0x140950614 ResetEvent
0x14095061c ResumeThread
0x140950624 SetConsoleCtrlHandler
0x14095062c SetErrorMode
0x140950634 SetEvent
0x14095063c SetLastError
0x140950644 SetProcessAffinityMask
0x14095064c SetProcessPriorityBoost
0x140950654 SetThreadContext
0x14095065c SetThreadPriority
0x140950664 SetUnhandledExceptionFilter
0x14095066c SetWaitableTimer
0x140950674 Sleep
0x14095067c SuspendThread
0x140950684 SwitchToThread
0x14095068c TlsAlloc
0x140950694 TlsGetValue
0x14095069c TlsSetValue
0x1409506a4 TryEnterCriticalSection
0x1409506ac VirtualAlloc
0x1409506b4 VirtualFree
0x1409506bc VirtualProtect
0x1409506c4 VirtualQuery
0x1409506cc WaitForMultipleObjects
0x1409506d4 WaitForSingleObject
0x1409506dc WideCharToMultiByte
0x1409506e4 WriteConsoleW
0x1409506ec WriteFile
0x1409506f4 __C_specific_handler
msvcrt.dll
0x140950704 ___lc_codepage_func
0x14095070c ___mb_cur_max_func
0x140950714 __getmainargs
0x14095071c __initenv
0x140950724 __iob_func
0x14095072c __lconv_init
0x140950734 __set_app_type
0x14095073c __setusermatherr
0x140950744 _acmdln
0x14095074c _amsg_exit
0x140950754 _beginthread
0x14095075c _beginthreadex
0x140950764 _cexit
0x14095076c _commode
0x140950774 _endthreadex
0x14095077c _errno
0x140950784 _fmode
0x14095078c _initterm
0x140950794 _lock
0x14095079c _memccpy
0x1409507a4 _onexit
0x1409507ac _setjmp
0x1409507b4 _strdup
0x1409507bc _ultoa
0x1409507c4 _unlock
0x1409507cc abort
0x1409507d4 calloc
0x1409507dc exit
0x1409507e4 fprintf
0x1409507ec fputc
0x1409507f4 free
0x1409507fc fwrite
0x140950804 localeconv
0x14095080c longjmp
0x140950814 malloc
0x14095081c memcpy
0x140950824 memmove
0x14095082c memset
0x140950834 printf
0x14095083c realloc
0x140950844 signal
0x14095084c strerror
0x140950854 strlen
0x14095085c strncmp
0x140950864 vfprintf
0x14095086c wcslen
EAT(Export Address Table) Library
0x14094d2e0 _cgo_dummy_export
KERNEL32.dll
0x14095045c AddAtomA
0x140950464 AddVectoredExceptionHandler
0x14095046c CloseHandle
0x140950474 CreateEventA
0x14095047c CreateFileA
0x140950484 CreateIoCompletionPort
0x14095048c CreateMutexA
0x140950494 CreateSemaphoreA
0x14095049c CreateThread
0x1409504a4 CreateWaitableTimerExW
0x1409504ac DeleteAtom
0x1409504b4 DeleteCriticalSection
0x1409504bc DuplicateHandle
0x1409504c4 EnterCriticalSection
0x1409504cc ExitProcess
0x1409504d4 FindAtomA
0x1409504dc FormatMessageA
0x1409504e4 FreeEnvironmentStringsW
0x1409504ec GetAtomNameA
0x1409504f4 GetConsoleMode
0x1409504fc GetCurrentProcess
0x140950504 GetCurrentProcessId
0x14095050c GetCurrentThread
0x140950514 GetCurrentThreadId
0x14095051c GetEnvironmentStringsW
0x140950524 GetHandleInformation
0x14095052c GetLastError
0x140950534 GetProcAddress
0x14095053c GetProcessAffinityMask
0x140950544 GetQueuedCompletionStatusEx
0x14095054c GetStartupInfoA
0x140950554 GetStdHandle
0x14095055c GetSystemDirectoryA
0x140950564 GetSystemInfo
0x14095056c GetSystemTimeAsFileTime
0x140950574 GetThreadContext
0x14095057c GetThreadPriority
0x140950584 GetTickCount
0x14095058c InitializeCriticalSection
0x140950594 IsDBCSLeadByteEx
0x14095059c IsDebuggerPresent
0x1409505a4 LeaveCriticalSection
0x1409505ac LoadLibraryA
0x1409505b4 LoadLibraryW
0x1409505bc LocalFree
0x1409505c4 MultiByteToWideChar
0x1409505cc OpenProcess
0x1409505d4 OutputDebugStringA
0x1409505dc PostQueuedCompletionStatus
0x1409505e4 QueryPerformanceCounter
0x1409505ec QueryPerformanceFrequency
0x1409505f4 RaiseException
0x1409505fc ReleaseMutex
0x140950604 ReleaseSemaphore
0x14095060c RemoveVectoredExceptionHandler
0x140950614 ResetEvent
0x14095061c ResumeThread
0x140950624 SetConsoleCtrlHandler
0x14095062c SetErrorMode
0x140950634 SetEvent
0x14095063c SetLastError
0x140950644 SetProcessAffinityMask
0x14095064c SetProcessPriorityBoost
0x140950654 SetThreadContext
0x14095065c SetThreadPriority
0x140950664 SetUnhandledExceptionFilter
0x14095066c SetWaitableTimer
0x140950674 Sleep
0x14095067c SuspendThread
0x140950684 SwitchToThread
0x14095068c TlsAlloc
0x140950694 TlsGetValue
0x14095069c TlsSetValue
0x1409506a4 TryEnterCriticalSection
0x1409506ac VirtualAlloc
0x1409506b4 VirtualFree
0x1409506bc VirtualProtect
0x1409506c4 VirtualQuery
0x1409506cc WaitForMultipleObjects
0x1409506d4 WaitForSingleObject
0x1409506dc WideCharToMultiByte
0x1409506e4 WriteConsoleW
0x1409506ec WriteFile
0x1409506f4 __C_specific_handler
msvcrt.dll
0x140950704 ___lc_codepage_func
0x14095070c ___mb_cur_max_func
0x140950714 __getmainargs
0x14095071c __initenv
0x140950724 __iob_func
0x14095072c __lconv_init
0x140950734 __set_app_type
0x14095073c __setusermatherr
0x140950744 _acmdln
0x14095074c _amsg_exit
0x140950754 _beginthread
0x14095075c _beginthreadex
0x140950764 _cexit
0x14095076c _commode
0x140950774 _endthreadex
0x14095077c _errno
0x140950784 _fmode
0x14095078c _initterm
0x140950794 _lock
0x14095079c _memccpy
0x1409507a4 _onexit
0x1409507ac _setjmp
0x1409507b4 _strdup
0x1409507bc _ultoa
0x1409507c4 _unlock
0x1409507cc abort
0x1409507d4 calloc
0x1409507dc exit
0x1409507e4 fprintf
0x1409507ec fputc
0x1409507f4 free
0x1409507fc fwrite
0x140950804 localeconv
0x14095080c longjmp
0x140950814 malloc
0x14095081c memcpy
0x140950824 memmove
0x14095082c memset
0x140950834 printf
0x14095083c realloc
0x140950844 signal
0x14095084c strerror
0x140950854 strlen
0x14095085c strncmp
0x140950864 vfprintf
0x14095086c wcslen
EAT(Export Address Table) Library
0x14094d2e0 _cgo_dummy_export