ScreenShot
| Created | 2023.11.14 08:04 | Machine | s1_win7_x6403 |
| Filename | TrueCrypt_tvCfZF.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | |||
| md5 | 95357230a99689a58f8d89c1acdc6bf2 | ||
| sha256 | 8f572436d4a7b8ea6f2a3e0cb987fb609afb575133d706938c9fd4b4a3117d2d | ||
| ssdeep | 98304:0cnb0Q0aht4lA6dd0Uzf8lB8D2hi+H/00TK3+8EKCV+bAF6a117VwK/tbE:0mQO4lTdxSvTHrslOPH | ||
| imphash | b2e121c8fb86c781c89c83ffff7fe337 | ||
| impfuzzy | 48:qJrK1QxMCy9cmVKeFR+2F42xQHpdXiX1PJOmSplTJGfYJ861k1vcqTjz:qJeCxMCyamXRHF42xQHPXiX1Pgb7TJGh | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14124a464 AddAtomA
0x14124a46c AddVectoredExceptionHandler
0x14124a474 CloseHandle
0x14124a47c CreateEventA
0x14124a484 CreateFileA
0x14124a48c CreateIoCompletionPort
0x14124a494 CreateMutexA
0x14124a49c CreateSemaphoreA
0x14124a4a4 CreateThread
0x14124a4ac CreateWaitableTimerA
0x14124a4b4 CreateWaitableTimerExW
0x14124a4bc DeleteAtom
0x14124a4c4 DeleteCriticalSection
0x14124a4cc DuplicateHandle
0x14124a4d4 EnterCriticalSection
0x14124a4dc ExitProcess
0x14124a4e4 FindAtomA
0x14124a4ec FormatMessageA
0x14124a4f4 FreeEnvironmentStringsW
0x14124a4fc GetAtomNameA
0x14124a504 GetConsoleMode
0x14124a50c GetCurrentProcess
0x14124a514 GetCurrentProcessId
0x14124a51c GetCurrentThread
0x14124a524 GetCurrentThreadId
0x14124a52c GetEnvironmentStringsW
0x14124a534 GetHandleInformation
0x14124a53c GetLastError
0x14124a544 GetProcAddress
0x14124a54c GetProcessAffinityMask
0x14124a554 GetQueuedCompletionStatusEx
0x14124a55c GetStartupInfoA
0x14124a564 GetStdHandle
0x14124a56c GetSystemDirectoryA
0x14124a574 GetSystemInfo
0x14124a57c GetSystemTimeAsFileTime
0x14124a584 GetThreadContext
0x14124a58c GetThreadPriority
0x14124a594 GetTickCount
0x14124a59c InitializeCriticalSection
0x14124a5a4 IsDBCSLeadByteEx
0x14124a5ac IsDebuggerPresent
0x14124a5b4 LeaveCriticalSection
0x14124a5bc LoadLibraryA
0x14124a5c4 LoadLibraryW
0x14124a5cc LocalFree
0x14124a5d4 MultiByteToWideChar
0x14124a5dc OpenProcess
0x14124a5e4 OutputDebugStringA
0x14124a5ec PostQueuedCompletionStatus
0x14124a5f4 QueryPerformanceCounter
0x14124a5fc QueryPerformanceFrequency
0x14124a604 RaiseException
0x14124a60c ReleaseMutex
0x14124a614 ReleaseSemaphore
0x14124a61c RemoveVectoredExceptionHandler
0x14124a624 ResetEvent
0x14124a62c ResumeThread
0x14124a634 SetConsoleCtrlHandler
0x14124a63c SetErrorMode
0x14124a644 SetEvent
0x14124a64c SetLastError
0x14124a654 SetProcessAffinityMask
0x14124a65c SetProcessPriorityBoost
0x14124a664 SetThreadContext
0x14124a66c SetThreadPriority
0x14124a674 SetUnhandledExceptionFilter
0x14124a67c SetWaitableTimer
0x14124a684 Sleep
0x14124a68c SuspendThread
0x14124a694 SwitchToThread
0x14124a69c TlsAlloc
0x14124a6a4 TlsGetValue
0x14124a6ac TlsSetValue
0x14124a6b4 TryEnterCriticalSection
0x14124a6bc VirtualAlloc
0x14124a6c4 VirtualFree
0x14124a6cc VirtualProtect
0x14124a6d4 VirtualQuery
0x14124a6dc WaitForMultipleObjects
0x14124a6e4 WaitForSingleObject
0x14124a6ec WideCharToMultiByte
0x14124a6f4 WriteConsoleW
0x14124a6fc WriteFile
0x14124a704 __C_specific_handler
msvcrt.dll
0x14124a714 ___lc_codepage_func
0x14124a71c ___mb_cur_max_func
0x14124a724 __getmainargs
0x14124a72c __initenv
0x14124a734 __iob_func
0x14124a73c __lconv_init
0x14124a744 __set_app_type
0x14124a74c __setusermatherr
0x14124a754 _acmdln
0x14124a75c _amsg_exit
0x14124a764 _beginthread
0x14124a76c _beginthreadex
0x14124a774 _cexit
0x14124a77c _commode
0x14124a784 _endthreadex
0x14124a78c _errno
0x14124a794 _fmode
0x14124a79c _initterm
0x14124a7a4 _lock
0x14124a7ac _memccpy
0x14124a7b4 _onexit
0x14124a7bc _setjmp
0x14124a7c4 _strdup
0x14124a7cc _ultoa
0x14124a7d4 _unlock
0x14124a7dc abort
0x14124a7e4 calloc
0x14124a7ec exit
0x14124a7f4 fprintf
0x14124a7fc fputc
0x14124a804 free
0x14124a80c fwrite
0x14124a814 localeconv
0x14124a81c longjmp
0x14124a824 malloc
0x14124a82c memcpy
0x14124a834 memmove
0x14124a83c memset
0x14124a844 printf
0x14124a84c realloc
0x14124a854 signal
0x14124a85c strerror
0x14124a864 strlen
0x14124a86c strncmp
0x14124a874 vfprintf
0x14124a87c wcslen
EAT(Export Address Table) Library
0x141247420 _cgo_dummy_export
KERNEL32.dll
0x14124a464 AddAtomA
0x14124a46c AddVectoredExceptionHandler
0x14124a474 CloseHandle
0x14124a47c CreateEventA
0x14124a484 CreateFileA
0x14124a48c CreateIoCompletionPort
0x14124a494 CreateMutexA
0x14124a49c CreateSemaphoreA
0x14124a4a4 CreateThread
0x14124a4ac CreateWaitableTimerA
0x14124a4b4 CreateWaitableTimerExW
0x14124a4bc DeleteAtom
0x14124a4c4 DeleteCriticalSection
0x14124a4cc DuplicateHandle
0x14124a4d4 EnterCriticalSection
0x14124a4dc ExitProcess
0x14124a4e4 FindAtomA
0x14124a4ec FormatMessageA
0x14124a4f4 FreeEnvironmentStringsW
0x14124a4fc GetAtomNameA
0x14124a504 GetConsoleMode
0x14124a50c GetCurrentProcess
0x14124a514 GetCurrentProcessId
0x14124a51c GetCurrentThread
0x14124a524 GetCurrentThreadId
0x14124a52c GetEnvironmentStringsW
0x14124a534 GetHandleInformation
0x14124a53c GetLastError
0x14124a544 GetProcAddress
0x14124a54c GetProcessAffinityMask
0x14124a554 GetQueuedCompletionStatusEx
0x14124a55c GetStartupInfoA
0x14124a564 GetStdHandle
0x14124a56c GetSystemDirectoryA
0x14124a574 GetSystemInfo
0x14124a57c GetSystemTimeAsFileTime
0x14124a584 GetThreadContext
0x14124a58c GetThreadPriority
0x14124a594 GetTickCount
0x14124a59c InitializeCriticalSection
0x14124a5a4 IsDBCSLeadByteEx
0x14124a5ac IsDebuggerPresent
0x14124a5b4 LeaveCriticalSection
0x14124a5bc LoadLibraryA
0x14124a5c4 LoadLibraryW
0x14124a5cc LocalFree
0x14124a5d4 MultiByteToWideChar
0x14124a5dc OpenProcess
0x14124a5e4 OutputDebugStringA
0x14124a5ec PostQueuedCompletionStatus
0x14124a5f4 QueryPerformanceCounter
0x14124a5fc QueryPerformanceFrequency
0x14124a604 RaiseException
0x14124a60c ReleaseMutex
0x14124a614 ReleaseSemaphore
0x14124a61c RemoveVectoredExceptionHandler
0x14124a624 ResetEvent
0x14124a62c ResumeThread
0x14124a634 SetConsoleCtrlHandler
0x14124a63c SetErrorMode
0x14124a644 SetEvent
0x14124a64c SetLastError
0x14124a654 SetProcessAffinityMask
0x14124a65c SetProcessPriorityBoost
0x14124a664 SetThreadContext
0x14124a66c SetThreadPriority
0x14124a674 SetUnhandledExceptionFilter
0x14124a67c SetWaitableTimer
0x14124a684 Sleep
0x14124a68c SuspendThread
0x14124a694 SwitchToThread
0x14124a69c TlsAlloc
0x14124a6a4 TlsGetValue
0x14124a6ac TlsSetValue
0x14124a6b4 TryEnterCriticalSection
0x14124a6bc VirtualAlloc
0x14124a6c4 VirtualFree
0x14124a6cc VirtualProtect
0x14124a6d4 VirtualQuery
0x14124a6dc WaitForMultipleObjects
0x14124a6e4 WaitForSingleObject
0x14124a6ec WideCharToMultiByte
0x14124a6f4 WriteConsoleW
0x14124a6fc WriteFile
0x14124a704 __C_specific_handler
msvcrt.dll
0x14124a714 ___lc_codepage_func
0x14124a71c ___mb_cur_max_func
0x14124a724 __getmainargs
0x14124a72c __initenv
0x14124a734 __iob_func
0x14124a73c __lconv_init
0x14124a744 __set_app_type
0x14124a74c __setusermatherr
0x14124a754 _acmdln
0x14124a75c _amsg_exit
0x14124a764 _beginthread
0x14124a76c _beginthreadex
0x14124a774 _cexit
0x14124a77c _commode
0x14124a784 _endthreadex
0x14124a78c _errno
0x14124a794 _fmode
0x14124a79c _initterm
0x14124a7a4 _lock
0x14124a7ac _memccpy
0x14124a7b4 _onexit
0x14124a7bc _setjmp
0x14124a7c4 _strdup
0x14124a7cc _ultoa
0x14124a7d4 _unlock
0x14124a7dc abort
0x14124a7e4 calloc
0x14124a7ec exit
0x14124a7f4 fprintf
0x14124a7fc fputc
0x14124a804 free
0x14124a80c fwrite
0x14124a814 localeconv
0x14124a81c longjmp
0x14124a824 malloc
0x14124a82c memcpy
0x14124a834 memmove
0x14124a83c memset
0x14124a844 printf
0x14124a84c realloc
0x14124a854 signal
0x14124a85c strerror
0x14124a864 strlen
0x14124a86c strncmp
0x14124a874 vfprintf
0x14124a87c wcslen
EAT(Export Address Table) Library
0x141247420 _cgo_dummy_export