ScreenShot
| Created | 2023.11.15 07:52 | Machine | s1_win7_x6401 |
| Filename | TrueCrypt_yhvFvl.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | |||
| md5 | 3490825682c943930ac5b7bc1802db73 | ||
| sha256 | c309b4f0f99e1686e9bc954da81701b3fd26cfccd17627cde55df929fb712311 | ||
| ssdeep | 98304:IiI3SRwuT0qPay0fdOR6MohU9EPZcBZdMEr49Ai1Mp79HYonU73jIDp5qdh/u7q:/7T0PRodacBZLYFGG3MA | ||
| imphash | b2e121c8fb86c781c89c83ffff7fe337 | ||
| impfuzzy | 48:qJrK1QxMCy9cmVKeFR+2F42xQHpdXiX1PJOmSplTJGfYJ861k1vcqTjz:qJeCxMCyamXRHF42xQHPXiX1Pgb7TJGh | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| info | One or more processes crashed |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1413c7464 AddAtomA
0x1413c746c AddVectoredExceptionHandler
0x1413c7474 CloseHandle
0x1413c747c CreateEventA
0x1413c7484 CreateFileA
0x1413c748c CreateIoCompletionPort
0x1413c7494 CreateMutexA
0x1413c749c CreateSemaphoreA
0x1413c74a4 CreateThread
0x1413c74ac CreateWaitableTimerA
0x1413c74b4 CreateWaitableTimerExW
0x1413c74bc DeleteAtom
0x1413c74c4 DeleteCriticalSection
0x1413c74cc DuplicateHandle
0x1413c74d4 EnterCriticalSection
0x1413c74dc ExitProcess
0x1413c74e4 FindAtomA
0x1413c74ec FormatMessageA
0x1413c74f4 FreeEnvironmentStringsW
0x1413c74fc GetAtomNameA
0x1413c7504 GetConsoleMode
0x1413c750c GetCurrentProcess
0x1413c7514 GetCurrentProcessId
0x1413c751c GetCurrentThread
0x1413c7524 GetCurrentThreadId
0x1413c752c GetEnvironmentStringsW
0x1413c7534 GetHandleInformation
0x1413c753c GetLastError
0x1413c7544 GetProcAddress
0x1413c754c GetProcessAffinityMask
0x1413c7554 GetQueuedCompletionStatusEx
0x1413c755c GetStartupInfoA
0x1413c7564 GetStdHandle
0x1413c756c GetSystemDirectoryA
0x1413c7574 GetSystemInfo
0x1413c757c GetSystemTimeAsFileTime
0x1413c7584 GetThreadContext
0x1413c758c GetThreadPriority
0x1413c7594 GetTickCount
0x1413c759c InitializeCriticalSection
0x1413c75a4 IsDBCSLeadByteEx
0x1413c75ac IsDebuggerPresent
0x1413c75b4 LeaveCriticalSection
0x1413c75bc LoadLibraryA
0x1413c75c4 LoadLibraryW
0x1413c75cc LocalFree
0x1413c75d4 MultiByteToWideChar
0x1413c75dc OpenProcess
0x1413c75e4 OutputDebugStringA
0x1413c75ec PostQueuedCompletionStatus
0x1413c75f4 QueryPerformanceCounter
0x1413c75fc QueryPerformanceFrequency
0x1413c7604 RaiseException
0x1413c760c ReleaseMutex
0x1413c7614 ReleaseSemaphore
0x1413c761c RemoveVectoredExceptionHandler
0x1413c7624 ResetEvent
0x1413c762c ResumeThread
0x1413c7634 SetConsoleCtrlHandler
0x1413c763c SetErrorMode
0x1413c7644 SetEvent
0x1413c764c SetLastError
0x1413c7654 SetProcessAffinityMask
0x1413c765c SetProcessPriorityBoost
0x1413c7664 SetThreadContext
0x1413c766c SetThreadPriority
0x1413c7674 SetUnhandledExceptionFilter
0x1413c767c SetWaitableTimer
0x1413c7684 Sleep
0x1413c768c SuspendThread
0x1413c7694 SwitchToThread
0x1413c769c TlsAlloc
0x1413c76a4 TlsGetValue
0x1413c76ac TlsSetValue
0x1413c76b4 TryEnterCriticalSection
0x1413c76bc VirtualAlloc
0x1413c76c4 VirtualFree
0x1413c76cc VirtualProtect
0x1413c76d4 VirtualQuery
0x1413c76dc WaitForMultipleObjects
0x1413c76e4 WaitForSingleObject
0x1413c76ec WideCharToMultiByte
0x1413c76f4 WriteConsoleW
0x1413c76fc WriteFile
0x1413c7704 __C_specific_handler
msvcrt.dll
0x1413c7714 ___lc_codepage_func
0x1413c771c ___mb_cur_max_func
0x1413c7724 __getmainargs
0x1413c772c __initenv
0x1413c7734 __iob_func
0x1413c773c __lconv_init
0x1413c7744 __set_app_type
0x1413c774c __setusermatherr
0x1413c7754 _acmdln
0x1413c775c _amsg_exit
0x1413c7764 _beginthread
0x1413c776c _beginthreadex
0x1413c7774 _cexit
0x1413c777c _commode
0x1413c7784 _endthreadex
0x1413c778c _errno
0x1413c7794 _fmode
0x1413c779c _initterm
0x1413c77a4 _lock
0x1413c77ac _memccpy
0x1413c77b4 _onexit
0x1413c77bc _setjmp
0x1413c77c4 _strdup
0x1413c77cc _ultoa
0x1413c77d4 _unlock
0x1413c77dc abort
0x1413c77e4 calloc
0x1413c77ec exit
0x1413c77f4 fprintf
0x1413c77fc fputc
0x1413c7804 free
0x1413c780c fwrite
0x1413c7814 localeconv
0x1413c781c longjmp
0x1413c7824 malloc
0x1413c782c memcpy
0x1413c7834 memmove
0x1413c783c memset
0x1413c7844 printf
0x1413c784c realloc
0x1413c7854 signal
0x1413c785c strerror
0x1413c7864 strlen
0x1413c786c strncmp
0x1413c7874 vfprintf
0x1413c787c wcslen
EAT(Export Address Table) Library
0x1413c50e0 _cgo_dummy_export
KERNEL32.dll
0x1413c7464 AddAtomA
0x1413c746c AddVectoredExceptionHandler
0x1413c7474 CloseHandle
0x1413c747c CreateEventA
0x1413c7484 CreateFileA
0x1413c748c CreateIoCompletionPort
0x1413c7494 CreateMutexA
0x1413c749c CreateSemaphoreA
0x1413c74a4 CreateThread
0x1413c74ac CreateWaitableTimerA
0x1413c74b4 CreateWaitableTimerExW
0x1413c74bc DeleteAtom
0x1413c74c4 DeleteCriticalSection
0x1413c74cc DuplicateHandle
0x1413c74d4 EnterCriticalSection
0x1413c74dc ExitProcess
0x1413c74e4 FindAtomA
0x1413c74ec FormatMessageA
0x1413c74f4 FreeEnvironmentStringsW
0x1413c74fc GetAtomNameA
0x1413c7504 GetConsoleMode
0x1413c750c GetCurrentProcess
0x1413c7514 GetCurrentProcessId
0x1413c751c GetCurrentThread
0x1413c7524 GetCurrentThreadId
0x1413c752c GetEnvironmentStringsW
0x1413c7534 GetHandleInformation
0x1413c753c GetLastError
0x1413c7544 GetProcAddress
0x1413c754c GetProcessAffinityMask
0x1413c7554 GetQueuedCompletionStatusEx
0x1413c755c GetStartupInfoA
0x1413c7564 GetStdHandle
0x1413c756c GetSystemDirectoryA
0x1413c7574 GetSystemInfo
0x1413c757c GetSystemTimeAsFileTime
0x1413c7584 GetThreadContext
0x1413c758c GetThreadPriority
0x1413c7594 GetTickCount
0x1413c759c InitializeCriticalSection
0x1413c75a4 IsDBCSLeadByteEx
0x1413c75ac IsDebuggerPresent
0x1413c75b4 LeaveCriticalSection
0x1413c75bc LoadLibraryA
0x1413c75c4 LoadLibraryW
0x1413c75cc LocalFree
0x1413c75d4 MultiByteToWideChar
0x1413c75dc OpenProcess
0x1413c75e4 OutputDebugStringA
0x1413c75ec PostQueuedCompletionStatus
0x1413c75f4 QueryPerformanceCounter
0x1413c75fc QueryPerformanceFrequency
0x1413c7604 RaiseException
0x1413c760c ReleaseMutex
0x1413c7614 ReleaseSemaphore
0x1413c761c RemoveVectoredExceptionHandler
0x1413c7624 ResetEvent
0x1413c762c ResumeThread
0x1413c7634 SetConsoleCtrlHandler
0x1413c763c SetErrorMode
0x1413c7644 SetEvent
0x1413c764c SetLastError
0x1413c7654 SetProcessAffinityMask
0x1413c765c SetProcessPriorityBoost
0x1413c7664 SetThreadContext
0x1413c766c SetThreadPriority
0x1413c7674 SetUnhandledExceptionFilter
0x1413c767c SetWaitableTimer
0x1413c7684 Sleep
0x1413c768c SuspendThread
0x1413c7694 SwitchToThread
0x1413c769c TlsAlloc
0x1413c76a4 TlsGetValue
0x1413c76ac TlsSetValue
0x1413c76b4 TryEnterCriticalSection
0x1413c76bc VirtualAlloc
0x1413c76c4 VirtualFree
0x1413c76cc VirtualProtect
0x1413c76d4 VirtualQuery
0x1413c76dc WaitForMultipleObjects
0x1413c76e4 WaitForSingleObject
0x1413c76ec WideCharToMultiByte
0x1413c76f4 WriteConsoleW
0x1413c76fc WriteFile
0x1413c7704 __C_specific_handler
msvcrt.dll
0x1413c7714 ___lc_codepage_func
0x1413c771c ___mb_cur_max_func
0x1413c7724 __getmainargs
0x1413c772c __initenv
0x1413c7734 __iob_func
0x1413c773c __lconv_init
0x1413c7744 __set_app_type
0x1413c774c __setusermatherr
0x1413c7754 _acmdln
0x1413c775c _amsg_exit
0x1413c7764 _beginthread
0x1413c776c _beginthreadex
0x1413c7774 _cexit
0x1413c777c _commode
0x1413c7784 _endthreadex
0x1413c778c _errno
0x1413c7794 _fmode
0x1413c779c _initterm
0x1413c77a4 _lock
0x1413c77ac _memccpy
0x1413c77b4 _onexit
0x1413c77bc _setjmp
0x1413c77c4 _strdup
0x1413c77cc _ultoa
0x1413c77d4 _unlock
0x1413c77dc abort
0x1413c77e4 calloc
0x1413c77ec exit
0x1413c77f4 fprintf
0x1413c77fc fputc
0x1413c7804 free
0x1413c780c fwrite
0x1413c7814 localeconv
0x1413c781c longjmp
0x1413c7824 malloc
0x1413c782c memcpy
0x1413c7834 memmove
0x1413c783c memset
0x1413c7844 printf
0x1413c784c realloc
0x1413c7854 signal
0x1413c785c strerror
0x1413c7864 strlen
0x1413c786c strncmp
0x1413c7874 vfprintf
0x1413c787c wcslen
EAT(Export Address Table) Library
0x1413c50e0 _cgo_dummy_export