ScreenShot
| Created | 2023.11.15 07:57 | Machine | s1_win7_x6403 |
| Filename | TrueCrypt_KSfcnd.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | ca18c2fc430d73758ee4b12f5108e413 | ||
| sha256 | 4f3d3b8e805a031fe8eeb47dca418fcbcade5d0190ecdee8930e942c9b4028ea | ||
| ssdeep | 98304:YcOtBNNniQV/NEGlDJjvbAZ/ZPAqA03ZVE6Nxahm9oc:ij/u69ILoqlZmQxaEWc | ||
| imphash | b2e121c8fb86c781c89c83ffff7fe337 | ||
| impfuzzy | 48:qJrK1QxMCy9cmVKeFR+2F42xQHpdXiX1PJOmSplTJGfYJ861k1vcqTjz:qJeCxMCyamXRHF42xQHPXiX1Pgb7TJGh | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| info | One or more processes crashed |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1411ca464 AddAtomA
0x1411ca46c AddVectoredExceptionHandler
0x1411ca474 CloseHandle
0x1411ca47c CreateEventA
0x1411ca484 CreateFileA
0x1411ca48c CreateIoCompletionPort
0x1411ca494 CreateMutexA
0x1411ca49c CreateSemaphoreA
0x1411ca4a4 CreateThread
0x1411ca4ac CreateWaitableTimerA
0x1411ca4b4 CreateWaitableTimerExW
0x1411ca4bc DeleteAtom
0x1411ca4c4 DeleteCriticalSection
0x1411ca4cc DuplicateHandle
0x1411ca4d4 EnterCriticalSection
0x1411ca4dc ExitProcess
0x1411ca4e4 FindAtomA
0x1411ca4ec FormatMessageA
0x1411ca4f4 FreeEnvironmentStringsW
0x1411ca4fc GetAtomNameA
0x1411ca504 GetConsoleMode
0x1411ca50c GetCurrentProcess
0x1411ca514 GetCurrentProcessId
0x1411ca51c GetCurrentThread
0x1411ca524 GetCurrentThreadId
0x1411ca52c GetEnvironmentStringsW
0x1411ca534 GetHandleInformation
0x1411ca53c GetLastError
0x1411ca544 GetProcAddress
0x1411ca54c GetProcessAffinityMask
0x1411ca554 GetQueuedCompletionStatusEx
0x1411ca55c GetStartupInfoA
0x1411ca564 GetStdHandle
0x1411ca56c GetSystemDirectoryA
0x1411ca574 GetSystemInfo
0x1411ca57c GetSystemTimeAsFileTime
0x1411ca584 GetThreadContext
0x1411ca58c GetThreadPriority
0x1411ca594 GetTickCount
0x1411ca59c InitializeCriticalSection
0x1411ca5a4 IsDBCSLeadByteEx
0x1411ca5ac IsDebuggerPresent
0x1411ca5b4 LeaveCriticalSection
0x1411ca5bc LoadLibraryA
0x1411ca5c4 LoadLibraryW
0x1411ca5cc LocalFree
0x1411ca5d4 MultiByteToWideChar
0x1411ca5dc OpenProcess
0x1411ca5e4 OutputDebugStringA
0x1411ca5ec PostQueuedCompletionStatus
0x1411ca5f4 QueryPerformanceCounter
0x1411ca5fc QueryPerformanceFrequency
0x1411ca604 RaiseException
0x1411ca60c ReleaseMutex
0x1411ca614 ReleaseSemaphore
0x1411ca61c RemoveVectoredExceptionHandler
0x1411ca624 ResetEvent
0x1411ca62c ResumeThread
0x1411ca634 SetConsoleCtrlHandler
0x1411ca63c SetErrorMode
0x1411ca644 SetEvent
0x1411ca64c SetLastError
0x1411ca654 SetProcessAffinityMask
0x1411ca65c SetProcessPriorityBoost
0x1411ca664 SetThreadContext
0x1411ca66c SetThreadPriority
0x1411ca674 SetUnhandledExceptionFilter
0x1411ca67c SetWaitableTimer
0x1411ca684 Sleep
0x1411ca68c SuspendThread
0x1411ca694 SwitchToThread
0x1411ca69c TlsAlloc
0x1411ca6a4 TlsGetValue
0x1411ca6ac TlsSetValue
0x1411ca6b4 TryEnterCriticalSection
0x1411ca6bc VirtualAlloc
0x1411ca6c4 VirtualFree
0x1411ca6cc VirtualProtect
0x1411ca6d4 VirtualQuery
0x1411ca6dc WaitForMultipleObjects
0x1411ca6e4 WaitForSingleObject
0x1411ca6ec WideCharToMultiByte
0x1411ca6f4 WriteConsoleW
0x1411ca6fc WriteFile
0x1411ca704 __C_specific_handler
msvcrt.dll
0x1411ca714 ___lc_codepage_func
0x1411ca71c ___mb_cur_max_func
0x1411ca724 __getmainargs
0x1411ca72c __initenv
0x1411ca734 __iob_func
0x1411ca73c __lconv_init
0x1411ca744 __set_app_type
0x1411ca74c __setusermatherr
0x1411ca754 _acmdln
0x1411ca75c _amsg_exit
0x1411ca764 _beginthread
0x1411ca76c _beginthreadex
0x1411ca774 _cexit
0x1411ca77c _commode
0x1411ca784 _endthreadex
0x1411ca78c _errno
0x1411ca794 _fmode
0x1411ca79c _initterm
0x1411ca7a4 _lock
0x1411ca7ac _memccpy
0x1411ca7b4 _onexit
0x1411ca7bc _setjmp
0x1411ca7c4 _strdup
0x1411ca7cc _ultoa
0x1411ca7d4 _unlock
0x1411ca7dc abort
0x1411ca7e4 calloc
0x1411ca7ec exit
0x1411ca7f4 fprintf
0x1411ca7fc fputc
0x1411ca804 free
0x1411ca80c fwrite
0x1411ca814 localeconv
0x1411ca81c longjmp
0x1411ca824 malloc
0x1411ca82c memcpy
0x1411ca834 memmove
0x1411ca83c memset
0x1411ca844 printf
0x1411ca84c realloc
0x1411ca854 signal
0x1411ca85c strerror
0x1411ca864 strlen
0x1411ca86c strncmp
0x1411ca874 vfprintf
0x1411ca87c wcslen
EAT(Export Address Table) Library
0x1411c74c0 _cgo_dummy_export
KERNEL32.dll
0x1411ca464 AddAtomA
0x1411ca46c AddVectoredExceptionHandler
0x1411ca474 CloseHandle
0x1411ca47c CreateEventA
0x1411ca484 CreateFileA
0x1411ca48c CreateIoCompletionPort
0x1411ca494 CreateMutexA
0x1411ca49c CreateSemaphoreA
0x1411ca4a4 CreateThread
0x1411ca4ac CreateWaitableTimerA
0x1411ca4b4 CreateWaitableTimerExW
0x1411ca4bc DeleteAtom
0x1411ca4c4 DeleteCriticalSection
0x1411ca4cc DuplicateHandle
0x1411ca4d4 EnterCriticalSection
0x1411ca4dc ExitProcess
0x1411ca4e4 FindAtomA
0x1411ca4ec FormatMessageA
0x1411ca4f4 FreeEnvironmentStringsW
0x1411ca4fc GetAtomNameA
0x1411ca504 GetConsoleMode
0x1411ca50c GetCurrentProcess
0x1411ca514 GetCurrentProcessId
0x1411ca51c GetCurrentThread
0x1411ca524 GetCurrentThreadId
0x1411ca52c GetEnvironmentStringsW
0x1411ca534 GetHandleInformation
0x1411ca53c GetLastError
0x1411ca544 GetProcAddress
0x1411ca54c GetProcessAffinityMask
0x1411ca554 GetQueuedCompletionStatusEx
0x1411ca55c GetStartupInfoA
0x1411ca564 GetStdHandle
0x1411ca56c GetSystemDirectoryA
0x1411ca574 GetSystemInfo
0x1411ca57c GetSystemTimeAsFileTime
0x1411ca584 GetThreadContext
0x1411ca58c GetThreadPriority
0x1411ca594 GetTickCount
0x1411ca59c InitializeCriticalSection
0x1411ca5a4 IsDBCSLeadByteEx
0x1411ca5ac IsDebuggerPresent
0x1411ca5b4 LeaveCriticalSection
0x1411ca5bc LoadLibraryA
0x1411ca5c4 LoadLibraryW
0x1411ca5cc LocalFree
0x1411ca5d4 MultiByteToWideChar
0x1411ca5dc OpenProcess
0x1411ca5e4 OutputDebugStringA
0x1411ca5ec PostQueuedCompletionStatus
0x1411ca5f4 QueryPerformanceCounter
0x1411ca5fc QueryPerformanceFrequency
0x1411ca604 RaiseException
0x1411ca60c ReleaseMutex
0x1411ca614 ReleaseSemaphore
0x1411ca61c RemoveVectoredExceptionHandler
0x1411ca624 ResetEvent
0x1411ca62c ResumeThread
0x1411ca634 SetConsoleCtrlHandler
0x1411ca63c SetErrorMode
0x1411ca644 SetEvent
0x1411ca64c SetLastError
0x1411ca654 SetProcessAffinityMask
0x1411ca65c SetProcessPriorityBoost
0x1411ca664 SetThreadContext
0x1411ca66c SetThreadPriority
0x1411ca674 SetUnhandledExceptionFilter
0x1411ca67c SetWaitableTimer
0x1411ca684 Sleep
0x1411ca68c SuspendThread
0x1411ca694 SwitchToThread
0x1411ca69c TlsAlloc
0x1411ca6a4 TlsGetValue
0x1411ca6ac TlsSetValue
0x1411ca6b4 TryEnterCriticalSection
0x1411ca6bc VirtualAlloc
0x1411ca6c4 VirtualFree
0x1411ca6cc VirtualProtect
0x1411ca6d4 VirtualQuery
0x1411ca6dc WaitForMultipleObjects
0x1411ca6e4 WaitForSingleObject
0x1411ca6ec WideCharToMultiByte
0x1411ca6f4 WriteConsoleW
0x1411ca6fc WriteFile
0x1411ca704 __C_specific_handler
msvcrt.dll
0x1411ca714 ___lc_codepage_func
0x1411ca71c ___mb_cur_max_func
0x1411ca724 __getmainargs
0x1411ca72c __initenv
0x1411ca734 __iob_func
0x1411ca73c __lconv_init
0x1411ca744 __set_app_type
0x1411ca74c __setusermatherr
0x1411ca754 _acmdln
0x1411ca75c _amsg_exit
0x1411ca764 _beginthread
0x1411ca76c _beginthreadex
0x1411ca774 _cexit
0x1411ca77c _commode
0x1411ca784 _endthreadex
0x1411ca78c _errno
0x1411ca794 _fmode
0x1411ca79c _initterm
0x1411ca7a4 _lock
0x1411ca7ac _memccpy
0x1411ca7b4 _onexit
0x1411ca7bc _setjmp
0x1411ca7c4 _strdup
0x1411ca7cc _ultoa
0x1411ca7d4 _unlock
0x1411ca7dc abort
0x1411ca7e4 calloc
0x1411ca7ec exit
0x1411ca7f4 fprintf
0x1411ca7fc fputc
0x1411ca804 free
0x1411ca80c fwrite
0x1411ca814 localeconv
0x1411ca81c longjmp
0x1411ca824 malloc
0x1411ca82c memcpy
0x1411ca834 memmove
0x1411ca83c memset
0x1411ca844 printf
0x1411ca84c realloc
0x1411ca854 signal
0x1411ca85c strerror
0x1411ca864 strlen
0x1411ca86c strncmp
0x1411ca874 vfprintf
0x1411ca87c wcslen
EAT(Export Address Table) Library
0x1411c74c0 _cgo_dummy_export