ScreenShot
| Created | 2023.11.16 13:30 | Machine | s1_win7_x6403 |
| Filename | TrueCrypt_lDwnwJ.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 7 detected (AIDetectMalware, a variant of WinGo, WinGo, Detected, Sabsik, R621603, MALICIOUS) | ||
| md5 | d6a28fab04acec60305a5c6be5b105d2 | ||
| sha256 | ff8973e265cde0ecfc91cb81ae4af75946b2cfcaa772b5cd1390c176e788175f | ||
| ssdeep | 98304:8+kKOOaV3XkVAvBscyI37T6UZcpNEfaR8u07FnQpUBqAS7gKUQtW0:8hXLAQTTZRfas7FQd7P1tW | ||
| imphash | e6efb84c997b145566619aa9dc9a7eef | ||
| impfuzzy | 96:qB0x8CxX7+CJS5pmeT1qHs4OxQ/0XiX1Pg3ZTJGQ6d61mcqtVS:qKiCJ77JS5dT1on0SFomQ6d+StVS | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| notice | File has been identified by 7 AntiVirus engines on VirusTotal as malicious |
| info | One or more processes crashed |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1411d15fc AddAtomA
0x1411d1604 AddVectoredExceptionHandler
0x1411d160c AreFileApisANSI
0x1411d1614 CloseHandle
0x1411d161c CreateEventA
0x1411d1624 CreateFileA
0x1411d162c CreateFileMappingA
0x1411d1634 CreateFileMappingW
0x1411d163c CreateFileW
0x1411d1644 CreateIoCompletionPort
0x1411d164c CreateMutexA
0x1411d1654 CreateMutexW
0x1411d165c CreateSemaphoreA
0x1411d1664 CreateThread
0x1411d166c CreateWaitableTimerA
0x1411d1674 CreateWaitableTimerExW
0x1411d167c DeleteAtom
0x1411d1684 DeleteCriticalSection
0x1411d168c DeleteFileA
0x1411d1694 DeleteFileW
0x1411d169c DuplicateHandle
0x1411d16a4 EnterCriticalSection
0x1411d16ac ExitProcess
0x1411d16b4 FindAtomA
0x1411d16bc FlushFileBuffers
0x1411d16c4 FlushViewOfFile
0x1411d16cc FormatMessageA
0x1411d16d4 FormatMessageW
0x1411d16dc FreeEnvironmentStringsW
0x1411d16e4 FreeLibrary
0x1411d16ec GetAtomNameA
0x1411d16f4 GetConsoleMode
0x1411d16fc GetCurrentProcess
0x1411d1704 GetCurrentProcessId
0x1411d170c GetCurrentThread
0x1411d1714 GetCurrentThreadId
0x1411d171c GetDiskFreeSpaceA
0x1411d1724 GetDiskFreeSpaceW
0x1411d172c GetEnvironmentStringsW
0x1411d1734 GetFileAttributesA
0x1411d173c GetFileAttributesExW
0x1411d1744 GetFileAttributesW
0x1411d174c GetFileSize
0x1411d1754 GetFullPathNameA
0x1411d175c GetFullPathNameW
0x1411d1764 GetHandleInformation
0x1411d176c GetLastError
0x1411d1774 GetProcAddress
0x1411d177c GetProcessAffinityMask
0x1411d1784 GetProcessHeap
0x1411d178c GetQueuedCompletionStatusEx
0x1411d1794 GetStartupInfoA
0x1411d179c GetStdHandle
0x1411d17a4 GetSystemDirectoryA
0x1411d17ac GetSystemInfo
0x1411d17b4 GetSystemTime
0x1411d17bc GetSystemTimeAsFileTime
0x1411d17c4 GetTempPathA
0x1411d17cc GetTempPathW
0x1411d17d4 GetThreadContext
0x1411d17dc GetThreadPriority
0x1411d17e4 GetTickCount
0x1411d17ec GetVersionExA
0x1411d17f4 GetVersionExW
0x1411d17fc HeapAlloc
0x1411d1804 HeapCompact
0x1411d180c HeapCreate
0x1411d1814 HeapDestroy
0x1411d181c HeapFree
0x1411d1824 HeapReAlloc
0x1411d182c HeapSize
0x1411d1834 HeapValidate
0x1411d183c InitializeCriticalSection
0x1411d1844 IsDBCSLeadByteEx
0x1411d184c IsDebuggerPresent
0x1411d1854 LeaveCriticalSection
0x1411d185c LoadLibraryA
0x1411d1864 LoadLibraryW
0x1411d186c LocalFree
0x1411d1874 LockFile
0x1411d187c LockFileEx
0x1411d1884 MapViewOfFile
0x1411d188c MultiByteToWideChar
0x1411d1894 OpenProcess
0x1411d189c OutputDebugStringA
0x1411d18a4 OutputDebugStringW
0x1411d18ac PostQueuedCompletionStatus
0x1411d18b4 QueryPerformanceCounter
0x1411d18bc QueryPerformanceFrequency
0x1411d18c4 RaiseException
0x1411d18cc ReadFile
0x1411d18d4 ReleaseMutex
0x1411d18dc ReleaseSemaphore
0x1411d18e4 RemoveVectoredExceptionHandler
0x1411d18ec ResetEvent
0x1411d18f4 ResumeThread
0x1411d18fc SetConsoleCtrlHandler
0x1411d1904 SetEndOfFile
0x1411d190c SetErrorMode
0x1411d1914 SetEvent
0x1411d191c SetFilePointer
0x1411d1924 SetLastError
0x1411d192c SetProcessAffinityMask
0x1411d1934 SetProcessPriorityBoost
0x1411d193c SetThreadContext
0x1411d1944 SetThreadPriority
0x1411d194c SetUnhandledExceptionFilter
0x1411d1954 SetWaitableTimer
0x1411d195c Sleep
0x1411d1964 SuspendThread
0x1411d196c SwitchToThread
0x1411d1974 SystemTimeToFileTime
0x1411d197c TlsAlloc
0x1411d1984 TlsGetValue
0x1411d198c TlsSetValue
0x1411d1994 TryEnterCriticalSection
0x1411d199c UnlockFile
0x1411d19a4 UnlockFileEx
0x1411d19ac UnmapViewOfFile
0x1411d19b4 VirtualAlloc
0x1411d19bc VirtualFree
0x1411d19c4 VirtualProtect
0x1411d19cc VirtualQuery
0x1411d19d4 WaitForMultipleObjects
0x1411d19dc WaitForSingleObject
0x1411d19e4 WaitForSingleObjectEx
0x1411d19ec WideCharToMultiByte
0x1411d19f4 WriteConsoleW
0x1411d19fc WriteFile
0x1411d1a04 __C_specific_handler
msvcrt.dll
0x1411d1a14 ___lc_codepage_func
0x1411d1a1c ___mb_cur_max_func
0x1411d1a24 __getmainargs
0x1411d1a2c __initenv
0x1411d1a34 __iob_func
0x1411d1a3c __lconv_init
0x1411d1a44 __set_app_type
0x1411d1a4c __setusermatherr
0x1411d1a54 _acmdln
0x1411d1a5c _amsg_exit
0x1411d1a64 _beginthread
0x1411d1a6c _beginthreadex
0x1411d1a74 _cexit
0x1411d1a7c _commode
0x1411d1a84 _endthreadex
0x1411d1a8c _errno
0x1411d1a94 _fmode
0x1411d1a9c _initterm
0x1411d1aa4 _localtime64
0x1411d1aac _lock
0x1411d1ab4 _memccpy
0x1411d1abc _onexit
0x1411d1ac4 _setjmp
0x1411d1acc _strdup
0x1411d1ad4 _ultoa
0x1411d1adc _unlock
0x1411d1ae4 abort
0x1411d1aec calloc
0x1411d1af4 exit
0x1411d1afc fprintf
0x1411d1b04 fputc
0x1411d1b0c free
0x1411d1b14 fwrite
0x1411d1b1c localeconv
0x1411d1b24 longjmp
0x1411d1b2c malloc
0x1411d1b34 memcmp
0x1411d1b3c memcpy
0x1411d1b44 memmove
0x1411d1b4c memset
0x1411d1b54 printf
0x1411d1b5c qsort
0x1411d1b64 realloc
0x1411d1b6c signal
0x1411d1b74 strcmp
0x1411d1b7c strcspn
0x1411d1b84 strerror
0x1411d1b8c strlen
0x1411d1b94 strncmp
0x1411d1b9c strrchr
0x1411d1ba4 vfprintf
0x1411d1bac wcslen
EAT(Export Address Table) Library
0x1411cdf40 _cgo_dummy_export
0x14070ea30 authorizerTrampoline
0x14070e750 callbackTrampoline
0x14070e910 commitHookTrampoline
0x14070e870 compareTrampoline
0x14070e820 doneTrampoline
0x14070eab0 preUpdateHookTrampoline
0x14070e970 rollbackHookTrampoline
0x14070e7b0 stepTrampoline
0x14070e9c0 updateHookTrampoline
KERNEL32.dll
0x1411d15fc AddAtomA
0x1411d1604 AddVectoredExceptionHandler
0x1411d160c AreFileApisANSI
0x1411d1614 CloseHandle
0x1411d161c CreateEventA
0x1411d1624 CreateFileA
0x1411d162c CreateFileMappingA
0x1411d1634 CreateFileMappingW
0x1411d163c CreateFileW
0x1411d1644 CreateIoCompletionPort
0x1411d164c CreateMutexA
0x1411d1654 CreateMutexW
0x1411d165c CreateSemaphoreA
0x1411d1664 CreateThread
0x1411d166c CreateWaitableTimerA
0x1411d1674 CreateWaitableTimerExW
0x1411d167c DeleteAtom
0x1411d1684 DeleteCriticalSection
0x1411d168c DeleteFileA
0x1411d1694 DeleteFileW
0x1411d169c DuplicateHandle
0x1411d16a4 EnterCriticalSection
0x1411d16ac ExitProcess
0x1411d16b4 FindAtomA
0x1411d16bc FlushFileBuffers
0x1411d16c4 FlushViewOfFile
0x1411d16cc FormatMessageA
0x1411d16d4 FormatMessageW
0x1411d16dc FreeEnvironmentStringsW
0x1411d16e4 FreeLibrary
0x1411d16ec GetAtomNameA
0x1411d16f4 GetConsoleMode
0x1411d16fc GetCurrentProcess
0x1411d1704 GetCurrentProcessId
0x1411d170c GetCurrentThread
0x1411d1714 GetCurrentThreadId
0x1411d171c GetDiskFreeSpaceA
0x1411d1724 GetDiskFreeSpaceW
0x1411d172c GetEnvironmentStringsW
0x1411d1734 GetFileAttributesA
0x1411d173c GetFileAttributesExW
0x1411d1744 GetFileAttributesW
0x1411d174c GetFileSize
0x1411d1754 GetFullPathNameA
0x1411d175c GetFullPathNameW
0x1411d1764 GetHandleInformation
0x1411d176c GetLastError
0x1411d1774 GetProcAddress
0x1411d177c GetProcessAffinityMask
0x1411d1784 GetProcessHeap
0x1411d178c GetQueuedCompletionStatusEx
0x1411d1794 GetStartupInfoA
0x1411d179c GetStdHandle
0x1411d17a4 GetSystemDirectoryA
0x1411d17ac GetSystemInfo
0x1411d17b4 GetSystemTime
0x1411d17bc GetSystemTimeAsFileTime
0x1411d17c4 GetTempPathA
0x1411d17cc GetTempPathW
0x1411d17d4 GetThreadContext
0x1411d17dc GetThreadPriority
0x1411d17e4 GetTickCount
0x1411d17ec GetVersionExA
0x1411d17f4 GetVersionExW
0x1411d17fc HeapAlloc
0x1411d1804 HeapCompact
0x1411d180c HeapCreate
0x1411d1814 HeapDestroy
0x1411d181c HeapFree
0x1411d1824 HeapReAlloc
0x1411d182c HeapSize
0x1411d1834 HeapValidate
0x1411d183c InitializeCriticalSection
0x1411d1844 IsDBCSLeadByteEx
0x1411d184c IsDebuggerPresent
0x1411d1854 LeaveCriticalSection
0x1411d185c LoadLibraryA
0x1411d1864 LoadLibraryW
0x1411d186c LocalFree
0x1411d1874 LockFile
0x1411d187c LockFileEx
0x1411d1884 MapViewOfFile
0x1411d188c MultiByteToWideChar
0x1411d1894 OpenProcess
0x1411d189c OutputDebugStringA
0x1411d18a4 OutputDebugStringW
0x1411d18ac PostQueuedCompletionStatus
0x1411d18b4 QueryPerformanceCounter
0x1411d18bc QueryPerformanceFrequency
0x1411d18c4 RaiseException
0x1411d18cc ReadFile
0x1411d18d4 ReleaseMutex
0x1411d18dc ReleaseSemaphore
0x1411d18e4 RemoveVectoredExceptionHandler
0x1411d18ec ResetEvent
0x1411d18f4 ResumeThread
0x1411d18fc SetConsoleCtrlHandler
0x1411d1904 SetEndOfFile
0x1411d190c SetErrorMode
0x1411d1914 SetEvent
0x1411d191c SetFilePointer
0x1411d1924 SetLastError
0x1411d192c SetProcessAffinityMask
0x1411d1934 SetProcessPriorityBoost
0x1411d193c SetThreadContext
0x1411d1944 SetThreadPriority
0x1411d194c SetUnhandledExceptionFilter
0x1411d1954 SetWaitableTimer
0x1411d195c Sleep
0x1411d1964 SuspendThread
0x1411d196c SwitchToThread
0x1411d1974 SystemTimeToFileTime
0x1411d197c TlsAlloc
0x1411d1984 TlsGetValue
0x1411d198c TlsSetValue
0x1411d1994 TryEnterCriticalSection
0x1411d199c UnlockFile
0x1411d19a4 UnlockFileEx
0x1411d19ac UnmapViewOfFile
0x1411d19b4 VirtualAlloc
0x1411d19bc VirtualFree
0x1411d19c4 VirtualProtect
0x1411d19cc VirtualQuery
0x1411d19d4 WaitForMultipleObjects
0x1411d19dc WaitForSingleObject
0x1411d19e4 WaitForSingleObjectEx
0x1411d19ec WideCharToMultiByte
0x1411d19f4 WriteConsoleW
0x1411d19fc WriteFile
0x1411d1a04 __C_specific_handler
msvcrt.dll
0x1411d1a14 ___lc_codepage_func
0x1411d1a1c ___mb_cur_max_func
0x1411d1a24 __getmainargs
0x1411d1a2c __initenv
0x1411d1a34 __iob_func
0x1411d1a3c __lconv_init
0x1411d1a44 __set_app_type
0x1411d1a4c __setusermatherr
0x1411d1a54 _acmdln
0x1411d1a5c _amsg_exit
0x1411d1a64 _beginthread
0x1411d1a6c _beginthreadex
0x1411d1a74 _cexit
0x1411d1a7c _commode
0x1411d1a84 _endthreadex
0x1411d1a8c _errno
0x1411d1a94 _fmode
0x1411d1a9c _initterm
0x1411d1aa4 _localtime64
0x1411d1aac _lock
0x1411d1ab4 _memccpy
0x1411d1abc _onexit
0x1411d1ac4 _setjmp
0x1411d1acc _strdup
0x1411d1ad4 _ultoa
0x1411d1adc _unlock
0x1411d1ae4 abort
0x1411d1aec calloc
0x1411d1af4 exit
0x1411d1afc fprintf
0x1411d1b04 fputc
0x1411d1b0c free
0x1411d1b14 fwrite
0x1411d1b1c localeconv
0x1411d1b24 longjmp
0x1411d1b2c malloc
0x1411d1b34 memcmp
0x1411d1b3c memcpy
0x1411d1b44 memmove
0x1411d1b4c memset
0x1411d1b54 printf
0x1411d1b5c qsort
0x1411d1b64 realloc
0x1411d1b6c signal
0x1411d1b74 strcmp
0x1411d1b7c strcspn
0x1411d1b84 strerror
0x1411d1b8c strlen
0x1411d1b94 strncmp
0x1411d1b9c strrchr
0x1411d1ba4 vfprintf
0x1411d1bac wcslen
EAT(Export Address Table) Library
0x1411cdf40 _cgo_dummy_export
0x14070ea30 authorizerTrampoline
0x14070e750 callbackTrampoline
0x14070e910 commitHookTrampoline
0x14070e870 compareTrampoline
0x14070e820 doneTrampoline
0x14070eab0 preUpdateHookTrampoline
0x14070e970 rollbackHookTrampoline
0x14070e7b0 stepTrampoline
0x14070e9c0 updateHookTrampoline